mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Merge tag 'v9.19.12'

Browse Source 
BIND 9.19.12
This commit is contained in:
Michał Kępień
2023-04-20 12:43:46 +02:00
parent 654de3201c 460760ee77
commit 4fcbb078c1
4 changed files with 107 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -29,6 +29,8 @@
6147. [performance] Fix the TCP server parent quota use. [GL #3985] 6147. [performance] Fix the TCP server parent quota use. [GL #3985]
--- 9.19.12 released ---
6146. [performance] Replace the zone table red-black tree and associated 6146. [performance] Replace the zone table red-black tree and associated
locking with a lock-free qp-trie. [GL !7582] locking with a lock-free qp-trie. [GL !7582]

1
doc/arm/notes.rst
View File

@@ -39,6 +39,7 @@ information about each release, and source code.
.. include:: ../notes/notes-known-issues.rst .. include:: ../notes/notes-known-issues.rst
.. include:: ../notes/notes-current.rst .. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.19.12.rst
.. include:: ../notes/notes-9.19.11.rst .. include:: ../notes/notes-9.19.11.rst
.. include:: ../notes/notes-9.19.10.rst .. include:: ../notes/notes-9.19.10.rst
.. include:: ../notes/notes-9.19.9.rst .. include:: ../notes/notes-9.19.9.rst

93
doc/notes/notes-9.19.12.rst Normal file
View File

@@ -0,0 +1,93 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.19.12
----------------------
Security Fixes
~~~~~~~~~~~~~~
- An error in DNS message processing introduced in development version
9.19.11 could cause BIND and its utilities to crash if the maximum
permissible number of DNS labels were present. This has been fixed.
:gl:`#3998`
Known Issues
~~~~~~~~~~~~
- Loading a large number of zones is significantly slower in BIND
9.19.12 than in the previous development releases due to a new data
structure being used for storing information about the zones to serve.
This slowdown is considered to be a bug and will be addressed in a
future BIND 9.19.x development release. :gl:`#4006`
- A flaw in reworked code responsible for accepting TCP connections may
cause a visible performance drop for TCP queries on some platforms,
notably FreeBSD. This issue will be fixed in a future BIND 9.19.x
development release. :gl:`#3985`
- See :ref:`above <relnotes_known_issues>` for a list of all known issues
affecting this BIND 9 branch.
New Features
~~~~~~~~~~~~
- BIND now depends on `liburcu`_, Userspace RCU, for lock-free data
structures. :gl:`#3934`
- The new command-line :option:`delv +ns` option activates name server
mode, to more accurately reproduce the behavior of :iscman:`named`
when resolving a query. In this mode, :iscman:`delv` uses an internal
recursive resolver rather than an external server. All messages sent
and received during the resolution and validation process are logged.
This can be used in place of :option:`dig +trace`. :gl:`#3842`
- A new configuration option, :any:`checkds`, has been introduced. When
set to ``yes``, it detects :any:`parental-agents` automatically by
resolving the parent NS records. These name servers are queried to
check the DS RRset during a KSK rollover initiated by
:any:`dnssec-policy`. :gl:`#3901`
.. _`liburcu`: https://liburcu.org/
Removed Features
~~~~~~~~~~~~~~~~
- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been
removed and using TKEY Mode 2 is now a fatal error. Users are advised
to switch to TKEY Mode 3 (GSS-API). :gl:`#3905`
- Zone type ``delegation-only``, and the ``delegation-only`` and
``root-delegation-only`` statements, have been removed. Using them is
a configuration error.
These statements were created to address the SiteFinder controversy,
in which certain top-level domains redirected misspelled queries to
other sites instead of returning NXDOMAIN responses. Since top-level
domains are now DNSSEC-signed, and DNSSEC validation is active by
default, the statements are no longer needed. :gl:`#3953`
Feature Changes
~~~~~~~~~~~~~~~
- The log message ``resolver priming query complete`` has been moved
from the INFO log level to the DEBUG(1) log level, to prevent
:iscman:`delv` from emitting that message when setting up its internal
resolver. :gl:`#3842`
Bug Fixes
~~~~~~~~~
- Several bugs which could cause :iscman:`named` to crash during catalog
zone processing have been fixed. :gl:`#3955` :gl:`#3968` :gl:`#3997`
- Performance of DNSSEC validation in zones with many DNSKEY records has
been improved. :gl:`#3981`

11
doc/notes/notes-known-issues.rst
View File

@@ -38,3 +38,14 @@ Known Issues
have ``subjectAltName`` set. In such cases, the ``Subject`` field is have ``subjectAltName`` set. In such cases, the ``Subject`` field is
ignored. Only old platforms are affected by this, e.g. those supplied ignored. Only old platforms are affected by this, e.g. those supplied
with OpenSSL versions older than 1.1.1. :gl:`#3163` with OpenSSL versions older than 1.1.1. :gl:`#3163`
- Loading a large number of zones is significantly slower in BIND
9.19.12 than in the previous development releases due to a new data
structure being used for storing information about the zones to serve.
This slowdown is considered to be a bug and will be addressed in a
future BIND 9.19.x development release. :gl:`#4006`
- A flaw in reworked code responsible for accepting TCP connections may
cause a visible performance drop for TCP queries on some platforms,
notably FreeBSD. This issue will be fixed in a future BIND 9.19.x
development release. :gl:`#3985`