mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 05:57:52 +00:00
Merge branch 'michal/prepare-release-notes-for-bind-9.17.7' into 'v9_17_7-release'
Prepare release notes for BIND 9.17.7 See merge request isc-private/bind9!220
This commit is contained in:
Michał Kępień
commit
1328a7cbda
58
CHANGES
58
CHANGES
@ -20,49 +20,46 @@
|
||||
5534. [bug] The synthesised CNAME from a DNAME was incorrectly
|
||||
followed when the QTYPE was CNAME or ANY. [GL #2280]
|
||||
|
||||
5533. [func] Add "stale-refresh-time" option, a time window that
|
||||
starts after a failed lookup, during which stale rrset
|
||||
will be served directly from cache before a new
|
||||
attempt to refresh it is made. [GL #2066]
|
||||
5533. [func] Add the "stale-refresh-time" option, a time window that
|
||||
starts after a failed lookup, during which a stale RRset
|
||||
is served directly from cache before a new attempt to
|
||||
refresh it is made. [GL #2066]
|
||||
|
||||
5532. [cleanup] Unused header files were removed:
|
||||
bin/rndc/include/rndc/os.h, lib/isc/timer_p.h,
|
||||
lib/isccfg/include/isccfg/dnsconf.h and code related
|
||||
to those files. [GL #1913]
|
||||
|
||||
5531. [func] Add a netmgr TLS layer, enabling server-side DoT
|
||||
support (not yet available), and client-side DoT
|
||||
support in dig with "dig +tls". [GL #1840]
|
||||
5531. [func] Add support for DNS over TLS (DoT) to dig and named.
|
||||
[GL #1840]
|
||||
|
||||
5530. [bug] DNSTAP did not capture responses to forwarded
|
||||
UPDATE requests. [GL #2252]
|
||||
5530. [bug] dnstap did not capture responses to forwarded UPDATE
|
||||
requests. [GL #2252]
|
||||
|
||||
5529. [func] The network manager API is now used by named
|
||||
to send zone transfer requests. [GL #2016]
|
||||
5529. [func] The network manager API is now used by named to send
|
||||
zone transfer requests. [GL #2016]
|
||||
|
||||
5528. [func] Convert "dig", "host" and "nslookup" to use the
|
||||
network manager. As a side effect of this change,
|
||||
"dig +unexpected" no longer works, and has been
|
||||
disabled. [GL #2140]
|
||||
5528. [func] Convert dig, host, and nslookup to use the network
|
||||
manager API. As a side effect of this change, "dig
|
||||
+unexpected" no longer works, and has been disabled.
|
||||
[GL #2140]
|
||||
|
||||
5527. [bug] There was a NULL pointer dereference if the creation
|
||||
of the fetch to determine if a negative trust anchor
|
||||
was still valid failed. [GL #2244]
|
||||
5527. [bug] A NULL pointer dereference occurred when creating an NTA
|
||||
recheck query failed. [GL #2244]
|
||||
|
||||
5526. [bug] Fix a race/NULL dereference in TCPDNS read. [GL #2227]
|
||||
|
||||
5525. [placeholder]
|
||||
|
||||
5524. [func] Added functionality to the network manager to
|
||||
support outgoing DNS queries in addition to
|
||||
incoming ones. [GL #2235]
|
||||
5524. [func] Added functionality to the network manager to support
|
||||
outgoing DNS queries in addition to incoming ones.
|
||||
[GL #2235]
|
||||
|
||||
5523. [bug] The initial lookup of a zone transitioning to/from
|
||||
the signed state could fail if the DNSKEY RRset was
|
||||
not found. Subsequent lookups would succeed.
|
||||
[GL #2236]
|
||||
5523. [bug] The initial lookup in a zone transitioning to/from a
|
||||
signed state could fail if the DNSKEY RRset was not
|
||||
found. [GL #2236]
|
||||
|
||||
5522. [bug] Fix a race/NULL dereference in TCPDNS send. [GL #2227]
|
||||
5522. [bug] Fixed a race/NULL dereference in TCPDNS send. [GL #2227]
|
||||
|
||||
5521. [func] All use of libltdl was dropped. libuv's shared library
|
||||
handling interface is now used instead. [GL !4278]
|
||||
@ -75,12 +72,11 @@
|
||||
lib/dns/portlist.c, lib/isc/bufferlist.c, and code
|
||||
related to those files. [GL #2060]
|
||||
|
||||
5518. [bug] Fix stub zone not transferring nameserver addresses
|
||||
from masters configured with 'minimal-responses yes'.
|
||||
[GL #1736]
|
||||
5518. [bug] Stub zones now work correctly with primary servers using
|
||||
"minimal-responses yes". [GL #1736]
|
||||
|
||||
5517. [bug] Handle 'UV_EOF' differently and don't contribute it to
|
||||
the RECVFAIL statistic count. [GL #2208]
|
||||
5517. [bug] Do not treat UV_EOF as a TCP4RecvErr or a TCP6RecvErr.
|
||||
[GL #2208]
|
||||
|
||||
--- 9.17.6 released ---
|
||||
|
||||
|
||||
@ -162,8 +162,7 @@ To build on a Unix or Linux system, use:
|
||||
$ ./configure
|
||||
$ make
|
||||
|
||||
If you're planning on making changes to the BIND 9 source, you should run
|
||||
`make depend`. If you're using Emacs, you might find `make tags` helpful.
|
||||
If you're using Emacs, you might find `make tags` helpful.
|
||||
|
||||
Several environment variables, which can be set before running `configure`,
|
||||
affect compilation. Significant ones are:
|
||||
|
||||
@ -52,7 +52,7 @@ https://www.isc.org/download/. There you will find additional
|
||||
information about each release, source code, and pre-compiled versions
|
||||
for Microsoft Windows operating systems.
|
||||
|
||||
.. include:: ../notes/notes-current.rst
|
||||
.. include:: ../notes/notes-9.17.7.rst
|
||||
.. include:: ../notes/notes-9.17.6.rst
|
||||
.. include:: ../notes/notes-9.17.5.rst
|
||||
.. include:: ../notes/notes-9.17.4.rst
|
||||
|
||||
64
doc/notes/notes-9.17.7.rst
Normal file
64
doc/notes/notes-9.17.7.rst
Normal file
@ -0,0 +1,64 @@
|
||||
..
|
||||
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
|
||||
This Source Code Form is subject to the terms of the Mozilla Public
|
||||
License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
|
||||
See the COPYRIGHT file distributed with this work for additional
|
||||
information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.17.7
|
||||
---------------------
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Support for DNS over TLS (DoT) has been added: the ``dig`` tool is now
|
||||
able to send DoT queries (``+tls`` option) and ``named`` can handle
|
||||
DoT queries (``listen-on tls ...`` option). ``named`` can use either a
|
||||
certificate provided by the user or an ephemeral certificate generated
|
||||
automatically upon startup. [GL #1840]
|
||||
|
||||
- A new configuration option, ``stale-refresh-time``, has been
|
||||
introduced. It allows a stale RRset to be served directly from cache
|
||||
for a period of time after a failed lookup, before a new attempt to
|
||||
refresh it is made. [GL #2066]
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
|
||||
use the new network manager API rather than the older ISC socket API.
|
||||
|
||||
As a side effect of this change, the ``dig +unexpected`` option no
|
||||
longer works. This could previously be used to diagnose broken servers
|
||||
or network configurations by listening for replies from servers other
|
||||
than the one that was queried. With the new API, such answers are
|
||||
filtered before they ever reach ``dig``, so the option has been
|
||||
removed. [GL #2140]
|
||||
|
||||
- The network manager API is now used by ``named`` to send zone transfer
|
||||
requests. [GL #2016]
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- ``named`` could crash with an assertion failure if a TCP connection
|
||||
were closed while a request was still being processed. [GL #2227]
|
||||
|
||||
- ``named`` acting as a resolver could incorrectly treat signed zones
|
||||
with no DS record at the parent as bogus. Such zones should be treated
|
||||
as insecure. This has been fixed. [GL #2236]
|
||||
|
||||
- After a Negative Trust Anchor (NTA) is added, BIND performs periodic
|
||||
checks to see if it is still necessary. If BIND encountered a failure
|
||||
while creating a query to perform such a check, it attempted to
|
||||
dereference a ``NULL`` pointer, resulting in a crash. [GL #2244]
|
||||
|
||||
- A problem obtaining glue records could prevent a stub zone from
|
||||
functioning properly, if the authoritative server for the zone were
|
||||
configured for minimal responses. [GL #1736]
|
||||
|
||||
- ``UV_EOF`` is no longer treated as a ``TCP4RecvErr`` or a
|
||||
``TCP6RecvErr``. [GL #2208]
|
||||
@ -1,77 +0,0 @@
|
||||
..
|
||||
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
|
||||
This Source Code Form is subject to the terms of the Mozilla Public
|
||||
License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
|
||||
See the COPYRIGHT file distributed with this work for additional
|
||||
information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.17.6
|
||||
---------------------
|
||||
|
||||
Security Fixes
|
||||
~~~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- A new configuration option ``stale-refresh-time`` has been introduced, it
|
||||
allows stale RRset to be served directly from cache for a period of time
|
||||
after a failed lookup, before a new attempt to refresh it is made. [GL #2066]
|
||||
|
||||
- ``dig`` can now report the DNS64 prefixes in use (``+dns64prefix``).
|
||||
This is useful when the host on which ``dig`` is run is behind an
|
||||
IPv6-only link, using DNS64/NAT64 or 464XLAT for IPv4aaS (IPv4 as a
|
||||
Service). [GL #1154]
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- The network manager API is now used by ``named`` to send zone transfer
|
||||
requests. [GL #2016]
|
||||
|
||||
- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
|
||||
use the new network manager API rather than the older ISC socket API.
|
||||
|
||||
As a side effect of this change, the ``dig +unexpected`` option no longer
|
||||
works. This could previously be used for diagnosing broken servers or
|
||||
network configurations by listening for replies from servers other than
|
||||
the one that was queried. With the new API such answers are filtered
|
||||
before they ever reach ``dig``. Consequently, the option has been
|
||||
removed. [GL #2140]
|
||||
|
||||
- Support for DNS over TLS (DoT) has been added to the network manager API, and
|
||||
the support for DoT has been added to the ``dig`` tool and support for
|
||||
listening on TLS port has been added to ``named``. ``named`` could use a
|
||||
certificate provided by the user or it can generate an ephemeral certificate
|
||||
on startup of the daemon.
|
||||
|
||||
- Add NSEC3 support for zones that manage their DNSSEC with the `dnssec-policy`
|
||||
configuration. A new option 'nsec3param' can be used to set the desired
|
||||
NSEC3 parameters, and will detect collisions when resalting. [GL #1620].
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or
|
||||
`TCP6RecvErr`. [GL #2208]
|
||||
|
||||
- ``named`` could crash with an assertion failure if a TCP connection is closed
|
||||
while the request is still processing. [GL #2227]
|
||||
|
||||
- The synthesised CNAME from a DNAME was incorrectly followed when the QTYPE
|
||||
was CNAME or ANY. [GL #2280]
|
||||
@ -1252,7 +1252,7 @@
|
||||
./doc/notes/notes-9.17.4.rst RST 2020
|
||||
./doc/notes/notes-9.17.5.rst RST 2020
|
||||
./doc/notes/notes-9.17.6.rst RST 2020
|
||||
./doc/notes/notes-current.rst RST 2020
|
||||
./doc/notes/notes-9.17.7.rst RST 2020
|
||||
./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020
|
||||
./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020
|
||||
./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user