Today, we released version 4.3.8 of the authoritative DNS nameserver NSD.
This release fixes a crash bug in delegation answers, and fixes in NSEC3 answers. Also compile fixes for OpenSSL. The OpenSSL 3.0 API is supported.
The Mutual TLS feature allows for client authentication for XFR-over-TLS connections, use the client-cert, client-key and client-key-pw options to set up the certificate that NSD then uses to connect to the upstream server to download the zone with.
The default for DNS Cookies is updated. It is now off to stop wrong behaviour in mixed server deployments.
You can get source packages of this version from the downloads page.