diff --git a/CHANGES b/CHANGES index 9519895e89..851d3f9abe 100644 --- a/CHANGES +++ b/CHANGES @@ -23,6 +23,8 @@ 5858. [bug] Don't remove CDS/CDNSKEY DELETE records on zone sign when using 'auto-dnssec maintain;'. [GL #2931] + --- 9.18.2 released --- + 5856. [bug] The "starting maxtime timer" message related to outgoing zone transfers was incorrectly logged at the ERROR level instead of DEBUG(1). [GL #3208] @@ -101,7 +103,6 @@ be called before send callback dereferencing dns_request_t object too early. [GL #3105] - 5821. [bug] Fix query context management issues in the TCP part of dig. [GL #3184] @@ -210,8 +211,6 @@ when receiving NOTIFY query with SOA record in ANSWER section. [GL #3086] - --- 9.17.22 released --- - 5790. [bug] The control channel was incorrectly looking for ISC_R_CANCELED as a signal that the named is shutting down. In the dispatch refactoring, @@ -220,6 +219,8 @@ channel code to use ISC_R_SHUTTINGDOWN result code to detect named being shut down. [GL #3079] + --- 9.17.22 released --- + 5789. [bug] Allow replacing expired zone signatures with signatures created by the KSK. [GL #3049] diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 7aad3e88c8..c1260b48e5 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -34,6 +34,7 @@ https://www.isc.org/download/. There you will find additional information about each release, and source code. .. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.18.2.rst .. include:: ../notes/notes-9.18.1.rst .. include:: ../notes/notes-9.18.0.rst diff --git a/doc/notes/notes-9.18.2.rst b/doc/notes/notes-9.18.2.rst new file mode 100644 index 0000000000..687f5936c9 --- /dev/null +++ b/doc/notes/notes-9.18.2.rst @@ -0,0 +1,46 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.2 +--------------------- + +New Features +~~~~~~~~~~~~ + +- Add a new configuration option ``reuseport`` to disable load balancing + on sockets in situations where processing of Response Policy Zones + (RPZ), Catalog Zones, or large zone transfers can cause service + disruptions. See the BIND 9 ARM for more detail. :gl:`#3249` + +Bug Fixes +~~~~~~~~~ + +- Previously, zone maintenance DNS queries retried forever if the + destination server was unreachable. These queries included outgoing + NOTIFY messages, refresh SOA queries, parental DS checks, and stub + zone NS queries. For example, if a zone had any nameservers with IPv6 + addresses and a secondary server without IPv6 connectivity, that + server would keep trying to send a growing amount of NOTIFY traffic + over IPv6. This futile traffic was not logged. This excessive retry + behavior has been fixed. :gl:`#3242` + +- A number of crashes and hangs which could be triggered in + :iscman:`dig` were identified and addressed. :gl:`#3020` :gl:`#3128` + :gl:`#3145` :gl:`#3184` :gl:`#3205` :gl:`#3244` :gl:`#3248` + +- Invalid ``dnssec-policy`` definitions, where the defined keys did not + cover both KSK and ZSK roles for a given algorithm, were being + accepted. These are now checked, and the ``dnssec-policy`` is rejected + if both roles are not present for all algorithms in use. :gl:`#3142` + +- Handling of TCP write timeouts has been improved to track the timeout + for each TCP write separately, leading to a faster connection teardown + in case the other party is not reading the data. :gl:`#3200`