2020-10-22 08:58:55 +02:00
|
|
|
..
|
|
|
|
|
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
|
|
|
|
|
|
This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
|
|
|
|
|
See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
information regarding copyright ownership.
|
|
|
|
|
|
|
|
|
|
Notes for BIND 9.17.6
|
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
|
|
Security Fixes
|
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
Known Issues
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
New Features
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2020-11-16 11:00:50 +01:00
|
|
|
- A new configuration option, ``stale-refresh-time``, has been
|
|
|
|
|
introduced. It allows a stale RRset to be served directly from cache
|
|
|
|
|
for a period of time after a failed lookup, before a new attempt to
|
|
|
|
|
refresh it is made. [GL #2066]
|
2020-11-04 20:02:34 -03:00
|
|
|
|
2020-11-19 10:50:46 +11:00
|
|
|
- ``dig`` can now report the DNS64 prefixes in use (``+dns64prefix``).
|
|
|
|
|
This is useful when the host on which ``dig`` is run is behind an
|
|
|
|
|
IPv6-only link, using DNS64/NAT64 or 464XLAT for IPv4aaS (IPv4 as a
|
|
|
|
|
Service). [GL #1154]
|
|
|
|
|
|
2020-10-22 08:58:55 +02:00
|
|
|
Removed Features
|
|
|
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
Feature Changes
|
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
2020-10-07 14:07:36 -07:00
|
|
|
- The network manager API is now used by ``named`` to send zone transfer
|
|
|
|
|
requests. [GL #2016]
|
2020-10-22 08:58:55 +02:00
|
|
|
|
2020-09-11 13:47:27 -07:00
|
|
|
- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
|
|
|
|
|
use the new network manager API rather than the older ISC socket API.
|
|
|
|
|
|
2020-11-16 11:00:50 +01:00
|
|
|
As a side effect of this change, the ``dig +unexpected`` option no
|
|
|
|
|
longer works. This could previously be used to diagnose broken servers
|
|
|
|
|
or network configurations by listening for replies from servers other
|
|
|
|
|
than the one that was queried. With the new API, such answers are
|
|
|
|
|
filtered before they ever reach ``dig``, so the option has been
|
2020-09-11 13:47:27 -07:00
|
|
|
removed. [GL #2140]
|
|
|
|
|
|
2020-11-16 11:00:50 +01:00
|
|
|
- Support for DNS over TLS (DoT) has been added: the ``dig`` tool is now
|
|
|
|
|
able to send DoT queries (``+tls`` option) and ``named`` can handle
|
|
|
|
|
DoT queries (``listen-on tls ...`` option). ``named`` can use either a
|
|
|
|
|
certificate provided by the user or an ephemeral certificate generated
|
|
|
|
|
automatically upon startup. [GL #1840]
|
2020-05-13 11:43:46 +02:00
|
|
|
|
2020-10-14 10:10:01 +02:00
|
|
|
- Add NSEC3 support for zones that manage their DNSSEC with the `dnssec-policy`
|
|
|
|
|
configuration. A new option 'nsec3param' can be used to set the desired
|
2020-11-05 11:12:24 +01:00
|
|
|
NSEC3 parameters, and will detect collisions when resalting. [GL #1620].
|
2020-10-14 10:10:01 +02:00
|
|
|
|
2020-10-22 08:58:55 +02:00
|
|
|
Bug Fixes
|
|
|
|
|
~~~~~~~~~
|
|
|
|
|
|
2020-11-16 11:00:50 +01:00
|
|
|
- ``UV_EOF`` is no longer treated as a ``TCP4RecvErr`` or a
|
|
|
|
|
``TCP6RecvErr``. [GL #2208]
|
2020-10-27 10:09:30 +01:00
|
|
|
|
2020-11-16 11:00:50 +01:00
|
|
|
- ``named`` could crash with an assertion failure if a TCP connection
|
|
|
|
|
were closed while a request was still being processed. [GL #2227]
|
2020-11-17 11:03:21 +11:00
|
|
|
|
|
|
|
|
- The synthesised CNAME from a DNAME was incorrectly followed when the QTYPE
|
|
|
|
|
was CNAME or ANY. [GL #2280]
|
