From d0e094e81eab35a365cc3b82bd7b8271a5a25683 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Apr 2022 15:56:43 +0200 Subject: [PATCH 1/7] Fix CHANGES marker location for BIND 9.17.22 --- CHANGES | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index b14f754984..3fa6306924 100644 --- a/CHANGES +++ b/CHANGES @@ -76,7 +76,6 @@ be called before send callback dereferencing dns_request_t object too early. [GL #3105] - 5821. [bug] Fix query context management issues in the TCP part of dig. [GL #3184] @@ -185,8 +184,6 @@ when receiving NOTIFY query with SOA record in ANSWER section. [GL #3086] - --- 9.17.22 released --- - 5790. [bug] The control channel was incorrectly looking for ISC_R_CANCELED as a signal that the named is shutting down. In the dispatch refactoring, @@ -195,6 +192,8 @@ channel code to use ISC_R_SHUTTINGDOWN result code to detect named being shut down. [GL #3079] + --- 9.17.22 released --- + 5789. [bug] Allow replacing expired zone signatures with signatures created by the KSK. [GL #3049] From 5c0e3a1d8d5090eb80dcb0193a062548a79fbd41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Apr 2022 15:56:43 +0200 Subject: [PATCH 2/7] Tweak and reword release notes --- doc/notes/notes-current.rst | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 12c624491c..c99b6c4bcd 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -37,30 +37,28 @@ Feature Changes - None. -- Add a new configuration option ``reuseport`` to disable - load balancing on sockets in scenarios in which processing of - Response Policy Zones (RPZ), Catalog Zones, or large zone transfers - can cause service disruptions. See the BIND 9 ARM for more detail. - :gl:`#3249` +- Add a new configuration option ``reuseport`` to disable load balancing + on sockets in situations where processing of Response Policy Zones + (RPZ), Catalog Zones, or large zone transfers can cause service + disruptions. See the BIND 9 ARM for more detail. :gl:`#3249` Bug Fixes ~~~~~~~~~ -- Invalid dnssec-policy definitions were being accepted where the - defined keys did not cover both KSK and ZSK roles for a given - algorithm. This is now checked for and the dnssec-policy is - rejected if both roles are not present for all algorithms in use. - :gl:`#3142` +- Invalid ``dnssec-policy`` definitions, where the defined keys did not + cover both KSK and ZSK roles for a given algorithm, were being + accepted. These are now checked, and the ``dnssec-policy`` is rejected + if both roles are not present for all algorithms in use. :gl:`#3142` -- Handling of the TCP write timeouts has been improved to track timeout - for each TCP write separately leading to faster connection tear down +- Handling of TCP write timeouts has been improved to track the timeout + for each TCP write separately, leading to a faster connection teardown in case the other party is not reading the data. :gl:`#3200` -- Zone maintenance DNS queries would retry forever while the - destination server was unreachable. These queries include outgoing +- Previously, zone maintenance DNS queries retried forever if the + destination server was unreachable. These queries included outgoing NOTIFY messages, refresh SOA queries, parental DS checks, and stub - zone NS queries. For example, if a zone has any nameservers with - IPv6 addresses and a secondary server without IPv6 connectivity, the - IPv4-only server would keep trying to send a growing amount of - NOTIFY traffic over IPv6. This futile traffic was not logged. - :gl:`#3242` + zone NS queries. For example, if a zone had any nameservers with IPv6 + addresses and a secondary server without IPv6 connectivity, that + server would keep trying to send a growing amount of NOTIFY traffic + over IPv6. This futile traffic was not logged. This excessive retry + behavior has been fixed. :gl:`#3242` From a4cc916c5b774217ad44c08e36316cd4696ac83e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Apr 2022 15:56:43 +0200 Subject: [PATCH 3/7] Reorder release notes --- doc/notes/notes-current.rst | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index c99b6c4bcd..5d517f8ba5 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -25,7 +25,10 @@ Known Issues New Features ~~~~~~~~~~~~ -- None. +- Add a new configuration option ``reuseport`` to disable load balancing + on sockets in situations where processing of Response Policy Zones + (RPZ), Catalog Zones, or large zone transfers can cause service + disruptions. See the BIND 9 ARM for more detail. :gl:`#3249` Removed Features ~~~~~~~~~~~~~~~~ @@ -37,23 +40,9 @@ Feature Changes - None. -- Add a new configuration option ``reuseport`` to disable load balancing - on sockets in situations where processing of Response Policy Zones - (RPZ), Catalog Zones, or large zone transfers can cause service - disruptions. See the BIND 9 ARM for more detail. :gl:`#3249` - Bug Fixes ~~~~~~~~~ -- Invalid ``dnssec-policy`` definitions, where the defined keys did not - cover both KSK and ZSK roles for a given algorithm, were being - accepted. These are now checked, and the ``dnssec-policy`` is rejected - if both roles are not present for all algorithms in use. :gl:`#3142` - -- Handling of TCP write timeouts has been improved to track the timeout - for each TCP write separately, leading to a faster connection teardown - in case the other party is not reading the data. :gl:`#3200` - - Previously, zone maintenance DNS queries retried forever if the destination server was unreachable. These queries included outgoing NOTIFY messages, refresh SOA queries, parental DS checks, and stub @@ -62,3 +51,12 @@ Bug Fixes server would keep trying to send a growing amount of NOTIFY traffic over IPv6. This futile traffic was not logged. This excessive retry behavior has been fixed. :gl:`#3242` + +- Invalid ``dnssec-policy`` definitions, where the defined keys did not + cover both KSK and ZSK roles for a given algorithm, were being + accepted. These are now checked, and the ``dnssec-policy`` is rejected + if both roles are not present for all algorithms in use. :gl:`#3142` + +- Handling of TCP write timeouts has been improved to track the timeout + for each TCP write separately, leading to a faster connection teardown + in case the other party is not reading the data. :gl:`#3200` From b91083494e19f64dd803dd8edb5a726b305bb620 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Apr 2022 15:56:43 +0200 Subject: [PATCH 4/7] Add release note for miscellaneous dig fixes --- doc/notes/notes-current.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 5d517f8ba5..495cefaef6 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -52,6 +52,10 @@ Bug Fixes over IPv6. This futile traffic was not logged. This excessive retry behavior has been fixed. :gl:`#3242` +- A number of crashes and hangs which could be triggered in + :iscman:`dig` were identified and addressed. :gl:`#3020` :gl:`#3128` + :gl:`#3145` :gl:`#3184` :gl:`#3205` :gl:`#3244` :gl:`#3248` + - Invalid ``dnssec-policy`` definitions, where the defined keys did not cover both KSK and ZSK roles for a given algorithm, were being accepted. These are now checked, and the ``dnssec-policy`` is rejected From 4ec20be2aea8b496fb8ad9e6e9c268eb26dde9f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Apr 2022 15:56:43 +0200 Subject: [PATCH 5/7] Prepare release notes for BIND 9.18.2 --- doc/arm/notes.rst | 2 +- .../{notes-current.rst => notes-9.18.2.rst} | 20 ------------------- 2 files changed, 1 insertion(+), 21 deletions(-) rename doc/notes/{notes-current.rst => notes-9.18.2.rst} (92%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 7aad3e88c8..058cdf16f7 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -33,7 +33,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.18.2.rst .. include:: ../notes/notes-9.18.1.rst .. include:: ../notes/notes-9.18.0.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.18.2.rst similarity index 92% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.18.2.rst index 495cefaef6..687f5936c9 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.18.2.rst @@ -12,16 +12,6 @@ Notes for BIND 9.18.2 --------------------- -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -Known Issues -~~~~~~~~~~~~ - -- None. - New Features ~~~~~~~~~~~~ @@ -30,16 +20,6 @@ New Features (RPZ), Catalog Zones, or large zone transfers can cause service disruptions. See the BIND 9 ARM for more detail. :gl:`#3249` -Removed Features -~~~~~~~~~~~~~~~~ - -- None. - -Feature Changes -~~~~~~~~~~~~~~~ - -- None. - Bug Fixes ~~~~~~~~~ From f78abdc474074148e474aa3ec8ff4e16937ae2b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Apr 2022 16:00:43 +0200 Subject: [PATCH 6/7] Add a CHANGES marker --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index 3fa6306924..6b70d2eafc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.18.2 released --- + 5856. [bug] The "starting maxtime timer" message related to outgoing zone transfers was incorrectly logged at the ERROR level instead of DEBUG(1). [GL #3208] From 3babb1557aef04ec3834d00b17013ae9fa5a434b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Apr 2022 16:00:43 +0200 Subject: [PATCH 7/7] Update BIND version to 9.18.2 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0fe7147f59..fbbfa84123 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 18)dnl -m4_define([bind_VERSION_PATCH], 1)dnl +m4_define([bind_VERSION_PATCH], 2)dnl m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Stable Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl