On 2025-04-11 01:01 +02, Joel Carnat <j...@carnat.net> wrote: > Hello, > > I just noticed that the nsd(8) program that ships with OpenBSD 7.6 is > version 4.9.1. As much as I could understand the information from > cvsweb, the same version would ship with OpenBSD 7.7. > > According to NLnet Labs website, the latest nsd version is 4.11.1. > > There is nothing about 4.9.1 in their security advisories page and I > didn't find any CVE for this version, looking on the Internet. > > From what I understood from the various release notes, the fixes are > mostly about documentation and compilation processes. I could only > identify one fix solving IXFR requests and one about XoT > interoperability. > > Is this the reason why nsd(8) has not been updated (yet) on OpenBSD?
https://marc.info/?l=openbsd-tech&m=173532102410761&w=2 The silence was deafening. Meanwhile a hero stepped up and tested bunch of archs I don't have access to. So maybe in -current. > Is it safe using it as a public authoritative DNS server or should I don't think anything is safe on the public Internet. That being said: $ dig @a.ns.sha256.net +noall +answer +norec version.server ch txt version.server. 0 CH TXT "NSD 4.9.1" > PowerDNS, from ports, rather be used? > > Thanks, > Joel C. > -- In my defence, I have been left unsupervised.
