From 98bb01a22b0fff5e9483f1e54bf95674fff79098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 12 Dec 2022 12:11:01 +0100 Subject: [PATCH 1/7] Restore release note for GL #3570 --- doc/notes/notes-current.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index b8bf8f81de..22231e73cd 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -33,6 +33,9 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ +- The NSEC3PARAM TTL was previously set to 0 and is now changed to be the same + value as in the SOA MINIMUM field. :gl:`#3570` + - A ``configure`` option ``--with-tuning`` has been removed. The compile-time settings that required different values based on "workload" have been either removed or a sensible default has been picked. :gl:`#3664` From 64985af9fc737d163b2f822bb85e271b3280edb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 12 Dec 2022 12:11:01 +0100 Subject: [PATCH 2/7] Prepare release notes for BIND 9.19.8 --- doc/arm/notes.rst | 2 +- doc/notes/{notes-current.rst => notes-9.19.8.rst} | 10 ---------- 2 files changed, 1 insertion(+), 11 deletions(-) rename doc/notes/{notes-current.rst => notes-9.19.8.rst} (97%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 899d1b8fa6..2866ec7ceb 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -38,7 +38,7 @@ information about each release, and source code. .. include:: ../notes/notes-known-issues.rst -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.8.rst .. include:: ../notes/notes-9.19.7.rst .. include:: ../notes/notes-9.19.6.rst .. include:: ../notes/notes-9.19.5.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.19.8.rst similarity index 97% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.19.8.rst index 22231e73cd..3d7e5453c6 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.19.8.rst @@ -12,16 +12,6 @@ Notes for BIND 9.19.8 --------------------- -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -New Features -~~~~~~~~~~~~ - -- None. - Removed Features ~~~~~~~~~~~~~~~~ From d4801a916357a26b1b28b00d3dd489faae5fda5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 12 Dec 2022 12:11:01 +0100 Subject: [PATCH 3/7] Tweak and reword release notes --- doc/notes/notes-9.19.8.rst | 81 ++++++++++++++++++++++---------------- 1 file changed, 46 insertions(+), 35 deletions(-) diff --git a/doc/notes/notes-9.19.8.rst b/doc/notes/notes-9.19.8.rst index 3d7e5453c6..4d1e31cc49 100644 --- a/doc/notes/notes-9.19.8.rst +++ b/doc/notes/notes-9.19.8.rst @@ -16,45 +16,55 @@ Removed Features ~~~~~~~~~~~~~~~~ - Dynamic updates that add and remove DNSKEY and NSEC3PARAM records no - longer trigger key rollovers and denial of existence operations. This - also means that the option :any:`dnssec-secure-to-insecure` has been + longer trigger key rollovers and denial-of-existence operations. This + also means that the :any:`dnssec-secure-to-insecure` option has been obsoleted. :gl:`#3686` Feature Changes ~~~~~~~~~~~~~~~ -- The NSEC3PARAM TTL was previously set to 0 and is now changed to be the same - value as in the SOA MINIMUM field. :gl:`#3570` +- The TTL of the NSEC3PARAM record for every NSEC3-signed zone was + previously set to 0. It is now changed to match the SOA MINIMUM value + for the given zone. :gl:`#3570` -- A ``configure`` option ``--with-tuning`` has been removed. The compile-time - settings that required different values based on "workload" have been either - removed or a sensible default has been picked. :gl:`#3664` +- The ``--with-tuning`` option for ``configure`` has been removed. Each + of the compile-time settings that required different values based on + the "workload" (which were previously affected by the value of the + ``--with-tuning`` option) has either been removed or changed to a + sensible default. :gl:`#3664` -- The option :any:`auto-dnssec` is deprecated and will be removed in 9.19. - Please migrate to :any:`dnssec-policy`. :gl:`#3667` +- The :any:`auto-dnssec` option has been deprecated and will be removed + in a future BIND 9.19.x release. Please migrate to + :any:`dnssec-policy`. :gl:`#3667` -- Remove setting the operating system limit (``coresize``, ``datasize``, - ``files`` and ``stacksize``) from ``named.conf``. These options should be set - from the operating system (``ulimit``) or from the process supervisor - (e.g. ``systemd``). :gl:`#3676` +- The ``coresize``, ``datasize``, ``files``, and ``stacksize`` options + have been removed. The limits these options set should be enforced + externally, either by manual configuration (e.g. using ``ulimit``) or + via the process supervisor (e.g. ``systemd``). :gl:`#3676` -- On startup, ``named`` will set the current number of open files to maximum - allowed by the operating system instead of trying to set it to unlimited - which worked only very briefly on Linux 2.6.28 (and was causing performance - problems and thus the change was reverted in the kernel). :gl:`#3676` +- Setting alternate local addresses for inbound zone transfers has been + deprecated. The relevant options (:any:`alt-transfer-source`, + :any:`alt-transfer-source-v6`, and :any:`use-alt-transfer-source`) + will be removed in a future BIND 9.19.x release. :gl:`#3694` + +- On startup, :iscman:`named` now sets the limit on the number of open + files to the maximum allowed by the operating system, instead of + trying to set it to "unlimited". :gl:`#3676` Bug Fixes ~~~~~~~~~ -- Increase the number of HTTP headers in the statistics channel from - 10 to 100 to accomodate for some browsers that send more that 10 - headers by default. :gl:`#3670` +- The number of HTTP headers allowed in requests sent to + :iscman:`named`'s statistics channel has been increased from 10 to + 100, to accommodate some browsers that send more than 10 headers + by default. :gl:`#3670` -- Copy TLS identifier when setting up primaries for catalog member - zones. :gl:`#3638` +- TLS configuration for primary servers was not applied for zones that + were members of a catalog zone. This has been fixed. :gl:`#3638` -- Fix an assertion failure in the statschannel caused by reading from the HTTP - connection closed prematurely (connection error, shutdown). :gl:`#3693` +- :iscman:`named` could crash due to an assertion failure when an HTTP + connection to the statistics channel was closed prematurely (due to a + connection error, shutdown, etc.). This has been fixed. :gl:`#3693` - The ``zone /: final reference detached`` log message was moved from the INFO log level to the DEBUG(1) log level to prevent the @@ -63,20 +73,21 @@ Bug Fixes - The new name compression code in BIND 9.19.7 was not compressing names in zone transfers that should have been compressed, so zone - transfers were larger than before. :gl:`#3706` + transfers were larger than before. This has been fixed. :gl:`#3706` -- When a catalog zone is removed from the configuration, in some - cases a dangling pointer could cause a :iscman:`named` process - crash. This has been fixed. :gl:`#3683` +- When a catalog zone was removed from the configuration, in some cases + a dangling pointer could cause the :iscman:`named` process to crash. + This has been fixed. :gl:`#3683` -- The ``named`` would wait for some outstanding recursing queries - to finish before shutting down. This has been fixed. :gl:`#3183` - -- When a zone is deleted from a server, an key management objects related to - that zone would be kept in the memory and released only at the server - shutdown. This could lead to constantly increasing memory usage for servers - with a high zone churn. :gl:`#3727` +- In certain cases, :iscman:`named` waited for the resolution of + outstanding recursive queries to finish before shutting down. This was + unintended and has been fixed. :gl:`#3183` +- When a zone was deleted from a server, a key management object related + to that zone was inadvertently kept in memory and only released upon + shutdown. This could lead to constantly increasing memory use on + servers with a high rate of changes affecting the set of zones being + served. This has been fixed. :gl:`#3727` Known Issues ~~~~~~~~~~~~ From 815694d018bbbb8dc86bf0571be564733b96b250 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 12 Dec 2022 12:11:01 +0100 Subject: [PATCH 4/7] Reorder release notes --- doc/notes/notes-9.19.8.rst | 46 +++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/doc/notes/notes-9.19.8.rst b/doc/notes/notes-9.19.8.rst index 4d1e31cc49..c31a13a8ac 100644 --- a/doc/notes/notes-9.19.8.rst +++ b/doc/notes/notes-9.19.8.rst @@ -15,6 +15,11 @@ Notes for BIND 9.19.8 Removed Features ~~~~~~~~~~~~~~~~ +- The ``coresize``, ``datasize``, ``files``, and ``stacksize`` options + have been removed. The limits these options set should be enforced + externally, either by manual configuration (e.g. using ``ulimit``) or + via the process supervisor (e.g. ``systemd``). :gl:`#3676` + - Dynamic updates that add and remove DNSKEY and NSEC3PARAM records no longer trigger key rollovers and denial-of-existence operations. This also means that the :any:`dnssec-secure-to-insecure` option has been @@ -37,11 +42,6 @@ Feature Changes in a future BIND 9.19.x release. Please migrate to :any:`dnssec-policy`. :gl:`#3667` -- The ``coresize``, ``datasize``, ``files``, and ``stacksize`` options - have been removed. The limits these options set should be enforced - externally, either by manual configuration (e.g. using ``ulimit``) or - via the process supervisor (e.g. ``systemd``). :gl:`#3676` - - Setting alternate local addresses for inbound zone transfers has been deprecated. The relevant options (:any:`alt-transfer-source`, :any:`alt-transfer-source-v6`, and :any:`use-alt-transfer-source`) @@ -51,44 +51,44 @@ Feature Changes files to the maximum allowed by the operating system, instead of trying to set it to "unlimited". :gl:`#3676` -Bug Fixes -~~~~~~~~~ - - The number of HTTP headers allowed in requests sent to :iscman:`named`'s statistics channel has been increased from 10 to 100, to accommodate some browsers that send more than 10 headers by default. :gl:`#3670` -- TLS configuration for primary servers was not applied for zones that - were members of a catalog zone. This has been fixed. :gl:`#3638` +Bug Fixes +~~~~~~~~~ - :iscman:`named` could crash due to an assertion failure when an HTTP connection to the statistics channel was closed prematurely (due to a connection error, shutdown, etc.). This has been fixed. :gl:`#3693` -- The ``zone /: final reference detached`` log message was - moved from the INFO log level to the DEBUG(1) log level to prevent the - :iscman:`named-checkzone` tool from superfluously logging this message - in non-debug mode. :gl:`#3707` - -- The new name compression code in BIND 9.19.7 was not compressing - names in zone transfers that should have been compressed, so zone - transfers were larger than before. This has been fixed. :gl:`#3706` - - When a catalog zone was removed from the configuration, in some cases a dangling pointer could cause the :iscman:`named` process to crash. This has been fixed. :gl:`#3683` -- In certain cases, :iscman:`named` waited for the resolution of - outstanding recursive queries to finish before shutting down. This was - unintended and has been fixed. :gl:`#3183` - - When a zone was deleted from a server, a key management object related to that zone was inadvertently kept in memory and only released upon shutdown. This could lead to constantly increasing memory use on servers with a high rate of changes affecting the set of zones being served. This has been fixed. :gl:`#3727` +- TLS configuration for primary servers was not applied for zones that + were members of a catalog zone. This has been fixed. :gl:`#3638` + +- In certain cases, :iscman:`named` waited for the resolution of + outstanding recursive queries to finish before shutting down. This was + unintended and has been fixed. :gl:`#3183` + +- The new name compression code in BIND 9.19.7 was not compressing + names in zone transfers that should have been compressed, so zone + transfers were larger than before. This has been fixed. :gl:`#3706` + +- The ``zone /: final reference detached`` log message was + moved from the INFO log level to the DEBUG(1) log level to prevent the + :iscman:`named-checkzone` tool from superfluously logging this message + in non-debug mode. :gl:`#3707` + Known Issues ~~~~~~~~~~~~ From bd71684f07ebc16fa8694612de3497f126d2576e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 12 Dec 2022 12:11:01 +0100 Subject: [PATCH 5/7] Add release note for GL #3721 --- doc/notes/notes-9.19.8.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/notes/notes-9.19.8.rst b/doc/notes/notes-9.19.8.rst index c31a13a8ac..678274d261 100644 --- a/doc/notes/notes-9.19.8.rst +++ b/doc/notes/notes-9.19.8.rst @@ -80,6 +80,10 @@ Bug Fixes outstanding recursive queries to finish before shutting down. This was unintended and has been fixed. :gl:`#3183` +- :iscman:`host` and :iscman:`nslookup` command-line options setting the + custom TCP/UDP port to use were ignored for ANY queries (which are + sent over TCP). This has been fixed. :gl:`#3721` + - The new name compression code in BIND 9.19.7 was not compressing names in zone transfers that should have been compressed, so zone transfers were larger than before. This has been fixed. :gl:`#3706` From 1b03cf1503a06a55067302ebfcd9480dc02a1acb Mon Sep 17 00:00:00 2001 From: Tom Krizek Date: Mon, 12 Dec 2022 14:02:56 +0100 Subject: [PATCH 6/7] Add a CHANGES marker --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index 224e8f8604..d05e44cb24 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.19.8 released --- + 6043. [bug] The key file IO locks objects would never get deleted from the hashtable due to off-by-one error. [GL #3727] From eac4314684d51001d49986be4abf96292f408e1a Mon Sep 17 00:00:00 2001 From: Tom Krizek Date: Mon, 12 Dec 2022 14:20:08 +0100 Subject: [PATCH 7/7] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index ef69a5dae3..5a55315945 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 19)dnl m4_define([bind_VERSION_PATCH], 8)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl