mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-24 19:18:50 +00:00
Code Issues Releases Wiki Activity
bind/doc/notes/notes-current.rst
Michał Kępień cc26eb8961 Reorder release notes
2022-01-20 11:19:58 +01:00

71 lines
2.4 KiB
ReStructuredText
Raw Blame History

.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.17.22
----------------------
Security Fixes
~~~~~~~~~~~~~~
- None.
Known Issues
~~~~~~~~~~~~
- None.
New Features
~~~~~~~~~~~~
- ``named`` now logs TLS pre-master secrets for debugging purposes when
the ``SSLKEYLOGFILE`` environment variable is set. This enables
troubleshooting issues with encrypted DNS traffic. :gl:`#2723`
Removed Features
~~~~~~~~~~~~~~~~
- The IPv6 sockets are now explicitly restricted to sending and receiving IPv6
packets only. This renders the ``dig`` option ``+mapped`` non-functioning and
thus the option has been removed. :gl:`#3093`
Feature Changes
~~~~~~~~~~~~~~~
- Overall memory use by ``named`` has been optimized and reduced,
especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048`
- ``named`` formerly generated an ephemeral key and certificate for the
``tls ephemeral`` configuration using the RSA algorithm with 4096-bit
keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264`
Bug Fixes
~~~~~~~~~
- On FreeBSD, TCP connections leaked a small amount of heap memory,
leading to an eventual out-of-memory problem. This has been fixed.
:gl:`#3051`
- If signatures created by the ZSK were expired and the ZSK private key
was offline, the signatures were not replaced. This behavior has been
amended to replace the expired signatures with new signatures created
using the KSK. :gl:`#3049`
- Under certain circumstances, the signed version of an inline-signed
zone could be dumped to disk without the serial number of the unsigned
version of the zone. This prevented resynchronization of the zone
contents after ``named`` restarted, if the unsigned zone file was
modified while ``named`` was not running. This has been fixed.
:gl:`#3071`
- With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named``
reducing the maximum query-response performance. The recvmmsg support would
be used only in libuv 1.35.0 and 1.36.0. This has been fixed. :gl:`#3095`
Reference in New Issue View Git Blame Copy Permalink