mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Tweak and reword release notes

Browse Source
This commit is contained in:
Michal Nowak
2024-05-02 12:30:39 +02:00
parent 8cdc0eafd9
commit 0f81fbcb1f
1 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
doc/notes/notes-9.19.24.rst
View File

@@ -15,40 +15,43 @@ Notes for BIND 9.19.24
New Features
~~~~~~~~~~~~
- A new option :any:`signatures-jitter` is added to :any:`dnssec-policy` to
spread out signature expiration times over a period of time. :gl:`#4554`
- A new option :any:`signatures-jitter` has been added to :any:`dnssec-policy`
to allow signature expirations to be spread out over a period of time.
:gl:`#4554`
- A new DNSSEC tool :iscman:`dnssec-ksr` is added to create Key Signing Request
(KSR) and Signed Key Response (SKR) files. :gl:`#1128`
- A new DNSSEC tool :iscman:`dnssec-ksr` has been added to create Key Signing
Request (KSR) and Signed Key Response (SKR) files. :gl:`#1128`
- Queries and responses now emit distinct dnstap entries for DoT and DoH.
:any:`dnstap-read` understands DoH and DoT entries. :gl:`#4523`
- Queries and responses now emit distinct dnstap entries for DNS-over-TLS (DoT)
and DNS-over-HTTPS (DoH), and :any:`dnstap-read` understands these entries.
:gl:`#4523`
Removed Features
~~~~~~~~~~~~~~~~
- The ``named`` command line option ``-U <n>``, which specified the number of UDP dispatches,
has been removed. Using it now prints a warning. :gl:`#1879`
- The :iscman:`named` command-line option :option:`-U <named -U>`, which
specified the number of UDP dispatches, has been removed. Using it now
returns a warning. :gl:`#1879`
Feature Changes
~~~~~~~~~~~~~~~
- Querying the statistics channel no longer blocks the DNS communication
on the networking event loop. :gl:`#4680`
- Querying the statistics channel no longer blocks DNS communication on the
networking event loop level. :gl:`#4680`
- DNSSEC signatures that are not valid because the current time falls outside
the signature inception and expiration dates no longer count towards maximum
validation and maximum validation failures limits. :gl:`#4586`
validation and maximum validation failure limits. :gl:`#4586`
- Multiple RNDC messages will be processed when sent in a single TCP
message.
- Multiple RNDC messages are now processed when sent in a single TCP message.
ISC would like to thank Dominik Thalhammer for reporting the issue
and preparing the initial patch. :gl:`#4416`
ISC would like to thank Dominik Thalhammer for reporting the issue and
preparing the initial patch. :gl:`#4416`
- :iscman:`dnssec-keygen` now allows the options ``-k`` and ``-f`` to be
used together. This allows creating keys for a given :any:`dnssec-policy`
that match only the KSK (``-fK``) or ZSK (``-fZ``) role.
- :iscman:`dnssec-keygen` now allows the options :option:`-k <dnssec-keygen
-k>` and :option:`-f <dnssec-keygen -f>` to be used together. This allows the
creation of keys for a given :any:`dnssec-policy` that match only the KSK
(``-fK``) or ZSK (``-fZ``) roles. :gl:`#1128`
Known Issues
~~~~~~~~~~~~