Merge branch 'pspacek/prepare-documentation-for-bind-9.19.12' into 'v9.19.12-release'

Prepare documentation for BIND 9.19.12

See merge request isc-private/bind9!510

doc/arm/notes.rst

@@ -38,7 +38,7 @@ information about each release, and source code.
 
 .. include:: ../notes/notes-known-issues.rst
 
-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.19.12.rst
 .. include:: ../notes/notes-9.19.11.rst
 .. include:: ../notes/notes-9.19.10.rst
 .. include:: ../notes/notes-9.19.9.rst

doc/notes/notes-9.19.12.rst

@@ -0,0 +1,93 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.19.12
+----------------------
+
+Security Fixes
+~~~~~~~~~~~~~~
+
+- An error in DNS message processing introduced in development version
+  9.19.11 could cause BIND and its utilities to crash if the maximum
+  permissible number of DNS labels were present. This has been fixed.
+  :gl:`#3998`
+
+Known Issues
+~~~~~~~~~~~~
+
+- Loading a large number of zones is significantly slower in BIND
+  9.19.12 than in the previous development releases due to a new data
+  structure being used for storing information about the zones to serve.
+  This slowdown is considered to be a bug and will be addressed in a
+  future BIND 9.19.x development release. :gl:`#4006`
+
+- A flaw in reworked code responsible for accepting TCP connections may
+  cause a visible performance drop for TCP queries on some platforms,
+  notably FreeBSD.  This issue will be fixed in a future BIND 9.19.x
+  development release. :gl:`#3985`
+
+- See :ref:`above <relnotes_known_issues>` for a list of all known issues
+  affecting this BIND 9 branch.
+
+New Features
+~~~~~~~~~~~~
+
+- BIND now depends on `liburcu`_, Userspace RCU, for lock-free data
+  structures. :gl:`#3934`
+
+- The new command-line :option:`delv +ns` option activates name server
+  mode, to more accurately reproduce the behavior of :iscman:`named`
+  when resolving a query. In this mode, :iscman:`delv` uses an internal
+  recursive resolver rather than an external server. All messages sent
+  and received during the resolution and validation process are logged.
+  This can be used in place of :option:`dig +trace`. :gl:`#3842`
+
+- A new configuration option, :any:`checkds`, has been introduced. When
+  set to ``yes``, it detects :any:`parental-agents` automatically by
+  resolving the parent NS records. These name servers are queried to
+  check the DS RRset during a KSK rollover initiated by
+  :any:`dnssec-policy`. :gl:`#3901`
+
+.. _`liburcu`: https://liburcu.org/
+
+Removed Features
+~~~~~~~~~~~~~~~~
+
+- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been
+  removed and using TKEY Mode 2 is now a fatal error. Users are advised
+  to switch to TKEY Mode 3 (GSS-API). :gl:`#3905`
+
+- Zone type ``delegation-only``, and the ``delegation-only`` and
+  ``root-delegation-only`` statements, have been removed. Using them is
+  a configuration error.
+
+  These statements were created to address the SiteFinder controversy,
+  in which certain top-level domains redirected misspelled queries to
+  other sites instead of returning NXDOMAIN responses. Since top-level
+  domains are now DNSSEC-signed, and DNSSEC validation is active by
+  default, the statements are no longer needed. :gl:`#3953`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- The log message ``resolver priming query complete`` has been moved
+  from the INFO log level to the DEBUG(1) log level, to prevent
+  :iscman:`delv` from emitting that message when setting up its internal
+  resolver. :gl:`#3842`
+
+Bug Fixes
+~~~~~~~~~
+
+- Several bugs which could cause :iscman:`named` to crash during catalog
+  zone processing have been fixed. :gl:`#3955` :gl:`#3968` :gl:`#3997`
+
+- Performance of DNSSEC validation in zones with many DNSKEY records has
+  been improved. :gl:`#3981`

doc/notes/notes-current.rst

@@ -1,75 +0,0 @@
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0.  If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-Notes for BIND 9.19.12
-----------------------
-
-Security Fixes
-~~~~~~~~~~~~~~
-
-- None.
-
-New Features
-~~~~~~~~~~~~
-
-- BIND now depends on ``liburcu``, Userspace RCU, for lock-free data
-  structures. :gl:`#3934`
-
-- The new ``delv +ns`` option activates name server mode, in which ``delv``
-  sets up an internal recursive resolver and uses that, rather than an
-  external server, to look up the requested query name and type. All messages
-  sent and received during the resolution and validation process are logged.
-  This can be used in place of ``dig +trace``: it more accurately
-  reproduces the behavior of ``named`` when resolving a query.
-
-  The log message ``resolver priming query complete`` was moved from the
-  INFO log level to the DEBUG(1) log level, to prevent ``delv`` from
-  emitting that message when setting up its internal resolver. :gl:`#3842`
-
-- A new configuration option :any:`checkds` is introduced that when set to
-  ``yes`` will detect :any:`parental-agents` automatically by resolving the
-  parent NS records. These name servers will be used to check the DS RRset
-  during a KSK rollover initiated by :any:`dnssec-policy`. :gl:`#3901`
-
-Removed Features
-~~~~~~~~~~~~~~~~
-
-- The TKEY Mode 2 (Diffie-Hellman Exchanged Keying Mode) has been removed and
-  using TKEY Mode 2 is now a fatal error.  Users are advised to switch to TKEY
-  Mode 3 (GSS-API). :gl:`#3905`
-
-- Zone type ``delegation-only``, and the ``delegation-only`` and
-  ``root-delegation-only`` options, have been removed. Using them
-  is a configuration error.
-
-  These options were created to address the SiteFinder controversy, in
-  which certain top-level domains redirected misspelled queries to other
-  sites instead of returning NXDOMAIN responses. Since top-level domains are
-  now DNSSEC signed, and DNSSEC validation is active by default, the
-  options are no longer needed. :gl:`#3953`
-
-Feature Changes
-~~~~~~~~~~~~~~~
-
-- None.
-
-Bug Fixes
-~~~~~~~~~
-
-- Performance of DNSSEC validation in zones with many DNSKEY records
-  has been improved. :gl:`#3981`
-
-Known Issues
-~~~~~~~~~~~~
-
-- There are no new known issues with this release. See :ref:`above
-  <relnotes_known_issues>` for a list of all known issues affecting this
-  BIND 9 branch.

doc/notes/notes-known-issues.rst

@@ -38,3 +38,14 @@ Known Issues
   have ``subjectAltName`` set. In such cases, the ``Subject`` field is
   ignored. Only old platforms are affected by this, e.g. those supplied
   with OpenSSL versions older than 1.1.1. :gl:`#3163`
+
+- Loading a large number of zones is significantly slower in BIND
+  9.19.12 than in the previous development releases due to a new data
+  structure being used for storing information about the zones to serve.
+  This slowdown is considered to be a bug and will be addressed in a
+  future BIND 9.19.x development release. :gl:`#4006`
+
+- A flaw in reworked code responsible for accepting TCP connections may
+  cause a visible performance drop for TCP queries on some platforms,
+  notably FreeBSD.  This issue will be fixed in a future BIND 9.19.x
+  development release. :gl:`#3985`