mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 05:57:52 +00:00
BIND 9.19.12
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmQ1dmoACgkQq9WHzfBl ga77wQ/+NosmQxR4e13UmjGwG0tseiYqLRd46Lnuk5ukXKu/TwiDwXb2ZeIDBwQb QOx+pQK4Ljj3n7YlrOsys+WVTGwnKc5txpBiJHadeJew5Jt4hcMA2xNRRRwS32Qf ogjYhPLquhbzAiPuF/0g4CAnm+Ggj7v2GwEqbg86T5t4iBx1fbPQH42szKTp3ePJ FdpI6fWA9mGExLC6D1jUaP/auzoeHYEna0cTNlfkW2aIQXR8TA8gztjZ/Oyc8lFt yEKIrQL9mfA711q9vqkz3aI7NcSxoRFgOkYGrUBxqtOQ3sEDQ58qtkNQw6Fm1+LI 3GrVOnnlkggxm2l+bZQ2oHNc0KVuEPvTEW/pS/PAxsjqTquLUNJJuH19dEpe4Yub d5B9Yyy7rhBWDp8MMUrJyTeKzhIhCwshccjKVZlzKpajvxZ41nehHHVWw3p5Vjto bfnX2v9uoVXv+PF1Ind6Xhv630E0FwXDc4/9xrnDI4RR+b5Drcjuz9LzKK7qTBLA 10D5f/ZdHWnCXx6s9IPro+9+wMh4E6CHq5pQbCw8CKiguhcX1TWwXCK0ufupx5YT YFd+SSZkdD/smRLAML6dvR8Fn5cNdK6Q5aG2iUvwAS/H3SYih1JuolAbjaGyzaOM RiWK07K8o5E5A96WaMcoOUO9r+QuL+9w6qkBHeDqlT2z7wpztx0= =PKKd -----END PGP SIGNATURE----- gpgsig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg25GGAuUyFX1gxo7QocNm8V6J/8 frHSduYX7Aqk4iJLwAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQHGiZv5ZHATcbhYCM8GJvmtZj50JTI1eB/rkHxvRGnCBDZWgMMZkIph+GCQjst4FI7 2S0czN/Nil60YZQs097wY= -----END SSH SIGNATURE----- Merge tag 'v9.19.12' BIND 9.19.12
This commit is contained in:
commit
4fcbb078c1
2
CHANGES
2
CHANGES
@ -29,6 +29,8 @@
|
||||
|
||||
6147. [performance] Fix the TCP server parent quota use. [GL #3985]
|
||||
|
||||
--- 9.19.12 released ---
|
||||
|
||||
6146. [performance] Replace the zone table red-black tree and associated
|
||||
locking with a lock-free qp-trie. [GL !7582]
|
||||
|
||||
|
@ -39,6 +39,7 @@ information about each release, and source code.
|
||||
.. include:: ../notes/notes-known-issues.rst
|
||||
|
||||
.. include:: ../notes/notes-current.rst
|
||||
.. include:: ../notes/notes-9.19.12.rst
|
||||
.. include:: ../notes/notes-9.19.11.rst
|
||||
.. include:: ../notes/notes-9.19.10.rst
|
||||
.. include:: ../notes/notes-9.19.9.rst
|
||||
|
93
doc/notes/notes-9.19.12.rst
Normal file
93
doc/notes/notes-9.19.12.rst
Normal file
@ -0,0 +1,93 @@
|
||||
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
..
|
||||
.. SPDX-License-Identifier: MPL-2.0
|
||||
..
|
||||
.. This Source Code Form is subject to the terms of the Mozilla Public
|
||||
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
..
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.19.12
|
||||
----------------------
|
||||
|
||||
Security Fixes
|
||||
~~~~~~~~~~~~~~
|
||||
|
||||
- An error in DNS message processing introduced in development version
|
||||
9.19.11 could cause BIND and its utilities to crash if the maximum
|
||||
permissible number of DNS labels were present. This has been fixed.
|
||||
:gl:`#3998`
|
||||
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Loading a large number of zones is significantly slower in BIND
|
||||
9.19.12 than in the previous development releases due to a new data
|
||||
structure being used for storing information about the zones to serve.
|
||||
This slowdown is considered to be a bug and will be addressed in a
|
||||
future BIND 9.19.x development release. :gl:`#4006`
|
||||
|
||||
- A flaw in reworked code responsible for accepting TCP connections may
|
||||
cause a visible performance drop for TCP queries on some platforms,
|
||||
notably FreeBSD. This issue will be fixed in a future BIND 9.19.x
|
||||
development release. :gl:`#3985`
|
||||
|
||||
- See :ref:`above <relnotes_known_issues>` for a list of all known issues
|
||||
affecting this BIND 9 branch.
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- BIND now depends on `liburcu`_, Userspace RCU, for lock-free data
|
||||
structures. :gl:`#3934`
|
||||
|
||||
- The new command-line :option:`delv +ns` option activates name server
|
||||
mode, to more accurately reproduce the behavior of :iscman:`named`
|
||||
when resolving a query. In this mode, :iscman:`delv` uses an internal
|
||||
recursive resolver rather than an external server. All messages sent
|
||||
and received during the resolution and validation process are logged.
|
||||
This can be used in place of :option:`dig +trace`. :gl:`#3842`
|
||||
|
||||
- A new configuration option, :any:`checkds`, has been introduced. When
|
||||
set to ``yes``, it detects :any:`parental-agents` automatically by
|
||||
resolving the parent NS records. These name servers are queried to
|
||||
check the DS RRset during a KSK rollover initiated by
|
||||
:any:`dnssec-policy`. :gl:`#3901`
|
||||
|
||||
.. _`liburcu`: https://liburcu.org/
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been
|
||||
removed and using TKEY Mode 2 is now a fatal error. Users are advised
|
||||
to switch to TKEY Mode 3 (GSS-API). :gl:`#3905`
|
||||
|
||||
- Zone type ``delegation-only``, and the ``delegation-only`` and
|
||||
``root-delegation-only`` statements, have been removed. Using them is
|
||||
a configuration error.
|
||||
|
||||
These statements were created to address the SiteFinder controversy,
|
||||
in which certain top-level domains redirected misspelled queries to
|
||||
other sites instead of returning NXDOMAIN responses. Since top-level
|
||||
domains are now DNSSEC-signed, and DNSSEC validation is active by
|
||||
default, the statements are no longer needed. :gl:`#3953`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- The log message ``resolver priming query complete`` has been moved
|
||||
from the INFO log level to the DEBUG(1) log level, to prevent
|
||||
:iscman:`delv` from emitting that message when setting up its internal
|
||||
resolver. :gl:`#3842`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- Several bugs which could cause :iscman:`named` to crash during catalog
|
||||
zone processing have been fixed. :gl:`#3955` :gl:`#3968` :gl:`#3997`
|
||||
|
||||
- Performance of DNSSEC validation in zones with many DNSKEY records has
|
||||
been improved. :gl:`#3981`
|
@ -38,3 +38,14 @@ Known Issues
|
||||
have ``subjectAltName`` set. In such cases, the ``Subject`` field is
|
||||
ignored. Only old platforms are affected by this, e.g. those supplied
|
||||
with OpenSSL versions older than 1.1.1. :gl:`#3163`
|
||||
|
||||
- Loading a large number of zones is significantly slower in BIND
|
||||
9.19.12 than in the previous development releases due to a new data
|
||||
structure being used for storing information about the zones to serve.
|
||||
This slowdown is considered to be a bug and will be addressed in a
|
||||
future BIND 9.19.x development release. :gl:`#4006`
|
||||
|
||||
- A flaw in reworked code responsible for accepting TCP connections may
|
||||
cause a visible performance drop for TCP queries on some platforms,
|
||||
notably FreeBSD. This issue will be fixed in a future BIND 9.19.x
|
||||
development release. :gl:`#3985`
|
||||
|
Loading…
x
Reference in New Issue
Block a user