Merge branch 'michal/prepare-documentation-for-bind-9.19.18' into 'v9.19.18-release'

Prepare documentation for BIND 9.19.18 See merge request isc-private/bind9!591
2023-11-09 12:01:25 +00:00
parent 36aa66bfb4 46980fd8c2
commit 69ca828f2e
5 changed files with 89 additions and 91 deletions
--- a/4
+++ b/4
@@ -43,7 +43,9 @@
 6268.	[func]		Offload the IXFR and AXFR processing to unblock
 			the networking threads. [GL #4367]

-6267.	[func]		Adjust UDP timeouts used in zone maintenance. [GL #4260]
+6267.	[func]		The timeouts for resending zone refresh queries over UDP
+			were lowered to enable named to more quickly determine
+			that a primary is down. [GL #4260]

 6266.	[func]		The zone option 'inline-signing' is ignored from now
 			on iff there is no 'dnssec-policy' configured for the
--- a/doc/arm/notes.rst
+++ b/doc/arm/notes.rst
@@ -38,7 +38,7 @@ information about each release, and source code.

 .. include:: ../notes/notes-known-issues.rst

-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.19.18.rst
 .. include:: ../notes/notes-9.19.17.rst
 .. include:: ../notes/notes-9.19.16.rst
 .. include:: ../notes/notes-9.19.15.rst
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -4043,7 +4043,8 @@ Tuning
   :short: Sets the resolver's lame cache.

   This is always set to 0. More information is available in the
-   security advisory for :cve:`2021-25219`.
+   `security advisory for CVE-2021-25219
+   <https://kb.isc.org/docs/cve-2021-25219>`_.

 .. namedconf:statement:: servfail-ttl
   :tags: server
--- a/doc/notes/notes-9.19.18.rst
+++ b/doc/notes/notes-9.19.18.rst
@@ -0,0 +1,83 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.19.18
+----------------------
+
+New Features
+~~~~~~~~~~~~
+
+- The statistics channel now includes information about incoming zone
+  transfers that are currently in progress. :gl:`#3883`
+
+- The new :any:`resolver-use-dns64` option enables :iscman:`named` to
+  apply :any:`dns64` rules to IPv4 server addresses when sending
+  recursive queries, so that resolution can be performed over a NAT64
+  connection. :gl:`#608`
+
+Removed Features
+~~~~~~~~~~~~~~~~
+
+- Support for the ``lock-file`` statement and the ``named -X``
+  command-line option has been removed. An external process supervisor
+  should be used instead. :gl:`#4391`
+
+  Alternatively, the ``flock`` utility (part of util-linux) can be used
+  on Linux systems to achieve the same effect as ``lock-file`` or
+  ``named -X``:
+
+  ::
+
+    flock -n -x <directory>/named.lock <path>/named <arguments>
+
+- Configuring the control channel to use a Unix domain socket has been a
+  fatal error since BIND 9.18. The feature has now been completely
+  removed and :iscman:`named-checkconf` now reports it as a
+  configuration error. :gl:`#4311`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Processing large incremental transfers (IXFR) has been offloaded to a
+  separate work thread so that it does not prevent networking threads
+  from processing regular traffic in the meantime. :gl:`#4367`
+
+- QNAME minimization is now used when looking up the addresses of name
+  servers during the recursive resolution process. :gl:`#4209`
+
+- The :any:`inline-signing` zone option is now ignored if there is no
+  :any:`dnssec-policy` configured for the zone. This means that unsigned
+  zones no longer create redundant signed versions of the zone.
+  :gl:`#4349`
+
+- The IP addresses for B.ROOT-SERVERS.NET have been updated to
+  170.247.170.2 and 2801:1b8:10::b. :gl:`#4101`
+
+Bug Fixes
+~~~~~~~~~
+
+- :any:`max-cache-size` accidentally became ineffective in BIND 9.19.16.
+  This has been fixed and the option now behaves as documented again.
+  :gl:`#4340`
+
+- If the unsigned version of an inline-signed zone contained DNSSEC
+  records, it was incorrectly scheduled for resigning. This has been
+  fixed. :gl:`#4350`
+
+- Looking up stale data from the cache did not take local authoritative
+  data into account. This has been fixed. :gl:`#4355`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+  <relnotes_known_issues>` for a list of all known issues affecting this
+  BIND 9 branch.
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -1,88 +0,0 @@
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0.  If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-Notes for BIND 9.19.18
----------------------
-
-Security Fixes
-~~~~~~~~~~~~~~
-
- None.
-
-New Features
-~~~~~~~~~~~~
-
- The statstics channel now includes information about incoming zone transfers
-  currently in progress. :gl:`#3883`
-
- The new :any:`resolver-use-dns64` option enables ``named`` to apply
-  :any:`dns64` rules to IPv4 server addresses when sending recursive
-  queries, so that resolution can be performed over a NAT64 connection.
-  :gl:`#608`
-
- Processing large incremental transfers (IXFR) can take a long time.
-  Offload the processing to a separate work thread that doesn't block
-  networking threads and keeps them free to process regular traffic.
-  :gl:`#4367`
-
-Removed Features
-~~~~~~~~~~~~~~~~
-
- Configuring control channel to use Unix Domain Socket has an fatal error since
-  BIND 9.18.  Completely remove the feature and make ``named-checkconf`` also
-  report this as an error in the configuration. :gl:`#4311`
-
-  The support for control channel over Unix Domain Sockets has been
-  non-functional since BIND 9.18
-
- Support for specifying ``lock-file`` via configuration and via the
-  :option:`named -X` command line option has been removed. An external process
-  supervisor should be used instead.  :gl:`#4391`
-
-  Alternatively :program:`flock` can be used to achieve the same effect as the
-  removed configuration/argument:
-
-    flock -n -x <dir>/named.lock <path>/named <args>
-
-Feature Changes
-~~~~~~~~~~~~~~~
-
- The zone option :any:`inline-signing` is now ignored if there is no
-  :any:`dnssec-policy` configured for the zone. This means that unsigned
-  zones will no longer create redundant signed versions of the zone.
-  :gl:`#4349`
-
- B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b.
-  :gl:`#4101`
-
- QNAME minimization is now used when looking up the addresses of name
-  servers during the recursion process. :gl:`#4209`
-
-Bug Fixes
-~~~~~~~~~
-
- :any:`max-cache-size` accidentally became ineffective in BIND 9.19.16.
-  This has been fixed and the option now behaves as documented again.
-  :gl:`#4340`
-
- For inline-signing zones, if the unsigned version of the zone contains
-  DNSSEC records, it was scheduled to be resigning. This unwanted behavior
-  has been fixed. :gl:`#4350`
-
- Looking up stale data from the cache did not take into account local
-  authoritative zones. This has been fixed. :gl:`#4355`
-
-Known Issues
-~~~~~~~~~~~~
-
- There are no new known issues with this release. See :ref:`above
-  <relnotes_known_issues>` for a list of all known issues affecting this
-  BIND 9 branch.