BIND 9.18.2

2026-05-27 20:25:55 -04:00 · 2022-04-21 09:44:56 +02:00 · 2022-04-21 09:44:56 +02:00 · 0deec48487
commit 0deec48487
parent 05c88b18da 3babb1557a
3 changed files with 51 additions and 3 deletions
--- a/7
+++ b/7
@ -23,6 +23,8 @@
 5858.	[bug]		Don't remove CDS/CDNSKEY DELETE records on zone sign
 			when using 'auto-dnssec maintain;'. [GL #2931]

+	--- 9.18.2 released ---
+
 5856.	[bug]		The "starting maxtime timer" message related to outgoing
 			zone transfers was incorrectly logged at the ERROR level
 			instead of DEBUG(1). [GL #3208]
@ -101,7 +103,6 @@
 			be called before send callback dereferencing
 			dns_request_t object too early. [GL #3105]

-
 5821.	[bug]		Fix query context management issues in the TCP part
 			of dig. [GL #3184]

@ -210,8 +211,6 @@
 			when receiving NOTIFY query with SOA record in
 			ANSWER section. [GL #3086]

-	--- 9.17.22 released ---
-
 5790.	[bug]		The control channel was incorrectly looking for
 			ISC_R_CANCELED as a signal that the named is
 			shutting down.  In the dispatch refactoring,
@ -220,6 +219,8 @@
 			channel code to use ISC_R_SHUTTINGDOWN result
 			code to detect named being shut down. [GL #3079]

+	--- 9.17.22 released ---
+
 5789.	[bug]		Allow replacing expired zone signatures with
 			signatures created by the KSK. [GL #3049]

--- a/doc/arm/notes.rst
+++ b/doc/arm/notes.rst
@ -34,6 +34,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, and source code.

 .. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.18.2.rst
 .. include:: ../notes/notes-9.18.1.rst
 .. include:: ../notes/notes-9.18.0.rst

--- a/doc/notes/notes-9.18.2.rst
+++ b/doc/notes/notes-9.18.2.rst
@ -0,0 +1,46 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.18.2
+---------------------
+
+New Features
+~~~~~~~~~~~~
+
+- Add a new configuration option ``reuseport`` to disable load balancing
+  on sockets in situations where processing of Response Policy Zones
+  (RPZ), Catalog Zones, or large zone transfers can cause service
+  disruptions. See the BIND 9 ARM for more detail. :gl:`#3249`
+
+Bug Fixes
+~~~~~~~~~
+
+- Previously, zone maintenance DNS queries retried forever if the
+  destination server was unreachable. These queries included outgoing
+  NOTIFY messages, refresh SOA queries, parental DS checks, and stub
+  zone NS queries. For example, if a zone had any nameservers with IPv6
+  addresses and a secondary server without IPv6 connectivity, that
+  server would keep trying to send a growing amount of NOTIFY traffic
+  over IPv6. This futile traffic was not logged. This excessive retry
+  behavior has been fixed. :gl:`#3242`
+
+- A number of crashes and hangs which could be triggered in
+  :iscman:`dig` were identified and addressed. :gl:`#3020` :gl:`#3128`
+  :gl:`#3145` :gl:`#3184` :gl:`#3205` :gl:`#3244` :gl:`#3248`
+
+- Invalid ``dnssec-policy`` definitions, where the defined keys did not
+  cover both KSK and ZSK roles for a given algorithm, were being
+  accepted. These are now checked, and the ``dnssec-policy`` is rejected
+  if both roles are not present for all algorithms in use. :gl:`#3142`
+
+- Handling of TCP write timeouts has been improved to track the timeout
+  for each TCP write separately, leading to a faster connection teardown
+  in case the other party is not reading the data. :gl:`#3200`