2022-04-12 13:41:18 +02:00
|
|
|
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
|
..
|
|
|
|
|
.. SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
..
|
|
|
|
|
.. This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
..
|
|
|
|
|
.. See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
.. information regarding copyright ownership.
|
|
|
|
|
|
2023-03-07 14:10:26 +01:00
|
|
|
Notes for BIND 9.19.12
|
2023-01-13 15:35:32 +01:00
|
|
|
----------------------
|
2022-04-12 13:41:18 +02:00
|
|
|
|
|
|
|
|
Security Fixes
|
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
New Features
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2023-03-08 19:22:27 +00:00
|
|
|
- BIND now depends on ``liburcu``, Userspace RCU, for lock-free data
|
|
|
|
|
structures. :gl:`#3934`
|
2022-05-03 09:28:26 +00:00
|
|
|
|
2023-02-01 23:38:04 -08:00
|
|
|
- The new ``delv +ns`` option activates name server mode, in which ``delv``
|
|
|
|
|
sets up an internal recursive resolver and uses that, rather than an
|
|
|
|
|
external server, to look up the requested query name and type. All messages
|
|
|
|
|
sent and received during the resolution and validation process are logged.
|
|
|
|
|
This can be used in place of ``dig +trace``: it more accurately
|
|
|
|
|
reproduces the behavior of ``named`` when resolving a query.
|
|
|
|
|
|
|
|
|
|
The log message ``resolver priming query complete`` was moved from the
|
|
|
|
|
INFO log level to the DEBUG(1) log level, to prevent ``delv`` from
|
|
|
|
|
emitting that message when setting up its internal resolver. :gl:`#3842`
|
|
|
|
|
|
2023-03-28 16:05:20 +02:00
|
|
|
- A new configuration option :any:`checkds` is introduced that when set to
|
|
|
|
|
``yes`` will detect :any:`parental-agents` automatically by resolving the
|
|
|
|
|
parent NS records. These name servers will be used to check the DS RRset
|
|
|
|
|
during a KSK rollover initiated by :any:`dnssec-policy`. :gl:`#3901`
|
|
|
|
|
|
2022-04-12 13:41:18 +02:00
|
|
|
Removed Features
|
|
|
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
|
|
2023-02-28 16:26:31 +01:00
|
|
|
- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been removed and
|
|
|
|
|
using TKEY Mode 2 is now a fatal error. Users are advised to switch to TKEY
|
|
|
|
|
Mode 3 (GSS-API). :gl:`#3905`
|
|
|
|
|
|
2023-03-22 15:06:58 -07:00
|
|
|
- Zone type ``delegation-only``, and the ``delegation-only`` and
|
2023-03-22 17:00:27 -07:00
|
|
|
``root-delegation-only`` options, have been removed. Using them
|
|
|
|
|
is a configuration error.
|
2023-03-22 15:06:58 -07:00
|
|
|
|
|
|
|
|
These options were created to address the SiteFinder controversy, in
|
|
|
|
|
which certain top-level domains redirected misspelled queries to other
|
|
|
|
|
sites instead of returning NXDOMAIN responses. Since top-level domains are
|
|
|
|
|
now DNSSEC signed, and DNSSEC validation is active by default, the
|
|
|
|
|
options are no longer needed. :gl:`#3953`
|
|
|
|
|
|
2022-04-12 13:41:18 +02:00
|
|
|
Feature Changes
|
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
2023-03-07 14:10:26 +01:00
|
|
|
- None.
|
2023-02-21 14:39:27 +00:00
|
|
|
|
2022-04-12 13:41:18 +02:00
|
|
|
Bug Fixes
|
|
|
|
|
~~~~~~~~~
|
|
|
|
|
|
2023-04-03 16:57:32 +02:00
|
|
|
- Performance of DNSSEC validation in zones with many DNSKEY records
|
|
|
|
|
has been improved. :gl:`#3981`
|
2023-01-13 14:50:27 +01:00
|
|
|
|
2022-11-07 14:03:15 +01:00
|
|
|
Known Issues
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2023-03-07 14:10:26 +01:00
|
|
|
- There are no new known issues with this release. See :ref:`above
|
|
|
|
|
<relnotes_known_issues>` for a list of all known issues affecting this
|
|
|
|
|
BIND 9 branch.
|
