Merge branch 'prep-release' into v9_16_21-release

Prepare documentation for BIND 9.16.21

See merge request isc-private/bind9!321

CHANGES

@@ -1,56 +1,73 @@
-5711.	[bug]		"map" files exceeding 2GB in size could fail to
-			load due to a size comparison that incorrectly
-			treated the file size as a signed integer. [GL #2878]
+	--- 9.16.21 released ---
 
-5710.	[port]		win32: incorrect parentheses resulted in incorrect
-			sizeof tests being used to pick correct Windows
-			atomic operations for the object's size. [GL #2891]
+5711.	[bug]		"map" files exceeding 2GB in size failed to load due to
+			a size comparison that incorrectly treated the file size
+			as a signed integer. [GL #2878]
+
+5710.	[port]		win32: incorrect parentheses resulted in the wrong
+			sizeof() tests being used to pick the appropriate
+			Windows atomic operations for the object's size.
+			[GL #2891]
 
 5709.	[cleanup]	Enum values throughout the code have been updated
-			to use "primary" and "secondary" terminology.
-			[GL #1944]
+			to use the terms "primary" and "secondary" instead of
+			"master" and "slave", respectively. [GL #1944]
 
-5708.	[bug]		The thread-local isc_tid_v variable hasn't been properly
-			initialized when running BIND 9 as a Windows Service
-			leading to out-of-bounds access. [GL #2837]
+5708.	[bug]		The thread-local isc_tid_v variable was not properly
+			initialized when running BIND 9 as a Windows Service,
+			leading to a crash on startup. [GL #2837]
 
-5705.	[bug]		Change #5686 altered the internal memory structure
-			of zone databases, but neglected to update the
-			MAPAPI value for map-format zone files. This caused
-			named to attempt to load incompatible map files,
-			triggering an assertion failure on startup. [GL #2872]
+5705.	[bug]		Change #5686 altered the internal memory structure of
+			zone databases, but neglected to update the MAPAPI value
+			for zone files in "map" format. This caused named to
+			attempt to load incompatible map files, triggering an
+			assertion failure on startup. The MAPAPI value has now
+			been updated, so named rejects outdated files when
+			encountering them. [GL #2872]
 
-5704.	[bug]		TCP keepalive settings were not being applied
-			correctly. [GL #1927]
+5704.	[bug]		Change #5317 caused the EDNS TCP Keepalive option to be
+			ignored inadvertently in client requests. It has now
+			been fixed and this option is handled properly again.
+			[GL #1927]
 
 5701.	[bug]		named-checkconf failed to detect syntactically invalid
-			key names. [GL #2461]
+			values of the "key" and "tls" parameters used to define
+			members of remote server lists. [GL #2461]
 
-5700.	[bug]		Journals were not being removed when a catalog zone
-			was removed. [GL #2842]
+5700.	[bug]		When a member zone was removed from a catalog zone,
+			journal files for the former were not deleted.
+			[GL #2842]
 
-5699.	[func]		Grow and shrink dnssec-sign statistics on key rollover
+5699.	[func]		Data structures holding DNSSEC signing statistics are
+			now grown and shrunk as necessary upon key rollover
 			events. [GL #1721]
 
-5698.	[bug]		Migrate a single key to CSK when reconfiguring a zone
-			to use 'dnssec-policy'. [GL #2857]
+5698.	[bug]		When a DNSSEC-signed zone which only has a single
+			signing key available is migrated to use KASP, that key
+			is now treated as a Combined Signing Key (CSK).
+			[GL #2857]
 
-5696.	[protocol]	Add support for HTTPS and SVCB record types. [GL #1132]
+5696.	[protocol]	Support for HTTPS and SVCB record types has been added.
+			(This does not include ADDITIONAL section processing for
+			these record types, only basic support for RR type
+			parsing and printing.) [GL #1132]
 
-5694.	[bug]		BIND looks up the deepest zone cut in cache in order
-			to iterate a query. When this node is stale, it may
-			bypass QNAME minimization. This has been fixed.
-			[GL #2665]
+5694.	[bug]		Stale data in the cache could cause named to send
+			non-minimized queries despite QNAME minimization being
+			enabled. [GL #2665]
 
-5691.	[bug]		'rndc freeze' with in-view zones present would
-			spuriously report failures. [GL #2844]
+5691.	[bug]		When a dynamic zone was made available in another view
+			using the "in-view" statement, running "rndc freeze"
+			always reported an "already frozen" error even though
+			the zone was successfully frozen. [GL #2844]
 
-5690.	[func]		Change "dnssec-signzone" to honor the Predecessor and
-			Successor metadata values, and allow for gradual
-			replacement of RRSIGs. In other words, don't sign
-			with the successor key if there is an RRSIG from the
-			predecessor key that does not need to be refreshed.
-			[GL #1551]
+5690.	[func]		dnssec-signzone now honors Predecessor and Successor
+			metadata found in private key files: if a signature for
+			an RRset generated by the inactive predecessor exists
+			and does not need to be replaced, no additional
+			signature is now created for that RRset using the
+			successor key. This enables dnssec-signzone to gradually
+			replace RRSIGs during a ZSK rollover. [GL #1551]
 
 	--- 9.16.20 released ---
 

doc/arm/notes.rst

@@ -59,7 +59,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, source code, and pre-compiled versions
 for Microsoft Windows operating systems.
 
-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.16.21.rst
 .. include:: ../notes/notes-9.16.20.rst
 .. include:: ../notes/notes-9.16.19.rst
 .. include:: ../notes/notes-9.16.18.rst

doc/notes/notes-9.16.21.rst

@@ -0,0 +1,60 @@
+.. 
+   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+   
+   This Source Code Form is subject to the terms of the Mozilla Public
+   License, v. 2.0. If a copy of the MPL was not distributed with this
+   file, you can obtain one at https://mozilla.org/MPL/2.0/.
+   
+   See the COPYRIGHT file distributed with this work for additional
+   information regarding copyright ownership.
+
+Notes for BIND 9.16.21
+----------------------
+
+New Features
+~~~~~~~~~~~~
+
+- Support for HTTPS and SVCB record types has been added. (This does not
+  include ADDITIONAL section processing for these record types, only
+  basic support for RR type parsing and printing.) :gl:`#1132`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- When ``dnssec-signzone`` signs a zone using a successor key whose
+  predecessor is still published, it now only refreshes signatures for
+  RRsets which have an invalid signature, an expired signature, or a
+  signature which expires within the provided cycle interval. This
+  allows ``dnssec-signzone`` to gradually replace signatures in a zone
+  whose ZSK is being rolled over (similarly to what ``auto-dnssec
+  maintain;`` does). :gl:`#1551`
+
+Bug Fixes
+~~~~~~~~~
+
+- A recent change to the internal memory structure of zone databases
+  inadvertently neglected to update the MAPAPI value for zone files in
+  ``map`` format. This caused version 9.16.20 of ``named`` to attempt to
+  load files into memory that were no longer compatible, triggering an
+  assertion failure on startup. The MAPAPI value has now been updated,
+  so ``named`` rejects outdated files when encountering them.
+  :gl:`#2872`
+
+- Zone files in ``map`` format whose size exceeded 2 GB failed to load.
+  This has been fixed. :gl:`#2878`
+
+- ``named`` was unable to run as a Windows Service under certain
+  circumstances. This has been fixed. :gl:`#2837`
+
+- Stale data in the cache could cause ``named`` to send non-minimized
+  queries despite QNAME minimization being enabled. This has been fixed.
+  :gl:`#2665`
+
+- When a DNSSEC-signed zone which only has a single signing key
+  available is migrated to ``dnssec-policy``, that key is now treated as
+  a Combined Signing Key (CSK). :gl:`#2857`
+
+- When a dynamic zone was made available in another view using the
+  ``in-view`` statement, running ``rndc freeze`` always reported an
+  ``already frozen`` error even though the zone was successfully
+  frozen. This has been fixed. :gl:`#2844`

doc/notes/notes-current.rst

@@ -1,57 +0,0 @@
-.. 
-   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-   
-   This Source Code Form is subject to the terms of the Mozilla Public
-   License, v. 2.0. If a copy of the MPL was not distributed with this
-   file, you can obtain one at https://mozilla.org/MPL/2.0/.
-   
-   See the COPYRIGHT file distributed with this work for additional
-   information regarding copyright ownership.
-
-Notes for BIND 9.16.21
-----------------------
-
-Security Fixes
-~~~~~~~~~~~~~~
-
-- None.
-
-Known Issues
-~~~~~~~~~~~~
-
-- None.
-
-New Features
-~~~~~~~~~~~~
-
-- Add support for HTTPS and SVCB record types. :gl:`#1132`
-
-Removed Features
-~~~~~~~~~~~~~~~~
-
-- None.
-
-Feature Changes
-~~~~~~~~~~~~~~~
-
-- ``dnssec-signzone`` is now able to retain signatures from inactive
-  predecessor keys without introducing additional signatures from the successor
-  key. This allows for a gradual replacement of RRSIGs as they reach expiry.
-  :gl:`#1551`
-
-Bug Fixes
-~~~~~~~~~
-
-- When following QNAME minimization, BIND could use a stale zonecut from cache 
-  to resolve the query, resulting in a non-minimized query. This has been
-  fixed :gl:`#2665`
-
-- Migrate a single key to CSK when reconfiguring a zone to make use of
-  'dnssec-policy' :gl:`#2857`
-
-- A recent change to the internal memory structure of zone databases
-  inadvertently neglected to update the MAPAPI value for ``map``-format
-  zone files. This caused ``named`` to attempt to load files into memory
-  that were no longer compatible, triggering an assertion failure on
-  startup. The MAPAPI value has now been updated, so ``named`` will
-  reject outdated files when encountering them. :gl:`#2872`

version

@@ -5,7 +5,7 @@ PRODUCT=BIND
 DESCRIPTION="(Extended Support Version)"
 MAJORVER=9
 MINORVER=16
-PATCHVER=20
+PATCHVER=21
 RELEASETYPE=
 RELEASEVER=
 EXTENSIONS=