diff --git a/doc/notes/notes-9.17.3.rst b/doc/notes/notes-9.17.3.rst index 52531846e4..adcb0a51e4 100644 --- a/doc/notes/notes-9.17.3.rst +++ b/doc/notes/notes-9.17.3.rst @@ -11,13 +11,16 @@ Notes for BIND 9.17.3 --------------------- +New Features +~~~~~~~~~~~~ + +- New ``rndc`` command ``rndc dnssec -status`` shows the current DNSSEC + policy and keys in use, the key states, and rollover status. + [GL #1612] + Feature Changes ~~~~~~~~~~~~~~~ -- New ``rndc`` command ``rndc dnssec -status`` that shows the current - DNSSEC policy and keys in use, the key states and rollover status. - [GL #1612] - - Disable and disallow static linking of BIND 9 binaries and libraries as BIND 9 modules require ``dlopen()`` support and static linking also prevents using security features like read-only relocations (RELRO) or @@ -25,40 +28,41 @@ Feature Changes programs that interact with the network and process arbitrary user input. [GL #1933] -- As part of an ongoing effort to use RFC 8499 terminology, ``primaries`` - can now be used as a synonym for ``masters`` in ``named.conf``. - Similarly, ``notify priamry-only`` can now be used as a synonym - for ``notify master-only``. The output of ``rndc zonestatus`` now - uses ``primary`` and ``secondary`` terminology. [GL #1948] +- As part of an ongoing effort to use RFC 8499 terminology, + ``primaries`` can now be used as a synonym for ``masters`` in + ``named.conf``. Similarly, ``notify primary-only`` can now be used as + a synonym for ``notify master-only``. The output of ``rndc + zonestatus`` now uses ``primary`` and ``secondary`` terminology. + [GL #1948] Bug Fixes ~~~~~~~~~ -- The DS set returned by ``dns_keynode_dsset()`` was not thread-safe. - This could result in an INSIST being triggered. [GL #1926] +- The DS RRset returned by ``dns_keynode_dsset()`` was used in a + non-thread-safe manner. This could result in an INSIST being + triggered. [GL #1926] -- The ``primary`` and ``secondary`` keywords, when used as parameters for - ``check-names``, were not processed correctly and were being ignored. - [GL #1949] +- The ``primary`` and ``secondary`` keywords, when used as parameters + for ``check-names``, were not processed correctly and were being + ignored. [GL #1949] -- 'rndc dnstap -roll ' was not limiting the number of saved - files to . [GL !3728] +- ``rndc dnstap -roll `` did not limit the number of saved files + to ````. [GL !3728] - The validator could fail to accept a properly signed RRset if an unsupported algorithm appeared earlier in the DNSKEY RRset than a - supported algorithm. It could also stop if it detected a malformed + supported algorithm. It could also stop if it detected a malformed public key. [GL #1689] -- The ``blackhole`` ACL was inadvertently disabled with respect to - client queries. Blocked IP addresses were not used for upstream - queries but queries from those addresses could still be answered. - [GL #1936] +- The ``blackhole`` ACL was inadvertently disabled for client queries. + Blocked IP addresses were not used for upstream queries but queries + from those addresses could still be answered. [GL #1936] -- ``named`` would crash on shutdown when new ``rndc`` connection is received at - the same time as shutting down. [GL #1747] +- ``named`` crashed on shutdown when a new ``rndc`` connection was + received during shutdown. This has been fixed. [GL #1747] -- Fix assertion failure when server is under load and root zone is not yet - loaded. [GL #1862] +- Fix assertion failure when server was under load and root zone had not + yet been loaded. [GL #1862] -- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c`` that - have been reused meanwhile. [GL #1968] +- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c`` + that were being reused. [GL #1968]