2022-03-16 23:18:18 +01:00
|
|
|
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
|
..
|
|
|
|
|
.. SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
..
|
|
|
|
|
.. This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
..
|
|
|
|
|
.. See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
.. information regarding copyright ownership.
|
|
|
|
|
|
2022-07-11 08:51:32 +02:00
|
|
|
Notes for BIND 9.18.6
|
2022-03-16 23:18:18 +01:00
|
|
|
---------------------
|
|
|
|
|
|
|
|
|
|
Security Fixes
|
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
Known Issues
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2022-05-11 10:52:47 +02:00
|
|
|
- None.
|
2022-03-16 23:18:18 +01:00
|
|
|
|
|
|
|
|
New Features
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2022-05-11 10:52:47 +02:00
|
|
|
- None.
|
2022-05-03 09:28:26 +00:00
|
|
|
|
2022-03-16 23:18:18 +01:00
|
|
|
Removed Features
|
|
|
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
Feature Changes
|
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
2022-07-22 09:13:09 +10:00
|
|
|
- DNSSEC ``RSASHA1`` and ``NSEC3RSASHA1`` are automatically disabled
|
|
|
|
|
on systems (e.g. RHEL9) where they are disallowed by the security
|
|
|
|
|
policy. Primary zones using those algorithms need to be moved
|
|
|
|
|
off of them prior to running on these systems as graceful migration
|
|
|
|
|
to different DNSSEC algorithms is not possible when RSASHA1 is
|
|
|
|
|
disallowed by the OS. :gl:`#3469`
|
2022-03-16 23:18:18 +01:00
|
|
|
|
2022-07-19 14:34:33 +00:00
|
|
|
- Fetch limit log messages have been improved to provide more complete
|
|
|
|
|
information. Specifically, the final values of allowed and spilled fetches
|
|
|
|
|
will now be logged before the counter object gets destroyed. :gl:`#3461`
|
|
|
|
|
|
2022-03-16 23:18:18 +01:00
|
|
|
Bug Fixes
|
|
|
|
|
~~~~~~~~~
|
|
|
|
|
|
2022-07-13 10:31:16 +02:00
|
|
|
- When running as a validating resolver forwarding all queries to
|
|
|
|
|
another resolver, :iscman:`named` could crash with an assertion
|
|
|
|
|
failure. These crashes occurred when the configured forwarder sent a
|
|
|
|
|
broken DS response and :iscman:`named` failed its attempts to find a
|
|
|
|
|
proper one instead. This has been fixed. :gl:`#3439`
|
|
|
|
|
|
2022-07-11 10:34:24 +02:00
|
|
|
- Non-dynamic zones that inherit dnssec-policy from the view or
|
|
|
|
|
options level were not marked as inline-signed, and thus were never
|
|
|
|
|
scheduled to be re-signed. This is now fixed. :gl:`#3438`
|
2022-07-11 13:48:21 -07:00
|
|
|
|
|
|
|
|
- The old ``max-zone-ttl`` zone option was meant to be superseded by
|
|
|
|
|
the ``max-zone-ttl`` option in ``dnssec-policy``; however, the latter
|
|
|
|
|
option was not fully effective. This has been corrected: zones will
|
|
|
|
|
not load if they contain TTLs greater than the limit configured in
|
|
|
|
|
``dnssec-policy``. In zones with both the old ``max-zone-ttl``
|
|
|
|
|
option and ``dnssec-policy`` configured, the old option will be
|
|
|
|
|
ignored, and a warning will be generated. :gl:`#2918`
|
2022-07-20 11:33:32 +02:00
|
|
|
|
|
|
|
|
- Fix `rndc dumpdb -expired` to include expired RRsets, even if the cache
|
|
|
|
|
cleaning time window has passed. This will now show expired RRsets that are
|
|
|
|
|
stuck in the cache. :gl:`#3462`
|
