mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity

Tweak and reword release notes

Browse Source
This commit is contained in:
Michał Kępień 2025-07-03 22:54:36 +02:00
parent beb5214586
commit 9cdaaa6511
No known key found for this signature in database
2 changed files with 32 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/changelog/changelog-9.21.10.rst
View File

@ -44,9 +44,9 @@ New Features
compares them, and generates a journal file from the differences. compares them, and generates a journal file from the differences.
:gl:`#5164` :gl:`!10081` :gl:`#5164` :gl:`!10081`
- Add support to set and display the CO flag. ``419ad060238`` - Add support for the CO flag to dig. ``419ad060238``
Add support to display the CO (Compact denial of existence Ok flag) Add support to display the CO (Compact Answers OK flag)
when displaying messages. when displaying messages.
Add support to set the CO flag when making queries in dig (+coflag). Add support to set the CO flag when making queries in dig (+coflag).

63
doc/notes/notes-9.21.10.rst
View File

@ -15,18 +15,18 @@ Notes for BIND 9.21.10
Security Fixes Security Fixes
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
- [CVE-2025-40777] Fix a possible assertion failure when using the - Fix a possible assertion failure when
'stale-answer-client-timeout 0' option. :any:`stale-answer-client-timeout` is set to ``0``.
In specific circumstances the :iscman:`named` resolver process could In specific circumstances the :iscman:`named` resolver process could
terminate unexpectedly when stale answers were enabled and the exit with an assertion failure when stale answers were enabled and the
``stale-answer-client-timeout 0`` configuration option was used. This :any:`stale-answer-client-timeout` configuration option was set to
has been fixed. :gl:`#5372` ``0``. This has been fixed. :cve:`2025-40777` :gl:`#5372`
New Features New Features
~~~~~~~~~~~~ ~~~~~~~~~~~~
- "Add code paths to fully support PRIVATEDNS and PRIVATEOID keys" - Add code paths to fully support PRIVATEDNS and PRIVATEOID keys.
Added support for PRIVATEDNS and PRIVATEOID key usage. Added Added support for PRIVATEDNS and PRIVATEOID key usage. Added
PRIVATEOID test algorithms using the assigned OIDs for RSASHA256 and PRIVATEOID test algorithms using the assigned OIDs for RSASHA256 and
@ -36,45 +36,42 @@ New Features
PRIVATEDNS and PRIVATEOID identifiers at the start of the digest field PRIVATEDNS and PRIVATEOID identifiers at the start of the digest field
of the DS record. This code is disabled by default. :gl:`#3240` of the DS record. This code is disabled by default. :gl:`#3240`
- Add "named-makejournal" tool. - Add :iscman:`named-makejournal` tool.
The `named-makejournal` tool reads two zone files for the same domain, The :iscman:`named-makejournal` tool reads two zone files for the same
compares them, and generates a journal file from the differences. domain, compares them, and generates a journal file from the
:gl:`#5164` differences. :gl:`#5164`
- Add support to set and display the CO flag. - Add support for the CO flag to :iscman:`dig`.
Add support to display the CO (Compact denial of existence Ok flag) Add support for Compact Denial of Existence to :iscman:`dig`. This
when displaying messages. includes showing the CO (Compact Answers OK) flag when displaying
messages and adding an option to set the CO flag when making queries
Add support to set the CO flag when making queries in dig (+coflag). (:option:`dig +coflag`). :gl:`#5319`
:gl:`#5319`
Bug Fixes Bug Fixes
~~~~~~~~~ ~~~~~~~~~
- Fix the default interface-interval from 60s to 60m. - Correct the default :any:`interface-interval` from 60s to 60m.
When the interface-interval parser was changed from uint32 parser to When the :any:`interface-interval` parser was changed from a
duration parser, the default value stayed at plain number `60` which ``uint32`` parser to a duration parser, the default value stayed at
now means 60 seconds instead of 60 minutes. The documentation also plain number ``60`` which now means 60 seconds instead of 60 minutes.
incorrectly states that the value is in minutes. That has been fixed. The documentation also incorrectly states that the value is in
:gl:`#5246` minutes. That has been fixed. :gl:`#5246`
- Fix purge-keys bug when using views. - Fix a :any:`purge-keys` bug when using multiple views of a zone.
Previously, when a DNSSEC key was purged by one zone view, other zone Previously, when a DNSSEC key was purged by one zone view, other zone
views would return an error about missing key files. This has been views would return an error about missing key files. This has been
fixed. :gl:`#5315` fixed. :gl:`#5315`
- Use IPv6 queries in delv +ns. - Use IPv6 queries in :option:`delv +ns`.
`delv +ns` invokes the same code to perform name resolution as
`named`, but it neglected to set up an IPv6 dispatch object first.
Consequently, it was behaving more like `named -4`. It now sets up
dispatch objects for both address families, and performs resolver
queries to both v4 and v6 addresses, except when one of the address
families has been suppressed by using `delv -4` or `delv -6`.
:gl:`#5352`
:option:`delv +ns` invokes the same code to perform name resolution as
:iscman:`named`, but it neglected to set up an IPv6 dispatch object
first. Consequently, it was behaving more like :option:`named -4`. It
now sets up dispatch objects for both address families, and performs
resolver queries to both IPv4 and IPv6 addresses, except when one of
the address families has been suppressed by using :option:`delv -4` or
:option:`delv -6`. :gl:`#5352`