From d4801a916357a26b1b28b00d3dd489faae5fda5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 12 Dec 2022 12:11:01 +0100 Subject: [PATCH] Tweak and reword release notes --- doc/notes/notes-9.19.8.rst | 81 ++++++++++++++++++++++---------------- 1 file changed, 46 insertions(+), 35 deletions(-) diff --git a/doc/notes/notes-9.19.8.rst b/doc/notes/notes-9.19.8.rst index 3d7e5453c6..4d1e31cc49 100644 --- a/doc/notes/notes-9.19.8.rst +++ b/doc/notes/notes-9.19.8.rst @@ -16,45 +16,55 @@ Removed Features ~~~~~~~~~~~~~~~~ - Dynamic updates that add and remove DNSKEY and NSEC3PARAM records no - longer trigger key rollovers and denial of existence operations. This - also means that the option :any:`dnssec-secure-to-insecure` has been + longer trigger key rollovers and denial-of-existence operations. This + also means that the :any:`dnssec-secure-to-insecure` option has been obsoleted. :gl:`#3686` Feature Changes ~~~~~~~~~~~~~~~ -- The NSEC3PARAM TTL was previously set to 0 and is now changed to be the same - value as in the SOA MINIMUM field. :gl:`#3570` +- The TTL of the NSEC3PARAM record for every NSEC3-signed zone was + previously set to 0. It is now changed to match the SOA MINIMUM value + for the given zone. :gl:`#3570` -- A ``configure`` option ``--with-tuning`` has been removed. The compile-time - settings that required different values based on "workload" have been either - removed or a sensible default has been picked. :gl:`#3664` +- The ``--with-tuning`` option for ``configure`` has been removed. Each + of the compile-time settings that required different values based on + the "workload" (which were previously affected by the value of the + ``--with-tuning`` option) has either been removed or changed to a + sensible default. :gl:`#3664` -- The option :any:`auto-dnssec` is deprecated and will be removed in 9.19. - Please migrate to :any:`dnssec-policy`. :gl:`#3667` +- The :any:`auto-dnssec` option has been deprecated and will be removed + in a future BIND 9.19.x release. Please migrate to + :any:`dnssec-policy`. :gl:`#3667` -- Remove setting the operating system limit (``coresize``, ``datasize``, - ``files`` and ``stacksize``) from ``named.conf``. These options should be set - from the operating system (``ulimit``) or from the process supervisor - (e.g. ``systemd``). :gl:`#3676` +- The ``coresize``, ``datasize``, ``files``, and ``stacksize`` options + have been removed. The limits these options set should be enforced + externally, either by manual configuration (e.g. using ``ulimit``) or + via the process supervisor (e.g. ``systemd``). :gl:`#3676` -- On startup, ``named`` will set the current number of open files to maximum - allowed by the operating system instead of trying to set it to unlimited - which worked only very briefly on Linux 2.6.28 (and was causing performance - problems and thus the change was reverted in the kernel). :gl:`#3676` +- Setting alternate local addresses for inbound zone transfers has been + deprecated. The relevant options (:any:`alt-transfer-source`, + :any:`alt-transfer-source-v6`, and :any:`use-alt-transfer-source`) + will be removed in a future BIND 9.19.x release. :gl:`#3694` + +- On startup, :iscman:`named` now sets the limit on the number of open + files to the maximum allowed by the operating system, instead of + trying to set it to "unlimited". :gl:`#3676` Bug Fixes ~~~~~~~~~ -- Increase the number of HTTP headers in the statistics channel from - 10 to 100 to accomodate for some browsers that send more that 10 - headers by default. :gl:`#3670` +- The number of HTTP headers allowed in requests sent to + :iscman:`named`'s statistics channel has been increased from 10 to + 100, to accommodate some browsers that send more than 10 headers + by default. :gl:`#3670` -- Copy TLS identifier when setting up primaries for catalog member - zones. :gl:`#3638` +- TLS configuration for primary servers was not applied for zones that + were members of a catalog zone. This has been fixed. :gl:`#3638` -- Fix an assertion failure in the statschannel caused by reading from the HTTP - connection closed prematurely (connection error, shutdown). :gl:`#3693` +- :iscman:`named` could crash due to an assertion failure when an HTTP + connection to the statistics channel was closed prematurely (due to a + connection error, shutdown, etc.). This has been fixed. :gl:`#3693` - The ``zone /: final reference detached`` log message was moved from the INFO log level to the DEBUG(1) log level to prevent the @@ -63,20 +73,21 @@ Bug Fixes - The new name compression code in BIND 9.19.7 was not compressing names in zone transfers that should have been compressed, so zone - transfers were larger than before. :gl:`#3706` + transfers were larger than before. This has been fixed. :gl:`#3706` -- When a catalog zone is removed from the configuration, in some - cases a dangling pointer could cause a :iscman:`named` process - crash. This has been fixed. :gl:`#3683` +- When a catalog zone was removed from the configuration, in some cases + a dangling pointer could cause the :iscman:`named` process to crash. + This has been fixed. :gl:`#3683` -- The ``named`` would wait for some outstanding recursing queries - to finish before shutting down. This has been fixed. :gl:`#3183` - -- When a zone is deleted from a server, an key management objects related to - that zone would be kept in the memory and released only at the server - shutdown. This could lead to constantly increasing memory usage for servers - with a high zone churn. :gl:`#3727` +- In certain cases, :iscman:`named` waited for the resolution of + outstanding recursive queries to finish before shutting down. This was + unintended and has been fixed. :gl:`#3183` +- When a zone was deleted from a server, a key management object related + to that zone was inadvertently kept in memory and only released upon + shutdown. This could lead to constantly increasing memory use on + servers with a high rate of changes affecting the set of zones being + served. This has been fixed. :gl:`#3727` Known Issues ~~~~~~~~~~~~