mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-23 18:49:54 +00:00
74 lines
2.4 KiB
ReStructuredText
74 lines
2.4 KiB
ReStructuredText
..
|
|
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
This Source Code Form is subject to the terms of the Mozilla Public
|
|
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
See the COPYRIGHT file distributed with this work for additional
|
|
information regarding copyright ownership.
|
|
|
|
Notes for BIND 9.17.6
|
|
---------------------
|
|
|
|
Security Fixes
|
|
~~~~~~~~~~~~~~
|
|
|
|
- None.
|
|
|
|
Known Issues
|
|
~~~~~~~~~~~~
|
|
|
|
- None.
|
|
|
|
New Features
|
|
~~~~~~~~~~~~
|
|
|
|
- A new configuration option ``stale-refresh-time`` has been introduced, it
|
|
allows stale RRset to be served directly from cache for a period of time
|
|
after a failed lookup, before a new attempt to refresh it is made. [GL #2066]
|
|
|
|
- ``dig`` can now report the DNS64 prefixes in use (``+dns64prefix``).
|
|
This is useful when the host on which ``dig`` is run is behind an
|
|
IPv6-only link, using DNS64/NAT64 or 464XLAT for IPv4aaS (IPv4 as a
|
|
Service). [GL #1154]
|
|
|
|
Removed Features
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
- None.
|
|
|
|
Feature Changes
|
|
~~~~~~~~~~~~~~~
|
|
|
|
- The network manager API is now used by ``named`` to send zone transfer
|
|
requests. [GL #2016]
|
|
|
|
- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
|
|
use the new network manager API rather than the older ISC socket API.
|
|
|
|
As a side effect of this change, the ``dig +unexpected`` option no longer
|
|
works. This could previously be used for diagnosing broken servers or
|
|
network configurations by listening for replies from servers other than
|
|
the one that was queried. With the new API such answers are filtered
|
|
before they ever reach ``dig``. Consequently, the option has been
|
|
removed. [GL #2140]
|
|
|
|
- Support for DNS over TLS (DoT) has been added to the network manager API, and
|
|
the support for DoT has been added to the ``dig`` tool and support for
|
|
listening on TLS port has been added to ``named``. ``named`` could use a
|
|
certificate provided by the user or it can generate an ephemeral certificate
|
|
on startup of the daemon.
|
|
|
|
Bug Fixes
|
|
~~~~~~~~~
|
|
|
|
- Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or
|
|
`TCP6RecvErr`. [GL #2208]
|
|
|
|
- ``named`` could crash with an assertion failure if a TCP connection is closed
|
|
while the request is still processing. [GL #2227]
|
|
|
|
- The synthesised CNAME from a DNAME was incorrectly followed when the QTYPE
|
|
was CNAME or ANY. [GL #2280]
|