mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-29 13:38:26 +00:00
Merge branch 'v9_17_22-release' into 'main'
Merge 9.17.22 release branch See merge request isc-projects/bind9!5741
This commit is contained in:
Michał Kępień
commit
f74e2fb7fb
2
CHANGES
2
CHANGES
@ -15,6 +15,8 @@
|
||||
when receiving NOTIFY query with SOA record in
|
||||
ANSWER section. [GL #3086]
|
||||
|
||||
--- 9.17.22 released ---
|
||||
|
||||
5790. [bug] The control channel was incorrectly looking for
|
||||
ISC_R_CANCELED as a signal that the named is
|
||||
shutting down. In the dispatch refactoring,
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
#
|
||||
m4_define([bind_VERSION_MAJOR], 9)dnl
|
||||
m4_define([bind_VERSION_MINOR], 17)dnl
|
||||
m4_define([bind_VERSION_PATCH], 21)dnl
|
||||
m4_define([bind_VERSION_PATCH], 22)dnl
|
||||
m4_define([bind_VERSION_EXTRA], )dnl
|
||||
m4_define([bind_DESCRIPTION], [(Development Release)])dnl
|
||||
m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl
|
||||
|
||||
@ -53,6 +53,7 @@ https://www.isc.org/download/. There you will find additional
|
||||
information about each release, and source code.
|
||||
|
||||
.. include:: ../notes/notes-current.rst
|
||||
.. include:: ../notes/notes-9.17.22.rst
|
||||
.. include:: ../notes/notes-9.17.21.rst
|
||||
.. include:: ../notes/notes-9.17.20.rst
|
||||
.. include:: ../notes/notes-9.17.19.rst
|
||||
|
||||
49
doc/notes/notes-9.17.22.rst
Normal file
49
doc/notes/notes-9.17.22.rst
Normal file
@ -0,0 +1,49 @@
|
||||
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
..
|
||||
.. SPDX-License-Identifier: MPL-2.0
|
||||
..
|
||||
.. This Source Code Form is subject to the terms of the Mozilla Public
|
||||
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
..
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.17.22
|
||||
----------------------
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- ``named`` now logs TLS pre-master secrets for debugging purposes when
|
||||
the ``SSLKEYLOGFILE`` environment variable is set. This enables
|
||||
troubleshooting issues with encrypted DNS traffic. :gl:`#2723`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- Overall memory use by ``named`` has been optimized and reduced,
|
||||
especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048`
|
||||
|
||||
- ``named`` formerly generated an ephemeral key and certificate for the
|
||||
``tls ephemeral`` configuration using the RSA algorithm with 4096-bit
|
||||
keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- On FreeBSD, TCP connections leaked a small amount of heap memory,
|
||||
leading to an eventual out-of-memory problem. This has been fixed.
|
||||
:gl:`#3051`
|
||||
|
||||
- If signatures created by the ZSK were expired and the ZSK private key
|
||||
was offline, the signatures were not replaced. This behavior has been
|
||||
amended to replace the expired signatures with new signatures created
|
||||
using the KSK. :gl:`#3049`
|
||||
|
||||
- Under certain circumstances, the signed version of an inline-signed
|
||||
zone could be dumped to disk without the serial number of the unsigned
|
||||
version of the zone. This prevented resynchronization of the zone
|
||||
contents after ``named`` restarted, if the unsigned zone file was
|
||||
modified while ``named`` was not running. This has been fixed.
|
||||
:gl:`#3071`
|
||||
@ -9,7 +9,7 @@
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.17.22
|
||||
Notes for BIND 9.17.23
|
||||
----------------------
|
||||
|
||||
Security Fixes
|
||||
@ -25,9 +25,7 @@ Known Issues
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- ``named`` now logs TLS pre-master secrets for debugging purposes when
|
||||
the ``SSLKEYLOGFILE`` environment variable is set. This enables
|
||||
troubleshooting issues with encrypted DNS traffic. :gl:`#2723`
|
||||
- None.
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
@ -44,22 +42,6 @@ Feature Changes
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- If signatures created by the ZSK are expired, and the ZSK private key is offline,
|
||||
allow the expired signatures to be replaced with signatures created by the KSK.
|
||||
:gl:`#3049`
|
||||
|
||||
- On FreeBSD, a TCP connection would leak a small amount of heap memory leading
|
||||
to out-of-memory problem in a long run. This has been fixed. :gl:`#3051`
|
||||
|
||||
- Under certain circumstances, the signed version of an inline-signed
|
||||
zone could be dumped to disk without the serial number of the unsigned
|
||||
version of the zone, preventing resynchronization of zone contents
|
||||
after ``named`` restart in case the unsigned zone file gets modified
|
||||
while ``named`` is not running. This has been fixed. :gl:`#3071`
|
||||
|
||||
- Using ``rndc`` on a busy recursive server could cause the ``named`` to abort
|
||||
with assertion failure. This has been fixed. :gl:`#3079`
|
||||
|
||||
- With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named``
|
||||
reducing the maximum query-response performance. The recvmmsg support would
|
||||
be used only in libuv 1.35.0 and 1.36.0. This has been fixed. :gl:`#3095`
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user