mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Set up release notes for BIND 9.18.7
This commit is contained in:
Michał Kępień
parent
f63ffe40bb
commit
3cd90c9a39
1 changed files with 3 additions and 32 deletions
|
|
@ -9,7 +9,7 @@
|
|||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.18.6
|
||||
Notes for BIND 9.18.7
|
||||
---------------------
|
||||
|
||||
Security Fixes
|
||||
|
|
@ -35,38 +35,9 @@ Removed Features
|
|||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- DNSSEC ``RSASHA1`` and ``NSEC3RSASHA1`` are automatically disabled
|
||||
on systems (e.g. RHEL9) where they are disallowed by the security
|
||||
policy. Primary zones using those algorithms need to be moved
|
||||
off of them prior to running on these systems as graceful migration
|
||||
to different DNSSEC algorithms is not possible when RSASHA1 is
|
||||
disallowed by the OS. :gl:`#3469`
|
||||
|
||||
- Fetch limit log messages have been improved to provide more complete
|
||||
information. Specifically, the final values of allowed and spilled fetches
|
||||
will now be logged before the counter object gets destroyed. :gl:`#3461`
|
||||
- None.
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- When running as a validating resolver forwarding all queries to
|
||||
another resolver, :iscman:`named` could crash with an assertion
|
||||
failure. These crashes occurred when the configured forwarder sent a
|
||||
broken DS response and :iscman:`named` failed its attempts to find a
|
||||
proper one instead. This has been fixed. :gl:`#3439`
|
||||
|
||||
- Non-dynamic zones that inherit dnssec-policy from the view or
|
||||
options level were not marked as inline-signed, and thus were never
|
||||
scheduled to be re-signed. This is now fixed. :gl:`#3438`
|
||||
|
||||
- The old ``max-zone-ttl`` zone option was meant to be superseded by
|
||||
the ``max-zone-ttl`` option in ``dnssec-policy``; however, the latter
|
||||
option was not fully effective. This has been corrected: zones will
|
||||
not load if they contain TTLs greater than the limit configured in
|
||||
``dnssec-policy``. In zones with both the old ``max-zone-ttl``
|
||||
option and ``dnssec-policy`` configured, the old option will be
|
||||
ignored, and a warning will be generated. :gl:`#2918`
|
||||
|
||||
- Fix `rndc dumpdb -expired` to include expired RRsets, even if the cache
|
||||
cleaning time window has passed. This will now show expired RRsets that are
|
||||
stuck in the cache. :gl:`#3462`
|
||||
- None.
|
||||
|
|
|
|||
Loading…
Reference in a new issue