mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 05:57:52 +00:00
Tweak and reword release notes
This commit is contained in:
Andoni Duarte Pintado
parent
4f4a06f782
commit
f17775b912
@ -22,15 +22,15 @@ New Features
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest
|
||||
- Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS digest
|
||||
type 1.
|
||||
|
||||
RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated
|
||||
by the IETF and should no longer be used for DNSSEC. DS digest type 1
|
||||
(SHA1) has also been deprecated. Validators are now expected to treat
|
||||
(SHA1) has also been deprecated in BIND 9. Validators are now expected to treat
|
||||
these algorithms and digest as unknown, resulting in some zones being
|
||||
treated as insecure when they were previously treated as secure.
|
||||
Warnings have been added to named and tools when these algorithms and
|
||||
Warnings have been added to :iscman:`named` and tools when these algorithms and
|
||||
this digest are being used for signing.
|
||||
|
||||
Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated to a
|
||||
@ -38,9 +38,7 @@ Feature Changes
|
||||
|
||||
Zones with DS or CDS records with digest type 1 (SHA1) should be
|
||||
updated to use a different digest type (e.g. SHA256) and the digest
|
||||
type 1 records should be removed.
|
||||
|
||||
Related to #5358
|
||||
type 1 records should be removed. :gl:`#5358`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
@ -48,29 +46,21 @@ Bug Fixes
|
||||
- Clean enough memory when adding new ADB names/entries under memory
|
||||
pressure.
|
||||
|
||||
The ADB memory cleaning is opportunistic even when we are under memory
|
||||
pressure (in the overmem condition). Split the opportunistic LRU
|
||||
cleaning and overmem cleaning and make the overmem cleaning always
|
||||
cleanup double of the newly allocated adbname/adbentry to ensure we
|
||||
never allocate more memory than the assigned limit.
|
||||
|
||||
- Prevent spurious validation failures.
|
||||
|
||||
Under rare circumstances, validation could fail if multiple clients
|
||||
simultaneously iterated the same set of signatures.
|
||||
|
||||
References #3014
|
||||
The ADB memory cleaning is opportunistic even when BIND is under memory
|
||||
pressure (in the overmem condition). The opportunistic LRU
|
||||
cleaning and overmem cleaning have been split, and the overmem cleaning always
|
||||
cleans up double of the newly allocated adbname/adbentry to ensure we
|
||||
never allocate more memory than the assigned limit. :gl:`!10637`
|
||||
|
||||
- Rescan the interfaces again when reconfiguring the server.
|
||||
|
||||
On FreeBSD, the server would not listen on the configured 'localhost'
|
||||
interfaces immediately, but only after the 'interface-interval' period
|
||||
has passed. After the fix for default interface-interval was merged
|
||||
in !10281, this means the server would listen on the localhost after
|
||||
Previously on FreeBSD, the server did not listen on the configured ``localhost``
|
||||
interfaces immediately, but only after the ``interface-interval`` period
|
||||
had passed. After an earlier fix, the server would listen on the ``localhost`` after
|
||||
60 minutes.
|
||||
|
||||
Rescan the interfaces immediately after configuring the
|
||||
interface-interval value to start listening on the 'localhost'
|
||||
interface immediately.
|
||||
Now, the interfaces are rescanned immediately after configuring the
|
||||
``interface-interval`` value and begin listening on the ``localhost``
|
||||
interface immediately. :gl:`!10758`
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user