2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00

Tweak and reword release notes

This commit is contained in:
Andoni Duarte Pintado 2025-08-12 19:21:04 +02:00
parent 4f4a06f782
commit f17775b912

View File

@ -22,15 +22,15 @@ New Features
Feature Changes
~~~~~~~~~~~~~~~
- Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest
- Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS digest
type 1.
RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated
by the IETF and should no longer be used for DNSSEC. DS digest type 1
(SHA1) has also been deprecated. Validators are now expected to treat
(SHA1) has also been deprecated in BIND 9. Validators are now expected to treat
these algorithms and digest as unknown, resulting in some zones being
treated as insecure when they were previously treated as secure.
Warnings have been added to named and tools when these algorithms and
Warnings have been added to :iscman:`named` and tools when these algorithms and
this digest are being used for signing.
Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated to a
@ -38,9 +38,7 @@ Feature Changes
Zones with DS or CDS records with digest type 1 (SHA1) should be
updated to use a different digest type (e.g. SHA256) and the digest
type 1 records should be removed.
Related to #5358
type 1 records should be removed. :gl:`#5358`
Bug Fixes
~~~~~~~~~
@ -48,29 +46,21 @@ Bug Fixes
- Clean enough memory when adding new ADB names/entries under memory
pressure.
The ADB memory cleaning is opportunistic even when we are under memory
pressure (in the overmem condition). Split the opportunistic LRU
cleaning and overmem cleaning and make the overmem cleaning always
cleanup double of the newly allocated adbname/adbentry to ensure we
never allocate more memory than the assigned limit.
- Prevent spurious validation failures.
Under rare circumstances, validation could fail if multiple clients
simultaneously iterated the same set of signatures.
References #3014
The ADB memory cleaning is opportunistic even when BIND is under memory
pressure (in the overmem condition). The opportunistic LRU
cleaning and overmem cleaning have been split, and the overmem cleaning always
cleans up double of the newly allocated adbname/adbentry to ensure we
never allocate more memory than the assigned limit. :gl:`!10637`
- Rescan the interfaces again when reconfiguring the server.
On FreeBSD, the server would not listen on the configured 'localhost'
interfaces immediately, but only after the 'interface-interval' period
has passed. After the fix for default interface-interval was merged
in !10281, this means the server would listen on the localhost after
Previously on FreeBSD, the server did not listen on the configured ``localhost``
interfaces immediately, but only after the ``interface-interval`` period
had passed. After an earlier fix, the server would listen on the ``localhost`` after
60 minutes.
Rescan the interfaces immediately after configuring the
interface-interval value to start listening on the 'localhost'
interface immediately.
Now, the interfaces are rescanned immediately after configuring the
``interface-interval`` value and begin listening on the ``localhost``
interface immediately. :gl:`!10758`