mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-23 10:39:16 +00:00
Code Issues Releases Wiki Activity
bind/doc/notes/notes-9.21.5.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

97 lines
3.3 KiB
ReStructuredText
Raw Normal View History

Prepare release notes for BIND 9.21.5
2025-02-07 13:15:11 +01:00
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.21.5
---------------------
New Features
~~~~~~~~~~~~
- Adds support for EDE code 1 and 2.
Add support for EDE codes 1 & 2 which might occurs during DNSSEC
validation in case of unsupported RRSIG algorithm or DNSKEY digest.
:gl:`#2715`
- Add a rndc command to toggle jemalloc profiling.
The new command is `rndc memprof`. The memory profiling status is also
reported inside `rndc status`. The status also shows whether named can
toggle memory profiling or not and if the server is built with
jemalloc. :gl:`#4759`
- Add support for multiple extended DNS errors.
Extended DNS error mechanism (EDE) may have several errors raised
during a DNS resolution. `named` is now able to add up to three EDE
codes in a DNS response. In the case of duplicate error codes, only
the first one will be part of the DNS response. :gl:`#5085`
- Print the expiration time of the stale records.
Print the expiration time of the stale RRsets in the cache dump.
Feature Changes
~~~~~~~~~~~~~~~
- Include destination address port number in query logging.
When query logging is enabled, named will now include the destination
address port in the logged message. :gl:`#5060`
Bug Fixes
~~~~~~~~~
- Validate adb fetches.
ADB responses were not being validated, allowing spoofed responses to
be accepted and used for further lookups. This should not be possible
when the servers for the zone are in a signed zone, except with CD=1
requests or when glue is needed. This has been fixed. :gl:`#5066`
- Recently expired records could be returned with timestamp in future.
Under rare circumstances, the RRSet that expired at the time of the
query could be returned with TTL far in the future. This has been
fixed.
As a side-effect, the expiration time of expired RRSets are no longer
printed out in the cache dump. :gl:`#5094`
- Yaml string not terminated in negative response in delv.
:gl:`#5098`
- Fix a bug in dnssec-signzone related to keys being offline.
In the case when `dnssec-signzone` is called on an already signed
zone, and the private key file is unavailable, a signature that needs
to be refreshed may be dropped without being able to generate a
replacement. This has been fixed. :gl:`#5126`
- Apply the memory limit only to ADB database items.
Resolver under heavy-load could exhaust the memory available for
storing the information in the Address Database (ADB) effectively
evicting already stored information in the ADB. The memory used to
retrieve and provide information from the ADB is now not a subject of
the same memory limits that are applied for storing the information in
the Address Database. :gl:`#5127`
- Avoid unnecessary locking in the zone/cache database.
Prevent lock contention among many worker threads referring to the
same database node at the same time. This would improve zone and
cache database performance for the heavily contended database nodes.
:gl:`#5130`
Reference in New Issue Copy Permalink