nsd users - Nov 2008 - NSD 3.2.0 released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear NSD users,

We have released a new version of NSD. It contains some new features,
hence, the version number is updated to v3.2.0.

You can download it at nlnetlabs.nl:
	http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.0.tar.gz

SHA1 checksum: 7cc37fdd10f4ad78ed58d4e1a304a4496ebaefe7

*IMPORTANT*: Due to a fix in the zone update process, the ixfr.db has a
new format. When you are planning to upgrade to NSD 3.2.x release, make
sure to process the old ixfr.db before starting the new release (by
running nsdc patch). For more information, please read the RELNOTES.

The new features include some long outstanding requests, such as
configuring the outgoing ip address and port for notifies and zone
requests (Bugzilla 148) and hmac-sha1/sha256 support for TSIG (Bugzilla
130).

Hope you like it,

Matthijs Mekking
NLnet Labs


RELNOTES:

OPERATIONAL NOTES:
- - Format of ixfr.db has changed. When you are planning an upgrade to the
  new NSD release, make sure to process the old ixfr.db before starting
  the new release (by running nsdc patch).
- - IXFR is transmitted over TCP by default instead of UDP. If you want to
  continue the use of IXFR/UDP, please modify your zone configuration
  file to:
	request-xfr: UDP 1.2.3.4 tsigkey
  We strongly recommend to enable TSIG if you send IXFR over UDP.
  When all masters fail to transmit IXFR/UDP, slave will fallback to
  IXFR/TCP and eventually AXFR/TCP.
- - nsd-patch prints errors to stderr instead of stdout.

BUG FIXES:
- - Only normalize dnames in rdatas when rrtype is listed in RFC 4034,
  section 6.2: Canonical RR Form, following
  draft-ietf-dnsext-dnssec-bis-updates (affects RRSIG and NSEC records).
- - Typo in zonec manpage.
- - Bugfix in log_finalize.
- - Fix race condition between nsdc patch and server reload.

FEATURES:
- - AXFR/TCP fallback in case of failing IXFR zone transfers.
- - RFC 4635: support for hmac-sha1 and hmac-sha256 TSIG algorithm
  identifiers, "Bugfix #130".
- - Configure the source ip-address for notifies (master) and zone
  requests (slave) in nsd.conf, "Bugfix #148".
- - nsd-notify and nsd-xfer allow you to configure the outgoing
  hostname and source port, in addition to the source address.
- - Additional debug and verbose log messages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJGCr9IXqNzxRs6egRAlbYAJ4k28AvrR4QV4gnzbOvKzhCxS+HbACfSnFf
4DZ8+aTBDl3QPUpochnGy2A=7blH
-----END PGP SIGNATURE-----

On Mon, 10 Nov 2008, Matthijs Mekking wrote:
> *IMPORTANT*: Due to a fix in the zone update process, the ixfr.db has a
> new format. When you are planning to upgrade to NSD 3.2.x release, make
> sure to process the old ixfr.db before starting the new release (by
> running nsdc patch). For more information, please read the RELNOTES.
Note: The fedora/rhel package already runs nsdc patch on stop(), so you
don't have to worry about this.
> The new features include some long outstanding requests, such as
> configuring the outgoing ip address and port for notifies and zone
> requests (Bugzilla 148) and hmac-sha1/sha256 support for TSIG (Bugzilla
> 130).
Excellent.

Paul