diff --git a/CHANGES b/CHANGES index d19dd82d69..e1c109821a 100644 --- a/CHANGES +++ b/CHANGES @@ -43,7 +43,9 @@ 6268. [func] Offload the IXFR and AXFR processing to unblock the networking threads. [GL #4367] -6267. [func] Adjust UDP timeouts used in zone maintenance. [GL #4260] +6267. [func] The timeouts for resending zone refresh queries over UDP + were lowered to enable named to more quickly determine + that a primary is down. [GL #4260] 6266. [func] The zone option 'inline-signing' is ignored from now on iff there is no 'dnssec-policy' configured for the diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 5eff08bf47..67710fe4fe 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -38,7 +38,7 @@ information about each release, and source code. .. include:: ../notes/notes-known-issues.rst -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.18.rst .. include:: ../notes/notes-9.19.17.rst .. include:: ../notes/notes-9.19.16.rst .. include:: ../notes/notes-9.19.15.rst diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index ca1b75064a..aba87cda07 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -4043,7 +4043,8 @@ Tuning :short: Sets the resolver's lame cache. This is always set to 0. More information is available in the - security advisory for :cve:`2021-25219`. + `security advisory for CVE-2021-25219 + `_. .. namedconf:statement:: servfail-ttl :tags: server diff --git a/doc/notes/notes-9.19.18.rst b/doc/notes/notes-9.19.18.rst new file mode 100644 index 0000000000..df7511d663 --- /dev/null +++ b/doc/notes/notes-9.19.18.rst @@ -0,0 +1,83 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.19.18 +---------------------- + +New Features +~~~~~~~~~~~~ + +- The statistics channel now includes information about incoming zone + transfers that are currently in progress. :gl:`#3883` + +- The new :any:`resolver-use-dns64` option enables :iscman:`named` to + apply :any:`dns64` rules to IPv4 server addresses when sending + recursive queries, so that resolution can be performed over a NAT64 + connection. :gl:`#608` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Support for the ``lock-file`` statement and the ``named -X`` + command-line option has been removed. An external process supervisor + should be used instead. :gl:`#4391` + + Alternatively, the ``flock`` utility (part of util-linux) can be used + on Linux systems to achieve the same effect as ``lock-file`` or + ``named -X``: + + :: + + flock -n -x /named.lock /named + +- Configuring the control channel to use a Unix domain socket has been a + fatal error since BIND 9.18. The feature has now been completely + removed and :iscman:`named-checkconf` now reports it as a + configuration error. :gl:`#4311` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Processing large incremental transfers (IXFR) has been offloaded to a + separate work thread so that it does not prevent networking threads + from processing regular traffic in the meantime. :gl:`#4367` + +- QNAME minimization is now used when looking up the addresses of name + servers during the recursive resolution process. :gl:`#4209` + +- The :any:`inline-signing` zone option is now ignored if there is no + :any:`dnssec-policy` configured for the zone. This means that unsigned + zones no longer create redundant signed versions of the zone. + :gl:`#4349` + +- The IP addresses for B.ROOT-SERVERS.NET have been updated to + 170.247.170.2 and 2801:1b8:10::b. :gl:`#4101` + +Bug Fixes +~~~~~~~~~ + +- :any:`max-cache-size` accidentally became ineffective in BIND 9.19.16. + This has been fixed and the option now behaves as documented again. + :gl:`#4340` + +- If the unsigned version of an inline-signed zone contained DNSSEC + records, it was incorrectly scheduled for resigning. This has been + fixed. :gl:`#4350` + +- Looking up stale data from the cache did not take local authoritative + data into account. This has been fixed. :gl:`#4355` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + ` for a list of all known issues affecting this + BIND 9 branch. diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst deleted file mode 100644 index 96a87cc51d..0000000000 --- a/doc/notes/notes-current.rst +++ /dev/null @@ -1,88 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -Notes for BIND 9.19.18 ----------------------- - -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -New Features -~~~~~~~~~~~~ - -- The statstics channel now includes information about incoming zone transfers - currently in progress. :gl:`#3883` - -- The new :any:`resolver-use-dns64` option enables ``named`` to apply - :any:`dns64` rules to IPv4 server addresses when sending recursive - queries, so that resolution can be performed over a NAT64 connection. - :gl:`#608` - -- Processing large incremental transfers (IXFR) can take a long time. - Offload the processing to a separate work thread that doesn't block - networking threads and keeps them free to process regular traffic. - :gl:`#4367` - -Removed Features -~~~~~~~~~~~~~~~~ - -- Configuring control channel to use Unix Domain Socket has an fatal error since - BIND 9.18. Completely remove the feature and make ``named-checkconf`` also - report this as an error in the configuration. :gl:`#4311` - - The support for control channel over Unix Domain Sockets has been - non-functional since BIND 9.18 - -- Support for specifying ``lock-file`` via configuration and via the - :option:`named -X` command line option has been removed. An external process - supervisor should be used instead. :gl:`#4391` - - Alternatively :program:`flock` can be used to achieve the same effect as the - removed configuration/argument: - - flock -n -x /named.lock /named - -Feature Changes -~~~~~~~~~~~~~~~ - -- The zone option :any:`inline-signing` is now ignored if there is no - :any:`dnssec-policy` configured for the zone. This means that unsigned - zones will no longer create redundant signed versions of the zone. - :gl:`#4349` - -- B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b. - :gl:`#4101` - -- QNAME minimization is now used when looking up the addresses of name - servers during the recursion process. :gl:`#4209` - -Bug Fixes -~~~~~~~~~ - -- :any:`max-cache-size` accidentally became ineffective in BIND 9.19.16. - This has been fixed and the option now behaves as documented again. - :gl:`#4340` - -- For inline-signing zones, if the unsigned version of the zone contains - DNSSEC records, it was scheduled to be resigning. This unwanted behavior - has been fixed. :gl:`#4350` - -- Looking up stale data from the cache did not take into account local - authoritative zones. This has been fixed. :gl:`#4355` - -Known Issues -~~~~~~~~~~~~ - -- There are no new known issues with this release. See :ref:`above - ` for a list of all known issues affecting this - BIND 9 branch.