diff --git a/CHANGES b/CHANGES index 5187881cf6..8648e9d870 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,8 @@ headers. Bump the number of allowed HTTP headers to 100. [GL #3670] + --- 9.18.9 released --- + 6013. [bug] Fix a crash that could happen when you change a dnssec-policy zone with NSEC3 to start using inline-signing. [GL #3591] @@ -38,7 +40,6 @@ 5999. [bug] rpz-ip rules could be ineffective in some scenarios with CD=1 queries. [GL #3247] - 5998. [bug] The RecursClients statistics counter could overflow in certain resolution scenarios. [GL #3584] diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 9bf02c7170..b0be462ca6 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -36,6 +36,7 @@ information about each release, and source code. .. include:: ../notes/notes-known-issues.rst .. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.18.9.rst .. include:: ../notes/notes-9.18.8.rst .. include:: ../notes/notes-9.18.7.rst .. include:: ../notes/notes-9.18.6.rst diff --git a/doc/notes/notes-9.18.9.rst b/doc/notes/notes-9.18.9.rst new file mode 100644 index 0000000000..828f459723 --- /dev/null +++ b/doc/notes/notes-9.18.9.rst @@ -0,0 +1,61 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.9 +--------------------- + +Bug Fixes +~~~~~~~~~ + +- A crash was fixed that happened when a :any:`dnssec-policy` zone that + used NSEC3 was reconfigured to enable :any:`inline-signing`. + :gl:`#3591` + +- In certain resolution scenarios, quotas could be erroneously reached + for servers, including any configured forwarders, resulting in + SERVFAIL answers being sent to clients. This has been fixed. + :gl:`#3598` + +- ``rpz-ip`` rules in :any:`response-policy` zones could be ineffective + in some cases if a query had the CD (Checking Disabled) bit set to 1. + This has been fixed. :gl:`#3247` + +- Previously, if Internet connectivity issues were experienced during + the initial startup of :iscman:`named`, a BIND resolver with + :any:`dnssec-validation` set to ``auto`` could enter into a state + where it would not recover without stopping :iscman:`named`, manually + deleting the ``managed-keys.bind`` and ``managed-keys.bind.jnl`` + files, and starting :iscman:`named` again. This has been fixed. + :gl:`#2895` + +- The statistics counter representing the current number of clients + awaiting recursive resolution results (``RecursClients``) could + overflow in certain resolution scenarios. This has been fixed. + :gl:`#3584` + +- Previously, the port in remote servers such as in :any:`primaries` and + :any:`parental-agents` could be wrongly configured because of an + inheritance bug. This has been fixed. :gl:`#3627` + +- Previously, BIND failed to start on Solaris-based systems with + hundreds of CPUs. This has been fixed. :gl:`#3563` + +- When a DNS resource record's TTL value was equal to the resolver's + configured :any:`prefetch` "eligibility" value, the record was + erroneously not treated as eligible for prefetching. This has been + fixed. :gl:`#3603` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + ` for a list of all known issues affecting this + BIND 9 branch.