mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Tweak and reword recent CHANGES entries

Browse Source
This commit is contained in:
Michał Kępień 2021-04-12 12:15:45 +02:00
parent 9879d2a6b4
commit d9011c2a4d
1 changed files with 38 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CHANGES
View File

@ -64,7 +64,7 @@
to recover from them. [GL #2600]
5612. [bug] Continued refactoring of the network manager:
- allow recovery from read and connect timeout events
- allow recovery from read and connect timeout events,
- ensure that calls to isc_nm_*connect() always
return the connection status via a callback
function.
@ -78,49 +78,58 @@
right after recursion for a client query finished.
[GL #2594]
5609. [func] GSSAPI support no longer uses the ISC SPNEGO
implementation. [GL #2607]
5609. [func] The ISC implementation of SPNEGO was removed from BIND 9
source code. It was no longer necessary as all major
contemporary Kerberos/GSSAPI libraries include support
for SPNEGO. [GL #2607]
5608. [bug] Dig now honors +retry=0 and +tries=1 when queries
are sent over TCP (+tcp) and the remote server closes
the connection prematurely. [GL #2490]
5608. [bug] When sending queries over TCP, dig now properly handles
"+tries=1 +retry=0" by not retrying the connection when
the remote server closes the connection prematurely.
[GL #2490]
5607. [bug] Rekey after 'rndc dnssec -checkds' or 'rndc dnssec
-rollover' command is received, because such a command
may influence the next key event. [GL #2488]
5607. [bug] As "rndc dnssec -checkds" and "rndc dnssec -rollover"
commands may affect the next scheduled key event,
reconfiguration of zone keys is now triggered after
receiving either of these commands to prevent
unnecessary key rollover delays. [GL #2488]
5606. [bug] CDS/CDNSKEY DELETE records were not removed when a zone
transitioned from secure to insecure. "named-checkzone"
should not complain if such records exist in an
unsigned zone. [GL #2517]
5606. [bug] CDS/CDNSKEY DELETE records are now removed when a zone
transitions from a secure to an insecure state.
named-checkzone also no longer reports an error when
such records are found in an unsigned zone. [GL #2517]
5605. [bug] "dig -u" now uses CLOCK_REALTIME for more accurate
time reporting. [GL #2592]
5605. [bug] "dig -u" now uses the CLOCK_REALTIME clock source for
more accurate time reporting. [GL #2592]
5604. [experimental] A "filter-a.so" plugin, which is similar to the
"filter-aaaa.so" plugin but which omits A records
instead of AAAA records, has been added. Thanks to
'@treysis' (GitLab). [GL #2585]
GitLab user @treysis. [GL #2585]
5603. [placeholder]
5602. [bug] Fix the TCPDNS and TLSDNS timers, so TCP initial
and idle timers work correctly. [GL #2573]
5602. [bug] Fix TCPDNS and TLSDNS timers in Network Manager. This
makes the "tcp-initial-timeout" and "tcp-idle-timeout"
options work correctly again. [GL #2583]
5601. [bug] Dynamic zones with dnssec-policy could not be thawed
because KASP zones were always considered dynamic;
previously, dynamic KASP zones did not check whether
updates were disabled. This has been fixed. [GL #2523]
5601. [bug] Zones using KASP could not be thawed after they were
frozen using "rndc freeze". This has been fixed.
[GL #2523]
5600. [bug] Load a certificate chain file so that the full chain is
sent to DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH)
clients that require full chain verification. [GL #2514]
5600. [bug] Send a full certificate chain instead of just the leaf
certificate to DNS-over-TLS (DoT) and DNS-over-HTTPS
(DoH) clients. This makes BIND 9 DoT/DoH servers
compatible with a broader set of clients. [GL #2514]
5599. [bug] Fix a crash when transferring a zone over TLS,
after "named" previously skipped a master. [GL #2562]
5599. [bug] Fix a named crash which occurred after skipping a
primary server while transferring a zone over TLS.
[GL #2562]
5598. [port] Cast (char) to (unsigned char) when calling ctype
tests. [GL #2567]
5598. [port] Silence -Wchar-subscripts compiler warnings triggered on
some platforms due to calling character classification
functions declared in the <ctype.h> header with
arguments of type char. [GL #2567]
--- 9.17.11 released ---