From af92841c5ee985bf8ec6e324ff0d878c9f6d103a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 9 Nov 2023 12:36:34 +0100 Subject: [PATCH 1/7] Tweak CVE-2021-25219 reference --- doc/arm/reference.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index ca1b75064a..aba87cda07 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -4043,7 +4043,8 @@ Tuning :short: Sets the resolver's lame cache. This is always set to 0. More information is available in the - security advisory for :cve:`2021-25219`. + `security advisory for CVE-2021-25219 + `_. .. namedconf:statement:: servfail-ttl :tags: server From af544ef80e598967acada91241040450cac1443e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 9 Nov 2023 12:36:34 +0100 Subject: [PATCH 2/7] Tweak CHANGES entry for [GL #4260] --- CHANGES | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index d19dd82d69..e1c109821a 100644 --- a/CHANGES +++ b/CHANGES @@ -43,7 +43,9 @@ 6268. [func] Offload the IXFR and AXFR processing to unblock the networking threads. [GL #4367] -6267. [func] Adjust UDP timeouts used in zone maintenance. [GL #4260] +6267. [func] The timeouts for resending zone refresh queries over UDP + were lowered to enable named to more quickly determine + that a primary is down. [GL #4260] 6266. [func] The zone option 'inline-signing' is ignored from now on iff there is no 'dnssec-policy' configured for the From b35f8dbbc17cc5d45756062322b1230100e0446a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 9 Nov 2023 12:36:34 +0100 Subject: [PATCH 3/7] Prepare release notes for BIND 9.19.18 --- doc/arm/notes.rst | 2 +- doc/notes/{notes-current.rst => notes-9.19.18.rst} | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) rename doc/notes/{notes-current.rst => notes-9.19.18.rst} (98%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 5eff08bf47..67710fe4fe 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -38,7 +38,7 @@ information about each release, and source code. .. include:: ../notes/notes-known-issues.rst -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.18.rst .. include:: ../notes/notes-9.19.17.rst .. include:: ../notes/notes-9.19.16.rst .. include:: ../notes/notes-9.19.15.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.19.18.rst similarity index 98% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.19.18.rst index 96a87cc51d..afecd47f42 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.19.18.rst @@ -12,11 +12,6 @@ Notes for BIND 9.19.18 ---------------------- -Security Fixes -~~~~~~~~~~~~~~ - -- None. - New Features ~~~~~~~~~~~~ From 38d0b73a37abc2ab020feda80d470da254ac3eea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 9 Nov 2023 12:36:34 +0100 Subject: [PATCH 4/7] Tweak and reword release notes --- doc/notes/notes-9.19.18.rst | 62 ++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/doc/notes/notes-9.19.18.rst b/doc/notes/notes-9.19.18.rst index afecd47f42..3d8da8939a 100644 --- a/doc/notes/notes-9.19.18.rst +++ b/doc/notes/notes-9.19.18.rst @@ -15,51 +15,51 @@ Notes for BIND 9.19.18 New Features ~~~~~~~~~~~~ -- The statstics channel now includes information about incoming zone transfers - currently in progress. :gl:`#3883` +- The statistics channel now includes information about incoming zone + transfers that are currently in progress. :gl:`#3883` -- The new :any:`resolver-use-dns64` option enables ``named`` to apply - :any:`dns64` rules to IPv4 server addresses when sending recursive - queries, so that resolution can be performed over a NAT64 connection. - :gl:`#608` +- The new :any:`resolver-use-dns64` option enables :iscman:`named` to + apply :any:`dns64` rules to IPv4 server addresses when sending + recursive queries, so that resolution can be performed over a NAT64 + connection. :gl:`#608` -- Processing large incremental transfers (IXFR) can take a long time. - Offload the processing to a separate work thread that doesn't block - networking threads and keeps them free to process regular traffic. - :gl:`#4367` +- Processing large incremental transfers (IXFR) has been offloaded to a + separate work thread so that it does not prevent networking threads + from processing regular traffic in the meantime. :gl:`#4367` Removed Features ~~~~~~~~~~~~~~~~ -- Configuring control channel to use Unix Domain Socket has an fatal error since - BIND 9.18. Completely remove the feature and make ``named-checkconf`` also - report this as an error in the configuration. :gl:`#4311` +- Configuring the control channel to use a Unix domain socket has been a + fatal error since BIND 9.18. The feature has now been completely + removed and :iscman:`named-checkconf` now reports it as a + configuration error. :gl:`#4311` - The support for control channel over Unix Domain Sockets has been - non-functional since BIND 9.18 +- Support for the ``lock-file`` statement and the ``named -X`` + command-line option has been removed. An external process supervisor + should be used instead. :gl:`#4391` -- Support for specifying ``lock-file`` via configuration and via the - :option:`named -X` command line option has been removed. An external process - supervisor should be used instead. :gl:`#4391` + Alternatively, the ``flock`` utility (part of util-linux) can be used + on Linux systems to achieve the same effect as ``lock-file`` or + ``named -X``: - Alternatively :program:`flock` can be used to achieve the same effect as the - removed configuration/argument: + :: - flock -n -x /named.lock /named + flock -n -x /named.lock /named Feature Changes ~~~~~~~~~~~~~~~ -- The zone option :any:`inline-signing` is now ignored if there is no +- The :any:`inline-signing` zone option is now ignored if there is no :any:`dnssec-policy` configured for the zone. This means that unsigned - zones will no longer create redundant signed versions of the zone. + zones no longer create redundant signed versions of the zone. :gl:`#4349` -- B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b. - :gl:`#4101` +- The IP addresses for B.ROOT-SERVERS.NET have been updated to + 170.247.170.2 and 2801:1b8:10::b. :gl:`#4101` - QNAME minimization is now used when looking up the addresses of name - servers during the recursion process. :gl:`#4209` + servers during the recursive resolution process. :gl:`#4209` Bug Fixes ~~~~~~~~~ @@ -68,12 +68,12 @@ Bug Fixes This has been fixed and the option now behaves as documented again. :gl:`#4340` -- For inline-signing zones, if the unsigned version of the zone contains - DNSSEC records, it was scheduled to be resigning. This unwanted behavior - has been fixed. :gl:`#4350` +- If the unsigned version of an inline-signed zone contained DNSSEC + records, it was incorrectly scheduled for resigning. This has been + fixed. :gl:`#4350` -- Looking up stale data from the cache did not take into account local - authoritative zones. This has been fixed. :gl:`#4355` +- Looking up stale data from the cache did not take local authoritative + data into account. This has been fixed. :gl:`#4355` Known Issues ~~~~~~~~~~~~ From 46980fd8c219ec50014ce143f9f109cc53c3f2c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 9 Nov 2023 12:36:34 +0100 Subject: [PATCH 5/7] Reorder release notes --- doc/notes/notes-9.19.18.rst | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/notes/notes-9.19.18.rst b/doc/notes/notes-9.19.18.rst index 3d8da8939a..df7511d663 100644 --- a/doc/notes/notes-9.19.18.rst +++ b/doc/notes/notes-9.19.18.rst @@ -23,18 +23,9 @@ New Features recursive queries, so that resolution can be performed over a NAT64 connection. :gl:`#608` -- Processing large incremental transfers (IXFR) has been offloaded to a - separate work thread so that it does not prevent networking threads - from processing regular traffic in the meantime. :gl:`#4367` - Removed Features ~~~~~~~~~~~~~~~~ -- Configuring the control channel to use a Unix domain socket has been a - fatal error since BIND 9.18. The feature has now been completely - removed and :iscman:`named-checkconf` now reports it as a - configuration error. :gl:`#4311` - - Support for the ``lock-file`` statement and the ``named -X`` command-line option has been removed. An external process supervisor should be used instead. :gl:`#4391` @@ -47,9 +38,21 @@ Removed Features flock -n -x /named.lock /named +- Configuring the control channel to use a Unix domain socket has been a + fatal error since BIND 9.18. The feature has now been completely + removed and :iscman:`named-checkconf` now reports it as a + configuration error. :gl:`#4311` + Feature Changes ~~~~~~~~~~~~~~~ +- Processing large incremental transfers (IXFR) has been offloaded to a + separate work thread so that it does not prevent networking threads + from processing regular traffic in the meantime. :gl:`#4367` + +- QNAME minimization is now used when looking up the addresses of name + servers during the recursive resolution process. :gl:`#4209` + - The :any:`inline-signing` zone option is now ignored if there is no :any:`dnssec-policy` configured for the zone. This means that unsigned zones no longer create redundant signed versions of the zone. @@ -58,9 +61,6 @@ Feature Changes - The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. :gl:`#4101` -- QNAME minimization is now used when looking up the addresses of name - servers during the recursive resolution process. :gl:`#4209` - Bug Fixes ~~~~~~~~~ From 29546ae22cb2824fa97682fcce8a71e36f7da638 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 9 Nov 2023 13:02:34 +0100 Subject: [PATCH 6/7] Add a CHANGES marker --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index e1c109821a..1888012a67 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.19.18 released --- + 6280. [bug] Fix missing newlines in the output of "rndc nta -dump". [GL !8454] From 8dea58c3907059596aa78e024f72b9ebbfbba6bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 9 Nov 2023 13:02:34 +0100 Subject: [PATCH 7/7] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 28fc199dc1..774d833fbb 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 19)dnl m4_define([bind_VERSION_PATCH], 18)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl