mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Merge branch 'michal/set-up-version-and-release-notes-for-bind-9.18.7' into 'v9_18'
Set up version and release notes for BIND 9.18.7 See merge request isc-projects/bind9!6633
This commit is contained in:
Michał Kępień
commit
5cb75e3c7a
2 changed files with 4 additions and 33 deletions
|
|
@ -16,7 +16,7 @@
|
|||
#
|
||||
m4_define([bind_VERSION_MAJOR], 9)dnl
|
||||
m4_define([bind_VERSION_MINOR], 18)dnl
|
||||
m4_define([bind_VERSION_PATCH], 6)dnl
|
||||
m4_define([bind_VERSION_PATCH], 7)dnl
|
||||
m4_define([bind_VERSION_EXTRA], -dev)dnl
|
||||
m4_define([bind_DESCRIPTION], [(Stable Release)])dnl
|
||||
m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.18.6
|
||||
Notes for BIND 9.18.7
|
||||
---------------------
|
||||
|
||||
Security Fixes
|
||||
|
|
@ -35,38 +35,9 @@ Removed Features
|
|||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- DNSSEC ``RSASHA1`` and ``NSEC3RSASHA1`` are automatically disabled
|
||||
on systems (e.g. RHEL9) where they are disallowed by the security
|
||||
policy. Primary zones using those algorithms need to be moved
|
||||
off of them prior to running on these systems as graceful migration
|
||||
to different DNSSEC algorithms is not possible when RSASHA1 is
|
||||
disallowed by the OS. :gl:`#3469`
|
||||
|
||||
- Fetch limit log messages have been improved to provide more complete
|
||||
information. Specifically, the final values of allowed and spilled fetches
|
||||
will now be logged before the counter object gets destroyed. :gl:`#3461`
|
||||
- None.
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- When running as a validating resolver forwarding all queries to
|
||||
another resolver, :iscman:`named` could crash with an assertion
|
||||
failure. These crashes occurred when the configured forwarder sent a
|
||||
broken DS response and :iscman:`named` failed its attempts to find a
|
||||
proper one instead. This has been fixed. :gl:`#3439`
|
||||
|
||||
- Non-dynamic zones that inherit dnssec-policy from the view or
|
||||
options level were not marked as inline-signed, and thus were never
|
||||
scheduled to be re-signed. This is now fixed. :gl:`#3438`
|
||||
|
||||
- The old ``max-zone-ttl`` zone option was meant to be superseded by
|
||||
the ``max-zone-ttl`` option in ``dnssec-policy``; however, the latter
|
||||
option was not fully effective. This has been corrected: zones will
|
||||
not load if they contain TTLs greater than the limit configured in
|
||||
``dnssec-policy``. In zones with both the old ``max-zone-ttl``
|
||||
option and ``dnssec-policy`` configured, the old option will be
|
||||
ignored, and a warning will be generated. :gl:`#2918`
|
||||
|
||||
- Fix `rndc dumpdb -expired` to include expired RRsets, even if the cache
|
||||
cleaning time window has passed. This will now show expired RRsets that are
|
||||
stuck in the cache. :gl:`#3462`
|
||||
- None.
|
||||
|
|
|
|||
Loading…
Reference in a new issue