Update copyright date in man pages

(cherry picked from commit 358c133ee2)

CHANGES

@@ -1,47 +1,50 @@
+	--- 9.17.9 released ---
+
 5559.	[bug]		The --with-maxminddb=PATH form of the build-time option
 			enabling support for libmaxminddb was not working
 			correctly. This has been fixed. [GL #2366]
 
-5558.	[bug]		Asynchronous hook modules could assert due to
-			the fetch handle being detached too late. [GL #2379]
+5558.	[bug]		Asynchronous hook modules could trigger an assertion
+			failure when the fetch handle was detached too late.
+			Thanks to Jinmei Tatuya at Infoblox. [GL #2379]
 
-5557.	[bug]		Prevent rbtdb instances being destroyed by multiple
-			threads at the same time. [GL #2355]
+5557.	[bug]		Prevent RBTDB instances from being destroyed by multiple
+			threads at the same time. [GL #2317]
 
-5556.	[bug]		dnssec-signzone and dnssec-verify where now
-			printing too many newlines between log messages.
-			[GL #2359]
+5556.	[bug]		Further tweak newline printing in dnssec-signzone and
+			dnssec-verify. [GL #2359]
 
 5555.	[placeholder]
 
-5554.	[bug]		dnssec-signzone and dnssec-verify where missing
-			newlines between log messages. [GL #2359]
+5554.	[bug]		dnssec-signzone and dnssec-verify were missing newlines
+			between log messages. [GL #2359]
 
-5553.	[bug]		When reconfiguring named, removing "auto-dnssec"
-			did not actually turn off DNSSEC maintenance.
-			This has been fixed. [GL #2341]
+5553.	[bug]		When reconfiguring named, removing "auto-dnssec" did not
+			turn off DNSSEC maintenance. [GL #2341]
 
-5552.	[func]		When switching to "dnssec-policy none;", named
-			now permits a safe transition to insecure mode
-			and publishes the CDS and CDNSKEY DELETE
-			records, as described in RFC 8078. [GL #1750]
+5552.	[func]		When switching to "dnssec-policy none;", named now
+			permits a safe transition to insecure mode and publishes
+			the CDS and CDNSKEY DELETE records, as described in RFC
+			8078. [GL #1750]
 
-5551.	[bug]		Only assign threads to CPUs in the CPU affinity set.
-			Thanks to Ole Bjørn Hessen. [GL #2245]
+5551.	[bug]		named no longer attempts to assign threads to CPUs
+			outside the CPU affinity set. Thanks to Ole Bjørn
+			Hessen. [GL #2245]
 
-5550.	[func]		Print a warning when falling back to the "increment" SOA
-			serial method. [GL #2058]
+5550.	[func]		dnssec-signzone and named now log a warning when falling
+			back to the "increment" SOA serial method. [GL #2058]
 
-5549.	[protocol]	Serve ipv4only.arpa when dns64 is configured. [GL #385]
+5549.	[protocol]	ipv4only.arpa is now served when DNS64 is configured.
+			[GL #385]
 
 5548.	[placeholder]
 
 5547.	[placeholder]
 
-5546.	[placeholder]
-
 	--- 9.17.8 released ---
 
+5546.	[placeholder]
+
 5545.	[func]		OS support for load-balanced sockets is no longer
 			required to receive incoming queries in multiple netmgr
 			threads. [GL #2137]

configure.ac

@@ -14,7 +14,7 @@
 #
 m4_define([bind_VERSION_MAJOR], 9)dnl
 m4_define([bind_VERSION_MINOR], 17)dnl
-m4_define([bind_VERSION_PATCH], 8)dnl
+m4_define([bind_VERSION_PATCH], 9)dnl
 m4_define([bind_VERSION_EXTRA], )dnl
 m4_define([bind_DESCRIPTION], [(Development Release)])dnl
 m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl

doc/arm/notes.rst

@@ -52,7 +52,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, source code, and pre-compiled versions
 for Microsoft Windows operating systems.
 
-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.17.9.rst
 .. include:: ../notes/notes-9.17.8.rst
 .. include:: ../notes/notes-9.17.7.rst
 .. include:: ../notes/notes-9.17.6.rst

doc/man/Makefile.am

@@ -75,6 +75,7 @@ MANPAGES_RST =				\
 
 man_MANS =				\
 	arpaname.1			\
+	ddns-confgen.8			\
 	delv.1				\
 	dig.1				\
 	dnstap-read.1			\

doc/man/arpaname.1in

@@ -43,6 +43,6 @@ BIND 9 Administrator Reference Manual.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/conf.py

@@ -32,7 +32,7 @@
 
 project = u'BIND 9'
 # pylint: disable=redefined-builtin
-copyright = u'2020, Internet Systems Consortium'
+copyright = u'2021, Internet Systems Consortium'
 author = u'Internet Systems Consortium'
 
 # -- General configuration ---------------------------------------------------
@@ -60,6 +60,7 @@ master_doc = 'index'
 # pylint: disable=line-too-long
 man_pages = [
     ('arpaname', 'arpaname', 'translate IP addresses to the corresponding ARPA names', author, 1),
+    ('ddns-confgen', 'ddns-confgen', 'ddns key generation tool', author, 8),
     ('delv', 'delv', 'DNS lookup and validation utility', author, 1),
     ('dig', 'dig', 'DNS lookup utility', author, 1),
     ('dnssec-cds', 'dnssec-cds', 'change DS records for a child zone based on CDS/CDNSKEY', author, 1),

doc/man/ddns-confgen.8in

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "DDNS-CONFGEN" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.TH "DDNS-CONFGEN" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
 .SH NAME
 ddns-confgen \- ddns key generation tool
 .
@@ -39,61 +39,61 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .sp
 \fBtsig\-keygen\fP and \fBddns\-confgen\fP are invocation methods for a
 utility that generates keys for use in TSIG signing. The resulting keys
-can be used, for example, to secure dynamic DNS updates to a zone or for
+can be used, for example, to secure dynamic DNS updates to a zone, or for
 the \fBrndc\fP command channel.
 .sp
 When run as \fBtsig\-keygen\fP, a domain name can be specified on the
-command line which will be used as the name of the generated key. If no
+command line to be used as the name of the generated key. If no
 name is specified, the default is \fBtsig\-key\fP\&.
 .sp
-When run as \fBddns\-confgen\fP, the generated key is accompanied by
-configuration text and instructions that can be used with \fBnsupdate\fP
+When run as \fBddns\-confgen\fP, the key name can specified using \fB\-k\fP
+parameter and defaults to \fBddns\-key\fP\&. The generated key is accompanied
+by configuration text and instructions that can be used with \fBnsupdate\fP
 and \fBnamed\fP when setting up dynamic DNS, including an example
-\fBupdate\-policy\fP statement. (This usage similar to the \fBrndc\-confgen\fP
-command for setting up command channel security.)
+\fBupdate\-policy\fP statement. (This usage is similar to the \fBrndc\-confgen\fP
+command for setting up command\-channel security.)
 .sp
 Note that \fBnamed\fP itself can configure a local DDNS key for use with
-\fBnsupdate \-l\fP: it does this when a zone is configured with
+\fBnsupdate \-l\fP; it does this when a zone is configured with
 \fBupdate\-policy local;\fP\&. \fBddns\-confgen\fP is only needed when a more
 elaborate configuration is required: for instance, if \fBnsupdate\fP is to
 be used from a remote system.
 .SH OPTIONS
 .INDENT 0.0
 .TP
-\fB\-a\fP algorithm
-Specifies the algorithm to use for the TSIG key. Available choices
-are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and
-hmac\-sha512. The default is hmac\-sha256. Options are
+.B \fB\-a algorithm\fP
+This option specifies the algorithm to use for the TSIG key. Available
+choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384,
+and hmac\-sha512. The default is hmac\-sha256. Options are
 case\-insensitive, and the "hmac\-" prefix may be omitted.
 .TP
-\fB\-h\fP
-Prints a short summary of options and arguments.
+.B \fB\-h\fP
+This option prints a short summary of options and arguments.
 .TP
-\fB\-k\fP keyname
-Specifies the key name of the DDNS authentication key. The default is
-\fBddns\-key\fP when neither the \fB\-s\fP nor \fB\-z\fP option is specified;
-otherwise, the default is \fBddns\-key\fP as a separate label followed
-by the argument of the option, e.g., \fBddns\-key.example.com.\fP The
-key name must have the format of a valid domain name, consisting of
-letters, digits, hyphens and periods.
+.B \fB\-k keyname\fP
+This option specifies the key name of the DDNS authentication key. The
+default is \fBddns\-key\fP when neither the \fB\-s\fP nor \fB\-z\fP option is
+specified; otherwise, the default is \fBddns\-key\fP as a separate label
+followed by the argument of the option, e.g., \fBddns\-key.example.com.\fP
+The key name must have the format of a valid domain name, consisting of
+letters, digits, hyphens, and periods.
 .TP
-\fB\-q\fP
-(\fBddns\-confgen\fP only.) Quiet mode: Print only the key, with no
-explanatory text or usage examples; This is essentially identical to
+.B \fB\-q\fP (\fBddns\-confgen\fP only)
+This option enables quiet mode, which prints only the key, with no
+explanatory text or usage examples. This is essentially identical to
 \fBtsig\-keygen\fP\&.
 .TP
-\fB\-s\fP name
-(\fBddns\-confgen\fP only.) Generate configuration example to allow
-dynamic updates of a single hostname. The example \fBnamed.conf\fP text
-shows how to set an update policy for the specified name using the
-"name" nametype. The default key name is ddns\-key.name. Note that the
-"self" nametype cannot be used, since the name to be updated may
-differ from the key name. This option cannot be used with the \fB\-z\fP
-option.
+.B \fB\-s name\fP (\fBddns\-confgen\fP only)
+This option generates a configuration example to allow dynamic updates
+of a single hostname. The example \fBnamed.conf\fP text shows how to set
+an update policy for the specified name using the "name" nametype. The
+default key name is \fBddns\-key.name\fP\&. Note that the "self" nametype
+cannot be used, since the name to be updated may differ from the key
+name. This option cannot be used with the \fB\-z\fP option.
 .TP
-\fB\-z\fP zone
-(\fBddns\-confgen\fP only.) Generate configuration example to allow
-dynamic updates of a zone: The example \fBnamed.conf\fP text shows how
+.B \fB\-z zone\fP (\fBddns\-confgen\fP only)
+This option generates a configuration example to allow
+dynamic updates of a zone. The example \fBnamed.conf\fP text shows how
 to set an update policy for the specified zone using the "zonesub"
 nametype, allowing updates to all subdomain names within that zone.
 This option cannot be used with the \fB\-s\fP option.
@@ -104,6 +104,6 @@ This option cannot be used with the \fB\-s\fP option.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/delv.1in

@@ -340,6 +340,6 @@ This option prints response data in YAML format.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dig.1in

@@ -647,6 +647,6 @@ There are probably too many query options.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-cds.1in

@@ -224,6 +224,6 @@ Reference Manual, \fI\%RFC 7344\fP\&.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-dsfromkey.1in

@@ -144,6 +144,6 @@ A keyfile error may return "file not found," even if the file exists.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-importkey.1in

@@ -121,6 +121,6 @@ or the full file name \fBKnnnn.+aaa+iiiii.key\fP, as generated by
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-keyfromlabel.1in

@@ -276,6 +276,6 @@ security reasons, this file does not have general read permission.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-keygen.1in

@@ -320,6 +320,6 @@ To generate a matching key\-signing key, issue the command:
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-revoke.1in

@@ -81,6 +81,6 @@ revoke the key.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-settime.1in

@@ -241,6 +241,6 @@ metadata, use \fBall\fP\&.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-signzone.1in

@@ -412,6 +412,6 @@ db.example.com.signed
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnssec-verify.1in

@@ -108,6 +108,6 @@ This option indicates the file containing the zone to be signed.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/dnstap-read.1in

@@ -62,6 +62,6 @@ This option prints \fBdnstap\fP data in a detailed YAML format.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/filter-aaaa.8in

@@ -105,6 +105,6 @@ BIND 9 Administrator Reference Manual.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/host.1in

@@ -177,6 +177,6 @@ when \fBhost\fP runs.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/mdig.1in

@@ -336,6 +336,6 @@ This flag is off by default.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/named-checkconf.1in

@@ -103,6 +103,6 @@ and 0 otherwise.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/named-checkzone.1in

@@ -213,6 +213,6 @@ Manual.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/named-journalprint.1in

@@ -56,6 +56,6 @@ the resource record in master\-file format.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/named-nzd2nzf.1in

@@ -52,6 +52,6 @@ BIND 9 Administrator Reference Manual.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/named-rrchecker.1in

@@ -65,6 +65,6 @@ and private type mnemonics, respectively.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/named.8in

@@ -259,6 +259,6 @@ The default process\-id file.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/named.conf.5in

@@ -1150,6 +1150,6 @@ zone string [ class ] {
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/nsec3hash.1in

@@ -73,6 +73,6 @@ BIND 9 Administrator Reference Manual, \fI\%RFC 5155\fP\&.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/nslookup.1in

@@ -220,6 +220,6 @@ when \fBnslookup\fP runs, or when the standard output is not a tty.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/nsupdate.1in

@@ -373,6 +373,6 @@ operations, and may change in future releases.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/pkcs11-destroy.1in

@@ -69,6 +69,6 @@ immediate.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/pkcs11-keygen.1in

@@ -90,6 +90,6 @@ This option opens the session with the given PKCS#11 slot. The default is slot 0
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/pkcs11-list.1in

@@ -68,6 +68,6 @@ line, \fBpkcs11\-list\fP prompts for it.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/pkcs11-tokens.1in

@@ -53,6 +53,6 @@ This option makes the PKCS#11 libisc initialization verbose.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/rndc-confgen.8in

@@ -117,6 +117,6 @@ To print a sample \fBrndc.conf\fP file and the corresponding \fBcontrols\fP and
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/rndc.8in

@@ -597,6 +597,6 @@ Reference Manual.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/rndc.conf.5in

@@ -191,6 +191,6 @@ details.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/man/tsig-keygen.8in

@@ -104,6 +104,6 @@ This option cannot be used with the \fB\-s\fP option.
 .SH AUTHOR
 Internet Systems Consortium
 .SH COPYRIGHT
-2020, Internet Systems Consortium
+2021, Internet Systems Consortium
 .\" Generated by docutils manpage writer.
 .

doc/notes/notes-9.17.9.rst

@@ -0,0 +1,56 @@
+.. 
+   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+   
+   This Source Code Form is subject to the terms of the Mozilla Public
+   License, v. 2.0. If a copy of the MPL was not distributed with this
+   file, you can obtain one at https://mozilla.org/MPL/2.0/.
+   
+   See the COPYRIGHT file distributed with this work for additional
+   information regarding copyright ownership.
+
+Notes for BIND 9.17.9
+---------------------
+
+New Features
+~~~~~~~~~~~~
+
+- ``ipv4only.arpa`` is now served when DNS64 is configured. [GL #385]
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- It is now possible to transition a zone from secure to insecure mode
+  without making it bogus in the process; changing to ``dnssec-policy
+  none;`` also causes CDS and CDNSKEY DELETE records to be published, to
+  signal that the entire DS RRset at the parent must be removed, as
+  described in RFC 8078. [GL #1750]
+
+- When using the ``unixtime`` or ``date`` method to update the SOA
+  serial number, ``named`` and ``dnssec-signzone`` silently fell back to
+  the ``increment`` method to prevent the new serial number from being
+  smaller than the old serial number (using serial number arithmetics).
+  ``dnssec-signzone`` now prints a warning message, and ``named`` logs a
+  warning, when such a fallback happens. [GL #2058]
+
+Bug Fixes
+~~~~~~~~~
+
+- Multiple threads could attempt to destroy a single RBTDB instance at
+  the same time, resulting in an unpredictable but low-probability
+  assertion failure in ``free_rbtdb()``. This has been fixed. [GL #2317]
+
+- ``named`` no longer attempts to assign threads to CPUs outside the CPU
+  affinity set. Thanks to Ole Bjørn Hessen. [GL #2245]
+
+- When reconfiguring ``named``, removing ``auto-dnssec`` did not turn
+  off DNSSEC maintenance. This has been fixed. [GL #2341]
+
+- The report of intermittent BIND assertion failures triggered in
+  ``lib/dns/resolver.c:dns_name_issubdomain()`` has now been closed
+  without further action. Our initial response to this was to add
+  diagnostic logging instead of terminating ``named``, anticipating that
+  we would receive further useful troubleshooting input. This workaround
+  first appeared in BIND releases 9.17.5 and 9.16.7. However, since
+  those releases were published, there have been no new reports of
+  assertion failures matching this issue, but also no further diagnostic
+  input, so we have closed the issue. [GL #2091]

doc/notes/notes-current.rst

@@ -1,63 +0,0 @@
-.. 
-   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-   
-   This Source Code Form is subject to the terms of the Mozilla Public
-   License, v. 2.0. If a copy of the MPL was not distributed with this
-   file, you can obtain one at https://mozilla.org/MPL/2.0/.
-   
-   See the COPYRIGHT file distributed with this work for additional
-   information regarding copyright ownership.
-
-Notes for BIND 9.17.9
----------------------
-
-Security Fixes
-~~~~~~~~~~~~~~
-
-- None.
-
-Known Issues
-~~~~~~~~~~~~
-
-- None.
-
-New Features
-~~~~~~~~~~~~
-
-- None.
-
-Removed Features
-~~~~~~~~~~~~~~~~
-
-- None.
-
-Feature Changes
-~~~~~~~~~~~~~~~
-
-- ``ipv4only.arpa`` is now served when ``dns64`` is configured. [GL #385]
-
-- It is now possible to transition a zone from secure to insecure mode
-  without making it bogus in the process: changing to ``dnssec-policy
-  none;`` also causes CDS and CDNSKEY DELETE records to be published, to
-  signal that the entire DS RRset at the parent must be removed, as
-  described in RFC 8078. [GL #1750]
-
-- When using the ``unixtime`` or ``date`` method to update the SOA
-  serial number, ``named`` and ``dnssec-signzone`` silently fell back to
-  the ``increment`` method to prevent the new serial number from being
-  smaller than the old serial number (using serial number arithmetics).
-  ``dnsssec-signzone`` now prints a warning message, and ``named`` logs
-  a warning, when such a fallback happens. [GL #2058]
-
-Bug Fixes
-~~~~~~~~~
-
-- Only assign threads to CPUs in the CPU affinity set, so that ``named`` no
-  longer attempts to run threads on CPUs outside the affinity set. Thanks to
-  Ole Bjørn Hessen. [GL #2245]
-
-- When reconfiguring ``named``, removing ``auto-dnssec`` did actually not turn
-  off DNSSEC maintenance. This has been fixed. [GL #2341]
-
-- Prevent rbtdb instances being destroyed by multiple threads at the same
-  time. This can trigger assertion failures. [GL #2355]

lib/bind9/api

@@ -12,5 +12,5 @@
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
 LIBINTERFACE = 1701
-LIBREVISION = 3
+LIBREVISION = 4
 LIBAGE = 0

lib/dns/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1708
+LIBINTERFACE = 1709
 LIBREVISION = 0
 LIBAGE = 0

lib/isc/api

@@ -12,5 +12,5 @@
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
 LIBINTERFACE = 1707
-LIBREVISION = 0
+LIBREVISION = 1
 LIBAGE = 0

lib/isccfg/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1703
+LIBINTERFACE = 1704
 LIBREVISION = 0
 LIBAGE = 0

lib/ns/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1706
+LIBINTERFACE = 1707
 LIBREVISION = 0
 LIBAGE = 0