mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-26 03:12:16 -04:00
Tweak and reword release notes
This commit is contained in:
Andoni Duarte Pintado
parent
f8aae78496
commit
78089dba2f
1 changed files with 38 additions and 40 deletions
|
|
@ -15,68 +15,66 @@ Notes for BIND 9.20.17
|
|||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- Provide more information when the memory allocation fails.
|
||||
|
||||
Provide more information about the failure when the memory allocation
|
||||
fails.
|
||||
|
||||
- Reduce the number of outgoing queries.
|
||||
|
||||
Reduces the number of outgoing queries when resolving the nameservers
|
||||
for delegation points. This helps the DNS resolver with cold cache
|
||||
Reduce the number of outgoing queries when resolving the nameservers
|
||||
for delegation points. This helps a DNS resolver with a cold cache
|
||||
resolve client queries with complex delegation chains and
|
||||
redirections.
|
||||
redirections. :gl:`!11148`
|
||||
|
||||
- Provide more information when memory allocation fails.
|
||||
|
||||
BIND now provides more information about the failure when memory allocation
|
||||
fails. :gl:`!11272`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- Fix the spurious timeouts while resolving names.
|
||||
- Adding NSEC3 opt-out records could leave invalid records in chain.
|
||||
|
||||
Sometimes the loops in the resolving (e.g. to resolve or validate
|
||||
ns1.example.com we need to resolve ns1.example.com) were not properly
|
||||
detected leading to spurious 10 seconds delay. This has been fixed
|
||||
and such loops are properly detected. :gl:`#3033`, #5578
|
||||
When creating an NSEC3 opt-out chain, a node in the chain could be
|
||||
removed too soon. The previous NSEC3 would therefore not be found,
|
||||
resulting in invalid NSEC3 records being left in the zone. This has
|
||||
been fixed. :gl:`#5671`
|
||||
|
||||
- Fix spurious timeouts while resolving names.
|
||||
|
||||
Sometimes, loops in the resolving process (e.g., to resolve or validate
|
||||
``ns1.example.com``, we need to resolve ``ns1.example.com``) were not properly
|
||||
detected, leading to a spurious 10-second delay. This has been fixed,
|
||||
and such loops are properly detected. :gl:`#3033` :gl:`#5578`
|
||||
|
||||
- Fix bug where zone switches from NSEC3 to NSEC after retransfer.
|
||||
|
||||
When a zone is re-transferred, but the zone journal on an
|
||||
inline-signing secondary is out of sync, the zone could fall back to
|
||||
When a zone was re-transferred but the zone journal on an
|
||||
inline-signing secondary was out of sync, the zone could fall back to
|
||||
using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527`
|
||||
|
||||
- AMTRELAY type 0 presentation format handling was wrong.
|
||||
- ``AMTRELAY`` type 0 presentation format handling was wrong.
|
||||
|
||||
RFC 8777 specifies a placeholder value of "." for the gateway field
|
||||
when the gateway type is 0 (no gateway). This was not being checked
|
||||
for nor emitted when displaying the record. This has been corrected.
|
||||
:rfc:`8777` specifies a placeholder value of ``.`` for the gateway field
|
||||
when the gateway type is 0 (no gateway). This was not being checked
|
||||
for, nor was it emitted when displaying the record. This has been corrected.
|
||||
|
||||
Instances of this record will need the placeholder period added to
|
||||
them when upgrading. :gl:`#5639`
|
||||
|
||||
- Fix parsing bug in remote-servers with key or tls.
|
||||
- Fix parsing bug in :any:`remote-servers` with key or TLS.
|
||||
|
||||
The :any:`remote-servers` clause enable the following pattern using a
|
||||
named ``server-list``:
|
||||
The :any:`remote-servers` clause enables the following pattern using a
|
||||
named ``server-list``::
|
||||
|
||||
remote-servers a { 1.2.3.4; ... }; remote-servers b { a key
|
||||
foo; };
|
||||
remote-servers a { 1.2.3.4; ... };
|
||||
remote-servers b { a key foo; };
|
||||
|
||||
However, such configuration was wrongly rejected, with an "unexpected
|
||||
token 'foo'" error. Such configuration is now accepted. :gl:`#5646`
|
||||
However, such a configuration was wrongly rejected, with an ``unexpected
|
||||
token 'foo'`` error. This configuration is now accepted. :gl:`#5646`
|
||||
|
||||
- Fix TLS contexts cache object usage bug in the resolver.
|
||||
- Fix DoT reconfigure/reload bug in the resolver.
|
||||
|
||||
:iscman:`named` could terminate unexpectedly when reconfiguring or
|
||||
reloading, and if client-side TLS transport was in use (for example,
|
||||
when forwarding queries to a DoT server). This has been fixed.
|
||||
If client-side TLS transport was in use (for example, when
|
||||
forwarding queries to a DoT server), :iscman:`named` could
|
||||
terminate unexpectedly when reconfiguring or reloading. This
|
||||
has been fixed.
|
||||
:gl:`#5653`
|
||||
|
||||
- Adding NSEC3 opt-out records could leave invalid records in
|
||||
chain.
|
||||
|
||||
When creating an NSEC3 opt-out chain, a node in the chain could be
|
||||
removed too soon, causing the previous NSEC3 being unable to be found,
|
||||
resulting in invalid NSEC3 records to be left in the zone. This has
|
||||
been fixed.
|
||||
|
||||
Closes [#5671](#5671)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue