2022-03-16 23:18:18 +01:00
|
|
|
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
|
..
|
|
|
|
|
.. SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
..
|
|
|
|
|
.. This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
..
|
|
|
|
|
.. See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
.. information regarding copyright ownership.
|
|
|
|
|
|
2022-09-09 19:58:46 +02:00
|
|
|
Notes for BIND 9.18.8
|
2022-03-16 23:18:18 +01:00
|
|
|
---------------------
|
|
|
|
|
|
|
|
|
|
Security Fixes
|
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
Known Issues
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2022-10-05 15:21:36 +02:00
|
|
|
- Upgrading from BIND 9.16.32, 9.18.6, or older, may require a manual
|
|
|
|
|
configuration change. The following configurations are affected:
|
|
|
|
|
|
|
|
|
|
- :any:`type primary` zones configured with :any:`dnssec-policy` but without
|
|
|
|
|
either :any:`allow-update` or :any:`update-policy`
|
|
|
|
|
- :any:`type secondary` zones configured with :any:`dnssec-policy`
|
|
|
|
|
|
|
|
|
|
In these cases please add :namedconf:ref:`inline-signing yes;
|
|
|
|
|
<inline-signing>` to individual zone configuration(s). Without applying this
|
|
|
|
|
change :iscman:`named` will fail to start. For more details see
|
|
|
|
|
https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
|
|
|
|
|
|
2022-09-22 09:55:28 +00:00
|
|
|
- BIND 9.18 does not support dynamic updates forwarding (see
|
|
|
|
|
:any:`allow-update-forwarding`) in conjuction with zone transfers
|
|
|
|
|
over TLS (XoT). :gl:`#3512`
|
2022-03-16 23:18:18 +01:00
|
|
|
|
|
|
|
|
New Features
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
2022-05-11 10:52:47 +02:00
|
|
|
- None.
|
2022-05-03 09:28:26 +00:00
|
|
|
|
2022-09-27 15:13:13 +02:00
|
|
|
- :iscman:`named` now logs the supported cryptographic algorithms during
|
|
|
|
|
startup and in the output of :option:`named -V`. :gl:`#3541`
|
|
|
|
|
|
2022-03-16 23:18:18 +01:00
|
|
|
Removed Features
|
|
|
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
- None.
|
|
|
|
|
|
|
|
|
|
Feature Changes
|
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
2022-09-09 19:58:46 +02:00
|
|
|
- None.
|
2022-08-26 12:28:10 +02:00
|
|
|
|
2022-09-14 12:53:42 +10:00
|
|
|
- The ability to use pkcs11 via engine_pkcs11 has been restored, by only using
|
|
|
|
|
deprecated APIs in OpenSSL 3.0.0. BIND needs to be compiled
|
|
|
|
|
with '-DOPENSSL_API_COMPAT=10100' specified in the CFLAGS at
|
|
|
|
|
compile time. :gl:`!6711`
|
|
|
|
|
|
2022-09-15 16:12:49 +10:00
|
|
|
- Add support for parsing and validating ``dohpath`` to SVBC records.
|
|
|
|
|
:gl:`#3544`
|
|
|
|
|
|
2022-03-16 23:18:18 +01:00
|
|
|
Bug Fixes
|
|
|
|
|
~~~~~~~~~
|
|
|
|
|
|
2022-09-09 10:48:13 +02:00
|
|
|
- An assertion failure was fixed in ``named`` that was caused by aborting the statistics
|
|
|
|
|
channel connection while sending statistics data to the client. :gl:`#3542`
|
2022-09-23 17:53:08 +10:00
|
|
|
|
|
|
|
|
- Changing just the TSIG key names for primaries in catalog zones' member
|
|
|
|
|
zones was not effective. :gl:`#3557`
|
