2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00

BIND 9.19.12

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmQ1dmoACgkQq9WHzfBl
 ga77wQ/+NosmQxR4e13UmjGwG0tseiYqLRd46Lnuk5ukXKu/TwiDwXb2ZeIDBwQb
 QOx+pQK4Ljj3n7YlrOsys+WVTGwnKc5txpBiJHadeJew5Jt4hcMA2xNRRRwS32Qf
 ogjYhPLquhbzAiPuF/0g4CAnm+Ggj7v2GwEqbg86T5t4iBx1fbPQH42szKTp3ePJ
 FdpI6fWA9mGExLC6D1jUaP/auzoeHYEna0cTNlfkW2aIQXR8TA8gztjZ/Oyc8lFt
 yEKIrQL9mfA711q9vqkz3aI7NcSxoRFgOkYGrUBxqtOQ3sEDQ58qtkNQw6Fm1+LI
 3GrVOnnlkggxm2l+bZQ2oHNc0KVuEPvTEW/pS/PAxsjqTquLUNJJuH19dEpe4Yub
 d5B9Yyy7rhBWDp8MMUrJyTeKzhIhCwshccjKVZlzKpajvxZ41nehHHVWw3p5Vjto
 bfnX2v9uoVXv+PF1Ind6Xhv630E0FwXDc4/9xrnDI4RR+b5Drcjuz9LzKK7qTBLA
 10D5f/ZdHWnCXx6s9IPro+9+wMh4E6CHq5pQbCw8CKiguhcX1TWwXCK0ufupx5YT
 YFd+SSZkdD/smRLAML6dvR8Fn5cNdK6Q5aG2iUvwAS/H3SYih1JuolAbjaGyzaOM
 RiWK07K8o5E5A96WaMcoOUO9r+QuL+9w6qkBHeDqlT2z7wpztx0=
 =PKKd
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg25GGAuUyFX1gxo7QocNm8V6J/8
 frHSduYX7Aqk4iJLwAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
 AAAAQHGiZv5ZHATcbhYCM8GJvmtZj50JTI1eB/rkHxvRGnCBDZWgMMZkIph+GCQjst4FI7
 2S0czN/Nil60YZQs097wY=
 -----END SSH SIGNATURE-----

Merge tag 'v9.19.12'

BIND 9.19.12
This commit is contained in:
Michał Kępień 2023-04-20 12:43:46 +02:00
commit 4fcbb078c1
4 changed files with 107 additions and 0 deletions

View File

@ -29,6 +29,8 @@
6147. [performance] Fix the TCP server parent quota use. [GL #3985]
--- 9.19.12 released ---
6146. [performance] Replace the zone table red-black tree and associated
locking with a lock-free qp-trie. [GL !7582]

View File

@ -39,6 +39,7 @@ information about each release, and source code.
.. include:: ../notes/notes-known-issues.rst
.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.19.12.rst
.. include:: ../notes/notes-9.19.11.rst
.. include:: ../notes/notes-9.19.10.rst
.. include:: ../notes/notes-9.19.9.rst

View File

@ -0,0 +1,93 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.19.12
----------------------
Security Fixes
~~~~~~~~~~~~~~
- An error in DNS message processing introduced in development version
9.19.11 could cause BIND and its utilities to crash if the maximum
permissible number of DNS labels were present. This has been fixed.
:gl:`#3998`
Known Issues
~~~~~~~~~~~~
- Loading a large number of zones is significantly slower in BIND
9.19.12 than in the previous development releases due to a new data
structure being used for storing information about the zones to serve.
This slowdown is considered to be a bug and will be addressed in a
future BIND 9.19.x development release. :gl:`#4006`
- A flaw in reworked code responsible for accepting TCP connections may
cause a visible performance drop for TCP queries on some platforms,
notably FreeBSD. This issue will be fixed in a future BIND 9.19.x
development release. :gl:`#3985`
- See :ref:`above <relnotes_known_issues>` for a list of all known issues
affecting this BIND 9 branch.
New Features
~~~~~~~~~~~~
- BIND now depends on `liburcu`_, Userspace RCU, for lock-free data
structures. :gl:`#3934`
- The new command-line :option:`delv +ns` option activates name server
mode, to more accurately reproduce the behavior of :iscman:`named`
when resolving a query. In this mode, :iscman:`delv` uses an internal
recursive resolver rather than an external server. All messages sent
and received during the resolution and validation process are logged.
This can be used in place of :option:`dig +trace`. :gl:`#3842`
- A new configuration option, :any:`checkds`, has been introduced. When
set to ``yes``, it detects :any:`parental-agents` automatically by
resolving the parent NS records. These name servers are queried to
check the DS RRset during a KSK rollover initiated by
:any:`dnssec-policy`. :gl:`#3901`
.. _`liburcu`: https://liburcu.org/
Removed Features
~~~~~~~~~~~~~~~~
- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been
removed and using TKEY Mode 2 is now a fatal error. Users are advised
to switch to TKEY Mode 3 (GSS-API). :gl:`#3905`
- Zone type ``delegation-only``, and the ``delegation-only`` and
``root-delegation-only`` statements, have been removed. Using them is
a configuration error.
These statements were created to address the SiteFinder controversy,
in which certain top-level domains redirected misspelled queries to
other sites instead of returning NXDOMAIN responses. Since top-level
domains are now DNSSEC-signed, and DNSSEC validation is active by
default, the statements are no longer needed. :gl:`#3953`
Feature Changes
~~~~~~~~~~~~~~~
- The log message ``resolver priming query complete`` has been moved
from the INFO log level to the DEBUG(1) log level, to prevent
:iscman:`delv` from emitting that message when setting up its internal
resolver. :gl:`#3842`
Bug Fixes
~~~~~~~~~
- Several bugs which could cause :iscman:`named` to crash during catalog
zone processing have been fixed. :gl:`#3955` :gl:`#3968` :gl:`#3997`
- Performance of DNSSEC validation in zones with many DNSKEY records has
been improved. :gl:`#3981`

View File

@ -38,3 +38,14 @@ Known Issues
have ``subjectAltName`` set. In such cases, the ``Subject`` field is
ignored. Only old platforms are affected by this, e.g. those supplied
with OpenSSL versions older than 1.1.1. :gl:`#3163`
- Loading a large number of zones is significantly slower in BIND
9.19.12 than in the previous development releases due to a new data
structure being used for storing information about the zones to serve.
This slowdown is considered to be a bug and will be addressed in a
future BIND 9.19.x development release. :gl:`#4006`
- A flaw in reworked code responsible for accepting TCP connections may
cause a visible performance drop for TCP queries on some platforms,
notably FreeBSD. This issue will be fixed in a future BIND 9.19.x
development release. :gl:`#3985`