2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
bind/doc/notes/notes-9.17.3.rst
Petr Špaček a85df3ff9c
Add hyperlinks from program options to definition in man pages
Side-effect of hyperlinking is that typos in program and option names
are now detected by Sphinx.

Candidate -options were detected using:
    find -name *.rst | xargs grep '``-[^`]'
and then modified from ``-o`` to :option:`-o` using regex
    s/``\(-[^`]\+\)``/:option:`\1`/
+ manual modifications where necessary.

Non-hyphenated options were detected by looking at context around
program names:
    find bin -name *.rst | xargs -I{} -n1 basename {} .rst | sort -u
and grepping for program name with trailing whitespace.

Stand-alone program names like ``named`` are not hyperlinked in this
commit.
2022-03-14 10:46:36 +01:00

82 lines
3.1 KiB
ReStructuredText

.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.17.3
---------------------
New Features
~~~~~~~~~~~~
- New ``rndc`` command :option:`rndc dnssec -status <rndc dnssec>` shows the current DNSSEC
policy and keys in use, the key states, and rollover status.
:gl:`#1612`
- Added support in the network manager for initiating outgoing TCP
connections. :gl:`#1958`
Feature Changes
~~~~~~~~~~~~~~~
- Disable and disallow static linking of BIND 9 binaries and libraries
as BIND 9 modules require ``dlopen()`` support and static linking also
prevents using security features like read-only relocations (RELRO) or
address space layout randomization (ASLR) which are important for
programs that interact with the network and process arbitrary user
input. :gl:`#1933`
- As part of an ongoing effort to use :rfc:`8499` terminology,
``primaries`` can now be used as a synonym for ``masters`` in
``named.conf``. Similarly, ``notify primary-only`` can now be used as
a synonym for ``notify master-only``. The output of ``rndc
zonestatus`` now uses ``primary`` and ``secondary`` terminology.
:gl:`#1948`
Bug Fixes
~~~~~~~~~
- A race condition could occur if a TCP socket connection was closed
while ``named`` was waiting for a recursive response. The attempt to
send a response over the closing connection triggered an assertion
failure in the function ``isc__nm_tcpdns_send()``. :gl:`#1937`
- A race condition could occur when ``named`` attempted to use a UDP
interface that was shutting down. This triggered an assertion failure
in ``uv__udp_finish_close()``. :gl:`#1938`
- Fix assertion failure when server was under load and root zone had not
yet been loaded. :gl:`#1862`
- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c``
that were being reused. :gl:`#1968`
- ``named`` crashed on shutdown when a new ``rndc`` connection was
received during shutdown. This has been fixed. :gl:`#1747`
- The DS RRset returned by ``dns_keynode_dsset()`` was used in a
non-thread-safe manner. This could result in an INSIST being
triggered. :gl:`#1926`
- The ``primary`` and ``secondary`` keywords, when used as parameters
for ``check-names``, were not processed correctly and were being
ignored. :gl:`#1949`
- :option:`rndc dnstap -roll value <rndc dnstap>` did not limit the number of saved files
to ``value``. :gl:`!3728`
- The validator could fail to accept a properly signed RRset if an
unsupported algorithm appeared earlier in the DNSKEY RRset than a
supported algorithm. It could also stop if it detected a malformed
public key. :gl:`#1689`
- The ``blackhole`` ACL was inadvertently disabled for client queries.
Blocked IP addresses were not used for upstream queries but queries
from those addresses could still be answered. :gl:`#1936`