bind/doc/notes/notes-current.rst

.. 
   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
   
   This Source Code Form is subject to the terms of the Mozilla Public
   License, v. 2.0. If a copy of the MPL was not distributed with this
   file, you can obtain one at https://mozilla.org/MPL/2.0/.
   
   See the COPYRIGHT file distributed with this work for additional
   information regarding copyright ownership.

Notes for BIND 9.17.6
---------------------

Security Fixes
~~~~~~~~~~~~~~

- None.

Known Issues
~~~~~~~~~~~~

- None.

New Features
~~~~~~~~~~~~

- Add a new ``rndc`` command, ``rndc dnssec -rollover``, which triggers
  a manual rollover for a specific key. [GL #1749]

- New ``rndc`` command ``rndc dumpdb -expired`` that dumps the cache database
  to the dump-file including expired RRsets that are awaiting cleanup, for
  diagnostic purposes. [GL #1870]

Removed Features
~~~~~~~~~~~~~~~~

- None.


Feature Changes
~~~~~~~~~~~~~~~

- [DNS Flag Day 2020]: The default EDNS buffer size has been changed from 4096
  to 1232, the EDNS buffer size probing has been removed and ``named`` now sets
  the DON'T FRAGMENT flag on outgoing UDP packets.  According to the
  measurements done by multiple parties this should not be causing any
  operational problems as most of the Internet "core" is able to cope with IP
  message sizes between 1400-1500 bytes, the 1232 size was picked as a
  conservative minimal number that could be changed by the DNS operator to a
  estimated path MTU minus the estimated header space. In practice, the smallest
  MTU witnessed in the operational DNS community is 1500 octets, the Ethernet
  maximum payload size, so a a useful default for maximum DNS/UDP payload size
  on reliable networks would be 1400. [GL #2183]

Bug Fixes
~~~~~~~~~

- Updating contents of an RPZ zone which contained names spelled using
  varying letter case could cause some processing rules in that RPZ zone
  to be erroneously ignored. [GL #2169]

- `named` would report invalid memory size when running in an environment
  that doesn't properly report number of available memory pages or pagesize.
  [GL #2166]

- `named` would exit with assertion failure REQUIRE(msg->state == (-1)) in
  message.c due to a possible data race. [GL #2124]

- `named` would start continous rollovers for policies that algorithms
  Ed25519 or Ed448 due to a mismatch in created key size and expected key size.
  [GL #2171]

- Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or
  `TCP6RecvErr`. [GL #2208]
Set up release notes for BIND 9.17.6 2020-09-16 22:41:35 +02:00			`..`
			`Copyright (C) Internet Systems Consortium, Inc. ("ISC")`

			`This Source Code Form is subject to the terms of the Mozilla Public`
			`License, v. 2.0. If a copy of the MPL was not distributed with this`
			`file, you can obtain one at https://mozilla.org/MPL/2.0/.`

			`See the COPYRIGHT file distributed with this work for additional`
			`information regarding copyright ownership.`

			`Notes for BIND 9.17.6`
			`---------------------`

			`Security Fixes`
			`~~~~~~~~~~~~~~`

			`- None.`

			`Known Issues`
			`~~~~~~~~~~~~`

			`- None.`

			`New Features`
			`~~~~~~~~~~~~`

Add rndc dnssec -rollover command This command is similar in arguments as -checkds so refactor the 'named_server_dnssec' function accordingly. The only difference are that: - It does not take a "publish" or "withdrawn" argument. - It requires the key id to be set (add a check to make sure). Add tests that will trigger rollover immediately and one that schedules a test in the future. 2020-08-21 15:38:00 +02:00			- Add a new ``rndc`` command, ``rndc dnssec -rollover``, which triggers
			`a manual rollover for a specific key. [GL #1749]`

Add notes and CHANGES for #1870 This is a new features so it requires a CHANGE and release notes entry. 2020-09-09 11:23:28 +02:00			- New ``rndc`` command ``rndc dumpdb -expired`` that dumps the cache database
			`to the dump-file including expired RRsets that are awaiting cleanup, for`
			`diagnostic purposes. [GL #1870]`

Set up release notes for BIND 9.17.6 2020-09-16 22:41:35 +02:00			`Removed Features`
			`~~~~~~~~~~~~~~~~`

			`- None.`

Add rndc dnssec -rollover command This command is similar in arguments as -checkds so refactor the 'named_server_dnssec' function accordingly. The only difference are that: - It does not take a "publish" or "withdrawn" argument. - It requires the key id to be set (add a check to make sure). Add tests that will trigger rollover immediately and one that schedules a test in the future. 2020-08-21 15:38:00 +02:00
Set up release notes for BIND 9.17.6 2020-09-16 22:41:35 +02:00			`Feature Changes`
			`~~~~~~~~~~~~~~~`

Add text describing the changes done in the MR in more detail 2020-09-30 18:38:32 +02:00			`- [DNS Flag Day 2020]: The default EDNS buffer size has been changed from 4096`
			to 1232, the EDNS buffer size probing has been removed and ``named`` now sets
			`the DON'T FRAGMENT flag on outgoing UDP packets. According to the`
			`measurements done by multiple parties this should not be causing any`
			`operational problems as most of the Internet "core" is able to cope with IP`
			`message sizes between 1400-1500 bytes, the 1232 size was picked as a`
			`conservative minimal number that could be changed by the DNS operator to a`
			`estimated path MTU minus the estimated header space. In practice, the smallest`
			`MTU witnessed in the operational DNS community is 1500 octets, the Ethernet`
			`maximum payload size, so a a useful default for maximum DNS/UDP payload size`
			`on reliable networks would be 1400. [GL #2183]`
Set up release notes for BIND 9.17.6 2020-09-16 22:41:35 +02:00
			`Bug Fixes`
			`~~~~~~~~~`

Add release note 2020-09-21 09:28:36 +02:00			`- Updating contents of an RPZ zone which contained names spelled using`
			`varying letter case could cause some processing rules in that RPZ zone`
			`to be erroneously ignored. [GL #2169]`
Add CHANGES and release note for GL #2166 2020-09-17 14:47:16 +02:00
			- `named` would report invalid memory size when running in an environment
			`that doesn't properly report number of available memory pages or pagesize.`
			`[GL #2166]`
Add CHANGES and release note for GL #2124 2020-09-25 12:51:39 +02:00
			- `named` would exit with assertion failure REQUIRE(msg->state == (-1)) in
			`message.c due to a possible data race. [GL #2124]`
Add change and note for #2171 This is a bug that needs to be noted. 2020-09-30 10:03:43 +02:00
			- `named` would start continous rollovers for policies that algorithms
			`Ed25519 or Ed448 due to a mismatch in created key size and expected key size.`
			`[GL #2171]`
Don't increment network error stats on UV_EOF When networking statistics was added to the netmgr (in commit 5234a8e00a6ae1df738020f27544594ccb8d5215), two lines were added that increment the 'STATID_RECVFAIL' statistic: One if 'uv_read_start' fails and one at the end of the 'read_cb'. The latter happens if 'nread < 0'. According to the libuv documentation, I/O read callbacks (such as for files and sockets) are passed a parameter 'nread'. If 'nread' is less than 0, there was an error and 'UV_EOF' is the end of file error, which you may want to handle differently. In other words, we should not treat EOF as a RECVFAIL error. 2020-10-20 10:57:16 +02:00
			- Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or
			`TCP6RecvErr`. [GL #2208]