From 7f67efcc1481fbe8b1c206e11a5fa62004b17476 Mon Sep 17 00:00:00 2001 From: Tinderbox User Date: Tue, 13 Aug 2019 08:25:00 +0000 Subject: [PATCH] prep 9.14.5 --- CHANGES | 2 + README.md | 2 +- bin/named/named.conf.docbook | 2 +- doc/arm/Bv9ARM.ch01.html | 2 +- doc/arm/Bv9ARM.ch02.html | 2 +- doc/arm/Bv9ARM.ch03.html | 2 +- doc/arm/Bv9ARM.ch04.html | 2 +- doc/arm/Bv9ARM.ch05.html | 50 ++++++++++++++------ doc/arm/Bv9ARM.ch06.html | 2 +- doc/arm/Bv9ARM.ch07.html | 2 +- doc/arm/Bv9ARM.ch08.html | 68 ++++++++++++++++++++++++++-- doc/arm/Bv9ARM.ch09.html | 2 +- doc/arm/Bv9ARM.ch10.html | 2 +- doc/arm/Bv9ARM.ch11.html | 2 +- doc/arm/Bv9ARM.ch12.html | 2 +- doc/arm/man.arpaname.html | 2 +- doc/arm/man.ddns-confgen.html | 2 +- doc/arm/man.delv.html | 2 +- doc/arm/man.dig.html | 41 +++++++++++------ doc/arm/man.dnssec-cds.html | 2 +- doc/arm/man.dnssec-checkds.html | 2 +- doc/arm/man.dnssec-coverage.html | 2 +- doc/arm/man.dnssec-dsfromkey.html | 2 +- doc/arm/man.dnssec-importkey.html | 2 +- doc/arm/man.dnssec-keyfromlabel.html | 2 +- doc/arm/man.dnssec-keygen.html | 2 +- doc/arm/man.dnssec-keymgr.html | 2 +- doc/arm/man.dnssec-revoke.html | 2 +- doc/arm/man.dnssec-settime.html | 2 +- doc/arm/man.dnssec-signzone.html | 2 +- doc/arm/man.dnssec-verify.html | 2 +- doc/arm/man.dnstap-read.html | 2 +- doc/arm/man.filter-aaaa.html | 2 +- doc/arm/man.host.html | 2 +- doc/arm/man.mdig.html | 2 +- doc/arm/man.named-checkconf.html | 2 +- doc/arm/man.named-checkzone.html | 2 +- doc/arm/man.named-journalprint.html | 2 +- doc/arm/man.named-nzd2nzf.html | 2 +- doc/arm/man.named-rrchecker.html | 2 +- doc/arm/man.named.conf.html | 4 +- doc/arm/man.named.html | 2 +- doc/arm/man.nsec3hash.html | 2 +- doc/arm/man.nslookup.html | 2 +- doc/arm/man.nsupdate.html | 2 +- doc/arm/man.pkcs11-destroy.html | 2 +- doc/arm/man.pkcs11-keygen.html | 2 +- doc/arm/man.pkcs11-list.html | 2 +- doc/arm/man.pkcs11-tokens.html | 2 +- doc/arm/man.rndc-confgen.html | 2 +- doc/arm/man.rndc.conf.html | 2 +- doc/arm/man.rndc.html | 2 +- doc/arm/notes.xml | 33 ++++++++++++++ doc/arm/options.grammar.xml | 2 +- lib/bind9/api | 2 +- lib/dns/api | 4 +- lib/isc/api | 4 +- lib/isccfg/api | 2 +- lib/ns/api | 4 +- version | 2 +- 60 files changed, 223 insertions(+), 89 deletions(-) diff --git a/CHANGES b/CHANGES index ba452f951c..6fecd55d38 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.14.5 released --- + 5277. [bug] Cache DB statistics could underflow when serve-stale was in use, because of a bug in counter maintenance when RRsets become stale. diff --git a/README.md b/README.md index cb4177caaa..dc40a41273 100644 --- a/README.md +++ b/README.md @@ -388,7 +388,7 @@ issue number. Prior to 2018, these were usually of the form `[RT #NNN]` and referred to entries in the "bind9-bugs" RT database, which was not open to the public. More recent entries use the form `[GL #NNN]` or, less often, `[GL !NNN]`, which, respectively, refer to issues or merge requests in the -Gitlab database. Most of these are publically readable, unless they include +Gitlab database. Most of these are publicly readable, unless they include information which is confidential or security senstive. To look up a Gitlab issue by its number, use the URL diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 5f7dd754a5..c4b2c2fcfa 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -13,7 +13,7 @@ - 2019-04-25 + 2019-07-21 ISC diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index edcdb724f0..2ffa1803d9 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -614,6 +614,6 @@ -

BIND 9.14.4 (Stable Release)

+

BIND 9.14.5 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html index e5259eedc9..ec9a808ab6 100644 --- a/doc/arm/Bv9ARM.ch02.html +++ b/doc/arm/Bv9ARM.ch02.html @@ -146,6 +146,6 @@ -

BIND 9.14.4 (Stable Release)

+

BIND 9.14.5 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 01c9002f45..5527be1320 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -856,6 +856,6 @@ controls { -

BIND 9.14.4 (Stable Release)

+

BIND 9.14.5 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index e934e5cdac..a7280ee884 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -2863,6 +2863,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. -

BIND 9.14.4 (Stable Release)

+

BIND 9.14.5 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index b65dea3d5b..197672dff2 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -2408,7 +2408,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] check-wildcard boolean; cleaning-interval integer; clients-per-query integer; - cookie-algorithm ( aes | sha1 | sha256 ); + cookie-algorithm ( aes | sha1 | sha256 | siphash24 ); cookie-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); @@ -3492,7 +3492,9 @@ options {

Compatible IPv6 prefixes have lengths of 32, 40, 48, 56, - 64 and 96 as per RFC 6052. + 64 and 96 as per RFC 6052. Bits 64..71 inclusive must + be zero with the most significate bit of the prefix in + position 0.

Additionally a reverse IP6.ARPA zone will be created for @@ -6721,8 +6723,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; appear, they are not combined — the last one applies.

- By default, records are returned in indeterminate but - consistent order (see none above). + By default, records are returned in random order.

@@ -7645,6 +7646,14 @@ deny-answer-aliases { "example.net"; }; than that is a configuration error.

+

+ Rules encoded in response policy zones are processed after + Access Control Lists + (ACLs). All queries from clients which are not + permitted access to the resolver will be answered with a + status code of REFUSED, regardless of configured RPZ rules. +

+

Five policy triggers can be encoded in RPZ records.

@@ -13379,14 +13388,29 @@ HOST-127.EXAMPLE. MX 0 .

- The number of RRsets per RR type and nonexistent - names stored in the cache database. - If the exclamation mark (!) is printed for a RR - type, it means that particular type of RRset is - known to be nonexistent (this is also known as - "NXRRSET"). If a hash mark (#) is present then - the RRset is marked for garbage collection. - Maintained per view. + Statistics counters related to cache contents; + maintained per view. +

+

+ The "NXDOMAIN" counter is the number of names + that have been cached as nonexistent. + Counters named for RR types indicate the + number of active RRsets for each type in the cache + database. +

+

+ If an RR type name is preceded by an exclamation + mark (!), it represents the number of records in the + cache which indicate that the type does not exist + for a particular name (this is also known as "NXRRSET"). + If an RR type name is preceded by a hash mark (#), it + represents the number of RRsets for this type that are + present in the cache but whose TTLs have expired; these + RRsets may only be used if stale answers are enabled. + If an RR type name is preceded by a tilde (~), it + represents the number of RRsets for this type that are + present in the cache database but are marked for garbage + collection; these RRsets cannot be used.

@@ -14900,6 +14924,6 @@ HOST-127.EXAMPLE. MX 0 .
-

BIND 9.14.4 (Stable Release)

+

BIND 9.14.5 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 2f3e22b53d..7addf44e01 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -362,6 +362,6 @@ allow-query { !{ !10/8; any; }; key example; }; -

BIND 9.14.4 (Stable Release)

+

BIND 9.14.5 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index 0448b542b0..a675fcdb0e 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -191,6 +191,6 @@ -

BIND 9.14.4 (Stable Release)

+

BIND 9.14.5 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index 97fcffed85..7a358ede90 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -36,7 +36,7 @@

Table of Contents

-
Release Notes for BIND Version 9.14.4
+
Release Notes for BIND Version 9.14.5
Introduction
Note on Version Numbering
@@ -53,7 +53,7 @@

-Release Notes for BIND Version 9.14.4

+Release Notes for BIND Version 9.14.5

@@ -190,6 +190,26 @@ as a result of a zone update. [GL #513]

+
  • +

    + A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added. + [GL #605] +

    +

    + If you are running multiple DNS Servers (different versions of BIND 9 + or DNS server from multiple vendors) responding from the same IP + address (anycast or load-balancing scenarios), you'll have to make + sure that all the servers are configured with the same DNS Cookie + algorithm and same Server Secret for the best performance. +

    +
    • +
  • +

    + DS records included in DNS referral messages can now be validated + and cached immediately, reducing the number of queries needed for + a DNSSEC validation. [GL #964] +

    +

    • @@ -214,6 +234,48 @@ to root priming queries; this has been corrected. [GL #1092]

    +
  • +

    + Cache database statistics counters could report invalid values + when stale answers were enabled, because of a bug in counter + maintenance when cache data becomes stale. The statistics counters + have been corrected to report the number of RRsets for each + RR type that are active, stale but still potentially served, + or stale and marked for deletion. [GL #602] +

    +
    • +
  • +

    + Interaction between DNS64 and RPZ No Data rule (CNAME *.) could + cause unexpected results; this has been fixed. [GL #1106] +

    +
    • +
  • +

    + named-checkconf now checks DNS64 prefixes + to ensure bits 64-71 are zero. [GL #1159] +

    +
    • +
  • +

    + named-checkconf could crash during + configuration if configured to use "geoip continent" ACLs with + legacy GeoIP. [GL #1163] +

    +
    • +
  • +

    + named-checkconf now correctly reports missing + dnstap-output option when + dnstap is set. [GL #1136] +

    +
    • +
  • +

    + Handle ETIMEDOUT error on connect() with a non-blocking + socket. [GL #1133] +

    +
    • @@ -284,6 +346,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index dee746bdd8..db72a4866a 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -148,6 +148,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html index 072fe7699b..7163a2814c 100644 --- a/doc/arm/Bv9ARM.ch10.html +++ b/doc/arm/Bv9ARM.ch10.html @@ -914,6 +914,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html index 619ef59c82..881e569423 100644 --- a/doc/arm/Bv9ARM.ch11.html +++ b/doc/arm/Bv9ARM.ch11.html @@ -533,6 +533,6 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html index 969df10958..14b79db3a7 100644 --- a/doc/arm/Bv9ARM.ch12.html +++ b/doc/arm/Bv9ARM.ch12.html @@ -210,6 +210,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 237a11f7c1..d9218bd770 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -90,6 +90,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 28f948ec81..8dbbbc0fe8 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -220,6 +220,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index f2fb086c0a..ed4e7eff80 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -625,6 +625,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index 8b3eca356e..12ffce9e75 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -499,16 +499,28 @@

    Toggles the printing of the initial comment in the - output identifying the version of dig - and the query options that have been applied. This - comment is printed by default. + output, identifying the version of dig + and the query options that have been applied. This option + always has global effect; it cannot be set globally + and then overridden on a per-lookup basis. The default + is to print this comment.

    +[no]comments

    - Toggle the display of comment lines in the output. - The default is to print comments. + Toggles the display of some comment lines in the output, + containing information about the packet header and + OPT pseudosection, and the names of the response + section. The default is to print these comments. +

    +

    + Other types of comments in the output are not affected by + this option, but can be controlled using other command + line switches. These include +[no]cmd, + +[no]question, + +[no]stats, and + +[no]rrcomments.

    +[no]cookie[=####]
    @@ -775,14 +787,14 @@
    +[no]qr

    - Print [do not print] the query as it is sent. By - default, the query is not printed. + Toggles the display of the query message as it is sent. + By default, the query is not printed.

    +[no]question

    - Print [do not print] the question section of a query + Toggles the display of the question section of a query when an answer is returned. The default is to print the question section as a comment.

    @@ -852,7 +864,9 @@

    Provide a terse answer. The default is to print the - answer in a verbose form. + answer in a verbose form. This option always has global + effect; it cannot be set globally and then overridden on + a per-lookup basis.

    +[no]showsearch
    @@ -885,10 +899,9 @@
    +[no]stats

    - This query option toggles the printing of statistics: - when the query was made, the size of the reply and - so on. The default behavior is to print the query - statistics. + Toggles the printing of statistics: when the query was made, + the size of the reply and so on. The default behavior is to + print the query statistics as a comment after each lookup.

    +[no]subnet=addr[/prefix-length]
    @@ -1153,6 +1166,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-cds.html b/doc/arm/man.dnssec-cds.html index 84dcbb4071..bbdbcccc6e 100644 --- a/doc/arm/man.dnssec-cds.html +++ b/doc/arm/man.dnssec-cds.html @@ -376,6 +376,6 @@ nsupdate -l -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index 5f7a335560..c8b7f71510 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -150,6 +150,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index bed0315cde..da8ffb170d 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -270,6 +270,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index 4b2ce6af00..8ddd8b85da 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -352,6 +352,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html index 889ca23b0f..3f75fb39b2 100644 --- a/doc/arm/man.dnssec-importkey.html +++ b/doc/arm/man.dnssec-importkey.html @@ -250,6 +250,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index db2ead7abf..eee37f5471 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -498,6 +498,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 454c214bac..80af70ad23 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -557,6 +557,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-keymgr.html b/doc/arm/man.dnssec-keymgr.html index 07c241bca9..6634a6a631 100644 --- a/doc/arm/man.dnssec-keymgr.html +++ b/doc/arm/man.dnssec-keymgr.html @@ -405,6 +405,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index 7b578c702c..1beff60757 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -171,6 +171,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index 1e781140d3..16d3e78f76 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -349,6 +349,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index f1d43a9511..0a873606ca 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -701,6 +701,6 @@ db.example.com.signed -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index 73616241e6..b3f5e37fca 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -202,6 +202,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html index 92668f561f..fc7b0229ac 100644 --- a/doc/arm/man.dnstap-read.html +++ b/doc/arm/man.dnstap-read.html @@ -143,6 +143,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.filter-aaaa.html b/doc/arm/man.filter-aaaa.html index 8896ed4260..15cf5cba56 100644 --- a/doc/arm/man.filter-aaaa.html +++ b/doc/arm/man.filter-aaaa.html @@ -168,6 +168,6 @@ plugin query "/usr/local/lib/filter-aaaa.so" { -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index 47d34631e3..59d8ac2d09 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -366,6 +366,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html index f5ffc53f56..aeb36859b6 100644 --- a/doc/arm/man.mdig.html +++ b/doc/arm/man.mdig.html @@ -604,6 +604,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index c31496d4c4..712730d653 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -208,6 +208,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index e955b33b87..f9e0e7bac9 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -463,6 +463,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index f2b0cb3cf1..d4e9ba001f 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -117,6 +117,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html index 7a8491a6b0..90b85e1c8f 100644 --- a/doc/arm/man.named-nzd2nzf.html +++ b/doc/arm/man.named-nzd2nzf.html @@ -119,6 +119,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index 529ef51d8e..9288547ec5 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -121,6 +121,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index 671030c441..6f9a1eae84 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -226,7 +226,7 @@ options check-wildcard boolean;
    cleaning-interval integer;
    clients-per-query integer;
    - cookie-algorithm ( aes | sha1 | sha256 );
    + cookie-algorithm ( aes | sha1 | sha256 | siphash24 );
    cookie-secret string;
    coresize ( default | unlimited | sizeval );
    datasize ( default | unlimited | sizeval );
    @@ -1075,6 +1075,6 @@ zone -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index a62080a20d..d036e7466e 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -492,6 +492,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index b8ad7b57f7..38c46fdc77 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -155,6 +155,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html index ae87002d86..a0535eabde 100644 --- a/doc/arm/man.nslookup.html +++ b/doc/arm/man.nslookup.html @@ -437,6 +437,6 @@ nslookup -query=hinfo -timeout=10 -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 6e99ef20d3..80df081e38 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -818,6 +818,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html index 6df4c2be45..d4236ea296 100644 --- a/doc/arm/man.pkcs11-destroy.html +++ b/doc/arm/man.pkcs11-destroy.html @@ -162,6 +162,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html index c8be62dab6..53daefc153 100644 --- a/doc/arm/man.pkcs11-keygen.html +++ b/doc/arm/man.pkcs11-keygen.html @@ -200,6 +200,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html index f11a9a2a91..e20b4b8c86 100644 --- a/doc/arm/man.pkcs11-list.html +++ b/doc/arm/man.pkcs11-list.html @@ -158,6 +158,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html index 8c7751f451..0bf794d021 100644 --- a/doc/arm/man.pkcs11-tokens.html +++ b/doc/arm/man.pkcs11-tokens.html @@ -123,6 +123,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index c51c506516..6a15ae9e1a 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -260,6 +260,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 84aa1aa75e..957300d43d 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -268,6 +268,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 44b931c1b9..8ef607649d 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -1024,6 +1024,6 @@ -

    BIND 9.14.4 (Stable Release)

    +

    BIND 9.14.5 (Stable Release)

    diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index c98cd84ac2..4a9a075d14 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -145,6 +145,7 @@ A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added. + [GL #605] If you are running multiple DNS Servers (different versions of BIND 9 @@ -193,6 +194,38 @@ or stale and marked for deletion. [GL #602] + + + Interaction between DNS64 and RPZ No Data rule (CNAME *.) could + cause unexpected results; this has been fixed. [GL #1106] + + + + + named-checkconf now checks DNS64 prefixes + to ensure bits 64-71 are zero. [GL #1159] + + + + + named-checkconf could crash during + configuration if configured to use "geoip continent" ACLs with + legacy GeoIP. [GL #1163] + + + + + named-checkconf now correctly reports missing + dnstap-output option when + dnstap is set. [GL #1136] + + + + + Handle ETIMEDOUT error on connect() with a non-blocking + socket. [GL #1133] + + diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml index 37e677a72b..842fa1e8a5 100644 --- a/doc/arm/options.grammar.xml +++ b/doc/arm/options.grammar.xml @@ -59,7 +59,7 @@ check-wildcard boolean; cleaning-interval integer; clients-per-query integer; - cookie-algorithm ( aes | sha1 | sha256 ); + cookie-algorithm ( aes | sha1 | sha256 | siphash24 ); cookie-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); diff --git a/lib/bind9/api b/lib/bind9/api index 4b38f850c9..2f1ed64c29 100644 --- a/lib/bind9/api +++ b/lib/bind9/api @@ -10,5 +10,5 @@ # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 LIBINTERFACE = 1302 -LIBREVISION = 3 +LIBREVISION = 4 LIBAGE = 0 diff --git a/lib/dns/api b/lib/dns/api index 52dfa188d0..d292edb32a 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -9,6 +9,6 @@ # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 -LIBINTERFACE = 1309 -LIBREVISION = 1 +LIBINTERFACE = 1310 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isc/api b/lib/isc/api index 0f0b939f06..aaa7206bab 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -9,6 +9,6 @@ # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 -LIBINTERFACE = 1308 -LIBREVISION = 1 +LIBINTERFACE = 1309 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isccfg/api b/lib/isccfg/api index 8f39c607e7..1a831dada6 100644 --- a/lib/isccfg/api +++ b/lib/isccfg/api @@ -10,5 +10,5 @@ # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 LIBINTERFACE = 1302 -LIBREVISION = 0 +LIBREVISION = 1 LIBAGE = 0 diff --git a/lib/ns/api b/lib/ns/api index 879faac87f..d6c4ffbb4b 100644 --- a/lib/ns/api +++ b/lib/ns/api @@ -9,6 +9,6 @@ # 9.11: 160-169 # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 -LIBINTERFACE = 1306 -LIBREVISION = 1 +LIBINTERFACE = 1307 +LIBREVISION = 0 LIBAGE = 0 diff --git a/version b/version index 06a7cf58a9..45985c5129 100644 --- a/version +++ b/version @@ -5,7 +5,7 @@ PRODUCT=BIND DESCRIPTION="(Stable Release)" MAJORVER=9 MINORVER=14 -PATCHVER=4 +PATCHVER=5 RELEASETYPE= RELEASEVER= EXTENSIONS=