upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-14 10:50:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

v9_6_ESV_R5rc1

Browse source
This commit is contained in:
Mark Andrews 2011-05-23 23:19:09 +00:00
parent 4e36d1522f
commit 73220c967c
7 changed files with 702 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
--- 9.6-ESV-R5rc1 released ---
3118. [bug] nsupdate could dump core on shutdown when using
SIG(0) keys. [RT #24604]

233
RELEASE-NOTES-BIND-9.6-ESV.html Normal file
View file

@ -0,0 +1,233 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
<div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2824820"></a>Introduction</h2></div></div></div>
<p>
BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
</p>
<p>
This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</p>
</div>
<div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691321"></a>Download</h2></div></div></div>
<p>
The latest release of BIND 9 software can always be found
on our web site at
<a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
There you will find additional information about each release,
source code, and some pre-compiled versions for certain operating
systems.
</p>
</div>
<div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691366"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
for paid support options. Free support is provided by our user
community via a mailing list. Information on all public email
lists is available at
<a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
</p>
</div>
<div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691310"></a>New Features</h2></div></div></div>
<div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id2824840"></a>9.6-ESV-R5</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Added a tool able to generate malformed packets to allow testing
of how named handles them.
[RT #24096]
</li></ul></div>
</div>
</div>
<div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2824832"></a>Feature Changes</h2></div></div></div>
<div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3691431"></a>9.6-ESV-R5</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Merged in the NetBSD ATF test framework (currently
version 0.12) for development of future unit tests.
Use configure --with-atf to build ATF internally
or configure --with-atf=prefix to use an external
copy. [RT #23209]
</li><li class="listitem">
Added more verbose error reporting from DLZ LDAP. [RT #23402]
</li><li class="listitem">
Replaced compile time constant with STDTIME_ON_32BITS.
[RT #23587]
</li></ul></div>
</div>
</div>
<div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691458"></a>Bug Fixes</h2></div></div></div>
<div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3689360"></a>9.6-ESV-R5</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
During RFC5011 processing some journal write errors were not detected.
This could lead to managed-keys changes being committed but not
recorded in the journal files, causing potential inconsistencies
during later processing. [RT #20256]
</li><li class="listitem">
A potential NULL pointer deference in the DNS64 code could cause
named to terminate unexpectedly. [RT #20256]
</li><li class="listitem">
A state variable relating to DNSSEC could fail to be set during
some infrequently-executed code paths, allowing it to be used whilst
in an unitialized state during cache updates, with unpredictable results.
[RT #20256]
</li><li class="listitem">
A potential NULL pointer deference in DNSSEC signing code could
cause named to terminate unexpectedly [RT #20256]
</li><li class="listitem">
Several cosmetic code changes were made to silence warnings
generated by a static code analysis tool. [RT #20256]
</li><li class="listitem">
Cause named to terminate at startup or rndc reconfig
reload to fail, if a log file specified in the
conf file isn't a plain file. (RT #22771]
</li><li class="listitem">
After an external code review, a code cleanup was done. [RT #22521]
</li><li class="listitem">
named now forces the ADB cache time for glue related data to zero
instead of relying on TTL. This corrects problematic behavior in cases
where a server was authoritative for the A record of a nameserver for a
delegated zone and was queried to recursively resolve records within
that zone. [RT #22842]
</li><li class="listitem">
Fix the zonechecks system test to fail on error (warning in 9.6,
fatal in 9.7) to match behaviour for 9.4. [RT #22905]
</li><li class="listitem">
Fixed precedence order bug with NS and DNAME records if both are
present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
</li><li class="listitem">
The secure zone update feature in named is based on the zone being
signed and configured for dynamic updates. A bug in the ACL processing
for "allow-update { none; };" resulted in a zone that is supposed to
be static being treated as a dynamic zone. Thus, named would try to
sign/re-sign that zone erroneously. [RT #23120]
</li><li class="listitem">
If a slave initiates a TSIG signed AXFR from the master and the master
fails to correctly TSIG sign the final message, the slave would be left
with the zone in an unclean state. named detected this error too late
and named would crash with an INSIST. The order dependancy has been
fixed. [RT #23254]
</li><li class="listitem">
If the server has an IPv6 address but does not have IPv6 connectivity
to the internet, dig +trace could fail attempting to use IPv6
addresses. [RT #23297]
</li><li class="listitem">
Changing TTL did not cause dnssec-signzone to generate new signatures.
[RT #23330]
</li><li class="listitem">
Have the validating resolver use RRSIG original TTL to compute
validated RRset and RRSIG TTL. [RT #23332]
</li><li class="listitem">
In "make test" bin/tests/resolver, hold the socket manager lock
while freeing the socket.
[RT #23333]
</li><li class="listitem">
If named encountered a CNAME instead of a DS record when walking
the chain of trust down from the trust anchor, it incorrectly stopped
validating. [RT #23338]
</li><li class="listitem">
RRSIG records could have time stamps too far in the future.
[RT #23356]
</li><li class="listitem">
named stores cached data in an in-memory database and keeps track of
how recently the data is used with a heap. The heap is stored within the
cache's memory space. Under a sustained high query load and with a small
cache size, this could lead to the heap exhausting the cache space. This
would result in cache misses and SERVFAILs, with named never releasing
the cache memory the heap used up and never recovering.
This fix removes the heap into its own memory space, preventing the heap
from exhausting the cache space and allowing named to recover gracefully
when the high query load abates. [RT #23371]
</li><li class="listitem">
If running on a powerpc CPU and with atomic operations enabled,
named could lock up. Added sync instructions to the end of atomic
operations. [RT #23469]
</li><li class="listitem">
If OpenSSL was built without engine support, named would have
compile errors and fail to build.
[RT #23473]
</li><li class="listitem">
Handle isc_event_allocate failures in t_tasks test.
[RT #23572]
</li><li class="listitem">
ixfr-from-differences {master|slave};
failed to select the master/slave zones, resulting in on diff/journal
file being created.
[RT #23580]
</li><li class="listitem">
If a DNAME substitution failed, named returned NOERROR. The correct
response should be YXDOMAIN.
[RT #23591]
</li><li class="listitem">
Remove bin/tests/system/logfileconfig/ns1/named.conf and
add setup.sh in order to resolve changing named.conf issue. [RT #23687]
</li><li class="listitem">
NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
</li><li class="listitem">
Signatures for records at the zone apex could go
stale due to an incorrect timer setting. [RT #23769]
</li><li class="listitem">
The autosign tests attempted to open ports within reserved ranges. Test
now avoids those ports.
[RT #23957]
</li><li class="listitem">
Clean up some cross-compiling issues and added two undocumented
configure options, --with-gost and --with-rlimtype, to allow over-riding
default settings (gost=no and rlimtype="long int") when cross-compiling.
[RT #24367]
</li><li class="listitem">
When trying sign with NSEC3, if dnssec-signzone couldn't find the
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
</li></ul></div>
</div>
</div>
<div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691472"></a>Known issues in this release</h2></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
<p>
"make test" will fail on OSX and possibly other operating systems.
The failure occurs in a new test to check for allow-query ACLs.
The failure is caused because the source address is not specified on
the dig commands issued in the test.
</p>
<p>
If running "make test" is part of your usual acceptance process,
please edit the file <code class="code">bin/tests/system/allow_query/test.sh</code>
and add
</p><p>
<code class="code">-b 10.53.0.2</code>
</p><p>
to the <code class="code">DIGOPTS</code> line.
</p>
</li></ul></div>
</div>
<div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691695"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at
<a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
</p>
</div>
</div></body></html>

BIN
RELEASE-NOTES-BIND-9.6-ESV.pdf Normal file
View file

Binary file not shown.

153
RELEASE-NOTES-BIND-9.6-ESV.txt Normal file
View file

@ -0,0 +1,153 @@
__________________________________________________________________
Introduction
BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
This document summarizes changes from BIND 9.6-ESV-R4 to BIND
9.6-ESV-R5. Please see the CHANGES file in the source code release for
a complete list of all changes.
Download
The latest release of BIND 9 software can always be found on our web
site at http://www.isc.org/software/bind. There you will find
additional information about each release, source code, and some
pre-compiled versions for certain operating systems.
Support
Product support information is available on
http://www.isc.org/services/support for paid support options. Free
support is provided by our user community via a mailing list.
Information on all public email lists is available at
https://lists.isc.org/mailman/listinfo.
New Features
9.6-ESV-R5
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
Feature Changes
9.6-ESV-R5
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
Bug Fixes
9.6-ESV-R5
* During RFC5011 processing some journal write errors were not
detected. This could lead to managed-keys changes being committed
but not recorded in the journal files, causing potential
inconsistencies during later processing. [RT #20256]
* A potential NULL pointer deference in the DNS64 code could cause
named to terminate unexpectedly. [RT #20256]
* A state variable relating to DNSSEC could fail to be set during
some infrequently-executed code paths, allowing it to be used
whilst in an unitialized state during cache updates, with
unpredictable results. [RT #20256]
* A potential NULL pointer deference in DNSSEC signing code could
cause named to terminate unexpectedly [RT #20256]
* Several cosmetic code changes were made to silence warnings
generated by a static code analysis tool. [RT #20256]
* Cause named to terminate at startup or rndc reconfig reload to
fail, if a log file specified in the conf file isn't a plain file.
(RT #22771]
* After an external code review, a code cleanup was done. [RT #22521]
* named now forces the ADB cache time for glue related data to zero
instead of relying on TTL. This corrects problematic behavior in
cases where a server was authoritative for the A record of a
nameserver for a delegated zone and was queried to recursively
resolve records within that zone. [RT #22842]
* Fix the zonechecks system test to fail on error (warning in 9.6,
fatal in 9.7) to match behaviour for 9.4. [RT #22905]
* Fixed precedence order bug with NS and DNAME records if both are
present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
* The secure zone update feature in named is based on the zone being
signed and configured for dynamic updates. A bug in the ACL
processing for "allow-update { none; };" resulted in a zone that is
supposed to be static being treated as a dynamic zone. Thus, named
would try to sign/re-sign that zone erroneously. [RT #23120]
* If a slave initiates a TSIG signed AXFR from the master and the
master fails to correctly TSIG sign the final message, the slave
would be left with the zone in an unclean state. named detected
this error too late and named would crash with an INSIST. The order
dependancy has been fixed. [RT #23254]
* If the server has an IPv6 address but does not have IPv6
connectivity to the internet, dig +trace could fail attempting to
use IPv6 addresses. [RT #23297]
* Changing TTL did not cause dnssec-signzone to generate new
signatures. [RT #23330]
* Have the validating resolver use RRSIG original TTL to compute
validated RRset and RRSIG TTL. [RT #23332]
* In "make test" bin/tests/resolver, hold the socket manager lock
while freeing the socket. [RT #23333]
* If named encountered a CNAME instead of a DS record when walking
the chain of trust down from the trust anchor, it incorrectly
stopped validating. [RT #23338]
* RRSIG records could have time stamps too far in the future. [RT
#23356]
* named stores cached data in an in-memory database and keeps track
of how recently the data is used with a heap. The heap is stored
within the cache's memory space. Under a sustained high query load
and with a small cache size, this could lead to the heap exhausting
the cache space. This would result in cache misses and SERVFAILs,
with named never releasing the cache memory the heap used up and
never recovering. This fix removes the heap into its own memory
space, preventing the heap from exhausting the cache space and
allowing named to recover gracefully when the high query load
abates. [RT #23371]
* If running on a powerpc CPU and with atomic operations enabled,
named could lock up. Added sync instructions to the end of atomic
operations. [RT #23469]
* If OpenSSL was built without engine support, named would have
compile errors and fail to build. [RT #23473]
* Handle isc_event_allocate failures in t_tasks test. [RT #23572]
* ixfr-from-differences {master|slave}; failed to select the
master/slave zones, resulting in on diff/journal file being
created. [RT #23580]
* If a DNAME substitution failed, named returned NOERROR. The correct
response should be YXDOMAIN. [RT #23591]
* Remove bin/tests/system/logfileconfig/ns1/named.conf and add
setup.sh in order to resolve changing named.conf issue. [RT #23687]
* NOTIFY messages were not being sent when generating a NSEC3 chain
incrementally. [RT #23702]
* Signatures for records at the zone apex could go stale due to an
incorrect timer setting. [RT #23769]
* The autosign tests attempted to open ports within reserved ranges.
Test now avoids those ports. [RT #23957]
* Clean up some cross-compiling issues and added two undocumented
configure options, --with-gost and --with-rlimtype, to allow
over-riding default settings (gost=no and rlimtype="long int") when
cross-compiling. [RT #24367]
* When trying sign with NSEC3, if dnssec-signzone couldn't find the
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
Known issues in this release
* "make test" will fail on OSX and possibly other operating systems.
The failure occurs in a new test to check for allow-query ACLs. The
failure is caused because the source address is not specified on
the dig commands issued in the test.
If running "make test" is part of your usual acceptance process,
please edit the file bin/tests/system/allow_query/test.sh and add
-b 10.53.0.2
to the DIGOPTS line.
Thank You
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
http://www.isc.org/supportisc.

269
RELEASE-NOTES-BIND-9.6-ESV.xml Normal file
View file

@ -0,0 +1,269 @@
<?xml version="1.0" encoding="UTF-8"?>
<article xmlns="http://docbook.org/ns/docbook"
xmlns:xl="http://www.w3.org/1999/xlink" version="5.0">
<section>
<title>Introduction</title>
<para>
BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
</para>
<para>
This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5.
Please see the CHANGES file in the source code release for a
complete list of all changes.
</para>
</section>
<section>
<title>Download</title>
<para>
The latest release of BIND 9 software can always be found
on our web site at
<link xl:href="http://www.isc.org/software/bind">http://www.isc.org/software/bind</link>.
There you will find additional information about each release,
source code, and some pre-compiled versions for certain operating
systems.
</para>
</section>
<section>
<title>Support</title>
<para>Product support information is available on
<link xl:href="http://www.isc.org/services/support">http://www.isc.org/services/support</link>
for paid support options. Free support is provided by our user
community via a mailing list. Information on all public email
lists is available at
<link xl:href="https://lists.isc.org/mailman/listinfo">https://lists.isc.org/mailman/listinfo</link>.
</para>
</section>
<section>
<title>New Features</title>
<section>
<title>9.6-ESV-R5</title>
<itemizedlist>
<listitem>
Added a tool able to generate malformed packets to allow testing
of how named handles them.
[RT #24096]
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Feature Changes</title>
<section>
<title>9.6-ESV-R5</title>
<itemizedlist>
<listitem>
Merged in the NetBSD ATF test framework (currently
version 0.12) for development of future unit tests.
Use configure --with-atf to build ATF internally
or configure --with-atf=prefix to use an external
copy. [RT #23209]
</listitem>
<listitem>
Added more verbose error reporting from DLZ LDAP. [RT #23402]
</listitem>
<listitem>
Replaced compile time constant with STDTIME_ON_32BITS.
[RT #23587]
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Bug Fixes</title>
<section>
<title>9.6-ESV-R5</title>
<itemizedlist>
<listitem>
During RFC5011 processing some journal write errors were not detected.
This could lead to managed-keys changes being committed but not
recorded in the journal files, causing potential inconsistencies
during later processing. [RT #20256]
</listitem>
<listitem>
A potential NULL pointer deference in the DNS64 code could cause
named to terminate unexpectedly. [RT #20256]
</listitem>
<listitem>
A state variable relating to DNSSEC could fail to be set during
some infrequently-executed code paths, allowing it to be used whilst
in an unitialized state during cache updates, with unpredictable results.
[RT #20256]
</listitem>
<listitem>
A potential NULL pointer deference in DNSSEC signing code could
cause named to terminate unexpectedly [RT #20256]
</listitem>
<listitem>
Several cosmetic code changes were made to silence warnings
generated by a static code analysis tool. [RT #20256]
</listitem>
<listitem>
Cause named to terminate at startup or rndc reconfig
reload to fail, if a log file specified in the
conf file isn't a plain file. (RT #22771]
</listitem>
<listitem>
named now forces the ADB cache time for glue related data to zero
instead of relying on TTL. This corrects problematic behavior in cases
where a server was authoritative for the A record of a nameserver for a
delegated zone and was queried to recursively resolve records within
that zone. [RT #22842]
</listitem>
<listitem>
Fix the zonechecks system test to fail on error (warning in 9.6,
fatal in 9.7) to match behaviour for 9.4. [RT #22905]
</listitem>
<listitem>
Fixed precedence order bug with NS and DNAME records if both are present.
[RT #23035]
</listitem>
<listitem>
The secure zone update feature in named is based on the zone being
signed and configured for dynamic updates. A bug in the ACL processing
for "allow-update { none; };" resulted in a zone that is supposed to
be static being treated as a dynamic zone. Thus, named would try to
sign/re-sign that zone erroneously. [RT #23120]
</listitem>
<listitem>
If a slave initiates a TSIG signed AXFR from the master and the master
fails to correctly TSIG sign the final message, the slave would be left
with the zone in an unclean state. named detected this error too late
and named would crash with an INSIST. The order dependancy has been
fixed. [RT #23254]
</listitem>
<listitem>
If the server has an IPv6 address but does not have IPv6 connectivity
to the internet, dig +trace could fail attempting to use IPv6
addresses. [RT #23297]
</listitem>
<listitem>
Changing TTL did not cause dnssec-signzone to generate new signatures.
[RT #23330]
</listitem>
<listitem>
Have the validating resolver use RRSIG original TTL to compute
validated RRset and RRSIG TTL. [RT #23332]
</listitem>
<listitem>
In "make test" bin/tests/resolver, hold the socket manager lock
while freeing the socket.
[RT #23333]
</listitem>
<listitem>
If named encountered a CNAME instead of a DS record when walking
the chain of trust down from the trust anchor, it incorrectly stopped
validating. [RT #23338]
</listitem>
<listitem>
RRSIG records could have time stamps too far in the future.
[RT #23356]
</listitem>
<listitem>
named stores cached data in an in-memory database and keeps track of
how recently the data is used with a heap. The heap is stored within the
cache's memory space. Under a sustained high query load and with a small
cache size, this could lead to the heap exhausting the cache space. This
would result in cache misses and SERVFAILs, with named never releasing
the cache memory the heap used up and never recovering.
This fix removes the heap into its own memory space, preventing the heap
from exhausting the cache space and allowing named to recover gracefully
when the high query load abates. [RT #23371]
</listitem>
<listitem>
If running on a powerpc CPU and with atomic operations enabled,
named could lock up. Added sync instructions to the end of atomic
operations. [RT #23469]
</listitem>
<listitem>
If OpenSSL was built without engine support, named would have
compile errors and fail to build.
[RT #23473]
</listitem>
<listitem>
Handle isc_event_allocate failures in t_tasks test.
[RT #23572]
</listitem>
<listitem>
ixfr-from-differences {master|slave};
failed to select the master/slave zones, resulting in on diff/journal
file being created.
[RT #23580]
</listitem>
<listitem>
If a DNAME substitution failed, named returned NOERROR. The correct
response should be YXDOMAIN.
[RT #23591]
</listitem>
<listitem>
Remove bin/tests/system/logfileconfig/ns1/named.conf and
add setup.sh in order to resolve changing named.conf issue. [RT #23687]
</listitem>
<listitem>
NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
</listitem>
<listitem>
Signatures for records at the zone apex could go
stale due to an incorrect timer setting. [RT #23769]
</listitem>
<listitem>
The autosign tests attempted to open ports within reserved ranges. Test
now avoids those ports.
[RT #23957]
</listitem>
<listitem>
Clean up some cross-compiling issues and added two undocumented
configure options, --with-gost and --with-rlimtype, to allow over-riding
default settings (gost=no and rlimtype="long int") when cross-compiling.
[RT #24367]
</listitem>
<listitem>
When trying sign with NSEC3, if dnssec-signzone couldn't find the
KSK, it would give an incorrect error "NSEC3 iterations too big for
weakest DNSKEY strength" rather than the correct "failed to find
keys at the zone apex: not found" [RT #24369]
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Known issues in this release</title>
<itemizedlist>
<listitem>
<para>
"make test" will fail on OSX and possibly other operating systems.
The failure occurs in a new test to check for allow-query ACLs.
The failure is caused because the source address is not specified on
the dig commands issued in the test.
</para>
<para>
If running "make test" is part of your usual acceptance process,
please edit the file <code>bin/tests/system/allow_query/test.sh</code>
and add
<para>
<code>-b 10.53.0.2</code>
</para>
to the <code>DIGOPTS</code> line.
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Thank You</title>
<para>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at
<link xl:href="http://www.isc.org/supportisc">http://www.isc.org/supportisc</link>.
</para>
</section>
</article>

42
release-notes.css Normal file
View file

@ -0,0 +1,42 @@
body {
background-color: #ffffff;
color: #333333;
font-family: "Helvetica Neue", "ArialMT", "Verdana", "Arial", "Helvetica", sans-serif;
font-size: 14px;
line-height: 18px;
margin: 2em auto;
width: 700px;
}
.command {
font-family: "Courier New", "Courier", monospace;
font-weight: normal;
}
.note {
background-color: #ddeedd;
border: 1px solid #aaccaa;
margin: 1em 0 1em 0;
padding: 0.5em 1em 0.5em 1em;
-moz-border-radius: 10px;
-webkit-border-radius: 10px;
}
.screen {
background-color: #ffffee;
border: 1px solid #ddddaa;
padding: 0.25em 1em 0.25em 1em;
margin: 1em 0 1em 0;
-moz-border-radius: 10px;
-webkit-border-radius: 10px;
}
.section.title {
font-size: 150%;
font-weight: bold;
}
.section.section.title {
font-size: 130%;
font-weight: bold;
}

4
version
View file

@ -1,4 +1,4 @@
# $Id: version,v 1.43.12.12 2011/04/08 02:19:06 marka Exp $
# $Id: version,v 1.43.12.13 2011/05/23 23:19:09 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@ -7,4 +7,4 @@ MAJORVER=9
MINORVER=6
PATCHVER=
RELEASETYPE=-ESV
RELEASEVER=-R5b1
RELEASEVER=-R5rc1