ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
c289913e5cd8558bb2ba8f01be2448c9ef7aaae4
bind9/doc/notes/notes-9.17.13.rst
Petr Špaček 53a5776025 Hyperlink program names to their manual pages 
Use the new role :iscman: to replace all occurences or ``binary``
with :iscman:`binary`, creating a hyperlink to the manual page.

Generated using:
    find bin -name *.rst | xargs fgrep --files-with-matches '.. iscman' | xargs -I{} -n1 basename {} .rst > /tmp/progs
    for PROG in $(cat /tmp/progs); do find -name '*.rst' | xargs sed -i -e "s/\`\`$PROG\`\`/:iscman:\`$PROG\`/g"; done

Additional hand-edits were done mainly around filter-aaaa and
filter-a which are program names and and option names at the
same time. Couple more edits was neede to fix .rst syntax broken by
automatic replacement.
2022-03-14 10:46:36 +01:00

85 lines
3.6 KiB
ReStructuredText
Raw Blame History

.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.17.13
----------------------
Feature Changes
~~~~~~~~~~~~~~~
- DNSSEC responses containing NSEC3 records with iteration counts
greater than 150 are now treated as insecure. :gl:`#2445`
- The maximum supported number of NSEC3 iterations that can be
configured for a zone has been reduced to 150. :gl:`#2642`
- After the network manager was introduced to :iscman:`named` to handle
incoming traffic, it was discovered that recursive performance had
degraded compared to previous BIND 9 versions. This has now been
fixed by processing internal tasks inside network manager worker
threads, preventing resource contention among two sets of threads.
:gl:`#2638`
- Zones that want to transition from secure to insecure mode without
becoming bogus in the process must now have their ``dnssec-policy``
changed first to ``insecure``, rather than ``none``. After the DNSSEC
records have been removed from the zone, the ``dnssec-policy`` can be
set to ``none`` or removed from the configuration. Setting the
``dnssec-policy`` to ``insecure`` causes CDS and CDNSKEY DELETE
records to be published. :gl:`#2645`
- The implementation of the ZONEMD RR type has been updated to match
:rfc:`8976`. :gl:`#2658`
- The ``draft-vandijk-dnsop-nsec-ttl`` IETF draft was implemented:
NSEC(3) TTL values are now set to the minimum of the SOA MINIMUM value
or the SOA TTL. :gl:`#2347`
Bug Fixes
~~~~~~~~~
- If zone journal files written by BIND 9.16.11 or earlier were present
when BIND was upgraded to BIND 9.17.11 or BIND 9.17.12, the zone file
for that zone could have been inadvertently rewritten with the current
zone contents. This caused the original zone file structure (e.g.
comments, ``$INCLUDE`` directives) to be lost, although the zone data
itself was preserved. :gl:`#2623`
- It was possible for corrupt journal files generated by an earlier
version of :iscman:`named` to cause problems after an upgrade. This has been
fixed. :gl:`#2670`
- TTL values in cache dumps were reported incorrectly when
``stale-cache-enable`` was set to ``yes``. This has been fixed.
:gl:`#389` :gl:`#2289`
- A deadlock could occur when multiple :option:`rndc addzone`, :option:`rndc
delzone`, and/or :option:`rndc modzone` commands were invoked
simultaneously for different zones. This has been fixed. :gl:`#2626`
- ``inline-signing`` was incorrectly described as being inherited from
the ``options``/``view`` levels and was incorrectly accepted at those
levels without effect. This has been fixed; :iscman:`named.conf` files with
``inline-signing`` at those levels no longer load. :gl:`#2536`
- :iscman:`named` and :iscman:`named-checkconf` did not report an error when
multiple zones with the ``dnssec-policy`` option set were using the
same zone file. This has been fixed. :gl:`#2603`
- If ``dnssec-policy`` was active and a private key file was temporarily
offline during a rekey event, :iscman:`named` could incorrectly introduce
replacement keys and break a signed zone. This has been fixed.
:gl:`#2596`
- When generating zone signing keys, KASP now also checks for key ID
conflicts among newly created keys, rather than just between new and
existing ones. :gl:`#2628`
View Git Blame Copy Permalink