bind/doc/notes/notes-9.19.19.rst

.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0.  If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.

Notes for BIND 9.19.19
----------------------

New Features
~~~~~~~~~~~~

- Initial support for the PROXYv2 protocol was added. :iscman:`named`
  can now accept PROXYv2 headers over all currently implemented DNS
  transports and :iscman:`dig` can insert these headers into the queries
  it sends. Please consult the related documentation
  (:any:`allow-proxy`, :any:`allow-proxy-on`, :any:`listen-on`, and
  :any:`listen-on-v6` for :iscman:`named`, :option:`dig +proxy` and
  :option:`dig +proxy-plain` for :iscman:`dig`) for additional details.
  :gl:`#4388`

Removed Features
~~~~~~~~~~~~~~~~

- Support for using AES as the DNS COOKIE algorithm (``cookie-algorithm
  aes;``) has been removed. The only supported DNS COOKIE algorithm is
  now the current default, SipHash-2-4. :gl:`#4421`

- The ``resolver-nonbackoff-tries`` and ``resolver-retry-interval``
  statements have been removed. Using them is now a fatal error.
  :gl:`#4405`

Feature Changes
~~~~~~~~~~~~~~~

- The maximum number of NSEC3 iterations allowed for validation purposes
  has been lowered from 150 to 50. DNSSEC responses containing NSEC3
  records with iteration counts greater than 50 are now treated as
  insecure. :gl:`#4363`

- Following :rfc:`9276` recommendations, :any:`dnssec-policy` now only
  allows an NSEC3 iteration count of 0 for the DNSSEC-signed zones using
  NSEC3 that the policy manages. :gl:`#4363`

Known Issues
~~~~~~~~~~~~

- There are no new known issues with this release. See :ref:`above
  <relnotes_known_issues>` for a list of all known issues affecting this
  BIND 9 branch.
Set up release notes for BIND 9.19.1 2022-04-12 13:41:18 +02:00			`.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
			`..`
			`.. SPDX-License-Identifier: MPL-2.0`
			`..`
			`.. This Source Code Form is subject to the terms of the Mozilla Public`
			`.. License, v. 2.0. If a copy of the MPL was not distributed with this`
			`.. file, you can obtain one at https://mozilla.org/MPL/2.0/.`
			`..`
			`.. See the COPYRIGHT file distributed with this work for additional`
			`.. information regarding copyright ownership.`

Set up release notes for BIND 9.19.19 2023-11-10 13:50:32 +01:00			`Notes for BIND 9.19.19`
Set up release notes for BIND 9.19.10 2023-01-13 15:35:32 +01:00			`----------------------`
Set up release notes for BIND 9.19.1 2022-04-12 13:41:18 +02:00
			`New Features`
			`~~~~~~~~~~~~`

Tweak and reword release notes 2023-12-07 10:43:46 +01:00			- Initial support for the PROXYv2 protocol was added. :iscman:`named`
			`can now accept PROXYv2 headers over all currently implemented DNS`
			transports and :iscman:`dig` can insert these headers into the queries
			`it sends. Please consult the related documentation`
			(:any:`allow-proxy`, :any:`allow-proxy-on`, :any:`listen-on`, and
			:any:`listen-on-v6` for :iscman:`named`, :option:`dig +proxy` and
			:option:`dig +proxy-plain` for :iscman:`dig`) for additional details.
Update release notes [GL #4388] Mention the initial support for PROXYv2. 2023-11-23 18:44:38 +02:00			:gl:`#4388`
Add CHANGES and release note for [GL #4367] 2023-10-16 16:31:56 +02:00
Set up release notes for BIND 9.19.1 2022-04-12 13:41:18 +02:00			`Removed Features`
			`~~~~~~~~~~~~~~~~`

Tweak and reword release notes 2023-12-07 10:43:46 +01:00			- Support for using AES as the DNS COOKIE algorithm (``cookie-algorithm
			aes;``) has been removed. The only supported DNS COOKIE algorithm is
			now the current default, SipHash-2-4. :gl:`#4421`
Add CHANGES and release note for [GL #4421] 2023-11-07 14:44:44 +01:00
Tweak and reword release notes 2023-12-07 10:43:46 +01:00			- The ``resolver-nonbackoff-tries`` and ``resolver-retry-interval``
			`statements have been removed. Using them is now a fatal error.`
			:gl:`#4405`
deprecate resolver-retry-interval and resolver-nonbackoff-tries these options control default timing of retries in the resolver for experimental purposes; they are not known to useful in production environments. they will be removed in the future; for now, we only log a warning if they are used. 2023-10-31 15:09:05 +01:00
Set up release notes for BIND 9.19.1 2022-04-12 13:41:18 +02:00			`Feature Changes`
			`~~~~~~~~~~~~~~~`

Tweak and reword release notes 2023-12-07 10:43:46 +01:00			`- The maximum number of NSEC3 iterations allowed for validation purposes`
			`has been lowered from 150 to 50. DNSSEC responses containing NSEC3`
			`records with iteration counts greater than 50 are now treated as`
			insecure. :gl:`#4363`
Add release note and CHANGES for #4363 This protocol change is definitely worth mentioning. 2023-11-22 16:39:40 +01:00
Tweak and reword release notes 2023-12-07 10:43:46 +01:00			- Following :rfc:`9276` recommendations, :any:`dnssec-policy` now only
			`allows an NSEC3 iteration count of 0 for the DNSSEC-signed zones using`
			NSEC3 that the policy manages. :gl:`#4363`
Add release note for [GL #4209] 2023-07-18 12:24:07 +10:00
Repeat Known Issues at the top of Release Notes page From now on all per-version notes link to the global list of Known Issues. If there is a new note it should be listed twice: In the per-version list, and in the global list. 2022-11-07 14:03:15 +01:00			`Known Issues`
			`~~~~~~~~~~~~`

Set up release notes for BIND 9.19.12 2023-03-07 14:10:26 +01:00			- There are no new known issues with this release. See :ref:`above
			<relnotes_known_issues>` for a list of all known issues affecting this
			`BIND 9 branch.`