62 lines
1.6 KiB
ReStructuredText
62 lines
1.6 KiB
ReStructuredText
..
|
|
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
This Source Code Form is subject to the terms of the Mozilla Public
|
|
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
See the COPYRIGHT file distributed with this work for additional
|
|
information regarding copyright ownership.
|
|
|
|
Notes for BIND 9.16.16
|
|
----------------------
|
|
|
|
Security Fixes
|
|
~~~~~~~~~~~~~~
|
|
|
|
- None.
|
|
|
|
Known Issues
|
|
~~~~~~~~~~~~
|
|
|
|
- None.
|
|
|
|
New Features
|
|
~~~~~~~~~~~~
|
|
|
|
- None.
|
|
|
|
Removed Features
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
- None.
|
|
|
|
Feature Changes
|
|
~~~~~~~~~~~~~~~
|
|
|
|
- Implement ``draft-vandijk-dnsop-nsec-ttl``, NSEC(3) TTL values are now set to
|
|
the minimum of the SOA MINIMUM value and the SOA TTL. :gl:`#2347`
|
|
|
|
- Reduce the supported maximum number of iterations that can be
|
|
configured in an NSEC3 zones to 150. :gl:`#2642`
|
|
|
|
- Treat DNSSEC responses with NSEC3 iterations greater than 150 as insecure.
|
|
:gl:`#2445`
|
|
|
|
Bug Fixes
|
|
~~~~~~~~~
|
|
|
|
- When dumping the cache to file, TTLs were being increased with
|
|
``max-stale-ttl``. Also the comment above stale RRsets could have nonsensical
|
|
values if the RRset was still marked a stale but the ``max-stale-ttl`` has
|
|
passed (and is actually an RRset awaiting cleanup). Both issues have now
|
|
been fixed. :gl:`#389` :gl:`#2289`
|
|
|
|
- ``named`` would overwrite a zone file unconditionally when it recovered from
|
|
a corrupted journal. :gl:`#2623`
|
|
|
|
- With ``dnssec-policy``, when creating new keys also check for keyid conflicts
|
|
between the new keys too. :gl:`#2628`
|
|
|
|
- Update ZONEMD to match RFC 8976. :gl:`#2658`
|