mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 10:10:06 +00:00
182 lines
6.6 KiB
ReStructuredText
182 lines
6.6 KiB
ReStructuredText
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
..
|
|
.. SPDX-License-Identifier: MPL-2.0
|
|
..
|
|
.. This Source Code Form is subject to the terms of the Mozilla Public
|
|
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
..
|
|
.. See the COPYRIGHT file distributed with this work for additional
|
|
.. information regarding copyright ownership.
|
|
|
|
Notes for BIND 9.21.2
|
|
---------------------
|
|
|
|
New Features
|
|
~~~~~~~~~~~~
|
|
|
|
- Log query response status to the query log.
|
|
|
|
Log a query response summary using the new ``responses`` category.
|
|
Logging can be controlled via the :any:`responselog` option and via
|
|
:option:`rndc responselog`. :gl:`#459`
|
|
|
|
- Added WALLET type.
|
|
|
|
Add the new record type WALLET (262). This provides a mapping from a
|
|
domain name to a cryptographic currency wallet. Multiple mappings can
|
|
exist if multiple records exist. :gl:`#4947`
|
|
|
|
- Support ISO timestamps with timezone information.
|
|
|
|
The configuration option :any:`print-time` can now be set to
|
|
``iso8601-tzinfo``, to use the ISO 8601 timestamp with timezone
|
|
information when logging. This is used as a default for :option:`named
|
|
-g`. :gl:`#4963`
|
|
|
|
- Add flag to :iscman:`named-checkconf` to ignore "not configured"
|
|
errors.
|
|
|
|
:iscman:`named-checkconf` now takes the :option:`named-checkconf -n`
|
|
option to ignore "not configured" errors. This allows
|
|
:iscman:`named-checkconf` to check the syntax of configurations from
|
|
other builds that have support for options not present in the
|
|
:iscman:`named-checkconf` build. :gl:`!9446`
|
|
|
|
- Implement the ForwardOnlyFail statistics channel counter.
|
|
|
|
The new ForwardOnlyFail statistics channel counter indicates the
|
|
number of queries that failed due to bad forwarders for "forward only"
|
|
zones. Related to :gl:`#1793`.
|
|
|
|
Removed Features
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
- Remove ``port`` from source address options.
|
|
|
|
Remove the use of ``port`` when configuring :any:`query-source`,
|
|
:any:`transfer-source`, :any:`notify-source`, :any:`parental-source`,
|
|
etc., and their ``-v6`` counterparts. Also, remove the use of source
|
|
ports for :any:`parental-agents`.
|
|
|
|
Also remove the deprecated options ``use-v4-udp-ports``,
|
|
``use-v6-udp-ports``, ``avoid-v4-udp-ports``, and
|
|
``avoid-v6-udp-ports``. :gl:`#3843`
|
|
|
|
- Remove DNSRPS implementation from the open source version of BIND 9.
|
|
|
|
DNSRPS was a reputedly improved API for a commercial implementation of
|
|
Response Policy Zones; however, it was never open-sourced and has only
|
|
ever been available from a single vendor. This goes against the
|
|
principle that the open source edition of BIND 9 should contain only
|
|
features that are generally available and universal. :gl:`!9358`
|
|
|
|
Feature Changes
|
|
~~~~~~~~~~~~~~~
|
|
|
|
- Set logging category for ``notify``/``xfer-in``-related messages.
|
|
|
|
Some ``notify`` and ``xfer-in``-related log messages were logged at
|
|
the "general" category level instead of their own category. This has
|
|
been fixed. :gl:`#2730`
|
|
|
|
- Allow IXFR-to-AXFR fallback on ``DNS_R_TOOMANYRECORDS``.
|
|
|
|
This change allows fallback from an IXFR failure to AXFR when the
|
|
reason is ``DNS_R_TOOMANYRECORDS``. :gl:`#4928`
|
|
|
|
- Honor the Control Group memory contraints on Linux.
|
|
|
|
On Linux, the system administrator can use the Control Group
|
|
(``cgroup``) mechanism to limit the amount of memory available to the
|
|
process. This limit is now honored when calculating the
|
|
percentage-based values. :gl:`!9556`
|
|
|
|
Bug Fixes
|
|
~~~~~~~~~
|
|
|
|
- Fix a statistics channel counter bug when "forward only" zones are
|
|
used.
|
|
|
|
When resolving a zone with a "forward only" policy, and finding out
|
|
that all the forwarders were marked as "bad", the "ServerQuota"
|
|
counter of the statistics channel was incorrectly increased. This has
|
|
been fixed. :gl:`#1793`
|
|
|
|
- Fix a bug in the static-stub implementation.
|
|
|
|
Static-stub addresses and addresses from other sources were being
|
|
mixed together, resulting in static-stub queries going to addresses
|
|
not specified in the configuration, or alternatively, static-stub
|
|
addresses being used instead of the correct server addresses.
|
|
:gl:`#4850`
|
|
|
|
- Don't allow :any:`statistics-channels` if libxml2 and libjson-c are
|
|
not configured.
|
|
|
|
When BIND 9 is not configured with the libxml2 and libjson-c
|
|
libraries, the use of the :any:`statistics-channels` option is a fatal
|
|
error. :gl:`#4895`
|
|
|
|
- Separate DNSSEC validation from long-running tasks.
|
|
|
|
Split CPU-intensive and long-running tasks into separate threadpools
|
|
in a way that the long-running tasks - like RPZ, catalog zone
|
|
processing, or zone file operations - don't block CPU-intensive
|
|
operations like DNSSEC validations. :gl:`#4898`
|
|
|
|
- Fix an assertion failure when processing access control lists.
|
|
|
|
The :iscman:`named` process could terminate unexpectedly when
|
|
processing ACLs. This has been fixed. :gl:`#4908`
|
|
|
|
- Fix a bug in Offline KSK using a ZSK with an unlimited lifetime.
|
|
|
|
If the ZSK had an unlimited lifetime, the timing metadata ``Inactive``
|
|
and ``Delete`` could not be found and were treated as an error,
|
|
preventing the zone from being signed. This has been fixed.
|
|
:gl:`#4914`
|
|
|
|
- Limit the outgoing UDP send queue size.
|
|
|
|
If the operating system UDP queue got full and the outgoing UDP
|
|
sending started to be delayed, BIND 9 could exhibit memory spikes as
|
|
it tried to enqueue all the outgoing UDP messages. It now tries to
|
|
deliver the outgoing UDP messages synchronously; if that fails, it
|
|
drops the outgoing DNS message that would get queued up and then
|
|
timeout on the client side. :gl:`#4930`
|
|
|
|
- Do not set ``SO_INCOMING_CPU``.
|
|
|
|
Remove the ``SO_INCOMING_CPU`` setting as kernel scheduling performs
|
|
better without constraints. :gl:`#4936`
|
|
|
|
- Fix the :option:`rndc dumpdb` command's error reporting.
|
|
|
|
The :option:`rndc dumpdb` command was not reporting errors that
|
|
occurred when :iscman:`named` started up the database dump process.
|
|
This has been fixed. :gl:`#4944`
|
|
|
|
- Fix long-running incoming transfers.
|
|
|
|
Incoming transfers that took longer than 30 seconds would stop reading
|
|
from the TCP stream and the incoming transfer would be indefinitely
|
|
stuck, causing BIND 9 to hang during shutdown.
|
|
|
|
This has been fixed, and the :any:`max-transfer-time-in` and
|
|
:any:`max-transfer-idle-in` timeouts are now honored. :gl:`#4949`
|
|
|
|
- Fix an assertion failure when receiving DNS responses over TCP.
|
|
|
|
When matching the received Query ID in the TCP connection, an invalid
|
|
Query ID could cause an assertion failure. This has been fixed.
|
|
:gl:`#4952`
|
|
|
|
|
|
Known Issues
|
|
~~~~~~~~~~~~
|
|
|
|
- There are no new known issues with this release. See :ref:`above
|
|
<relnotes_known_issues>` for a list of all known issues affecting this
|
|
BIND 9 branch.
|