Merge tag 'v9.19.19'
This commit is contained in:
Tom Krizek
@@ -1628,6 +1628,7 @@ respdiff-long:tsan:
|
||||
after_script:
|
||||
- *find_python
|
||||
- *parse_tsan
|
||||
allow_failure: true # affected by GL #4475
|
||||
|
||||
respdiff-long-third-party:
|
||||
<<: *respdiff_job
|
||||
|
||||
2
CHANGES
2
CHANGES
@@ -32,6 +32,8 @@
|
||||
6298. [bug] Fix dns_qp_lookup bugs related to the iterator.
|
||||
[GL !8558]
|
||||
|
||||
--- 9.19.19 released ---
|
||||
|
||||
6297. [bug] Improve LRU cleaning behaviour. [GL #4448]
|
||||
|
||||
6296. [func] The "resolver-nonbackoff-tries" and
|
||||
|
||||
@@ -39,6 +39,7 @@ information about each release, and source code.
|
||||
.. include:: ../notes/notes-known-issues.rst
|
||||
|
||||
.. include:: ../notes/notes-current.rst
|
||||
.. include:: ../notes/notes-9.19.19.rst
|
||||
.. include:: ../notes/notes-9.19.18.rst
|
||||
.. include:: ../notes/notes-9.19.17.rst
|
||||
.. include:: ../notes/notes-9.19.16.rst
|
||||
|
||||
55
doc/notes/notes-9.19.19.rst
Normal file
55
doc/notes/notes-9.19.19.rst
Normal file
@@ -0,0 +1,55 @@
|
||||
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
..
|
||||
.. SPDX-License-Identifier: MPL-2.0
|
||||
..
|
||||
.. This Source Code Form is subject to the terms of the Mozilla Public
|
||||
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
..
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.19.19
|
||||
----------------------
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Initial support for the PROXYv2 protocol was added. :iscman:`named`
|
||||
can now accept PROXYv2 headers over all currently implemented DNS
|
||||
transports and :iscman:`dig` can insert these headers into the queries
|
||||
it sends. Please consult the related documentation
|
||||
(:any:`allow-proxy`, :any:`allow-proxy-on`, :any:`listen-on`, and
|
||||
:any:`listen-on-v6` for :iscman:`named`, :option:`dig +proxy` and
|
||||
:option:`dig +proxy-plain` for :iscman:`dig`) for additional details.
|
||||
:gl:`#4388`
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
- Support for using AES as the DNS COOKIE algorithm (``cookie-algorithm
|
||||
aes;``) has been removed. The only supported DNS COOKIE algorithm is
|
||||
now the current default, SipHash-2-4. :gl:`#4421`
|
||||
|
||||
- The ``resolver-nonbackoff-tries`` and ``resolver-retry-interval``
|
||||
statements have been removed. Using them is now a fatal error.
|
||||
:gl:`#4405`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- The maximum number of NSEC3 iterations allowed for validation purposes
|
||||
has been lowered from 150 to 50. DNSSEC responses containing NSEC3
|
||||
records with iteration counts greater than 50 are now treated as
|
||||
insecure. :gl:`#4363`
|
||||
|
||||
- Following :rfc:`9276` recommendations, :any:`dnssec-policy` now only
|
||||
allows an NSEC3 iteration count of 0 for the DNSSEC-signed zones using
|
||||
NSEC3 that the policy manages. :gl:`#4363`
|
||||
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- There are no new known issues with this release. See :ref:`above
|
||||
<relnotes_known_issues>` for a list of all known issues affecting this
|
||||
BIND 9 branch.
|
||||
Reference in New Issue
Block a user