.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, you can obtain one at https://mozilla.org/MPL/2.0/. See the COPYRIGHT file distributed with this work for additional information regarding copyright ownership. Notes for BIND 9.17.6 --------------------- Security Fixes ~~~~~~~~~~~~~~ - None. Known Issues ~~~~~~~~~~~~ - None. New Features ~~~~~~~~~~~~ - A new configuration option ``stale-refresh-time`` has been introduced, it allows stale RRset to be served directly from cache for a period of time after a failed lookup, before a new attempt to refresh it is made. [GL #2066] - ``dig`` can now report the DNS64 prefixes in use (``+dns64prefix``). This is useful when the host on which ``dig`` is run is behind an IPv6-only link, using DNS64/NAT64 or 464XLAT for IPv4aaS (IPv4 as a Service). [GL #1154] Removed Features ~~~~~~~~~~~~~~~~ - None. Feature Changes ~~~~~~~~~~~~~~~ - The network manager API is now used by ``named`` to send zone transfer requests. [GL #2016] - The ``dig``, ``host``, and ``nslookup`` tools have been converted to use the new network manager API rather than the older ISC socket API. As a side effect of this change, the ``dig +unexpected`` option no longer works. This could previously be used for diagnosing broken servers or network configurations by listening for replies from servers other than the one that was queried. With the new API such answers are filtered before they ever reach ``dig``. Consequently, the option has been removed. [GL #2140] - Support for DNS over TLS (DoT) has been added to the network manager API, and the support for DoT has been added to the ``dig`` tool and support for listening on TLS port has been added to ``named``. ``named`` could use a certificate provided by the user or it can generate an ephemeral certificate on startup of the daemon. Bug Fixes ~~~~~~~~~ - Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or `TCP6RecvErr`. [GL #2208] - ``named`` could crash with an assertion failure if a TCP connection is closed while the request is still processing. [GL #2227] - The synthesised CNAME from a DNAME was incorrectly followed when the QTYPE was CNAME or ANY. [GL #2280]