Tweak and reword release notes
This commit is contained in:
Michał Kępień
@@ -15,21 +15,23 @@ Notes for BIND 9.18.8
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Upgrading from BIND 9.16.32, 9.18.6, or older, may require a manual
|
||||
configuration change. The following configurations are affected:
|
||||
- Upgrading from BIND 9.16.32, 9.18.6, or any older version may require
|
||||
a manual configuration change. The following configurations are
|
||||
affected:
|
||||
|
||||
- :any:`type primary` zones configured with :any:`dnssec-policy` but without
|
||||
either :any:`allow-update` or :any:`update-policy`
|
||||
- :any:`type secondary` zones configured with :any:`dnssec-policy`
|
||||
- :any:`type primary` zones configured with :any:`dnssec-policy` but
|
||||
without either :any:`allow-update` or :any:`update-policy`,
|
||||
- :any:`type secondary` zones configured with :any:`dnssec-policy`.
|
||||
|
||||
In these cases please add :namedconf:ref:`inline-signing yes;
|
||||
<inline-signing>` to individual zone configuration(s). Without applying this
|
||||
change :iscman:`named` will fail to start. For more details see
|
||||
<inline-signing>` to the individual zone configuration(s). Without
|
||||
applying this change, :iscman:`named` will fail to start. For more
|
||||
details, see
|
||||
https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
|
||||
|
||||
- BIND 9.18 does not support dynamic updates forwarding (see
|
||||
:any:`allow-update-forwarding`) in conjuction with zone transfers
|
||||
over TLS (XoT). :gl:`#3512`
|
||||
- BIND 9.18 does not support dynamic update forwarding (see
|
||||
:any:`allow-update-forwarding`) in conjuction with zone transfers over
|
||||
TLS (XoT). :gl:`#3512`
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
@@ -40,19 +42,20 @@ New Features
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- The ability to use pkcs11 via engine_pkcs11 has been restored, by only using
|
||||
deprecated APIs in OpenSSL 3.0.0. BIND needs to be compiled
|
||||
with '-DOPENSSL_API_COMPAT=10100' specified in the CFLAGS at
|
||||
compile time. :gl:`!6711`
|
||||
- The ability to use PKCS#11 via engine_pkcs11 has been restored, by
|
||||
using only deprecated APIs in OpenSSL 3.0.0. BIND 9 needs to be
|
||||
compiled with ``-DOPENSSL_API_COMPAT=10100`` specified in the CFLAGS
|
||||
environment variable at compile time. :gl:`#3578`
|
||||
|
||||
- Add support for parsing and validating ``dohpath`` to SVBC records.
|
||||
:gl:`#3544`
|
||||
- Support for parsing and validating the ``dohpath`` service parameter
|
||||
in SVCB records was added. :gl:`#3544`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- An assertion failure was fixed in ``named`` that was caused by aborting the statistics
|
||||
channel connection while sending statistics data to the client. :gl:`#3542`
|
||||
- An assertion failure was fixed in :iscman:`named` that was caused by
|
||||
aborting the statistics channel connection while sending statistics
|
||||
data to the client. :gl:`#3542`
|
||||
|
||||
- Changing just the TSIG key names for primaries in catalog zones' member
|
||||
zones was not effective. :gl:`#3557`
|
||||
- Changing just the TSIG key names for primaries in catalog zones'
|
||||
member zones was not effective. This has been fixed. :gl:`#3557`
|
||||
|
||||
Reference in New Issue
Block a user