Set up release notes for BIND 9.18.4
This commit is contained in:
Michal Nowak
@@ -9,7 +9,7 @@
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.18.3
|
||||
Notes for BIND 9.18.4
|
||||
---------------------
|
||||
|
||||
Security Fixes
|
||||
@@ -20,38 +20,12 @@ Security Fixes
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- According to RFC 8310, Section 8.1, the Subject field MUST NOT be
|
||||
inspected when verifying a remote certificate while establishing a
|
||||
DNS-over-TLS connection. Only SubjectAltName must be checked
|
||||
instead. Unfortunately, some quite old versions of cryptographic
|
||||
libraries might lack the functionality to ignore the Subject
|
||||
field. It should have minimal production use consequences, as most
|
||||
of the production-ready certificates issued by certificate
|
||||
authorities will have SubjectAltNames set. In such a case, the
|
||||
Subject field is ignored. Only old platforms are affected by this,
|
||||
e.g., those supplied with OpenSSL versions older than 1.1.1.
|
||||
- None.
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Add DNS Extended Errors (:rfc:`8914`) when stale answers are returned from
|
||||
cache. :gl:`#2267`
|
||||
|
||||
- Add support for remote TLS certificates verification, both to BIND
|
||||
and ``dig``, making it possible to implement Strict and Mutual TLS
|
||||
authentication, as described in RFC 9103, Section 9.3. :gl:`#3163`
|
||||
|
||||
- Catalog Zones schema version 2, as described in the "DNS Catalog Zones" IETF
|
||||
draft version 5 document, is now supported by :iscman:`named`. All of the
|
||||
previously supported BIND-specific catalog zone custom properties
|
||||
(``primaries``, ``allow-query``, and ``allow-transfer``), as well as the new
|
||||
Change of Ownership (``coo``) property, are now implemented. Schema version 1
|
||||
is still supported, with some additional validation rules applied from
|
||||
schema version 2: for example, the ``version`` property is mandatory, and a
|
||||
member zone PTR RRset must not contain more than one record. In the event of a
|
||||
validation error, a corresponding error message is logged to help with
|
||||
diagnosing the problem. :gl:`#3221` :gl:`#3222` :gl:`#3223` :gl:`#3224`
|
||||
:gl:`#3225`
|
||||
- None.
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
@@ -66,5 +40,4 @@ Feature Changes
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- CDS and CDNSKEY DELETE records are removed from the zone when configured with
|
||||
'auto-dnssec maintain;'. This has been fixed. :gl:`#2931`.
|
||||
- None.
|
||||
|
||||
Reference in New Issue
Block a user