bind/doc/notes/notes-current.rst

.. 
   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
   
   This Source Code Form is subject to the terms of the Mozilla Public
   License, v. 2.0. If a copy of the MPL was not distributed with this
   file, You can obtain one at http://mozilla.org/MPL/2.0/.
   
   See the COPYRIGHT file distributed with this work for additional
   information regarding copyright ownership.

Notes for BIND 9.17.4
---------------------

Security Fixes
~~~~~~~~~~~~~~

- None.

Known Issues
~~~~~~~~~~~~

- None.

New Features
~~~~~~~~~~~~

- New ``rndc`` command ``rndc dnssec -checkds`` to tell ``named``
  that a DS record for a given zone or key has been published or withdrawn
  from the parent. Replaces the time-based ``parent-registration-delay``
  configuration option. [GL #1613]

- ``rndc`` has been updated to use the new BIND network manager API.
  This change had the side effect of altering the TCP timeout for RNDC
  connections from 60 seconds to the ``tcp-idle-timeout`` value, which
  defaults to 30 seconds. Also, because the network manager currently
  has no support for UNIX-domain sockets, those cannot now be used
  with ``rndc``. This will be addressed in a future release, either by
  restoring UNIX-domain socket support or by formally declaring them
  to be obsolete in the control channel. [GL #1759]

- Statistics channels have also been updated to use the new BIND network
  manager API. [GL #2022]

- A new configuration option ``stale-cache-enable`` has been introduced to
  enable or disable the keeping of stale answers in cache. [GL #1712]

Feature Changes
~~~~~~~~~~~~~~~

- BIND's cache database implementation has been updated to use a faster
  hash-function with better distribution.  In addition, the effective
  max-cache-size (configured explicitly, defaulting to a value based on system
  memory or set to 'unlimited') now pre-allocates fixed size hash tables. This
  prevents interruption to query resolution when the hash tables need to be
  increased in size. [GL #1775]

- Keeping stale answers in cache has been disabled by default.

- The resource records received with 0 TTL are no longer kept in the cache
  to be used for stale answers. [GL #1829]

Bug Fixes
~~~~~~~~~

- Addressed an error in recursive clients stats reporting.
  There were occasions when an incoming query could trigger a prefetch for
  some eligible rrset, and if the prefetch code were executed before recursion,
  no increment in recursive clients stats would take place. Conversely,
  when processing the answers, if the recursion code were executed before the
  prefetch, the same counter would be decremented without a matching increment.
  [GL #1719]

- The introduction of KASP support broke whether the second field
  of sig-validity-interval was treated as days or hours. (Thanks to
  Tony Finch.) [GL !3735]

- The IPv6 Duplicate Address Detection (DAD) mechanism could cause the operating
  system to report the new IPv6 addresses to the applications via the
  getifaddrs() API in a tentative (DAD not yet finished) or duplicate (DAD
  failed) state. Such addresses cannot be bound by an application, and named
  failed to listen on IPv6 addresses after the DAD mechanism finished. It is
  possible to work around the issue by setting the IP_FREEBIND option on the
  socket and trying to bind() to the IPv6 address again if the first bind() call
  fails with EADDRNOTAVAIL. [GL #2038]
Set up release notes for BIND 9.17.4 2020-07-15 23:06:25 +02:00			`..`
			`Copyright (C) Internet Systems Consortium, Inc. ("ISC")`

			`This Source Code Form is subject to the terms of the Mozilla Public`
			`License, v. 2.0. If a copy of the MPL was not distributed with this`
			`file, You can obtain one at http://mozilla.org/MPL/2.0/.`

			`See the COPYRIGHT file distributed with this work for additional`
			`information regarding copyright ownership.`

			`Notes for BIND 9.17.4`
			`---------------------`

			`Security Fixes`
			`~~~~~~~~~~~~~~`

			`- None.`

			`Known Issues`
			`~~~~~~~~~~~~`

			`- None.`

			`New Features`
			`~~~~~~~~~~~~`

Add notes for #1613 (rndc dnssec -checkds) This is a new feature that should be mentioned in the notes. 2020-07-31 11:15:49 +02:00			- New ``rndc`` command ``rndc dnssec -checkds`` to tell ``named``
			`that a DS record for a given zone or key has been published or withdrawn`
			from the parent. Replaces the time-based ``parent-registration-delay``
			`configuration option. [GL #1613]`

Set up release notes for BIND 9.17.4 2020-07-15 23:06:25 +02:00			- ``rndc`` has been updated to use the new BIND network manager API.
			`This change had the side effect of altering the TCP timeout for RNDC`
			connections from 60 seconds to the ``tcp-idle-timeout`` value, which
			`defaults to 30 seconds. Also, because the network manager currently`
			`has no support for UNIX-domain sockets, those cannot now be used`
			with ``rndc``. This will be addressed in a future release, either by
			`restoring UNIX-domain socket support or by formally declaring them`
			`to be obsolete in the control channel. [GL #1759]`

CHANGES, release note 2020-07-13 14:05:55 -07:00			`- Statistics channels have also been updated to use the new BIND network`
			`manager API. [GL #2022]`

Add CHANGES and release notes for GL #1712 and GL #1829 2020-07-30 15:10:49 +02:00			- A new configuration option ``stale-cache-enable`` has been introduced to
			`enable or disable the keeping of stale answers in cache. [GL #1712]`

Set up release notes for BIND 9.17.4 2020-07-15 23:06:25 +02:00			`Feature Changes`
			`~~~~~~~~~~~~~~~`

Add CHANGES and release note for #1775 2020-07-20 11:31:05 +02:00			`- BIND's cache database implementation has been updated to use a faster`
			`hash-function with better distribution. In addition, the effective`
			`max-cache-size (configured explicitly, defaulting to a value based on system`
			`memory or set to 'unlimited') now pre-allocates fixed size hash tables. This`
			`prevents interruption to query resolution when the hash tables need to be`
			`increased in size. [GL #1775]`
Set up release notes for BIND 9.17.4 2020-07-15 23:06:25 +02:00
Add CHANGES and release notes for GL #1712 and GL #1829 2020-07-30 15:10:49 +02:00			`- Keeping stale answers in cache has been disabled by default.`

			`- The resource records received with 0 TTL are no longer kept in the cache`
			`to be used for stale answers. [GL #1829]`

Set up release notes for BIND 9.17.4 2020-07-15 23:06:25 +02:00			`Bug Fixes`
			`~~~~~~~~~`

			`- Addressed an error in recursive clients stats reporting.`
			`There were occasions when an incoming query could trigger a prefetch for`
			`some eligible rrset, and if the prefetch code were executed before recursion,`
			`no increment in recursive clients stats would take place. Conversely,`
			`when processing the answers, if the recursion code were executed before the`
			`prefetch, the same counter would be decremented without a matching increment.`
			`[GL #1719]`

			`- The introduction of KASP support broke whether the second field`
			`of sig-validity-interval was treated as days or hours. (Thanks to`
			`Tony Finch.) [GL !3735]`
Add CHANGES and release note for GL #2038 2020-07-21 14:56:45 +02:00
			`- The IPv6 Duplicate Address Detection (DAD) mechanism could cause the operating`
			`system to report the new IPv6 addresses to the applications via the`
			`getifaddrs() API in a tentative (DAD not yet finished) or duplicate (DAD`
			`failed) state. Such addresses cannot be bound by an application, and named`
			`failed to listen on IPv6 addresses after the DAD mechanism finished. It is`
			`possible to work around the issue by setting the IP_FREEBIND option on the`
			`socket and trying to bind() to the IPv6 address again if the first bind() call`
			`fails with EADDRNOTAVAIL. [GL #2038]`