ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
f768c138b441042d4e97a86d89dcf256cccd4b6d
bind9/doc/notes/notes-9.17.3.rst
Petr Špaček 53a5776025 Hyperlink program names to their manual pages 
Use the new role :iscman: to replace all occurences or ``binary``
with :iscman:`binary`, creating a hyperlink to the manual page.

Generated using:
    find bin -name *.rst | xargs fgrep --files-with-matches '.. iscman' | xargs -I{} -n1 basename {} .rst > /tmp/progs
    for PROG in $(cat /tmp/progs); do find -name '*.rst' | xargs sed -i -e "s/\`\`$PROG\`\`/:iscman:\`$PROG\`/g"; done

Additional hand-edits were done mainly around filter-aaaa and
filter-a which are program names and and option names at the
same time. Couple more edits was neede to fix .rst syntax broken by
automatic replacement.
2022-03-14 10:46:36 +01:00

82 lines
3.2 KiB
ReStructuredText
Raw Blame History

.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.17.3
---------------------
New Features
~~~~~~~~~~~~
- New :iscman:`rndc` command :option:`rndc dnssec -status <rndc dnssec>` shows the current DNSSEC
policy and keys in use, the key states, and rollover status.
:gl:`#1612`
- Added support in the network manager for initiating outgoing TCP
connections. :gl:`#1958`
Feature Changes
~~~~~~~~~~~~~~~
- Disable and disallow static linking of BIND 9 binaries and libraries
as BIND 9 modules require ``dlopen()`` support and static linking also
prevents using security features like read-only relocations (RELRO) or
address space layout randomization (ASLR) which are important for
programs that interact with the network and process arbitrary user
input. :gl:`#1933`
- As part of an ongoing effort to use :rfc:`8499` terminology,
``primaries`` can now be used as a synonym for ``masters`` in
:iscman:`named.conf`. Similarly, ``notify primary-only`` can now be used as
a synonym for ``notify master-only``. The output of ``rndc
zonestatus`` now uses ``primary`` and ``secondary`` terminology.
:gl:`#1948`
Bug Fixes
~~~~~~~~~
- A race condition could occur if a TCP socket connection was closed
while :iscman:`named` was waiting for a recursive response. The attempt to
send a response over the closing connection triggered an assertion
failure in the function ``isc__nm_tcpdns_send()``. :gl:`#1937`
- A race condition could occur when :iscman:`named` attempted to use a UDP
interface that was shutting down. This triggered an assertion failure
in ``uv__udp_finish_close()``. :gl:`#1938`
- Fix assertion failure when server was under load and root zone had not
yet been loaded. :gl:`#1862`
- :iscman:`named` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c``
that were being reused. :gl:`#1968`
- :iscman:`named` crashed on shutdown when a new :iscman:`rndc` connection was
received during shutdown. This has been fixed. :gl:`#1747`
- The DS RRset returned by ``dns_keynode_dsset()`` was used in a
non-thread-safe manner. This could result in an INSIST being
triggered. :gl:`#1926`
- The ``primary`` and ``secondary`` keywords, when used as parameters
for ``check-names``, were not processed correctly and were being
ignored. :gl:`#1949`
- :option:`rndc dnstap -roll value <rndc dnstap>` did not limit the number of saved files
to ``value``. :gl:`!3728`
- The validator could fail to accept a properly signed RRset if an
unsupported algorithm appeared earlier in the DNSKEY RRset than a
supported algorithm. It could also stop if it detected a malformed
public key. :gl:`#1689`
- The ``blackhole`` ACL was inadvertently disabled for client queries.
Blocked IP addresses were not used for upstream queries but queries
from those addresses could still be answered. :gl:`#1936`
View Git Blame Copy Permalink