diff --git a/doc/notes/notes-9.20.17.rst b/doc/notes/notes-9.20.17.rst index f802b4052f..c504cf77cc 100644 --- a/doc/notes/notes-9.20.17.rst +++ b/doc/notes/notes-9.20.17.rst @@ -15,68 +15,66 @@ Notes for BIND 9.20.17 Feature Changes ~~~~~~~~~~~~~~~ -- Provide more information when the memory allocation fails. - - Provide more information about the failure when the memory allocation - fails. - - Reduce the number of outgoing queries. - Reduces the number of outgoing queries when resolving the nameservers - for delegation points. This helps the DNS resolver with cold cache + Reduce the number of outgoing queries when resolving the nameservers + for delegation points. This helps a DNS resolver with a cold cache resolve client queries with complex delegation chains and - redirections. + redirections. :gl:`!11148` + +- Provide more information when memory allocation fails. + + BIND now provides more information about the failure when memory allocation + fails. :gl:`!11272` Bug Fixes ~~~~~~~~~ -- Fix the spurious timeouts while resolving names. +- Adding NSEC3 opt-out records could leave invalid records in chain. - Sometimes the loops in the resolving (e.g. to resolve or validate - ns1.example.com we need to resolve ns1.example.com) were not properly - detected leading to spurious 10 seconds delay. This has been fixed - and such loops are properly detected. :gl:`#3033`, #5578 + When creating an NSEC3 opt-out chain, a node in the chain could be + removed too soon. The previous NSEC3 would therefore not be found, + resulting in invalid NSEC3 records being left in the zone. This has + been fixed. :gl:`#5671` + +- Fix spurious timeouts while resolving names. + + Sometimes, loops in the resolving process (e.g., to resolve or validate + ``ns1.example.com``, we need to resolve ``ns1.example.com``) were not properly + detected, leading to a spurious 10-second delay. This has been fixed, + and such loops are properly detected. :gl:`#3033` :gl:`#5578` - Fix bug where zone switches from NSEC3 to NSEC after retransfer. - When a zone is re-transferred, but the zone journal on an - inline-signing secondary is out of sync, the zone could fall back to + When a zone was re-transferred but the zone journal on an + inline-signing secondary was out of sync, the zone could fall back to using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527` -- AMTRELAY type 0 presentation format handling was wrong. +- ``AMTRELAY`` type 0 presentation format handling was wrong. - RFC 8777 specifies a placeholder value of "." for the gateway field - when the gateway type is 0 (no gateway). This was not being checked - for nor emitted when displaying the record. This has been corrected. + :rfc:`8777` specifies a placeholder value of ``.`` for the gateway field + when the gateway type is 0 (no gateway). This was not being checked + for, nor was it emitted when displaying the record. This has been corrected. Instances of this record will need the placeholder period added to them when upgrading. :gl:`#5639` -- Fix parsing bug in remote-servers with key or tls. +- Fix parsing bug in :any:`remote-servers` with key or TLS. - The :any:`remote-servers` clause enable the following pattern using a - named ``server-list``: + The :any:`remote-servers` clause enables the following pattern using a + named ``server-list``:: - remote-servers a { 1.2.3.4; ... }; remote-servers b { a key - foo; }; + remote-servers a { 1.2.3.4; ... }; + remote-servers b { a key foo; }; - However, such configuration was wrongly rejected, with an "unexpected - token 'foo'" error. Such configuration is now accepted. :gl:`#5646` + However, such a configuration was wrongly rejected, with an ``unexpected + token 'foo'`` error. This configuration is now accepted. :gl:`#5646` -- Fix TLS contexts cache object usage bug in the resolver. +- Fix DoT reconfigure/reload bug in the resolver. - :iscman:`named` could terminate unexpectedly when reconfiguring or - reloading, and if client-side TLS transport was in use (for example, - when forwarding queries to a DoT server). This has been fixed. + If client-side TLS transport was in use (for example, when + forwarding queries to a DoT server), :iscman:`named` could + terminate unexpectedly when reconfiguring or reloading. This + has been fixed. :gl:`#5653` -- Adding NSEC3 opt-out records could leave invalid records in - chain. - - When creating an NSEC3 opt-out chain, a node in the chain could be - removed too soon, causing the previous NSEC3 being unable to be found, - resulting in invalid NSEC3 records to be left in the zone. This has - been fixed. - - Closes [#5671](#5671) -