2022-04-12 13:41:18 +02:00
|
|
|
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
|
..
|
|
|
|
|
.. SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
..
|
|
|
|
|
.. This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
..
|
|
|
|
|
.. See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
.. information regarding copyright ownership.
|
|
|
|
|
|
2024-01-15 15:39:46 +01:00
|
|
|
Notes for BIND 9.19.22
|
2023-01-13 15:35:32 +01:00
|
|
|
----------------------
|
2022-04-12 13:41:18 +02:00
|
|
|
|
|
|
|
|
Security Fixes
|
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
New Features
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2023-12-14 15:57:55 +02:00
|
|
|
- The ``tls`` block was extended with a new ``cipher-suites`` option
|
|
|
|
|
that allows setting allowed cipher suites for TLSv1.3. Please
|
|
|
|
|
consult the documentation for additional details.
|
|
|
|
|
:gl:`#3504`
|
2023-10-16 16:31:56 +02:00
|
|
|
|
2024-01-16 14:38:21 +03:00
|
|
|
- The statistics channel now includes counters that indicate the number
|
|
|
|
|
of currently connected TCP IPv4/IPv6 clients. :gl:`#4425`
|
|
|
|
|
|
2023-11-10 11:45:05 +00:00
|
|
|
- The statistics channel's incoming zone transfers information now also shows
|
|
|
|
|
the zones' "first refresh" flag, which indicates that a zone is not fully
|
|
|
|
|
ready yet, and its first ever refresh is pending or is in-progress. The number
|
|
|
|
|
of such zones is now also exposed by the ``rndc status`` command. :gl:`#4241`
|
|
|
|
|
|
2022-03-17 10:03:02 +01:00
|
|
|
- Add HSM support to :any:`dnssec-policy`. You can now configure keys with a
|
|
|
|
|
``key-store`` that allows you to set the directory to store the key files and
|
|
|
|
|
set a PKCS#11 URI string. The latter requires OpenSSL 3 and a valid PKCS#11
|
|
|
|
|
provider to be configured for OpenSSL. :gl`#1129`.
|
|
|
|
|
|
2022-04-12 13:41:18 +02:00
|
|
|
Removed Features
|
|
|
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
|
|
2024-02-06 16:14:22 +00:00
|
|
|
- BIND 9 no longer supports non-zero :any:`stale-answer-client-timeout` values,
|
|
|
|
|
when the feature is turned on. When using a non-zero value, ``named`` now
|
|
|
|
|
generates a warning log message, and treats the value as ``0``. :gl:`#4447`
|
2023-10-26 12:00:32 +02:00
|
|
|
|
2022-04-12 13:41:18 +02:00
|
|
|
Feature Changes
|
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
2023-12-14 11:10:50 +00:00
|
|
|
- The ``dnssec-validation yes`` option now requires an explicitly configured
|
|
|
|
|
:any:`trust-anchors` statement. If using manual trust anchors is not
|
|
|
|
|
operationally required, then please consider using ``dnssec-validation auto``
|
|
|
|
|
instead. :gl:`#4373`
|
2023-07-18 12:24:07 +10:00
|
|
|
|
2022-04-12 13:41:18 +02:00
|
|
|
Bug Fixes
|
|
|
|
|
~~~~~~~~~
|
|
|
|
|
|
2024-01-11 16:39:59 +02:00
|
|
|
- Changes to ``listen-on`` statements were ignored on reconfiguration
|
|
|
|
|
unless the port or interface address was changed, making it
|
|
|
|
|
impossible to change a related listener transport type. That issue
|
|
|
|
|
has been fixed.
|
|
|
|
|
|
|
|
|
|
ISC would like to thank Thomas Amgarten for bringing this issue to
|
|
|
|
|
our attention. :gl:`#4518`, :gl:`#4528`
|
2023-10-23 14:38:47 +02:00
|
|
|
|
2024-02-23 13:38:19 +11:00
|
|
|
- A use-after-free assertion might get triggered when the overmem cache
|
|
|
|
|
cleaning triggers. :gl:`#4595`
|
|
|
|
|
|
|
|
|
|
ISC would like to thank to Jinmei Tatuya from Infoblox for bringing
|
|
|
|
|
this issue to our attention.
|
|
|
|
|
|
|
|
|
|
|
2022-11-07 14:03:15 +01:00
|
|
|
Known Issues
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2023-03-07 14:10:26 +01:00
|
|
|
- There are no new known issues with this release. See :ref:`above
|
|
|
|
|
<relnotes_known_issues>` for a list of all known issues affecting this
|
|
|
|
|
BIND 9 branch.
|
