diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index 0f68889b60..3109532212 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,7 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.20.17.rst .. include:: ../changelog/changelog-9.20.16.rst .. include:: ../changelog/changelog-9.20.15.rst .. include:: ../changelog/changelog-9.20.14.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 1baca621d8..9a4c08ed5f 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -45,6 +45,7 @@ The list of known issues affecting the latest version in the 9.20 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.20 +.. include:: ../notes/notes-9.20.17.rst .. include:: ../notes/notes-9.20.16.rst .. include:: ../notes/notes-9.20.15.rst .. include:: ../notes/notes-9.20.14.rst diff --git a/doc/changelog/changelog-9.20.17.rst b/doc/changelog/changelog-9.20.17.rst new file mode 100644 index 0000000000..e92eeb7f46 --- /dev/null +++ b/doc/changelog/changelog-9.20.17.rst @@ -0,0 +1,140 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.20.17 +------------ + +New Features +~~~~~~~~~~~~ + +- Add spatch to detect implicit bool/int/result cast. ``02be363d1f`` + + Detection of implicit cast from a boolean into an int, or an + isc_result_t into a boolean (either in an assignement or return + position). + + If such pattern is found, a warning comment is added into the code + (and the CI will fails) so the error can be spotted and manually + fixed. :gl:`!11237` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Use atomics for CMM_{LOAD,STORE}_SHARED with ThreadSanitizer. + ``94fa721705`` + + Upstream has removed the atomics implementation of CMM_LOAD_SHARED and + CMM_STORE_SHARED as these can be used also with non-stdatomics types. + As we only use the CMM api with stdatomics types, we can restore the + previous behaviour to prevent ThreadSanitizer warnings. :gl:`#5660` + :gl:`!11290` + +- Provide more information when the memory allocation fails. + ``6749725610`` + + Provide more information about the failure when the memory allocation + fails. :gl:`!11304` + +- Reduce the number of outgoing queries. ``457b470e96`` + + Reduces the number of outgoing queries when resolving the nameservers + for delegation points. This helps the DNS resolver with cold cache + resolve client queries with complex delegation chains and + redirections. :gl:`!11258` + +Bug Fixes +~~~~~~~~~ + +- Fix the spurious timeouts while resolving names. ``d96cf874fb`` + + Sometimes the loops in the resolving (e.g. to resolve or validate + ns1.example.com we need to resolve ns1.example.com) were not properly + detected leading to spurious 10 seconds delay. This has been fixed + and such loops are properly detected. :gl:`#3033`, #5578 :gl:`!11298` + +- Fix bug where zone switches from NSEC3 to NSEC after retransfer. + ``3b40ffbf83`` + + When a zone is re-transferred, but the zone journal on an + inline-signing secondary is out of sync, the zone could fall back to + using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527` + :gl:`!11274` + +- Attach socket before async streamdns_resume_processing. ``bb9451c73f`` + + Call to `streamdns_resume_processing` is asynchronous but the socket + passed as argument is not attached when scheduling the call. + + While there is no reproducible way (so far) to make the socket + reference number down to 0 before `streamdns_resume_processing` is + called, attach the socket before scheduling the call. This guard + against an hypothetic case where, for some reasons, the socket + refcount would reach 0, and be freed from memory when + `streamdns_resume_processing` is called. :gl:`#5620` :gl:`!11260` + +- AMTRELAY type 0 presentation format handling was wrong. ``adf104a063`` + + RFC 8777 specifies a placeholder value of "." for the gateway field + when the gateway type is 0 (no gateway). This was not being checked + for nor emitted when displaying the record. This has been corrected. + + Instances of this record will need the placeholder period added to + them when upgrading. :gl:`#5639` :gl:`!11255` + +- Fix parsing bug in remote-servers with key or tls. ``d9400c5967`` + + The :any:`remote-servers` clause enable the following pattern using a + named ``server-list``: + + remote-servers a { 1.2.3.4; ... }; remote-servers b { a key + foo; }; + + However, such configuration was wrongly rejected, with an "unexpected + token 'foo'" error. Such configuration is now accepted. :gl:`#5646` + :gl:`!11300` + +- Fix TLS contexts cache object usage bug in the resolver. + ``13adf94006`` + + :iscman:`named` could terminate unexpectedly when reconfiguring or + reloading, and if client-side TLS transport was in use (for example, + when forwarding queries to a DoT server). This has been fixed. + :gl:`#5653` :gl:`!11299` + +- Fix unitiailized pointer check on getipandkeylist. ``5ed0cf091b`` + + Function `named_config_getipandkeylist` could, in case of error in the + early code attempting to get the `port` or `tls-port`, make a pointer + check on a non-initialized value. This is now fixed. :gl:`!11306` + +- Standardize CHECK and RETERR macros. ``ef714e91ac`` + + previously, there were over 40 separate definitions of CHECK macros, + of which most used "goto cleanup", and the rest "goto failure" or + "goto out". there were another 10 definitions of RETERR, of which most + were identical to CHECK, but some simply returned a result code + instead of jumping to a cleanup label. + + this has now been standardized throughout the code base: RETERR is for + returning an error code in the case of an error, and CHECK is for + jumping to a cleanup tag, which is now always called "cleanup". both + macros are defined in isc/util.h. :gl:`!11069` + +- Adding NSEC3 opt-out records could leave invalid records in + chain. ``1d83a8ad46`` + + When creating an NSEC3 opt-out chain, a node in the chain could be + removed too soon, causing the previous NSEC3 being unable to be found, + resulting in invalid NSEC3 records to be left in the zone. This has + been fixed. + + Closes [#5671](#5671) + diff --git a/doc/notes/notes-9.20.17.rst b/doc/notes/notes-9.20.17.rst new file mode 100644 index 0000000000..c504cf77cc --- /dev/null +++ b/doc/notes/notes-9.20.17.rst @@ -0,0 +1,80 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.20.17 +---------------------- + +Feature Changes +~~~~~~~~~~~~~~~ + +- Reduce the number of outgoing queries. + + Reduce the number of outgoing queries when resolving the nameservers + for delegation points. This helps a DNS resolver with a cold cache + resolve client queries with complex delegation chains and + redirections. :gl:`!11148` + +- Provide more information when memory allocation fails. + + BIND now provides more information about the failure when memory allocation + fails. :gl:`!11272` + +Bug Fixes +~~~~~~~~~ + +- Adding NSEC3 opt-out records could leave invalid records in chain. + + When creating an NSEC3 opt-out chain, a node in the chain could be + removed too soon. The previous NSEC3 would therefore not be found, + resulting in invalid NSEC3 records being left in the zone. This has + been fixed. :gl:`#5671` + +- Fix spurious timeouts while resolving names. + + Sometimes, loops in the resolving process (e.g., to resolve or validate + ``ns1.example.com``, we need to resolve ``ns1.example.com``) were not properly + detected, leading to a spurious 10-second delay. This has been fixed, + and such loops are properly detected. :gl:`#3033` :gl:`#5578` + +- Fix bug where zone switches from NSEC3 to NSEC after retransfer. + + When a zone was re-transferred but the zone journal on an + inline-signing secondary was out of sync, the zone could fall back to + using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527` + +- ``AMTRELAY`` type 0 presentation format handling was wrong. + + :rfc:`8777` specifies a placeholder value of ``.`` for the gateway field + when the gateway type is 0 (no gateway). This was not being checked + for, nor was it emitted when displaying the record. This has been corrected. + + Instances of this record will need the placeholder period added to + them when upgrading. :gl:`#5639` + +- Fix parsing bug in :any:`remote-servers` with key or TLS. + + The :any:`remote-servers` clause enables the following pattern using a + named ``server-list``:: + + remote-servers a { 1.2.3.4; ... }; + remote-servers b { a key foo; }; + + However, such a configuration was wrongly rejected, with an ``unexpected + token 'foo'`` error. This configuration is now accepted. :gl:`#5646` + +- Fix DoT reconfigure/reload bug in the resolver. + + If client-side TLS transport was in use (for example, when + forwarding queries to a DoT server), :iscman:`named` could + terminate unexpectedly when reconfiguring or reloading. This + has been fixed. + :gl:`#5653` +