bind/doc/notes/notes-current.rst

.. 
   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
   
   This Source Code Form is subject to the terms of the Mozilla Public
   License, v. 2.0. If a copy of the MPL was not distributed with this
   file, you can obtain one at https://mozilla.org/MPL/2.0/.
   
   See the COPYRIGHT file distributed with this work for additional
   information regarding copyright ownership.

Notes for BIND 9.17.9
---------------------

Security Fixes
~~~~~~~~~~~~~~

- None.

Known Issues
~~~~~~~~~~~~

- None.

New Features
~~~~~~~~~~~~

- ``ipv4only.arpa`` is now served when DNS64 is configured. [GL #385]

Removed Features
~~~~~~~~~~~~~~~~

- A number of non-working configuration options that had been marked
  as obsolete in previous releases have now been removed completely.
  Using any of the following options is now considered a configuration
  failure:
  ``acache-cleaning-interval``, ``acache-enable``, ``additional-from-auth``,
  ``additional-from-cache``, ``allow-v6-synthesis``, ``cleaning-interval``,
  ``dnssec-enable``, ``dnssec-lookaside``, ``filter-aaaa``,
  ``filter-aaaa-on-v4``, ``filter-aaaa-on-v6``, ``geoip-use-ecs``, ``lwres``,
  ``max-acache-size``, ``nosit-udp-size``, ``queryport-pool-ports``,
  ``queryport-pool-updateinterval``, ``request-sit``, ``sit-secret``,
  ``support-ixfr``, ``use-queryport-pool``, ``use-ixfr``. [GL #1086]

Feature Changes
~~~~~~~~~~~~~~~

- It is now possible to transition a zone from secure to insecure mode
  without making it bogus in the process; changing to ``dnssec-policy
  none;`` also causes CDS and CDNSKEY DELETE records to be published, to
  signal that the entire DS RRset at the parent must be removed, as
  described in RFC 8078. [GL #1750]

- The default value of ``max-stale-ttl`` has been changed from 12 hours to 1
  day and the default value of ``stale-answer-ttl`` has been changed from 1
  second to 30 seconds, following RFC 8767 recommendations. [GL #2248]

- When using the ``unixtime`` or ``date`` method to update the SOA
  serial number, ``named`` and ``dnssec-signzone`` silently fell back to
  the ``increment`` method to prevent the new serial number from being
  smaller than the old serial number (using serial number arithmetics).
  ``dnssec-signzone`` now prints a warning message, and ``named`` logs a
  warning, when such a fallback happens. [GL #2058]

Bug Fixes
~~~~~~~~~

- Multiple threads could attempt to destroy a single RBTDB instance at
  the same time, resulting in an unpredictable but low-probability
  assertion failure in ``free_rbtdb()``. This has been fixed. [GL #2317]

- ``named`` no longer attempts to assign threads to CPUs outside the CPU
  affinity set. Thanks to Ole Bjørn Hessen. [GL #2245]

- When reconfiguring ``named``, removing ``auto-dnssec`` did not turn
  off DNSSEC maintenance. This has been fixed. [GL #2341]

- KASP incorrectly set signature validity to the value of the DNSKEY signature
  validity. This is now fixed. [GL #2383]
Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00			`..`
			`Copyright (C) Internet Systems Consortium, Inc. ("ISC")`

			`This Source Code Form is subject to the terms of the Mozilla Public`
			`License, v. 2.0. If a copy of the MPL was not distributed with this`
			`file, you can obtain one at https://mozilla.org/MPL/2.0/.`

			`See the COPYRIGHT file distributed with this work for additional`
			`information regarding copyright ownership.`

			`Notes for BIND 9.17.9`
			`---------------------`

			`Security Fixes`
			`~~~~~~~~~~~~~~`

			`- None.`

			`Known Issues`
			`~~~~~~~~~~~~`

			`- None.`

			`New Features`
			`~~~~~~~~~~~~`

Reorder release notes 2021-01-08 16:16:51 +01:00			- ``ipv4only.arpa`` is now served when DNS64 is configured. [GL #385]
Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00
			`Removed Features`
			`~~~~~~~~~~~~~~~~`

Add notes for [#1086] Mention the configuration cleanup. 2020-12-08 15:19:21 +01:00			`- A number of non-working configuration options that had been marked`
			`as obsolete in previous releases have now been removed completely.`
			`Using any of the following options is now considered a configuration`
			`failure:`
			``acache-cleaning-interval``, ``acache-enable``, ``additional-from-auth``,
			``additional-from-cache``, ``allow-v6-synthesis``, ``cleaning-interval``,
			``dnssec-enable``, ``dnssec-lookaside``, ``filter-aaaa``,
			``filter-aaaa-on-v4``, ``filter-aaaa-on-v6``, ``geoip-use-ecs``, ``lwres``,
			``max-acache-size``, ``nosit-udp-size``, ``queryport-pool-ports``,
			``queryport-pool-updateinterval``, ``request-sit``, ``sit-secret``,
			``support-ixfr``, ``use-queryport-pool``, ``use-ixfr``. [GL #1086]
Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00
			`Feature Changes`
			`~~~~~~~~~~~~~~~`

Add documentation and notes for [#1750] 2020-12-08 09:42:51 +01:00			`- It is now possible to transition a zone from secure to insecure mode`
Tweak and reword release notes 2021-01-08 16:16:51 +01:00			without making it bogus in the process; changing to ``dnssec-policy
Add documentation and notes for [#1750] 2020-12-08 09:42:51 +01:00			none;`` also causes CDS and CDNSKEY DELETE records to be published, to
			`signal that the entire DS RRset at the parent must be removed, as`
			`described in RFC 8078. [GL #1750]`
Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00
Update serve-stale config defaults Change the serve-stale configuration defaults so that they match the recommendations from RFC 8767. 2020-12-08 15:58:45 +01:00			- The default value of ``max-stale-ttl`` has been changed from 12 hours to 1
			day and the default value of ``stale-answer-ttl`` has been changed from 1
			`second to 30 seconds, following RFC 8767 recommendations. [GL #2248]`

Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00			- When using the ``unixtime`` or ``date`` method to update the SOA
			serial number, ``named`` and ``dnssec-signzone`` silently fell back to
			the ``increment`` method to prevent the new serial number from being
			`smaller than the old serial number (using serial number arithmetics).`
Tweak and reword release notes 2021-01-08 16:16:51 +01:00			``dnssec-signzone`` now prints a warning message, and ``named`` logs a
			`warning, when such a fallback happens. [GL #2058]`
Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00
			`Bug Fixes`
			`~~~~~~~~~`

Reorder release notes 2021-01-08 16:16:51 +01:00			`- Multiple threads could attempt to destroy a single RBTDB instance at`
			`the same time, resulting in an unpredictable but low-probability`
			assertion failure in ``free_rbtdb()``. This has been fixed. [GL #2317]

Tweak and reword release notes 2021-01-08 16:16:51 +01:00			- ``named`` no longer attempts to assign threads to CPUs outside the CPU
			`affinity set. Thanks to Ole Bjørn Hessen. [GL #2245]`
Fixup notes I screwed up the notes in !4474 2020-12-23 12:03:26 +01:00
Tweak and reword release notes 2021-01-08 16:16:51 +01:00			- When reconfiguring ``named``, removing ``auto-dnssec`` did not turn
Add notes for [#2341] Mention the bugfix in the release. 2020-12-08 09:55:36 +01:00			`off DNSSEC maintenance. This has been fixed. [GL #2341]`
Add release note 2020-12-18 13:43:11 +11:00
Fix signatures-validity config option KASP was using 'signatures-validity-dnskey' instead of 'signatures-validity'. 2021-01-07 17:41:38 +01:00			`- KASP incorrectly set signature validity to the value of the DNSKEY signature`
			`validity. This is now fixed. [GL #2383]`