ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
4e779b11f6d65192db02be0651b74da8ca07e617
bind9/doc/notes/notes-9.17.3.rst
Michał Kępień 2fadf29e6b Add a Sphinx role for linking GitLab issues/MRs 
Define a :gl: Sphinx role that takes a GitLab issue/MR number as an
argument and creates a hyperlink to the relevant ISC GitLab URL.  This
makes it easy to reach ISC GitLab pages directly from the release notes.

Make all GitLab references in the release notes use the new Sphinx role.
2021-04-29 13:24:21 +02:00

81 lines
3.1 KiB
ReStructuredText
Raw Blame History

..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.3
---------------------
New Features
~~~~~~~~~~~~
- New ``rndc`` command ``rndc dnssec -status`` shows the current DNSSEC
policy and keys in use, the key states, and rollover status.
:gl:`#1612`
- Added support in the network manager for initiating outgoing TCP
connections. :gl:`#1958`
Feature Changes
~~~~~~~~~~~~~~~
- Disable and disallow static linking of BIND 9 binaries and libraries
as BIND 9 modules require ``dlopen()`` support and static linking also
prevents using security features like read-only relocations (RELRO) or
address space layout randomization (ASLR) which are important for
programs that interact with the network and process arbitrary user
input. :gl:`#1933`
- As part of an ongoing effort to use :rfc:`8499` terminology,
``primaries`` can now be used as a synonym for ``masters`` in
``named.conf``. Similarly, ``notify primary-only`` can now be used as
a synonym for ``notify master-only``. The output of ``rndc
zonestatus`` now uses ``primary`` and ``secondary`` terminology.
:gl:`#1948`
Bug Fixes
~~~~~~~~~
- A race condition could occur if a TCP socket connection was closed
while ``named`` was waiting for a recursive response. The attempt to
send a response over the closing connection triggered an assertion
failure in the function ``isc__nm_tcpdns_send()``. :gl:`#1937`
- A race condition could occur when ``named`` attempted to use a UDP
interface that was shutting down. This triggered an assertion failure
in ``uv__udp_finish_close()``. :gl:`#1938`
- Fix assertion failure when server was under load and root zone had not
yet been loaded. :gl:`#1862`
- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c``
that were being reused. :gl:`#1968`
- ``named`` crashed on shutdown when a new ``rndc`` connection was
received during shutdown. This has been fixed. :gl:`#1747`
- The DS RRset returned by ``dns_keynode_dsset()`` was used in a
non-thread-safe manner. This could result in an INSIST being
triggered. :gl:`#1926`
- The ``primary`` and ``secondary`` keywords, when used as parameters
for ``check-names``, were not processed correctly and were being
ignored. :gl:`#1949`
- ``rndc dnstap -roll <value>`` did not limit the number of saved files
to ``<value>``. :gl:`!3728`
- The validator could fail to accept a properly signed RRset if an
unsupported algorithm appeared earlier in the DNSKEY RRset than a
supported algorithm. It could also stop if it detected a malformed
public key. :gl:`#1689`
- The ``blackhole`` ACL was inadvertently disabled for client queries.
Blocked IP addresses were not used for upstream queries but queries
from those addresses could still be answered. :gl:`#1936`
View Git Blame Copy Permalink