On Fri, Apr 11, 2025 at 01:01:51AM +0200, Joel Carnat wrote:
> Hello,
>
> I just noticed that the nsd(8) program that ships with OpenBSD 7.6 is
> version 4.9.1. As much as I could understand the information from
> cvsweb, the same version would ship with OpenBSD 7.7.
>
> According to NLnet Labs website, the latest nsd version is 4.11.1.
>
> There is nothing about 4.9.1 in their security advisories page and I
> didn't find any CVE for this version, looking on the Internet.
>
> From what I understood from the various release notes, the fixes are
> mostly about documentation and compilation processes. I could only
> identify one fix solving IXFR requests and one about XoT
> interoperability.
>
> Is this the reason why nsd(8) has not been updated (yet) on OpenBSD?
> Is it safe using it as a public authoritative DNS server or should
> PowerDNS, from ports, rather be used?
>
> Thanks,
> Joel C.
>
I think nsd 4.9.11 is fine. It's just that nobody spent the time to
update it.
As for for PowerDNS Authoritative Server, that's a fine program as
well. Bear in mind I am biased, as I work for PowerDNS and maintain
the OpenBSD ports of the PowerDNS open source products (Authoritative
Server, Recursor and dnsdist).
-Otto
