upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Tweak and reword release notes

Browse source
This commit is contained in:
Michal Nowak 2025-11-06 12:23:11 +01:00
parent 9f1a1602d7
commit 19aedb42c7
No known key found for this signature in database
1 changed files with 21 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
doc/notes/notes-9.20.16.rst
View file

@ -15,44 +15,44 @@ Notes for BIND 9.20.16
Bug Fixes
~~~~~~~~~
- Fix dnssec-keygen key collision checking for KEY rrtype keys.
- Fix :iscman:`dnssec-keygen` key collision checking for KEY RRtype
keys.
The :iscman:`dnssec-keygen` utility program failed to detect possible
Key ID collisions with the existing keys generated using the
non-default ``-T KEY`` option (e.g. for ``SIG(0)``). This has been
fixed. :gl:`#5506`
KEY ID collisions with existing keys generated using the non-default
``-T KEY`` option (e.g., for ``SIG(0)``). This has been fixed.
:gl:`#5506`
- Fix shutdown INSIST in dns_dispatchmgr_getblackhole.
- Fix shutdown assertion in ``dns_dispatchmgr_getblackhole``.
Previously, `named` could trigger an assertion in
`dns_dispatchmgr_getblackhole` while shutting down. This has been
Previously, :iscman:`named` could trigger an assertion in
``dns_dispatchmgr_getblackhole`` while shutting down. This has been
fixed. :gl:`#5525`
- Dnssec-verify now uses exit code 1 when failing due to illegal
options.
- :iscman:`dnssec-verify` now uses exit code 1 when failing due to
illegal options.
Previously, dnssec-verify exited with code 0 if the options could not
be parsed. This has been fixed. :gl:`#5574`
Previously, :iscman:`dnssec-verify` exited with code 0 if the options
could not be parsed. This has been fixed. :gl:`#5574`
- Prevent assertion failures of dig when server is specified before the
-b option.
- Prevent assertion failures of :iscman:`dig` when a server is specified
before the ``-b`` option.
Previously, :iscman:`dig` could exit with an assertion failure when
the server was specified before the :option:`dig -b` option. This has
a server was specified before the :option:`dig -b` option. This has
been fixed. :gl:`#5609`
- Skip unsupported algorithms when looking for signing key.
- Skip unsupported algorithms when looking for a signing key.
A mix of supported and unsupported DNSSEC algorithms in the same zone
could have caused validation failures. Ignore the DNSSEC keys with
unsupported algorithm when looking for the signing keys. :gl:`#5622`
could cause validation failures. Unsupported algorithms are now
ignored when looking for signing keys. :gl:`#5622`
- Skip buffer allocations if not logging.
Currently, during IXFR we allocate a 2KB buffer for IXFR change
logging regardless of the log level. This commit introduces an early
check on the log level in dns_diff_print to avoid this.
Previously, we allocated a 2KB buffer for IXFR change logging,
regardless of the log level.
Results in a speedup from 28% in the test case from issue #5442.
This results in a 28% speedup in some scenarios.