diff --git a/CHANGES b/CHANGES index 076c0e21fc..035534dd31 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,8 @@ when receiving NOTIFY query with SOA record in ANSWER section. [GL #3086] + --- 9.17.22 released --- + 5790. [bug] The control channel was incorrectly looking for ISC_R_CANCELED as a signal that the named is shutting down. In the dispatch refactoring, diff --git a/configure.ac b/configure.ac index 6649271bb7..6af5451b36 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 17)dnl -m4_define([bind_VERSION_PATCH], 21)dnl +m4_define([bind_VERSION_PATCH], 22)dnl m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 993123c240..92e7489b1c 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -53,6 +53,7 @@ https://www.isc.org/download/. There you will find additional information about each release, and source code. .. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.17.22.rst .. include:: ../notes/notes-9.17.21.rst .. include:: ../notes/notes-9.17.20.rst .. include:: ../notes/notes-9.17.19.rst diff --git a/doc/notes/notes-9.17.22.rst b/doc/notes/notes-9.17.22.rst new file mode 100644 index 0000000000..feb6763ef4 --- /dev/null +++ b/doc/notes/notes-9.17.22.rst @@ -0,0 +1,49 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.17.22 +---------------------- + +New Features +~~~~~~~~~~~~ + +- ``named`` now logs TLS pre-master secrets for debugging purposes when + the ``SSLKEYLOGFILE`` environment variable is set. This enables + troubleshooting issues with encrypted DNS traffic. :gl:`#2723` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Overall memory use by ``named`` has been optimized and reduced, + especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048` + +- ``named`` formerly generated an ephemeral key and certificate for the + ``tls ephemeral`` configuration using the RSA algorithm with 4096-bit + keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264` + +Bug Fixes +~~~~~~~~~ + +- On FreeBSD, TCP connections leaked a small amount of heap memory, + leading to an eventual out-of-memory problem. This has been fixed. + :gl:`#3051` + +- If signatures created by the ZSK were expired and the ZSK private key + was offline, the signatures were not replaced. This behavior has been + amended to replace the expired signatures with new signatures created + using the KSK. :gl:`#3049` + +- Under certain circumstances, the signed version of an inline-signed + zone could be dumped to disk without the serial number of the unsigned + version of the zone. This prevented resynchronization of the zone + contents after ``named`` restarted, if the unsigned zone file was + modified while ``named`` was not running. This has been fixed. + :gl:`#3071` diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 8d16ff72fb..cc562b6b9b 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -9,7 +9,7 @@ .. See the COPYRIGHT file distributed with this work for additional .. information regarding copyright ownership. -Notes for BIND 9.17.22 +Notes for BIND 9.17.23 ---------------------- Security Fixes @@ -25,9 +25,7 @@ Known Issues New Features ~~~~~~~~~~~~ -- ``named`` now logs TLS pre-master secrets for debugging purposes when - the ``SSLKEYLOGFILE`` environment variable is set. This enables - troubleshooting issues with encrypted DNS traffic. :gl:`#2723` +- None. Removed Features ~~~~~~~~~~~~~~~~ @@ -44,22 +42,6 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- If signatures created by the ZSK are expired, and the ZSK private key is offline, - allow the expired signatures to be replaced with signatures created by the KSK. - :gl:`#3049` - -- On FreeBSD, a TCP connection would leak a small amount of heap memory leading - to out-of-memory problem in a long run. This has been fixed. :gl:`#3051` - -- Under certain circumstances, the signed version of an inline-signed - zone could be dumped to disk without the serial number of the unsigned - version of the zone, preventing resynchronization of zone contents - after ``named`` restart in case the unsigned zone file gets modified - while ``named`` is not running. This has been fixed. :gl:`#3071` - -- Using ``rndc`` on a busy recursive server could cause the ``named`` to abort - with assertion failure. This has been fixed. :gl:`#3079` - - With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named`` reducing the maximum query-response performance. The recvmmsg support would be used only in libuv 1.35.0 and 1.36.0. This has been fixed. :gl:`#3095`