upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Add Known Issue about config incompatibility

Browse source 
(cherry picked from commit 5589d0a49c)
This commit is contained in:
Petr Špaček 2022-10-05 15:21:36 +02:00
parent 6394f5c423
commit 49db39abfe
No known key found for this signature in database
GPG key ID: ABD587CDF06581AE
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
doc/notes/notes-current.rst
View file

@ -20,6 +20,18 @@ Security Fixes
Known Issues
~~~~~~~~~~~~
- Upgrading from BIND 9.16.32, 9.18.6, or older, may require a manual
configuration change. The following configurations are affected:
- :any:`type primary` zones configured with :any:`dnssec-policy` but without
either :any:`allow-update` or :any:`update-policy`
- :any:`type secondary` zones configured with :any:`dnssec-policy`
In these cases please add :namedconf:ref:`inline-signing yes;
<inline-signing>` to individual zone configuration(s). Without applying this
change :iscman:`named` will fail to start. For more details see
https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
- BIND 9.18 does not support dynamic updates forwarding (see
:any:`allow-update-forwarding`) in conjuction with zone transfers
over TLS (XoT). :gl:`#3512`