bind/doc/notes/notes-current.rst

.. 
   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
   
   This Source Code Form is subject to the terms of the Mozilla Public
   License, v. 2.0. If a copy of the MPL was not distributed with this
   file, You can obtain one at http://mozilla.org/MPL/2.0/.
   
   See the COPYRIGHT file distributed with this work for additional
   information regarding copyright ownership.

Notes for BIND 9.17.3
---------------------

Security Fixes
~~~~~~~~~~~~~~

- None.

Known Issues
~~~~~~~~~~~~

- None.

New Features
~~~~~~~~~~~~

- None.

Feature Changes
~~~~~~~~~~~~~~~

- New ``rndc`` command ``rndc dnssec -status`` that shows the current
  DNSSEC policy and keys in use, the key states and rollover status.
  [GL #1612]

- Disable and disallow static linking of BIND 9 binaries and libraries
  as BIND 9 modules require ``dlopen()`` support and static linking also
  prevents using security features like read-only relocations (RELRO) or
  address space layout randomization (ASLR) which are important for
  programs that interact with the network and process arbitrary user
  input. [GL #1933]

- As part of an ongoing effort to use RFC 8499 terminology, ``primaries``
  can now be used as a synonym for ``masters`` in ``named.conf``.
  Similarly, ``notify priamry-only`` can now be used as a synonym
  for ``notify master-only``. The output of ``rndc zonestatus`` now
  uses ``primary`` and ``secondary`` terminology. [GL #1948]

Bug Fixes
~~~~~~~~~

- Addressed an error in recursive clients stats reporting.
  There were occasions when an incoming query could trigger a prefetch for
  some eligible rrset, and if the prefetch code were executed before recursion,
  no increment in recursive clients stats would take place. Conversely,
  when processing the answers, if the recursion code were executed before the
  prefetch, the same counter would be decremented without a matching increment.
  [GL #1719]

- The DS set returned by ``dns_keynode_dsset()`` was not thread-safe.
  This could result in an INSIST being triggered. [GL #1926]

- The ``primary`` and ``secondary`` keywords, when used as parameters for
  ``check-names``, were not processed correctly and were being ignored.
  [GL #1949]

- 'rndc dnstap -roll <value>' was not limiting the number of saved
  files to <value>. [GL !3728]

- The validator could fail to accept a properly signed RRset if an
  unsupported algorithm appeared earlier in the DNSKEY RRset than a
  supported algorithm.  It could also stop if it detected a malformed
  public key. [GL #1689]

- The ``blackhole`` ACL was inadvertently disabled with respect to
  client queries. Blocked IP addresses were not used for upstream
  queries but queries from those addresses could still be answered.
  [GL #1936]

- ``named`` would crash on shutdown when new ``rndc`` connection is received at
  the same time as shutting down. [GL #1747]

- Fix assertion failure when server is under load and root zone is not yet
  loaded. [GL #1862]

- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c`` that
  have been reused meanwhile.  [GL #1968]
Set up release notes for BIND 9.17.3 2020-06-18 10:10:02 +02:00			`..`
			`Copyright (C) Internet Systems Consortium, Inc. ("ISC")`

			`This Source Code Form is subject to the terms of the Mozilla Public`
			`License, v. 2.0. If a copy of the MPL was not distributed with this`
			`file, You can obtain one at http://mozilla.org/MPL/2.0/.`

			`See the COPYRIGHT file distributed with this work for additional`
			`information regarding copyright ownership.`

			`Notes for BIND 9.17.3`
			`---------------------`

			`Security Fixes`
			`~~~~~~~~~~~~~~`

			`- None.`

			`Known Issues`
			`~~~~~~~~~~~~`

			`- None.`

			`New Features`
			`~~~~~~~~~~~~`

			`- None.`

			`Feature Changes`
			`~~~~~~~~~~~~~~~`

Update notes, changes for #1612 2020-06-18 17:10:34 +02:00			- New ``rndc`` command ``rndc dnssec -status`` that shows the current
			`DNSSEC policy and keys in use, the key states and rollover status.`
			`[GL #1612]`

Add CHANGES and release note for #1933 2020-06-17 14:28:23 +02:00			`- Disable and disallow static linking of BIND 9 binaries and libraries`
			as BIND 9 modules require ``dlopen()`` support and static linking also
			`prevents using security features like read-only relocations (RELRO) or`
			`address space layout randomization (ASLR) which are important for`
			`programs that interact with the network and process arbitrary user`
			`input. [GL #1933]`
Set up release notes for BIND 9.17.3 2020-06-18 10:10:02 +02:00
CHANGES, release note 2020-06-17 02:39:58 -07:00			- As part of an ongoing effort to use RFC 8499 terminology, ``primaries``
			can now be used as a synonym for ``masters`` in ``named.conf``.
			Similarly, ``notify priamry-only`` can now be used as a synonym
			for ``notify master-only``. The output of ``rndc zonestatus`` now
			uses ``primary`` and ``secondary`` terminology. [GL #1948]

Set up release notes for BIND 9.17.3 2020-06-18 10:10:02 +02:00			`Bug Fixes`
			`~~~~~~~~~`

Add CHANGES and release note for #1719 2020-07-13 11:43:36 -03:00			`- Addressed an error in recursive clients stats reporting.`
			`There were occasions when an incoming query could trigger a prefetch for`
			`some eligible rrset, and if the prefetch code were executed before recursion,`
			`no increment in recursive clients stats would take place. Conversely,`
			`when processing the answers, if the recursion code were executed before the`
			`prefetch, the same counter would be decremented without a matching increment.`
			`[GL #1719]`

Set up release notes for BIND 9.17.3 2020-06-18 10:10:02 +02:00			- The DS set returned by ``dns_keynode_dsset()`` was not thread-safe.
			`This could result in an INSIST being triggered. [GL #1926]`
Add CHANGES and release note for #1949 2020-06-22 12:33:54 +02:00
			- The ``primary`` and ``secondary`` keywords, when used as parameters for
			``check-names``, were not processed correctly and were being ignored.
			`[GL #1949]`
Add Release Note for [GL !3728] 2020-06-23 13:36:40 +10:00
			`- 'rndc dnstap -roll <value>' was not limiting the number of saved`
			`files to <value>. [GL !3728]`
Add Release Note for [GL #1689] 2020-06-23 10:56:07 +10:00
			`- The validator could fail to accept a properly signed RRset if an`
			`unsupported algorithm appeared earlier in the DNSKEY RRset than a`
			`supported algorithm. It could also stop if it detected a malformed`
			`public key. [GL #1689]`
CHANGES, release note 2020-06-29 22:55:13 -07:00
			- The ``blackhole`` ACL was inadvertently disabled with respect to
			`client queries. Blocked IP addresses were not used for upstream`
			`queries but queries from those addresses could still be answered.`
			`[GL #1936]`
Add CHANGES and release not for #1747 2020-06-23 13:30:09 +02:00
			- ``named`` would crash on shutdown when new ``rndc`` connection is received at
			`the same time as shutting down. [GL #1747]`
Add release notes for #1862 2020-05-28 11:37:05 +02:00
			`- Fix assertion failure when server is under load and root zone is not yet`
			`loaded. [GL #1862]`
Add CHANGES and release note for #1968 2020-07-01 15:07:57 +02:00
			- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c`` that
			`have been reused meanwhile. [GL #1968]`