diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 6ed4417040..88c99b8fa2 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -44,8 +44,14 @@ New Features closelogs`. The second is ``kill -USR1 ``. They are intended to be used with external log rotation tools. :gl:`#4780` :gl:`!9113` -Feature Changes -~~~~~~~~~~~~~~~ +- :iscman:`dig` now reports missing QUESTION section for opcode QUERY. + + Query responses should contain the QUESTION section with some + exceptions. :iscman:`dig` was not reporting this. :gl:`#4808` + :gl:`!9233` + +Removed Features +~~~~~~~~~~~~~~~~ - Remove OpenSSL 1.x engine support. @@ -54,6 +60,9 @@ Feature Changes support from BIND 9 in favor of OpenSSL 3.x providers. :gl:`#4828` :gl:`!9252` +Feature Changes +~~~~~~~~~~~~~~~ + - Require at least OpenSSL 1.1.1. OpenSSL 1.1.1 or newer (or an equivalent LibreSSL version) is now @@ -67,31 +76,6 @@ Feature Changes converted to seconds before applying the limit. :gl:`#4320` :gl:`!9091` -Bug Fixes -~~~~~~~~~ - -- Reconfigure catz member zones during :iscman:`named` reconfiguration. - - During a reconfiguration, :iscman:`named` wasn't reconfiguring catalog - zones' member zones. This has been fixed. :gl:`#4733` - -- Fix ``--enable-tracing`` build on systems without dtrace. - - Missing ``util/dtrace.sh`` file prevented builds on systems without - the ``dtrace`` utility. This has been corrected. - -- :iscman:`dig` now reports missing QUESTION section for opcode QUERY. - - Query responses should contain the QUESTION section with some - exceptions. :iscman:`dig` was not reporting this. :gl:`#4808` - :gl:`!9233` - -- Fix assertion failure in glue cache code. - - Fix an assertion failure that could happen as a result of data race - between ``free_gluetable()`` and ``addglue()`` on the same headers. - :gl:`#4691` :gl:`!9126` - - Raise the log level of priming failures. When a priming query is complete, it was previously logged at level @@ -99,10 +83,8 @@ Bug Fixes logged to ``ISC_LOG_NOTICE`` in the case of failure. :gl:`#3516` :gl:`!9121` -- Fix assertion failure when checking :iscman:`named-checkconf` version. - - Checking the version of `named-checkconf` would end with assertion - failure. This has been fixed. :gl:`#4827` :gl:`!9243` +Bug Fixes +~~~~~~~~~ - Fix a crash caused by valid TSIG signatures with invalid time. @@ -111,18 +93,40 @@ Bug Fixes when the times between the primary and secondary servers were not synchronised. The crash has now been fixed. :gl:`#4811` :gl:`!9234` +- Return SERVFAIL for a too long CNAME chain. + + When cutting a long CNAME chain, :iscman:`named` was returning NOERROR + instead of SERVFAIL (alongside with a partial answer). This has been + fixed. :gl:`#4449` :gl:`!9090` + +- Reconfigure catz member zones during :iscman:`named` reconfiguration. + + During a reconfiguration, :iscman:`named` wasn't reconfiguring catalog + zones' member zones. This has been fixed. :gl:`#4733` + +- Update key lifetime and metadata after :any:`dnssec-policy` reconfig. + + Adjust key state and timing metadata if :any:`dnssec-policy` key + lifetime configuration is updated, so that it also affects existing + keys. :gl:`#4677` :gl:`!9118` + +- Fix assertion failure in glue cache code. + + Fix an assertion failure that could happen as a result of data race + between ``free_gluetable()`` and ``addglue()`` on the same headers. + :gl:`#4691` :gl:`!9126` + +- Fix assertion failure when checking :iscman:`named-checkconf` version. + + Checking the version of `named-checkconf` would end with assertion + failure. This has been fixed. :gl:`#4827` :gl:`!9243` + - Fix generation of 6to4-self name expansion from IPv4 address. The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing, resulting in the wrong name being checked. This has been fixed. :gl:`#4766` :gl:`!9099` -- Fix false QNAME minimisation error being reported. - - Remove the false positive ``success resolving`` log message when QNAME - minimisation is in effect and the final result is an NXDOMAIN. - :gl:`#4784` :gl:`!9117` - - :option:`dig +yaml` was producing unexpected and/or invalid YAML output. :gl:`#4796` :gl:`!9127` @@ -130,17 +134,16 @@ Bug Fixes :gl:`#4775` :gl:`!9106` -- Return SERVFAIL for a too long CNAME chain. +- Fix false QNAME minimisation error being reported. - When cutting a long CNAME chain, :iscman:`named` was returning NOERROR - instead of SERVFAIL (alongside with a partial answer). This has been - fixed. :gl:`#4449` :gl:`!9090` + Remove the false positive ``success resolving`` log message when QNAME + minimisation is in effect and the final result is an NXDOMAIN. + :gl:`#4784` :gl:`!9117` -- Update key lifetime and metadata after :any:`dnssec-policy` reconfig. +- Fix ``--enable-tracing`` build on systems without dtrace. - Adjust key state and timing metadata if :any:`dnssec-policy` key - lifetime configuration is updated, so that it also affects existing - keys. :gl:`#4677` :gl:`!9118` + Missing ``util/dtrace.sh`` file prevented builds on systems without + the ``dtrace`` utility. This has been corrected. Known Issues ~~~~~~~~~~~~