Merge branch 'tkrizek/prepare-documentation-for-bind-9.19.11' into 'v9_19_11-release'

Prepare documentation for BIND 9.19.11 See merge request isc-private/bind9!500
2025-08-30 05:57:52 +00:00 · 2023-03-03 14:05:21 +00:00 · 2023-03-03 14:05:21 +00:00 · 5fa00c7ce1
commit 5fa00c7ce1
parent 0874708bbf 8f315605ba
4 changed files with 92 additions and 87 deletions
--- a/.gitlab/issue_templates/Release.md
+++ b/.gitlab/issue_templates/Release.md
@ -36,7 +36,6 @@
 - [ ] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
 - [ ] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
 - [ ] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
- - [ ] ***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them.
 - [ ] ***(QA)*** Announce (on Mattermost) that the code freeze is in effect.

 ### Before the Tagging Deadline
@ -46,6 +45,7 @@
 - [ ] ***(QA)*** Add a release marker to `CHANGES.SE` (Subscription Edition only).
 - [ ] ***(QA)*** Update BIND 9 version in `configure.ac` (9.18+) or `version` (9.16).
 - [ ] ***(QA)*** Rebuild `configure` using Autoconf on `docs.isc.org` (9.16).
+ - [ ] ***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them.
 - [ ] ***(QA)*** Tag the releases in the private repository (`git tag -s -m "BIND 9.x.y" v9_x_y`).

 ### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
@ -90,6 +90,7 @@
 - [ ] ***(QA)*** Sanitize confidential issues which are assigned to older release milestones and describe security vulnerabilities, then make them public if appropriate[^2].
 - [ ] ***(QA)*** Update QA tools used in GitLab CI (e.g. Black, PyLint, Sphinx) by modifying the relevant `Dockerfile`.
 - [ ] ***(QA)*** Run a pipeline to rebuild all [images](https://gitlab.isc.org/isc-projects/images) used in GitLab CI.
+ - [ ] ***(QA)*** Update [`metadata.json`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/metadata.json) with the upcoming release information.

 [^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
 [^2]: As a rule of thumb, security vulnerabilities which have reproducers merged to the public repository are considered okay for full disclosure.
--- a/doc/arm/notes.rst
+++ b/doc/arm/notes.rst
@ -38,7 +38,7 @@ information about each release, and source code.

 .. include:: ../notes/notes-known-issues.rst

-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.19.11.rst
 .. include:: ../notes/notes-9.19.10.rst
 .. include:: ../notes/notes-9.19.9.rst
 .. include:: ../notes/notes-9.19.8.rst
--- a/doc/notes/notes-9.19.11.rst
+++ b/doc/notes/notes-9.19.11.rst
@ -0,0 +1,89 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.19.11
+----------------------
+
+New Features
+~~~~~~~~~~~~
+
+- When using :any:`dnssec-policy`, it is now possible to configure the
+  digest type to use when ``CDS`` records need to be published with
+  :any:`cds-digest-types`. Also, publication of specific CDNSKEY/CDS
+  records can now be set with :option:`dnssec-signzone -G`. :gl:`#3837`
+
+Removed Features
+~~~~~~~~~~~~~~~~
+
+- Support for Red Hat Enterprise Linux version 7 (and clones) has been
+  dropped. A C11-compliant compiler is now required to compile BIND 9.
+  :gl:`#3729`
+
+- The functions that were in the ``libbind9`` shared library have been
+  moved to the ``libisc`` and ``libisccfg`` libraries. The now-empty
+  ``libbind9`` has been removed and is no longer installed. :gl:`#3903`
+
+- The ``irs_resconf`` module has been moved to the ``libdns`` shared
+  library. The now-empty ``libirs`` library has been removed and is no
+  longer installed. :gl:`#3904`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Catalog zone updates are now run on specialized "offload" threads to
+  reduce the amount of time they block query processing on the main
+  networking threads. This increases the responsiveness of
+  :iscman:`named` when catalog zone updates are being applied after a
+  catalog zone has been successfully transferred. :gl:`#3881`
+
+- libuv support for receiving multiple UDP messages in a single
+  ``recvmmsg()`` system call has been tweaked several times between
+  libuv versions 1.35.0 and 1.40.0; the current recommended libuv
+  version is 1.40.0 or higher. New rules are now in effect for running
+  with a different version of libuv than the one used at compilation
+  time. These rules may trigger a fatal error at startup:
+
+  - Building against or running with libuv versions 1.35.0 and 1.36.0 is
+    now a fatal error.
+
+  - Running with libuv version higher than 1.34.2 is now a fatal error
+    when :iscman:`named` is built against libuv version 1.34.2 or lower.
+
+  - Running with libuv version higher than 1.39.0 is now a fatal error
+    when :iscman:`named` is built against libuv version 1.37.0, 1.38.0,
+    1.38.1, or 1.39.0.
+
+  This prevents the use of libuv versions that may trigger an assertion
+  failure when receiving multiple UDP messages in a single system call.
+  :gl:`#3840`
+
+Bug Fixes
+~~~~~~~~~
+
+- :iscman:`named` could crash with an assertion failure when adding a
+  new zone into the configuration file for a name which was already
+  configured as a member zone for a catalog zone. This has been fixed.
+  :gl:`#3911`
+
+- When :iscman:`named` starts up, it sends a query for the DNSSEC key
+  for each configured trust anchor to determine whether the key has
+  changed. In some unusual cases, the query might depend on a zone for
+  which the server is itself authoritative, and would have failed if it
+  were sent before the zone was fully loaded. This has now been fixed by
+  delaying the key queries until all zones have finished loading.
+  :gl:`#3673`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+  <relnotes_known_issues>` for a list of all known issues affecting this
+  BIND 9 branch.
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -1,85 +0,0 @@
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0.  If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-Notes for BIND 9.19.11
----------------------
-
-Security Fixes
-~~~~~~~~~~~~~~
-
- None.
-
-New Features
-~~~~~~~~~~~~
-
- None.
-
- When using :any:`dnssec-policy`, you can now configure the digest type to
-  use when ``CDS`` records need to be published with `cds-digest-types`. Also,
-  with ``dnssec-signzone -G`` you can set which CDNSKEY/CDS records you want to
-  publish. :gl:`#3837`
-
-Removed Features
-~~~~~~~~~~~~~~~~
-
- Support for Red Hat Enterprise Linux version 7 (and clones) has been dropped.
-  A C11 compliant compiler (or better) is now required to compile BIND 9.
-  :gl:`#3729`
-
- The functions that were in the ``libbind9`` shared library have been
-  moved to the ``libisc`` and ``libisccfg`` libraries, and the
-  now-empty ``libbind9`` has been removed and is no longer installed.
-
- The ``irs_resconf`` module has been moved to the ``libdns`` shared
-  library and the now-empty ``libirs`` library has been removed and is
-  no longer installed.
-
-Feature Changes
-~~~~~~~~~~~~~~~
-
- libuv support for receiving multiple UDP messages in a single system
-  call (``recvmmsg()``) has been tweaked several times between libuv
-  versions 1.35.0 and 1.40.0; the recommended libuv version is 1.40.0 or
-  higher. New rules are now in effect for running with a different
-  version of libuv than the one used at compilation time. These rules
-  may trigger a fatal error at startup:
-
-  - Building against or running with libuv versions 1.35.0 and 1.36.0 is
-    now a fatal error.
-
-  - Running with libuv version higher than 1.34.2 is now a fatal error
-    when :iscman:`named` is built against libuv version 1.34.2 or lower.
-
-  - Running with libuv version higher than 1.39.0 is now a fatal error
-    when :iscman:`named` is built against libuv version 1.37.0, 1.38.0,
-    1.38.1, or 1.39.0.
-
-  This prevents the use of libuv versions that may trigger an assertion
-  failure when receiving multiple UDP messages in a single system call.
-  :gl:`#3840`
-
- Run catalog zone updates on the specialized "offload" threads to reduce the
-  amount of time they block query processing on the main networking
-  threads. This should increase the responsiveness of :iscman:`named`
-  when catalog zone updates are being applied after a catalog zone has been
-  successfully transferred. :gl:`#3881`
-
-Bug Fixes
-~~~~~~~~~
-
- :iscman:`named` could crash with an assertion failure when adding a new zone
-  into the configuration file for a name, which is already configured as a
-  member zone for a catalog zone. This has been fixed. :gl:`#3911`
-
-Known Issues
-~~~~~~~~~~~~
-
- None.