From bd3bf7e1c701f31471a9e67af05f849e193340cc Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Mon, 7 Oct 2024 11:16:07 +0200 Subject: [PATCH 1/5] Generate changelog --- doc/changelog/changelog-9.18.31.rst | 114 ++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 doc/changelog/changelog-9.18.31.rst diff --git a/doc/changelog/changelog-9.18.31.rst b/doc/changelog/changelog-9.18.31.rst new file mode 100644 index 0000000000..60c9b5b997 --- /dev/null +++ b/doc/changelog/changelog-9.18.31.rst @@ -0,0 +1,114 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +(-dev) +------ + +New Features +~~~~~~~~~~~~ + +- Added WALLET type. ``65d9f28b32d`` + + Add the new record type WALLET (262). This provides a mapping from a + domain name to a cryptographic currency wallet. Multiple mappings can + exist if multiple records exist. :gl:`#4947` :gl:`!9555` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS. ``1d6465ff169`` + + This change allows fallback from an IXFR failure to AXFR when the + reason is `DNS_R_TOOMANYRECORDS`. This is because this error condition + could be temporary only in an intermediate version of IXFR + transactions and it's possible that the latest version of the zone + doesn't have that condition. In such a case, the secondary would never + be able to update the zone (even if it could) without this fallback. + + This fallback behavior is particularly useful with the recently + introduced `max-records-per-type` and `max-types-per-name` options: + the primary may not have these limitations and may temporarily + introduce "too many" records, breaking IXFR. If the primary side + subsequently deletes these records, this fallback will help recover + the zone transfer failure automatically; without it, the secondary + side would first need to increase the limit, which requires more + operational overhead and has its own adverse effect. :gl:`#4928` + :gl:`!9472` + +- Remove statslock from dnssec-signzone. ``5c51e044c42`` + + Silence Coverity CID 468757 and 468767 (DATA RACE read not locked) by + converting dnssec-signzone to use atomics for statistics counters + rather than using a lock. :gl:`#4939` :gl:`!9501` + +- Use release memory ordering when incrementing reference counter. + ``b2bbceecfe8`` + + As the relaxed memory ordering doesn't ensure any memory + synchronization, it is possible that the increment will succeed even + in the case when it should not - there is a race between + atomic_fetch_sub(..., acq_rel) and atomic_fetch_add(..., relaxed). + Only the result is consistent, but the previous value for both calls + could be same when both calls are executed at the same time. + :gl:`!9568` + +Bug Fixes +~~~~~~~~~ + +- Fix a statistics channel counter bug when 'forward only' zones are + used. ``5a6c5218ad1`` + + When resolving a zone with a 'forward only' policy, and finding out + that all the forwarders are marked as "bad", the 'ServerQuota' counter + of the statistics channel was incorrectly increased. This has been + fixed. :gl:`#1793` :gl:`!9503` + +- Fix a bug in the static-stub implementation. ``1e5bc23921e`` + + Static-stub addresses and addresses from other sources were being + mixed together, resulting in static-stub queries going to addresses + not specified in the configuration, or alternatively, static-stub + addresses being used instead of the correct server addresses. + :gl:`#4850` :gl:`!9572` + +- Don't allow statistics-channel if libxml2 and libjson-c are + unsupported. ``e8c2c9c9dca`` + + When the libxml2 and libjson-c libraries are not supported, the + statistics channel can't return anything useful, so it is now + disabled. Use of `statistics-channel` in `named.conf` is a fatal + error. :gl:`#4895` :gl:`!9487` + +- Limit the outgoing UDP send queue size. ``6c1fc4ae544`` + + If the operating system UDP queue gets full and the outgoing UDP + sending starts to be delayed, BIND 9 could exhibit memory spikes as it + tries to enqueue all the outgoing UDP messages. Try a bit harder to + deliver the outgoing UDP messages synchronously and if that fails, + drop the outgoing DNS message that would get queued up and then + timeout on the client side. :gl:`#4930` :gl:`!9512` + +- Do not set SO_INCOMING_CPU. ``694cb11a173`` + + We currently set SO_INCOMING_CPU incorrectly, and testing by Ondrej + shows that fixing the issue by setting affinities is worse than + letting the kernel schedule threads without constraints. So we should + not set SO_INCOMING_CPU anymore. :gl:`#4936` :gl:`!9505` + +- Don't enable REUSEADDR on outgoing UDP sockets. ``b902a4e214a`` + + The outgoing UDP sockets enabled `SO_REUSEADDR` that allows sharing of + the UDP sockets, but with one big caveat - the socket that was opened + the last would get all traffic. The dispatch code would ignore the + invalid responses in the dns_dispatch, but this could lead to + unexpected results. :gl:`!9584` + + From 7dc63c6be4da72759f4af5cddf97a37d54a807ae Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Mon, 7 Oct 2024 11:16:36 +0200 Subject: [PATCH 2/5] Generate release notes --- doc/notes/notes-9.18.31.rst | 88 +++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 doc/notes/notes-9.18.31.rst diff --git a/doc/notes/notes-9.18.31.rst b/doc/notes/notes-9.18.31.rst new file mode 100644 index 0000000000..343f98bda6 --- /dev/null +++ b/doc/notes/notes-9.18.31.rst @@ -0,0 +1,88 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +(-dev) +------ + +New Features +~~~~~~~~~~~~ + +- Added WALLET type. + + Add the new record type WALLET (262). This provides a mapping from a + domain name to a cryptographic currency wallet. Multiple mappings can + exist if multiple records exist. :gl:`#4947` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS. + + This change allows fallback from an IXFR failure to AXFR when the + reason is `DNS_R_TOOMANYRECORDS`. This is because this error condition + could be temporary only in an intermediate version of IXFR + transactions and it's possible that the latest version of the zone + doesn't have that condition. In such a case, the secondary would never + be able to update the zone (even if it could) without this fallback. + + This fallback behavior is particularly useful with the recently + introduced `max-records-per-type` and `max-types-per-name` options: + the primary may not have these limitations and may temporarily + introduce "too many" records, breaking IXFR. If the primary side + subsequently deletes these records, this fallback will help recover + the zone transfer failure automatically; without it, the secondary + side would first need to increase the limit, which requires more + operational overhead and has its own adverse effect. :gl:`#4928` + +Bug Fixes +~~~~~~~~~ + +- Fix a statistics channel counter bug when 'forward only' zones are + used. + + When resolving a zone with a 'forward only' policy, and finding out + that all the forwarders are marked as "bad", the 'ServerQuota' counter + of the statistics channel was incorrectly increased. This has been + fixed. :gl:`#1793` + +- Fix a bug in the static-stub implementation. + + Static-stub addresses and addresses from other sources were being + mixed together, resulting in static-stub queries going to addresses + not specified in the configuration, or alternatively, static-stub + addresses being used instead of the correct server addresses. + :gl:`#4850` + +- Don't allow statistics-channel if libxml2 and libjson-c are + unsupported. + + When the libxml2 and libjson-c libraries are not supported, the + statistics channel can't return anything useful, so it is now + disabled. Use of `statistics-channel` in `named.conf` is a fatal + error. :gl:`#4895` + +- Limit the outgoing UDP send queue size. + + If the operating system UDP queue gets full and the outgoing UDP + sending starts to be delayed, BIND 9 could exhibit memory spikes as it + tries to enqueue all the outgoing UDP messages. Try a bit harder to + deliver the outgoing UDP messages synchronously and if that fails, + drop the outgoing DNS message that would get queued up and then + timeout on the client side. :gl:`#4930` + +- Do not set SO_INCOMING_CPU. + + We currently set SO_INCOMING_CPU incorrectly, and testing by Ondrej + shows that fixing the issue by setting affinities is worse than + letting the kernel schedule threads without constraints. So we should + not set SO_INCOMING_CPU anymore. :gl:`#4936` + + From f0590dbff703c39b2ea955550a086b742df4d620 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Mon, 7 Oct 2024 11:18:15 +0200 Subject: [PATCH 3/5] Prepare release notes for BIND 9.18.31 --- doc/arm/changelog.rst | 2 ++ doc/arm/notes.rst | 1 + doc/changelog/changelog-9.18.31-S1.rst | 11 +++++++++++ doc/changelog/changelog-9.18.31.rst | 4 ++-- doc/notes/notes-9.18.31.rst | 10 ++++++++-- 5 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 doc/changelog/changelog-9.18.31-S1.rst diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index 38eba2da28..4cef4ffa3d 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,8 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.18.31-S1.rst +.. include:: ../changelog/changelog-9.18.31.rst .. include:: ../changelog/changelog-9.18.30-S1.rst .. include:: ../changelog/changelog-9.18.30.rst .. include:: ../changelog/changelog-9.18.29-S1.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 34fe234543..1592e8aa37 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -37,6 +37,7 @@ https://www.isc.org/download/. There you will find additional information about each release, and source code. .. include:: ../notes/notes-known-issues.rst +.. include:: ../notes/notes-9.18.31.rst .. include:: ../notes/notes-9.18.30.rst .. include:: ../notes/notes-9.18.29.rst .. include:: ../notes/notes-9.18.28.rst diff --git a/doc/changelog/changelog-9.18.31-S1.rst b/doc/changelog/changelog-9.18.31-S1.rst new file mode 100644 index 0000000000..ba871808a1 --- /dev/null +++ b/doc/changelog/changelog-9.18.31-S1.rst @@ -0,0 +1,11 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + diff --git a/doc/changelog/changelog-9.18.31.rst b/doc/changelog/changelog-9.18.31.rst index 60c9b5b997..e0300658c9 100644 --- a/doc/changelog/changelog-9.18.31.rst +++ b/doc/changelog/changelog-9.18.31.rst @@ -9,8 +9,8 @@ .. See the COPYRIGHT file distributed with this work for additional .. information regarding copyright ownership. -(-dev) ------- +BIND 9.18.31 +------------ New Features ~~~~~~~~~~~~ diff --git a/doc/notes/notes-9.18.31.rst b/doc/notes/notes-9.18.31.rst index 343f98bda6..698efbf8f6 100644 --- a/doc/notes/notes-9.18.31.rst +++ b/doc/notes/notes-9.18.31.rst @@ -9,8 +9,8 @@ .. See the COPYRIGHT file distributed with this work for additional .. information regarding copyright ownership. -(-dev) ------- +Notes for BIND 9.18.31 +---------------------- New Features ~~~~~~~~~~~~ @@ -86,3 +86,9 @@ Bug Fixes not set SO_INCOMING_CPU anymore. :gl:`#4936` +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + ` for a list of all known issues affecting this + BIND 9 branch. From eb14a3b976e62649944e536a6dbec91fadd8185b Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Thu, 3 Oct 2024 18:27:30 +0200 Subject: [PATCH 4/5] Tweak and reword release notes --- doc/notes/notes-9.18.31.rst | 56 +++++++++++++------------------------ 1 file changed, 20 insertions(+), 36 deletions(-) diff --git a/doc/notes/notes-9.18.31.rst b/doc/notes/notes-9.18.31.rst index 698efbf8f6..691a792d90 100644 --- a/doc/notes/notes-9.18.31.rst +++ b/doc/notes/notes-9.18.31.rst @@ -24,34 +24,21 @@ New Features Feature Changes ~~~~~~~~~~~~~~~ -- Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS. +- Allow IXFR-to-AXFR fallback on ``DNS_R_TOOMANYRECORDS``. This change allows fallback from an IXFR failure to AXFR when the - reason is `DNS_R_TOOMANYRECORDS`. This is because this error condition - could be temporary only in an intermediate version of IXFR - transactions and it's possible that the latest version of the zone - doesn't have that condition. In such a case, the secondary would never - be able to update the zone (even if it could) without this fallback. - - This fallback behavior is particularly useful with the recently - introduced `max-records-per-type` and `max-types-per-name` options: - the primary may not have these limitations and may temporarily - introduce "too many" records, breaking IXFR. If the primary side - subsequently deletes these records, this fallback will help recover - the zone transfer failure automatically; without it, the secondary - side would first need to increase the limit, which requires more - operational overhead and has its own adverse effect. :gl:`#4928` + reason is ``DNS_R_TOOMANYRECORDS``. :gl:`#4928` Bug Fixes ~~~~~~~~~ -- Fix a statistics channel counter bug when 'forward only' zones are +- Fix a statistics channel counter bug when "forward only" zones are used. - When resolving a zone with a 'forward only' policy, and finding out - that all the forwarders are marked as "bad", the 'ServerQuota' counter - of the statistics channel was incorrectly increased. This has been - fixed. :gl:`#1793` + When resolving a zone with a "forward only" policy, and finding out + that all the forwarders were marked as "bad", the "ServerQuota" + counter of the statistics channel was incorrectly increased. This has + been fixed. :gl:`#1793` - Fix a bug in the static-stub implementation. @@ -61,29 +48,26 @@ Bug Fixes addresses being used instead of the correct server addresses. :gl:`#4850` -- Don't allow statistics-channel if libxml2 and libjson-c are - unsupported. +- Don't allow :any:`statistics-channels` if libxml2 and libjson-c are + not configured. - When the libxml2 and libjson-c libraries are not supported, the - statistics channel can't return anything useful, so it is now - disabled. Use of `statistics-channel` in `named.conf` is a fatal - error. :gl:`#4895` + When BIND 9 is not configured with the libxml2 and libjson-c + libraries, the use of the :any:`statistics-channels` option is a fatal + error. :gl:`#4895` - Limit the outgoing UDP send queue size. - If the operating system UDP queue gets full and the outgoing UDP - sending starts to be delayed, BIND 9 could exhibit memory spikes as it - tries to enqueue all the outgoing UDP messages. Try a bit harder to - deliver the outgoing UDP messages synchronously and if that fails, - drop the outgoing DNS message that would get queued up and then + If the operating system UDP queue got full and the outgoing UDP + sending started to be delayed, BIND 9 could exhibit memory spikes as + it tried to enqueue all the outgoing UDP messages. It now tries to + deliver the outgoing UDP messages synchronously; if that fails, it + drops the outgoing DNS message that would get queued up and then timeout on the client side. :gl:`#4930` -- Do not set SO_INCOMING_CPU. +- Do not set ``SO_INCOMING_CPU``. - We currently set SO_INCOMING_CPU incorrectly, and testing by Ondrej - shows that fixing the issue by setting affinities is worse than - letting the kernel schedule threads without constraints. So we should - not set SO_INCOMING_CPU anymore. :gl:`#4936` + Remove the ``SO_INCOMING_CPU`` setting as kernel scheduling performs + better without constraints. :gl:`#4936` Known Issues From 6298f90b852a220217435e5b560a40bcd494cc77 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Mon, 7 Oct 2024 16:51:56 +0200 Subject: [PATCH 5/5] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index b3921cafee..76624a13fa 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 18)dnl m4_define([bind_VERSION_PATCH], 31)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Extended Support Version)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl