From b06c5ad471c8dacfe074b93d3751dd35d10f42bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 6 Apr 2023 18:21:47 +0200 Subject: [PATCH 1/8] Prepare release notes for BIND 9.19.12 --- doc/arm/notes.rst | 2 +- doc/notes/{notes-current.rst => notes-9.19.12.rst} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename doc/notes/{notes-current.rst => notes-9.19.12.rst} (100%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index ad77ac85a1..f96e7dab0d 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -38,7 +38,7 @@ information about each release, and source code. .. include:: ../notes/notes-known-issues.rst -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.12.rst .. include:: ../notes/notes-9.19.11.rst .. include:: ../notes/notes-9.19.10.rst .. include:: ../notes/notes-9.19.9.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.19.12.rst similarity index 100% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.19.12.rst From 618c5d1ec0881c4642893d5af1db7e1c9f010509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 6 Apr 2023 18:35:16 +0200 Subject: [PATCH 2/8] Tweak and reword release notes --- doc/notes/notes-9.19.12.rst | 56 ++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/doc/notes/notes-9.19.12.rst b/doc/notes/notes-9.19.12.rst index d2bc6ef619..032a89fe76 100644 --- a/doc/notes/notes-9.19.12.rst +++ b/doc/notes/notes-9.19.12.rst @@ -20,41 +20,45 @@ Security Fixes New Features ~~~~~~~~~~~~ -- BIND now depends on ``liburcu``, Userspace RCU, for lock-free data +- BIND now depends on `liburcu`_, Userspace RCU, for lock-free data structures. :gl:`#3934` -- The new ``delv +ns`` option activates name server mode, in which ``delv`` - sets up an internal recursive resolver and uses that, rather than an - external server, to look up the requested query name and type. All messages - sent and received during the resolution and validation process are logged. - This can be used in place of ``dig +trace``: it more accurately - reproduces the behavior of ``named`` when resolving a query. +- The new command-line :option:`delv +ns` option activates name server + mode, to more accurately reproduce the behavior of :iscman:`named` + when resolving a query. In this mode, :iscman:`delv` uses an internal + recursive resolver rather than an external server. All messages sent + and received during the resolution and validation process are logged. + This can be used in place of :option:`dig +trace`. :gl:`#3842` - The log message ``resolver priming query complete`` was moved from the - INFO log level to the DEBUG(1) log level, to prevent ``delv`` from - emitting that message when setting up its internal resolver. :gl:`#3842` +- The log message ``resolver priming query complete`` has been moved + from the INFO log level to the DEBUG(1) log level, to prevent + :iscman:`delv` from emitting that message when setting up its internal + resolver. :gl:`#3842` -- A new configuration option :any:`checkds` is introduced that when set to - ``yes`` will detect :any:`parental-agents` automatically by resolving the - parent NS records. These name servers will be used to check the DS RRset - during a KSK rollover initiated by :any:`dnssec-policy`. :gl:`#3901` +- A new configuration option, :any:`checkds`, has been introduced. When + set to ``yes``, it detects :any:`parental-agents` automatically by + resolving the parent NS records. These name servers are queried to + check the DS RRset during a KSK rollover initiated by + :any:`dnssec-policy`. :gl:`#3901` + +.. _`liburcu`: https://liburcu.org/ Removed Features ~~~~~~~~~~~~~~~~ -- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been removed and - using TKEY Mode 2 is now a fatal error. Users are advised to switch to TKEY - Mode 3 (GSS-API). :gl:`#3905` +- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been + removed and using TKEY Mode 2 is now a fatal error. Users are advised + to switch to TKEY Mode 3 (GSS-API). :gl:`#3905` - Zone type ``delegation-only``, and the ``delegation-only`` and - ``root-delegation-only`` options, have been removed. Using them - is a configuration error. + ``root-delegation-only`` statements, have been removed. Using them is + a configuration error. - These options were created to address the SiteFinder controversy, in - which certain top-level domains redirected misspelled queries to other - sites instead of returning NXDOMAIN responses. Since top-level domains are - now DNSSEC signed, and DNSSEC validation is active by default, the - options are no longer needed. :gl:`#3953` + These statements were created to address the SiteFinder controversy, + in which certain top-level domains redirected misspelled queries to + other sites instead of returning NXDOMAIN responses. Since top-level + domains are now DNSSEC-signed, and DNSSEC validation is active by + default, the statements are no longer needed. :gl:`#3953` Feature Changes ~~~~~~~~~~~~~~~ @@ -64,8 +68,8 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- Performance of DNSSEC validation in zones with many DNSKEY records - has been improved. :gl:`#3981` +- Performance of DNSSEC validation in zones with many DNSKEY records has + been improved. :gl:`#3981` Known Issues ~~~~~~~~~~~~ From 4ca02afb31ab1a94413f6d5313038f527f52248e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 11 Apr 2023 13:42:52 +0200 Subject: [PATCH 3/8] Reorder release notes --- doc/notes/notes-9.19.12.rst | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/doc/notes/notes-9.19.12.rst b/doc/notes/notes-9.19.12.rst index 032a89fe76..bda508b177 100644 --- a/doc/notes/notes-9.19.12.rst +++ b/doc/notes/notes-9.19.12.rst @@ -30,11 +30,6 @@ New Features and received during the resolution and validation process are logged. This can be used in place of :option:`dig +trace`. :gl:`#3842` -- The log message ``resolver priming query complete`` has been moved - from the INFO log level to the DEBUG(1) log level, to prevent - :iscman:`delv` from emitting that message when setting up its internal - resolver. :gl:`#3842` - - A new configuration option, :any:`checkds`, has been introduced. When set to ``yes``, it detects :any:`parental-agents` automatically by resolving the parent NS records. These name servers are queried to @@ -63,7 +58,10 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ -- None. +- The log message ``resolver priming query complete`` has been moved + from the INFO log level to the DEBUG(1) log level, to prevent + :iscman:`delv` from emitting that message when setting up its internal + resolver. :gl:`#3842` Bug Fixes ~~~~~~~~~ From 4c307123a83dddfa5cc656af0494d60244f95f8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 6 Apr 2023 18:38:58 +0200 Subject: [PATCH 4/8] Add release note for GL #3998 --- doc/notes/notes-9.19.12.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/notes/notes-9.19.12.rst b/doc/notes/notes-9.19.12.rst index bda508b177..bacb7d301c 100644 --- a/doc/notes/notes-9.19.12.rst +++ b/doc/notes/notes-9.19.12.rst @@ -15,7 +15,10 @@ Notes for BIND 9.19.12 Security Fixes ~~~~~~~~~~~~~~ -- None. +- An error in DNS message processing introduced in development version + 9.19.11 could cause BIND and its utilities to crash if the maximum + permissible number of DNS labels were present. This has been fixed. + :gl:`#3998` New Features ~~~~~~~~~~~~ From 6fac8b15bc240fda4496b075e1d1afceba1dfe17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 11 Apr 2023 16:23:53 +0200 Subject: [PATCH 5/8] Add known issue release note for GL #3985 and #4006 --- doc/notes/notes-9.19.12.rst | 24 +++++++++++++++++------- doc/notes/notes-known-issues.rst | 11 +++++++++++ 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/doc/notes/notes-9.19.12.rst b/doc/notes/notes-9.19.12.rst index bacb7d301c..091c06c357 100644 --- a/doc/notes/notes-9.19.12.rst +++ b/doc/notes/notes-9.19.12.rst @@ -20,6 +20,23 @@ Security Fixes permissible number of DNS labels were present. This has been fixed. :gl:`#3998` +Known Issues +~~~~~~~~~~~~ + +- Loading a large number of zones is significantly slower in BIND + 9.19.12 than in the previous development releases due to a new data + structure being used for storing information about the zones to serve. + This slowdown is considered to be a bug and will be addressed in a + future BIND 9.19.x development release. :gl:`#4006` + +- A flaw in reworked code responsible for accepting TCP connections may + cause a visible performance drop for TCP queries on some platforms, + notably FreeBSD. This issue will be fixed in a future BIND 9.19.x + development release. :gl:`#3985` + +- See :ref:`above ` for a list of all known issues + affecting this BIND 9 branch. + New Features ~~~~~~~~~~~~ @@ -71,10 +88,3 @@ Bug Fixes - Performance of DNSSEC validation in zones with many DNSKEY records has been improved. :gl:`#3981` - -Known Issues -~~~~~~~~~~~~ - -- There are no new known issues with this release. See :ref:`above - ` for a list of all known issues affecting this - BIND 9 branch. diff --git a/doc/notes/notes-known-issues.rst b/doc/notes/notes-known-issues.rst index e6622d56be..959c73d1d0 100644 --- a/doc/notes/notes-known-issues.rst +++ b/doc/notes/notes-known-issues.rst @@ -38,3 +38,14 @@ Known Issues have ``subjectAltName`` set. In such cases, the ``Subject`` field is ignored. Only old platforms are affected by this, e.g. those supplied with OpenSSL versions older than 1.1.1. :gl:`#3163` + +- Loading a large number of zones is significantly slower in BIND + 9.19.12 than in the previous development releases due to a new data + structure being used for storing information about the zones to serve. + This slowdown is considered to be a bug and will be addressed in a + future BIND 9.19.x development release. :gl:`#4006` + +- A flaw in reworked code responsible for accepting TCP connections may + cause a visible performance drop for TCP queries on some platforms, + notably FreeBSD. This issue will be fixed in a future BIND 9.19.x + development release. :gl:`#3985` From 1029e929b3fb62abd7e43ab0d29eff981cbf24da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 6 Apr 2023 18:45:32 +0200 Subject: [PATCH 6/8] Add release notes for GL #3955, #3968, and #3997 --- doc/notes/notes-9.19.12.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/notes/notes-9.19.12.rst b/doc/notes/notes-9.19.12.rst index 091c06c357..0d08a2279a 100644 --- a/doc/notes/notes-9.19.12.rst +++ b/doc/notes/notes-9.19.12.rst @@ -86,5 +86,8 @@ Feature Changes Bug Fixes ~~~~~~~~~ +- Several bugs which could cause :iscman:`named` to crash during catalog + zone processing have been fixed. :gl:`#3955` :gl:`#3968` :gl:`#3997` + - Performance of DNSSEC validation in zones with many DNSKEY records has been improved. :gl:`#3981` From a375f3855714fa978dd3bdea95de51bba52efb6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 11 Apr 2023 16:48:27 +0200 Subject: [PATCH 7/8] Add a CHANGES marker --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index 4634446aa1..ad862cc416 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.19.12 released --- + 6146. [performance] Replace the zone table red-black tree and associated locking with a lock-free qp-trie. [GL !7582] From 460760ee773d1dd94df3c54867008183db12e0c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 11 Apr 2023 16:48:56 +0200 Subject: [PATCH 8/8] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 891e1af54f..1840f0be4c 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 19)dnl m4_define([bind_VERSION_PATCH], 12)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl