Merge tag 'v9_18_9' into v9_18

BIND 9.18.9

CHANGES

@@ -7,6 +7,8 @@
 			headers.  Bump the number of allowed HTTP headers
 			to 100. [GL #3670]
 
+	--- 9.18.9 released ---
+
 6013.	[bug]		Fix a crash that could happen when you change
 			a dnssec-policy zone with NSEC3 to start using
 			inline-signing. [GL #3591]
@@ -38,7 +40,6 @@
 5999.	[bug]		rpz-ip rules could be ineffective in some scenarios
 			with CD=1 queries. [GL #3247]
 
-
 5998.	[bug]		The RecursClients statistics counter could overflow
 			in certain resolution scenarios. [GL #3584]
 

doc/arm/notes.rst

@@ -36,6 +36,7 @@ information about each release, and source code.
 .. include:: ../notes/notes-known-issues.rst
 
 .. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.18.9.rst
 .. include:: ../notes/notes-9.18.8.rst
 .. include:: ../notes/notes-9.18.7.rst
 .. include:: ../notes/notes-9.18.6.rst

doc/notes/notes-9.18.9.rst

@@ -0,0 +1,61 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.18.9
+---------------------
+
+Bug Fixes
+~~~~~~~~~
+
+- A crash was fixed that happened when a :any:`dnssec-policy` zone that
+  used NSEC3 was reconfigured to enable :any:`inline-signing`.
+  :gl:`#3591`
+
+- In certain resolution scenarios, quotas could be erroneously reached
+  for servers, including any configured forwarders, resulting in
+  SERVFAIL answers being sent to clients. This has been fixed.
+  :gl:`#3598`
+
+- ``rpz-ip`` rules in :any:`response-policy` zones could be ineffective
+  in some cases if a query had the CD (Checking Disabled) bit set to 1.
+  This has been fixed. :gl:`#3247`
+
+- Previously, if Internet connectivity issues were experienced during
+  the initial startup of :iscman:`named`, a BIND resolver with
+  :any:`dnssec-validation` set to ``auto`` could enter into a state
+  where it would not recover without stopping :iscman:`named`, manually
+  deleting the ``managed-keys.bind`` and ``managed-keys.bind.jnl``
+  files, and starting :iscman:`named` again. This has been fixed.
+  :gl:`#2895`
+
+- The statistics counter representing the current number of clients
+  awaiting recursive resolution results (``RecursClients``) could
+  overflow in certain resolution scenarios. This has been fixed.
+  :gl:`#3584`
+
+- Previously, the port in remote servers such as in :any:`primaries` and
+  :any:`parental-agents` could be wrongly configured because of an
+  inheritance bug. This has been fixed. :gl:`#3627`
+
+- Previously, BIND failed to start on Solaris-based systems with
+  hundreds of CPUs. This has been fixed. :gl:`#3563`
+
+- When a DNS resource record's TTL value was equal to the resolver's
+  configured :any:`prefetch` "eligibility" value, the record was
+  erroneously not treated as eligible for prefetching. This has been
+  fixed. :gl:`#3603`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+  <relnotes_known_issues>` for a list of all known issues affecting this
+  BIND 9 branch.