[nsd-users] NSD 4.1.11

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Aug 9 07:49:01 UTC 2016


Hi,

NSD 4.1.11 is available:
http://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.11.tar.gz
sha1 bd70fc0735f885ef80d33a32bdf139970ce830a4
sha256 c7712fd05eb0ab97040738e01d9369d02b89c0a7fa0943fd5bfc43b2111a92df
pgp http://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.11.tar.gz.asc

This release contains a patch for the unlimited AXFR vulnerability; with
a config option to limit AXFR sizes.

Bug fixes when without IPv6 and for serving DS records with no NS record
in parent-child co-hosted setups.


4.1.11
================
FEATURES:
- When tcp is more than half full, use short timeout for tcp session.
- Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
- Fix #790: size-limit-xfr can stop NSD from downloading infinite zone
  transfer data size, from Toshifumi Sakaguchi.  Fixes CVE-2016-6173
  JVN#63359718 JPCERT#91251865.

BUG FIXES:
- Fix build without IPv6, patch from Zdenek Kaspar.
- Fix #783: Trying to run a root server without having configured it
  silently gives wrong answers.
- Fix #782: Serve DS record but parent zone has no NS record.
- Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.


Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20160809/334d3acd/attachment.bin>


More information about the nsd-users mailing list