mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Tweak and reword release notes

Browse Source
This commit is contained in:
Michał Kępień
2023-08-04 11:17:54 +02:00
parent 89617cd3d6
commit 24b45a1e03
1 changed files with 20 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
doc/notes/notes-9.19.16.rst
View File

@@ -15,38 +15,39 @@ Notes for BIND 9.19.16
Removed Features Removed Features
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
- The 'auto-dnssec' configuration option has now been removed. Please - The ``auto-dnssec`` configuration statement has been removed. Please
use :any:`dnssec-policy` or manual signing instead. The following options use :any:`dnssec-policy` or manual signing instead. The following
have become obsolete: :any:`dnskey-sig-validity`, statements have become obsolete: :any:`dnskey-sig-validity`,
:any:`dnssec-dnskey-kskonly`, :any:`dnssec-update-mode`, :any:`dnssec-dnskey-kskonly`, :any:`dnssec-update-mode`,
:any:`sig-validity-interval`, and :any:`update-check-ksk`. :gl:`#3672`. :any:`sig-validity-interval`, and :any:`update-check-ksk`. :gl:`#3672`
- The :any:`dialup` and :any:`heartbeat-interval` options have been - The :any:`dialup` and :any:`heartbeat-interval` options have been
deprecated and will be removed in a future release. :gl:`#3700` deprecated and will be removed in a future BIND 9 release. :gl:`#3700`
Feature Changes Feature Changes
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
- Return BADCOOKIE for out-of-date or otherwise bad, well formed - BIND now returns BADCOOKIE for out-of-date or otherwise bad but
DNS SERVER COOKIES. Previously these were silently treated as well-formed DNS server cookies. :gl:`#4194`
DNS CLIENT COOKIES. :gl:`#4194`
- The option :any:`inline-signing` can now also be set inside - The :any:`inline-signing` statement can now also be set inside
:any:`dnssec-policy`. The built-in policies ``default`` and ``insecure`` :any:`dnssec-policy`. The built-in policies ``default`` and
enable the use of :any:`inline-signing`. If you set :any:`inline-signing` ``insecure`` enable the use of :any:`inline-signing`. If
at the ``zone`` level, it overrides the value used set in :any:`inline-signing` is set at the ``zone`` level, it overrides the
:any:`dnssec-policy`. :gl:`#3677`. value set in :any:`dnssec-policy`. :gl:`#3677`
Bug Fixes Bug Fixes
~~~~~~~~~ ~~~~~~~~~
- Query-processing latency under load has been improved by reducing the - To improve query-processing latency under load, the uninterrupted time
uninterrupted time spent by resolving long cached chains of domain names. spent on resolving long chains of cached domain names has been
:gl:`#4185` reduced. :gl:`#4185`
- Ignore :any:`max-zone-ttl` for :any:`dnssec-policy` "insecure", - Setting :any:`dnssec-policy` to ``insecure`` prevented zones
otherwise some zones will not be loaded if they use a TTL value larger containing resource records with a TTL value larger than 86400 seconds
than 86400. :gl:`#4032`. (1 day) from being loaded. This has been fixed by ignoring the TTL
values in the zone and using a value of 604800 seconds (1 week) as the
maximum zone TTL in key rollover timing calculations. :gl:`#4032`
Known Issues Known Issues
~~~~~~~~~~~~ ~~~~~~~~~~~~