From 82cbef953b7fd02e28a309081b8f8b25906499eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 7 Nov 2022 22:33:46 +0100 Subject: [PATCH 1/7] Prepare release notes for BIND 9.18.9 --- doc/arm/notes.rst | 2 +- .../{notes-current.rst => notes-9.18.9.rst} | 20 ------------------- 2 files changed, 1 insertion(+), 21 deletions(-) rename doc/notes/{notes-current.rst => notes-9.18.9.rst} (91%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 9bf02c7170..5d850ed7dc 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -35,7 +35,7 @@ information about each release, and source code. .. include:: ../notes/notes-known-issues.rst -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.18.9.rst .. include:: ../notes/notes-9.18.8.rst .. include:: ../notes/notes-9.18.7.rst .. include:: ../notes/notes-9.18.6.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.18.9.rst similarity index 91% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.18.9.rst index 83511c07bb..d50dff09f5 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.18.9.rst @@ -12,26 +12,6 @@ Notes for BIND 9.18.9 --------------------- -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -New Features -~~~~~~~~~~~~ - -- None. - -Removed Features -~~~~~~~~~~~~~~~~ - -- None. - -Feature Changes -~~~~~~~~~~~~~~~ - -- None. - Bug Fixes ~~~~~~~~~ From cb5b90c57e7c0f4c68bb35624c9310cdf6730d68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 7 Nov 2022 22:33:46 +0100 Subject: [PATCH 2/7] Tweak and reword release notes --- doc/notes/notes-9.18.9.rst | 41 +++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/doc/notes/notes-9.18.9.rst b/doc/notes/notes-9.18.9.rst index d50dff09f5..c898d6ca8b 100644 --- a/doc/notes/notes-9.18.9.rst +++ b/doc/notes/notes-9.18.9.rst @@ -15,29 +15,34 @@ Notes for BIND 9.18.9 Bug Fixes ~~~~~~~~~ -- The RecursClients statistics counter could overflow in certain resolution - scenarios. This has been fixed. :gl:`#3584` +- The statistics counter representing the current number of clients + awaiting recursive resolution results (``RecursClients``) could + overflow in certain resolution scenarios. This has been fixed. + :gl:`#3584` -- BIND would fail to start on Solaris-based systems with hundreds of CPUs. This - has been fixed. ISC would like to thank Stacey Marshall from Oracle for - bringing this problem to our attention. :gl:`#3563` +- Previously, BIND failed to start on Solaris-based systems with + hundreds of CPUs. This has been fixed. :gl:`#3563` -- In certain resolution scenarios quotas could be erroneously reached for - servers, including the configured forwarders, resulting in SERVFAIL answers - sent to the clients. This has been fixed. :gl:`#3598` +- In certain resolution scenarios, quotas could be erroneously reached + for servers, including any configured forwarders, resulting in + SERVFAIL answers being sent to clients. This has been fixed. + :gl:`#3598` -- The port in remote servers such as in :any:`primaries` and - :any:`parental-agents` could be wrongly configured because of an inheritance - bug. :gl:`#3627` +- Previously, the port in remote servers such as in :any:`primaries` and + :any:`parental-agents` could be wrongly configured because of an + inheritance bug. This has been fixed. :gl:`#3627` -- When having Internet connectivity issues during the initial startup of - ``named``, BIND resolver with :any:`dnssec-validation` set to ``auto`` could - enter into a state where it would not recover without stopping ``named``, - manually deleting ``managed-keys.bind`` and ``managed-keys.bind.jnl`` files, - and starting ``named`` again. :gl:`#2895` +- Previously, if Internet connectivity issues were experienced during + the initial startup of :iscman:`named`, a BIND resolver with + :any:`dnssec-validation` set to ``auto`` could enter into a state + where it would not recover without stopping :iscman:`named`, manually + deleting the ``managed-keys.bind`` and ``managed-keys.bind.jnl`` + files, and starting :iscman:`named` again. This has been fixed. + :gl:`#2895` -- Fixed a crash that happens when you reconfigure a ``dnssec-policy`` - zone that uses NSEC3 to enable ``inline-signing``. :gl:`#3591` +- A crash was fixed that happened when a :any:`dnssec-policy` zone that + used NSEC3 was reconfigured to enable :any:`inline-signing`. + :gl:`#3591` Known Issues ~~~~~~~~~~~~ From 8d752fbf6b891d6d2e300affc49041f279e24055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 7 Nov 2022 22:33:46 +0100 Subject: [PATCH 3/7] Reorder release notes --- doc/notes/notes-9.18.9.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/doc/notes/notes-9.18.9.rst b/doc/notes/notes-9.18.9.rst index c898d6ca8b..0de65b93e2 100644 --- a/doc/notes/notes-9.18.9.rst +++ b/doc/notes/notes-9.18.9.rst @@ -15,23 +15,15 @@ Notes for BIND 9.18.9 Bug Fixes ~~~~~~~~~ -- The statistics counter representing the current number of clients - awaiting recursive resolution results (``RecursClients``) could - overflow in certain resolution scenarios. This has been fixed. - :gl:`#3584` - -- Previously, BIND failed to start on Solaris-based systems with - hundreds of CPUs. This has been fixed. :gl:`#3563` +- A crash was fixed that happened when a :any:`dnssec-policy` zone that + used NSEC3 was reconfigured to enable :any:`inline-signing`. + :gl:`#3591` - In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. This has been fixed. :gl:`#3598` -- Previously, the port in remote servers such as in :any:`primaries` and - :any:`parental-agents` could be wrongly configured because of an - inheritance bug. This has been fixed. :gl:`#3627` - - Previously, if Internet connectivity issues were experienced during the initial startup of :iscman:`named`, a BIND resolver with :any:`dnssec-validation` set to ``auto`` could enter into a state @@ -40,9 +32,17 @@ Bug Fixes files, and starting :iscman:`named` again. This has been fixed. :gl:`#2895` -- A crash was fixed that happened when a :any:`dnssec-policy` zone that - used NSEC3 was reconfigured to enable :any:`inline-signing`. - :gl:`#3591` +- The statistics counter representing the current number of clients + awaiting recursive resolution results (``RecursClients``) could + overflow in certain resolution scenarios. This has been fixed. + :gl:`#3584` + +- Previously, the port in remote servers such as in :any:`primaries` and + :any:`parental-agents` could be wrongly configured because of an + inheritance bug. This has been fixed. :gl:`#3627` + +- Previously, BIND failed to start on Solaris-based systems with + hundreds of CPUs. This has been fixed. :gl:`#3563` Known Issues ~~~~~~~~~~~~ From 09d9b70b74a2d432c16ef2fb7f1289a9e122f06a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 7 Nov 2022 22:33:46 +0100 Subject: [PATCH 4/7] Add release note for GL #3247 --- doc/notes/notes-9.18.9.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/notes/notes-9.18.9.rst b/doc/notes/notes-9.18.9.rst index 0de65b93e2..f04d2dcd8d 100644 --- a/doc/notes/notes-9.18.9.rst +++ b/doc/notes/notes-9.18.9.rst @@ -24,6 +24,10 @@ Bug Fixes SERVFAIL answers being sent to clients. This has been fixed. :gl:`#3598` +- ``rpz-ip`` rules in :any:`response-policy` zones could be ineffective + in some cases if a query had the CD (Checking Disabled) bit set to 1. + This has been fixed. :gl:`#3247` + - Previously, if Internet connectivity issues were experienced during the initial startup of :iscman:`named`, a BIND resolver with :any:`dnssec-validation` set to ``auto`` could enter into a state From 2a6be79edf9bb396b41447c5e342a9936df8683a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 7 Nov 2022 22:33:46 +0100 Subject: [PATCH 5/7] Add release note for GL #3603 --- doc/notes/notes-9.18.9.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/notes/notes-9.18.9.rst b/doc/notes/notes-9.18.9.rst index f04d2dcd8d..828f459723 100644 --- a/doc/notes/notes-9.18.9.rst +++ b/doc/notes/notes-9.18.9.rst @@ -48,6 +48,11 @@ Bug Fixes - Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. This has been fixed. :gl:`#3563` +- When a DNS resource record's TTL value was equal to the resolver's + configured :any:`prefetch` "eligibility" value, the record was + erroneously not treated as eligible for prefetching. This has been + fixed. :gl:`#3603` + Known Issues ~~~~~~~~~~~~ From 6b25fe9c13e412ec74985c2561a6f9504b25730e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 7 Nov 2022 23:16:44 +0100 Subject: [PATCH 6/7] Add a CHANGES marker --- CHANGES | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index b22b434acc..f36503fcb9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.18.9 released --- + 6013. [bug] Fix a crash that could happen when you change a dnssec-policy zone with NSEC3 to start using inline-signing. [GL #3591] @@ -29,7 +31,6 @@ 5999. [bug] rpz-ip rules could be ineffective in some scenarios with CD=1 queries. [GL #3247] - 5998. [bug] The RecursClients statistics counter could overflow in certain resolution scenarios. [GL #3584] From e83150781bf7dbfd63e1ac3fb33f83128c0fe36e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 7 Nov 2022 23:16:44 +0100 Subject: [PATCH 7/7] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index a7bd81d957..3c3ccfdc78 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 18)dnl m4_define([bind_VERSION_PATCH], 9)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Stable Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl