Merge branch 'prep-release' into v9_16_13-release

Prepare documentation for BIND 9.16.13

See merge request isc-private/bind9!267

CHANGES

@@ -1,3 +1,5 @@
+	--- 9.16.13 released ---
+
 5597.	[bug]		When serve-stale was enabled and starting the recursive
 			resolution process for a query failed, a named instance
 			could crash if it was configured as both a recursive and
@@ -14,45 +16,48 @@
 5594.	[bug]		Building with --enable-dnsrps --enable-dnsrps-dl failed.
 			[GL #2298]
 
-5593.	[bug]		Journal files written by older versions of named
-			can now be read when loading zones so that journal
-			incompatibility will not cause problems on upgrade.
-			Outdated journals will be updated to the new format
-			after loading. [GL #2505]
+5593.	[bug]		Journal files written by older versions of named can now
+			be read when loading zones, so that journal
+			incompatibility does not cause problems on upgrade.
+			Outdated journals are updated to the new format after
+			loading. [GL #2505]
 
-5592.	[bug]		Add globally available thread_id (isc_tid_v) that's
-			incremented for each new thread, but the old thread
-			ids are reused, so the maximum thread_id always
-			correspond to the maximum number of threads running
-			at the time. This fixes the hazard pointer tables
-			overflow on machines with many cores. [GL #2396]
+5592.	[bug]		Prevent hazard pointer table overflows on machines with
+			many cores, by allowing the thread IDs (serving as
+			indices into hazard pointer tables) of finished threads
+			to be reused by those created later. [GL #2396]
 
-5591.	[bug]		Fix a crash happening when "stale-answer-client-timeout"
-			is triggered and there is no (stale) data for it in the
-			cache. [GL #2503]
+5591.	[bug]		Fix a crash that occurred when
+			"stale-answer-client-timeout" was triggered without any
+			(stale) data available in the cache to answer the query.
+			[GL #2503]
 
-5590.	[bug]		Process NSEC3PARAM queue when loading a dynamic zone.
-			This will immediately create NSEC3 records for zones
-			that use "dnssec-policy" and "nsec3param". [GL #2498]
+5590.	[bug]		NSEC3 records were not immediately created for dynamic
+			zones using NSEC3 with "dnssec-policy", resulting in
+			such zones going bogus. Add code to process the
+			NSEC3PARAM queue at zone load time so that NSEC3 records
+			for such zones are created immediately. [GL #2498]
 
-5588.	[func]		Add "purge-keys" option to "dnssec-policy". This sets
-			the time how long key files should be retained after
-			they have become obsolete. [GL #2408]
+5588.	[func]		Add a new "purge-keys" option for "dnssec-policy". This
+			option determines the period of time for which key files
+			are retained after they become obsolete. [GL #2408]
 
 5586.	[bug]		An invalid direction field in a LOC record resulted in
-			an INSIST failure. [GL #2499]
+			an INSIST failure when a zone file containing such a
+			record was loaded. [GL #2499]
 
-5584.	[bug]		Rollback setting IP_DONTFRAG option on the UDP sockets.
-			[GL #2487]
+5584.	[bug]		No longer set the IP_DONTFRAG option on UDP sockets, to
+			prevent dropping outgoing packets exceeding
+			"max-udp-size". [GL #2466]
 
 5582.	[bug]		BIND 9 failed to build when static OpenSSL libraries
-			were used and the *.pc files for libssl and/or libcrypto
-			were unavailable. This has been fixed by ensuring the
-			correct linking order for libssl and libcrypto is always
-			used. [GL #2402]
+			were used and the pkg-config files for libssl and/or
+			libcrypto were unavailable. This has been fixed by
+			ensuring that the correct linking order for libssl and
+			libcrypto is always used. [GL #2402]
 
-5581.	[bug]		Fix memory leak happening when inline-signed zones
-			were added to the configuration followed by a
+5581.	[bug]		Fix a memory leak that occurred when inline-signed zones
+			were added to the configuration, followed by a
 			reconfiguration of named. [GL #2041]
 
 5580.	[test]		The system test framework no longer differentiates
@@ -60,15 +65,15 @@
 			system test which is not run is now marked as SKIPPED.
 			[GL !4517]
 
-5579.	[func]		When serve-stale is enabled and stale data is available,
+5573.	[func]		When serve-stale is enabled and stale data is available,
 			named now returns stale answers upon encountering any
 			unexpected error in the query resolution process.
 			However, the "stale-refresh-time" window is still only
 			started upon a timeout. [GL #2434]
 
-5564.	[cleanup]	Refactored the network manager TLSDNS module to use
-			libuv and libssl directly, rather than opening a
-			TLS/TCP socket stack. [GL #2235]
+5564.	[cleanup]	Network manager's TLSDNS module was refactored to use
+			libuv and libssl directly instead of a stack of TCP/TLS
+			sockets. [GL #2335]
 
 	--- 9.16.12 released ---
 

doc/arm/notes.rst

@@ -59,7 +59,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, source code, and pre-compiled versions
 for Microsoft Windows operating systems.
 
-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.16.13.rst
 .. include:: ../notes/notes-9.16.12.rst
 .. include:: ../notes/notes-9.16.11.rst
 .. include:: ../notes/notes-9.16.10.rst

doc/notes/notes-9.16.13.rst

@@ -11,19 +11,17 @@
 Notes for BIND 9.16.13
 ----------------------
 
-Security Fixes
-~~~~~~~~~~~~~~
-
-- None.
-
-Known Issues
-~~~~~~~~~~~~
-
-- None.
-
 New Features
 ~~~~~~~~~~~~
 
+- A new ``purge-keys`` option has been added to ``dnssec-policy``. It
+  sets the period of time that key files are retained after becoming
+  obsolete due to a key rollover; the default is 90 days. This feature
+  can be disabled by setting ``purge-keys`` to 0. [GL #2408]
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
 - When serve-stale is enabled and stale data is available, ``named`` now
   returns stale answers upon encountering any unexpected error in the
   query resolution process. This may happen, for example, if the
@@ -31,46 +29,15 @@ New Features
   this case, ``named`` attempts to answer DNS requests with stale data,
   but does not start the ``stale-refresh-time`` window. [GL #2434]
 
-- A new option, ``purge-keys``, has been added to ``dnssec-policy``. It sets
-  the time how long key files should be retained after they have become
-  obsolete (due to a key rollover). Default is 90 days, and the feature can
-  be disabled by setting it to 0. [GL #2408]
-
-Removed Features
-~~~~~~~~~~~~~~~~
-
-- None.
-
-Feature Changes
-~~~~~~~~~~~~~~~
-
-- None.
-
 Bug Fixes
 ~~~~~~~~~
 
-- If an outgoing packet would exceed max-udp-size, it would be dropped instead
-  of sending a proper response back.  Rollback setting the IP_DONTFRAG on the
-  UDP sockets that we enabled during the DNS Flag Day 2020 to fix this issue.
-  [GL #2487]
-
-- NSEC3 records were not immediately created when signing a dynamic zone with
-  ``dnssec-policy`` and ``nsec3param``. This has been fixed [GL #2498].
-
-- An invalid direction field (not one of 'N'/'S' or 'E'/'W') in a LOC record
-  triggered an INSIST failure. [GL #2499]
-
-- Previously, a BIND server could experience an unexpected server termination
-  (crash) if the return of stale cached answers was enabled and
-  ``stale-answer-client-timeout`` was applied to a client query in process.
-  This has been fixed. [GL #2503]
-
 - Zone journal (``.jnl``) files created by versions of ``named`` prior
   to 9.16.12 were no longer compatible; this could cause problems when
-  upgrading if journal files were not synchronized first.  This has been
-  corrected: older journal files can now be read when starting up.  When
-  an old-style journal file is detected, it is updated to the new
-  format immediately after loading.
+  upgrading if journal files were not synchronized first. This has been
+  corrected: older journal files can now be read when starting up. When
+  an old-style journal file is detected, it is updated to the new format
+  immediately after loading.
 
   Note that journals created by the current version of ``named`` are not
   usable by versions prior to 9.16.12. Before downgrading to a prior
@@ -80,4 +47,25 @@ Bug Fixes
   A journal file's format can be changed manually by running
   ``named-journalprint -d`` (downgrade) or ``named-journalprint -u``
   (upgrade). Note that this *must not* be done while ``named`` is
-  running.  [GL #2505]
+  running. [GL #2505]
+
+- ``named`` crashed when it was allowed to serve stale answers and
+  ``stale-answer-client-timeout`` was triggered without any (stale) data
+  available in the cache to answer the query. [GL #2503]
+
+- If an outgoing packet exceeded ``max-udp-size``, ``named`` dropped it
+  instead of sending back a proper response. To prevent this problem,
+  the ``IP_DONTFRAG`` option is no longer set on UDP sockets, which has
+  been happening since BIND 9.16.11. [GL #2466]
+
+- NSEC3 records were not immediately created when signing a dynamic zone
+  using ``dnssec-policy`` with ``nsec3param``. This has been fixed.
+  [GL #2498]
+
+- A memory leak occurred when ``named`` was reconfigured after adding an
+  inline-signed zone with ``auto-dnssec maintain`` enabled. This has
+  been fixed. [GL #2041]
+
+- An invalid direction field (not one of ``N``, ``S``, ``E``, ``W``) in
+  a LOC record resulted in an INSIST failure when a zone file containing
+  such a record was loaded. [GL #2499]

version

@@ -5,7 +5,7 @@ PRODUCT=BIND
 DESCRIPTION="(Stable Release)"
 MAJORVER=9
 MINORVER=16
-PATCHVER=12
+PATCHVER=13
 RELEASETYPE=
 RELEASEVER=
 EXTENSIONS=