mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Merge branch 'michal/prepare-release-notes-for-bind-9.17.7' into 'v9_17_7-release'

Browse Source 
Prepare release notes for BIND 9.17.7

See merge request isc-private/bind9!220
This commit is contained in:
Michał Kępień
2020-11-16 11:30:59 +00:00
parent 84bf7ce4a6 3a447d02b4
commit 1328a7cbda
6 changed files with 95 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
CHANGES
View File

@@ -20,51 +20,48 @@
5534. [bug] The synthesised CNAME from a DNAME was incorrectly 5534. [bug] The synthesised CNAME from a DNAME was incorrectly
followed when the QTYPE was CNAME or ANY. [GL #2280] followed when the QTYPE was CNAME or ANY. [GL #2280]
5533. [func] Add "stale-refresh-time" option, a time window that 5533. [func] Add the "stale-refresh-time" option, a time window that
starts after a failed lookup, during which stale rrset starts after a failed lookup, during which a stale RRset
will be served directly from cache before a new is served directly from cache before a new attempt to
attempt to refresh it is made. [GL #2066] refresh it is made. [GL #2066]
5532. [cleanup] Unused header files were removed: 5532. [cleanup] Unused header files were removed:
bin/rndc/include/rndc/os.h, lib/isc/timer_p.h, bin/rndc/include/rndc/os.h, lib/isc/timer_p.h,
lib/isccfg/include/isccfg/dnsconf.h and code related lib/isccfg/include/isccfg/dnsconf.h and code related
to those files. [GL #1913] to those files. [GL #1913]
5531. [func] Add a netmgr TLS layer, enabling server-side DoT 5531. [func] Add support for DNS over TLS (DoT) to dig and named.
support (not yet available), and client-side DoT [GL #1840]
support in dig with "dig +tls". [GL #1840]
5530. [bug] DNSTAP did not capture responses to forwarded 5530. [bug] dnstap did not capture responses to forwarded UPDATE
UPDATE requests. [GL #2252] requests. [GL #2252]
5529. [func] The network manager API is now used by named 5529. [func] The network manager API is now used by named to send
to send zone transfer requests. [GL #2016] zone transfer requests. [GL #2016]
5528. [func] Convert "dig", "host" and "nslookup" to use the 5528. [func] Convert dig, host, and nslookup to use the network
network manager. As a side effect of this change, manager API. As a side effect of this change, "dig
"dig +unexpected" no longer works, and has been +unexpected" no longer works, and has been disabled.
disabled. [GL #2140] [GL #2140]
5527. [bug] There was a NULL pointer dereference if the creation 5527. [bug] A NULL pointer dereference occurred when creating an NTA
of the fetch to determine if a negative trust anchor recheck query failed. [GL #2244]
was still valid failed. [GL #2244]
5526. [bug] Fix a race/NULL dereference in TCPDNS read. [GL #2227] 5526. [bug] Fix a race/NULL dereference in TCPDNS read. [GL #2227]
5525. [placeholder] 5525. [placeholder]
5524. [func] Added functionality to the network manager to 5524. [func] Added functionality to the network manager to support
support outgoing DNS queries in addition to outgoing DNS queries in addition to incoming ones.
incoming ones. [GL #2235] [GL #2235]
5523. [bug] The initial lookup of a zone transitioning to/from 5523. [bug] The initial lookup in a zone transitioning to/from a
the signed state could fail if the DNSKEY RRset was signed state could fail if the DNSKEY RRset was not
not found. Subsequent lookups would succeed. found. [GL #2236]
[GL #2236]
5522. [bug] Fix a race/NULL dereference in TCPDNS send. [GL #2227] 5522. [bug] Fixed a race/NULL dereference in TCPDNS send. [GL #2227]
5521. [func] All use of libltdl was dropped. libuv's shared library 5521. [func] All use of libltdl was dropped. libuv's shared library
handling interface is now used instead. [GL !4278] handling interface is now used instead. [GL !4278]
5520. [bug] Fixed a number of shutdown races, reference counting 5520. [bug] Fixed a number of shutdown races, reference counting
@@ -75,12 +72,11 @@
lib/dns/portlist.c, lib/isc/bufferlist.c, and code lib/dns/portlist.c, lib/isc/bufferlist.c, and code
related to those files. [GL #2060] related to those files. [GL #2060]
5518. [bug] Fix stub zone not transferring nameserver addresses 5518. [bug] Stub zones now work correctly with primary servers using
from masters configured with 'minimal-responses yes'. "minimal-responses yes". [GL #1736]
[GL #1736]
5517. [bug] Handle 'UV_EOF' differently and don't contribute it to 5517. [bug] Do not treat UV_EOF as a TCP4RecvErr or a TCP6RecvErr.
the RECVFAIL statistic count. [GL #2208] [GL #2208]
--- 9.17.6 released --- --- 9.17.6 released ---

3
README.md
View File

@@ -162,8 +162,7 @@ To build on a Unix or Linux system, use:
$ ./configure $ ./configure
$ make $ make
If you're planning on making changes to the BIND 9 source, you should run If you're using Emacs, you might find `make tags` helpful.
`make depend`. If you're using Emacs, you might find `make tags` helpful.
Several environment variables, which can be set before running `configure`, Several environment variables, which can be set before running `configure`,
affect compilation. Significant ones are: affect compilation. Significant ones are:

2
doc/arm/notes.rst
View File

@@ -52,7 +52,7 @@ https://www.isc.org/download/. There you will find additional
information about each release, source code, and pre-compiled versions information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems. for Microsoft Windows operating systems.
.. include:: ../notes/notes-current.rst .. include:: ../notes/notes-9.17.7.rst
.. include:: ../notes/notes-9.17.6.rst .. include:: ../notes/notes-9.17.6.rst
.. include:: ../notes/notes-9.17.5.rst .. include:: ../notes/notes-9.17.5.rst
.. include:: ../notes/notes-9.17.4.rst .. include:: ../notes/notes-9.17.4.rst

64
doc/notes/notes-9.17.7.rst Normal file
View File

@@ -0,0 +1,64 @@
..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.7
---------------------
New Features
~~~~~~~~~~~~
- Support for DNS over TLS (DoT) has been added: the ``dig`` tool is now
able to send DoT queries (``+tls`` option) and ``named`` can handle
DoT queries (``listen-on tls ...`` option). ``named`` can use either a
certificate provided by the user or an ephemeral certificate generated
automatically upon startup. [GL #1840]
- A new configuration option, ``stale-refresh-time``, has been
introduced. It allows a stale RRset to be served directly from cache
for a period of time after a failed lookup, before a new attempt to
refresh it is made. [GL #2066]
Feature Changes
~~~~~~~~~~~~~~~
- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
use the new network manager API rather than the older ISC socket API.
As a side effect of this change, the ``dig +unexpected`` option no
longer works. This could previously be used to diagnose broken servers
or network configurations by listening for replies from servers other
than the one that was queried. With the new API, such answers are
filtered before they ever reach ``dig``, so the option has been
removed. [GL #2140]
- The network manager API is now used by ``named`` to send zone transfer
requests. [GL #2016]
Bug Fixes
~~~~~~~~~
- ``named`` could crash with an assertion failure if a TCP connection
were closed while a request was still being processed. [GL #2227]
- ``named`` acting as a resolver could incorrectly treat signed zones
with no DS record at the parent as bogus. Such zones should be treated
as insecure. This has been fixed. [GL #2236]
- After a Negative Trust Anchor (NTA) is added, BIND performs periodic
checks to see if it is still necessary. If BIND encountered a failure
while creating a query to perform such a check, it attempted to
dereference a ``NULL`` pointer, resulting in a crash. [GL #2244]
- A problem obtaining glue records could prevent a stub zone from
functioning properly, if the authoritative server for the zone were
configured for minimal responses. [GL #1736]
- ``UV_EOF`` is no longer treated as a ``TCP4RecvErr`` or a
``TCP6RecvErr``. [GL #2208]

77
doc/notes/notes-current.rst
View File

@@ -1,77 +0,0 @@
..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.6
---------------------
Security Fixes
~~~~~~~~~~~~~~
- None.
Known Issues
~~~~~~~~~~~~
- None.
New Features
~~~~~~~~~~~~
- A new configuration option ``stale-refresh-time`` has been introduced, it
allows stale RRset to be served directly from cache for a period of time
after a failed lookup, before a new attempt to refresh it is made. [GL #2066]
- ``dig`` can now report the DNS64 prefixes in use (``+dns64prefix``).
This is useful when the host on which ``dig`` is run is behind an
IPv6-only link, using DNS64/NAT64 or 464XLAT for IPv4aaS (IPv4 as a
Service). [GL #1154]
Removed Features
~~~~~~~~~~~~~~~~
- None.
Feature Changes
~~~~~~~~~~~~~~~
- The network manager API is now used by ``named`` to send zone transfer
requests. [GL #2016]
- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
use the new network manager API rather than the older ISC socket API.
As a side effect of this change, the ``dig +unexpected`` option no longer
works. This could previously be used for diagnosing broken servers or
network configurations by listening for replies from servers other than
the one that was queried. With the new API such answers are filtered
before they ever reach ``dig``. Consequently, the option has been
removed. [GL #2140]
- Support for DNS over TLS (DoT) has been added to the network manager API, and
the support for DoT has been added to the ``dig`` tool and support for
listening on TLS port has been added to ``named``. ``named`` could use a
certificate provided by the user or it can generate an ephemeral certificate
on startup of the daemon.
- Add NSEC3 support for zones that manage their DNSSEC with the `dnssec-policy`
configuration. A new option 'nsec3param' can be used to set the desired
NSEC3 parameters, and will detect collisions when resalting. [GL #1620].
Bug Fixes
~~~~~~~~~
- Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or
`TCP6RecvErr`. [GL #2208]
- ``named`` could crash with an assertion failure if a TCP connection is closed
while the request is still processing. [GL #2227]
- The synthesised CNAME from a DNAME was incorrectly followed when the QTYPE
was CNAME or ANY. [GL #2280]

2
util/copyrights
View File

@@ -1252,7 +1252,7 @@
./doc/notes/notes-9.17.4.rst RST 2020 ./doc/notes/notes-9.17.4.rst RST 2020
./doc/notes/notes-9.17.5.rst RST 2020 ./doc/notes/notes-9.17.5.rst RST 2020
./doc/notes/notes-9.17.6.rst RST 2020 ./doc/notes/notes-9.17.6.rst RST 2020
./doc/notes/notes-current.rst RST 2020 ./doc/notes/notes-9.17.7.rst RST 2020
./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020 ./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020 ./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020 ./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020