upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-07 13:22:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: doc: Track changes in separate files

Browse source 
Keep the changelog for each version in a separate source file to avoid
rebase conflicts when handling the -S version.

---

Related !9528

Closes #4946

Merge branch 'nicki/reorganize-changelog-docfiles-9.21' into 'main'

See merge request isc-projects/bind9!9549
This commit is contained in:
Nicki Křížek 2024-09-24 14:12:29 +00:00
commit 812f0031bf
6 changed files with 22984 additions and 22942 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
contrib/gitchangelog/changelog.rc.py
View file

@ -291,12 +291,7 @@ include_merge = True
# r'/(?P<rev>[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n/',
# idx=lambda m: m.start(1)
# )
# publish = stdout
publish = FileInsertAtFirstRegexMatch(
"doc/arm/changelog.rst",
r"for changes relevant to them.\n\n",
idx=lambda m: m.end(0),
)
publish = stdout
## ``revs`` is a list of callable or a list of string

1
doc/arm/Makefile.am
View file

@ -66,6 +66,7 @@ EXTRA_DIST = \
_ext/namedconf.py \
_ext/rndcconf.py \
_static/custom.css \
../changelog/*.rst \
../dnssec-guide \
../misc/options \
../misc/rndc.grammar \

22939
doc/arm/changelog.rst
View file

File diff suppressed because it is too large Load diff

340
doc/changelog/changelog-9.21.0.rst Normal file
View file

@ -0,0 +1,340 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
BIND 9.21.0
-----------
New Features
~~~~~~~~~~~~
- Tighten 'max-recursion-queries' and add 'max-query-restarts' option.
``f202937078f``
There were cases in resolver.c when the `max-recursion-queries` quota
was ineffective. It was possible to craft zones that would cause a
resolver to waste resources by sending excessive queries while
attempting to resolve a name. This has been addressed by correcting
errors in the implementation of `max-recursion-queries`, and by
reducing the default value from 100 to 32.
In addition, a new `max-query-restarts` option has been added which
limits the number of times a recursive server will follow CNAME or
DNAME records before terminating resolution. This was previously a
hard-coded limit of 16, and now defaults to 11. :gl:`#4741`
:gl:`!9281`
- Implement rndc retransfer -force. ``34589811c59``
A new optional argument '-force' has been added to the command channel
command 'rndc retransfer'. When it is specified, named aborts the
ongoing zone transfer (if there is one), and starts a new transfer.
:gl:`#2299` :gl:`!9102`
- Add support for external log rotation tools. ``5ff1fbe1550``
Add two mechanisms to close open log files. The first is `rndc
closelogs`. The second is `kill -USR1 <pid>`. They are intended to be
used with external log rotation tools. :gl:`#4780` :gl:`!9113`
- Generate changelog from git log. ``a64ecc5fdd8``
Use a single source of truth, the git log, to generate the list of
CHANGES. Use the .rst format and include it in the ARM for a quick
reference with proper gitlab links to issues and merge requests.
:gl:`#75` :gl:`!9152`
Feature Changes
~~~~~~~~~~~~~~~
- Use only c23 or c11 noreturn specifiers. ``cd92a145a36``
Use `[[noreturn]]` when compiling with C23 or greater.
The attribute macro name has been capitalized as `NORETURN` as
defining it as `noreturn` breaks external headers. `#define noreturn
__attribute__((noreturn))` wasn't used as C11's
`stdnoreturn.h`/`_Noreturn` is required to build BIND9 in the first
place. :gl:`!9149`
- Initialize the DST subsystem implicitly. ``7f2513a5aa8``
Instead of calling dst_lib_init() and dst_lib_destroy() explicitly by
all the programs, create a separate memory context for the DST
subsystem and use the library constructor and destructor to initialize
the DST internals. :gl:`!9254`
- Remove OpenSSL 1.x Engine support. ``b620b7e9118``
The OpenSSL 1.x Engines support has been deprecated in the OpenSSL 3.x
and is going to be removed from the upstream OpenSSL. Remove the
OpenSSL Engine support from BIND 9 in favor of OpenSSL 3.x Providers.
:gl:`#4828` :gl:`!9252`
- Fix the rsa exponent to 65537. ``5fafb0e7f7b``
There isn't a realistic reason to ever use e = 4294967297. Fortunately
its codepath wasn't reachable to users and can be safetly removed.
Keep in mind the `dns_key_generate` header comment was outdated. e = 3
hasn't been used since 2006 so there isn't a reason to panic. The
toggle was the public exponents between 65537 and 4294967297.
:gl:`!9133`
- Remove the crc64 implementation. ``9397251eb32``
CRC-64 has been added for map files. Now that the map file format has
been removed, there isn't a reason to keep the implementation.
:gl:`!9135`
- Call rcu_barrier() in the isc_mem_destroy() just once. ``dcee04f70cb``
The previous work in this area was led by the belief that we might be
calling call_rcu() from within call_rcu() callbacks. After carefully
checking all the current callback, it became evident that this is not
the case and the problem isn't enough rcu_barrier() calls, but
something entirely else.
Call the rcu_barrier() just once as that's enough and the multiple
rcu_barrier() calls will not hide the real problem anymore, so we can
find it. :gl:`!9134`
- Require at least OpenSSL 1.1.1. ``96ccd962b72``
OpenSSL 1.1.1 or better (or equivalent LibreSSL version) is now
required to compile BIND 9. :gl:`#2806` :gl:`!9110`
- Don't open route socket if we don't need it. ``246d5ccbc9c``
When automatic-interface-scan is disabled, the route socket was still
being opened. Add new API to connect / disconnect from the route
socket only as needed.
Additionally, move the block that disables periodic interface rescans
to a place where it actually have access to the configuration values.
Previously, the values were being checked before the configuration was
loaded. :gl:`#4757` :gl:`!9122`
- Clarify that cds_wfcq_dequeue_blocking() doesn't block if empty.
``afe406be395``
:gl:`!9124`
- Allow shorter resolver-query-timeout configuration. ``1661278b343``
The minimum allowed value of 'resolver-query-timeout' was lowered to
301 milliseconds instead of the earlier 10000 milliseconds (which is
the default). As earlier, values less than or equal to 300 are
converted to seconds before applying the limit. :gl:`#4320`
:gl:`!9091`
- Replace `#define DNS_GETDB_` with struct of bools. ``020fda92b4b``
Replace `#define DNS_GETDB_` with struct of bools to make it easier to
pretty-print the attributes in a debugger. :gl:`#4559` :gl:`!9093`
- Fix data race in clean_finds_at_name. ``0dcc93d87a8``
Stop updating `find.result_v4` and `find.result_v4` in
`clean_finds_at_name`. The values are supposed to be
static. :gl:`#4118` :gl:`!9108`
Bug Fixes
~~~~~~~~~
- Reconfigure catz member zones during named reconfiguration.
``acfa5b28f91``
During a reconfiguration named wasn't reconfiguring catalog zones'
member zones. This has been fixed. :gl:`#4733`
- Move the dst__openssl_toresult to isc_tls unit. ``9e7cd68d9fe``
Since the enable_fips_mode() now resides inside the isc_tls unit, BIND
9 would fail to compile when FIPS mode was enabled as the DST
subsystem logging functions were missing.
Move the crypto library logging functions from the openssl_link unit
to isc_tls unit and enhance it, so it can now be used from both places
keeping the old dst__openssl_toresult* macros alive. :gl:`!9286`
- Disassociate the SSL object from the cached SSL_SESSION.
``1d1bc3a1485``
When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.
Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9271`
- Attach/detach to the listening child socket when accepting TLS.
``ee00bddf94f``
When TLS connection (TLSstream) connection was accepted, the children
listening socket was not attached to sock->server and thus it could
have been freed before all the accepted connections were actually
closed.
In turn, this would cause us to call isc_tls_free() too soon - causing
cascade errors in pending SSL_read_ex() in the accepted connections.
Properly attach and detach the children listening socket when
accepting and closing the server connections. :gl:`#4833` :gl:`!9270`
- Fix --enable-tracing build on systems without dtrace. ``ced1eb358da``
Missing file util/dtrace.sh prevented builds on system without dtrace
utility. This has been corrected.
- Make hypothesis optional for system tests. ``5dd3c416760``
Ensure that system tests can be executed without Python hypothesis
package. :gl:`#4831` :gl:`!9265`
- Dig now reports missing query section for opcode QUERY.
``7facf967aca``
Query responses should contain the question section with some
exceptions. Dig was not reporting this. :gl:`#4808` :gl:`!9233`
- Fix assertion failure in the glue cache. ``227add4c3eb``
Fix an assertion failure that could happen as a result of data race
between free_gluetable() and addglue() on the same headers.
:gl:`#4691` :gl:`!9126`
- Don't use 'create' flag unnecessarily in findnode() ``a26055f03ec``
when searching the cache for a node so that we can delete an rdataset,
it isn't necessary to set the 'create' flag. if the node doesn't exist
yet, we won't be able to delete anything from it anyway. :gl:`!9158`
- Raise the log level of priming failures. ``6573276bada``
When a priming query is complete, it's currently logged at level
ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising
it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516`
:gl:`!9121`
- Fix assertion failure when checking named-checkconf version.
``00739e99f67``
Checking the version of `named-checkconf` would end with assertion
failure. This has been fixed. :gl:`#4827` :gl:`!9243`
- Valid TSIG signatures with invalid time cause crash. ``7a705a3ea4e``
An assertion failure triggers when the TSIG has valid cryptographic
signature, but the time is invalid. This can happen when the times
between the primary and secondary servers are not synchronised.
:gl:`#4811` :gl:`!9234`
- Don't skip the counting if fcount_incr() is called with force==true.
``026024a6aed``
The fcount_incr() was incorrectly skipping the accounting for the
fetches-per-zone if the force argument was set to true. We want to
skip the accounting only when the fetches-per-zone is completely
disabled, but for individual names we need to do the accounting even
if we are forcing the result to be success. :gl:`#4786` :gl:`!9115`
- Don't skip the counting if fcount_incr() is called with force==true
(v2) ``8b70722fcb``
The fcount_incr() was not increasing counter->count when force was set
to true, but fcount_decr() would try to decrease the counter leading
to underflow and assertion failure. Swap the order of the arguments
in the condition, so the !force is evaluated after incrementing the
.count. :gl:`#4846` :gl:`!9298`
- Remove superfluous memset() in isc_nmsocket_init() ``4c363393ff1``
The tlsstream part of the isc_nmsocket_t gets initialized via
designater initializer and doesn't need the extra memset() later; just
remove it. :gl:`!9120`
- Fix PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP usage.
``4efdb8b00a0``
The PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP are
usually not defines, but enum values, so simple preprocessor check
doesn't work.
Check for PTHREAD_MUTEX_ADAPTIVE_NP from the autoconf
AS_COMPILE_IFELSE block and define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP.
This should enable adaptive mutex on Linux and FreeBSD.
As PTHREAD_MUTEX_ERRORCHECK actually comes from POSIX and Linux glibc
does define it when compatibility macros are being set, we can just
use PTHREAD_MUTEX_ERRORCHECK instead of PTHREAD_MUTEX_ERRORCHECK_NP.
:gl:`!9111`
- Remove extra newline from yaml output. ``b9cbd3bc767``
I split this into two commits, one for the actual newline removal, and
one for issues I found, ruining the yaml output when some errors were
outputted.
- CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW.
``35d93624a56``
Add INSIST to fail if the multiplication would cause the variables to
overflow. :gl:`#4798` :gl:`!9131`
- Remove unnecessary operations. ``33f4ee7c36c``
Decrementing optlen immediately before calling continue is unneccesary
and inconsistent with the rest of dns_message_pseudosectiontoyaml and
dns_message_pseudosectiontotext. Coverity was also reporting an
impossible false positive overflow of optlen (CID 499061). :gl:`!9130`
- Fix generation of 6to4-self name expansion from IPv4 address.
``ea2a5909a56``
The period between the most significant nibble of the encoded IPv4
address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the
wrong name being checked. Add system test for 6to4-self
implementation. :gl:`#4766` :gl:`!9099`
- Fix false QNAME minimisation error being reported. ``5857a4d3972``
Remove the false positive "success resolving" log message when QNAME
minimisation is in effect and the final result is NXDOMAIN.
:gl:`#4784` :gl:`!9117`
- Dig +yaml was producing unexpected and/or invalid YAML output.
``93d7d221bd9``
:gl:`#4796` :gl:`!9127`
- SVBC alpn text parsing failed to reject zero length alpn.
``0b56763df3f``
:gl:`#4775` :gl:`!9106`
- Return SERVFAIL for a too long CNAME chain. ``89ab9e948d1``
When cutting a long CNAME chain, named was returning NOERROR instead
of SERVFAIL (alongside with a partial answer). This has been fixed.
:gl:`#4449` :gl:`!9090`
- Properly calculate the amount of system memory. ``6427d625ea5``
On 32 bit machines isc_meminfo_totalphys could return an incorrect
value. :gl:`#4799` :gl:`!9132`
- Update key lifetime and metadata after dnssec-policy reconfig.
``d9d882816aa``
Adjust key state and timing metadata if dnssec-policy key lifetime
configuration is updated, so that it also affects existing keys.
:gl:`#4677` :gl:`!9118`

272
doc/changelog/changelog-9.21.1.rst Normal file
View file

@ -0,0 +1,272 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
BIND 9.21.1
-----------
New Features
~~~~~~~~~~~~
- Support for Offline KSK implemented. ``bfa206beecc``
Add a new configuration option `offline-ksk` to enable Offline KSK key
management. Signed Key Response (SKR) files created with `dnssec-ksr`
(or other program) can now be imported into `named` with the new `rndc
skr -import` command. Rather than creating new DNSKEY, CDS and CDNSKEY
records and generating signatures covering these types, these records
are loaded from the currently active bundle from the imported SKR.
The implementation is loosely based on:
https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-
keymgmt-01.txt :gl:`#1128` :gl:`!9119`
- Implement the 'request-ixfr-max-diffs' configuration option.
``99b18bab7e1``
The new 'request-ixfr-max-diffs' configuration option sets the maximum
number of incoming incremental zone transfer (IXFR) differences,
exceeding which triggers a full zone transfer (AXFR). :gl:`#4389`
:gl:`!9094`
- Print the full path of the working directory in startup log messages.
``cf53eac46e9``
named now prints its initial working directory during startup and the
changed working directory when loading or reloading its configuration
file if it has a valid 'directory' option defined. :gl:`#4731`
:gl:`!9362`
- Support restricted key tag range when generating new keys.
``d40b722d462``
It is useful when multiple signers are being used to sign a zone to
able to specify a restricted range of range of key tags that will be
used by an operator to sign the zone. This adds controls to named
(dnssec-policy), dnssec-signzone, dnssec-keyfromlabel and dnssec-ksr
(dnssec-policy) to specify such ranges. :gl:`#4830` :gl:`!9258`
Removed Features
~~~~~~~~~~~~~~~~
- Remove the 'dialup' and 'heartbeat-interval' options. ``a133a33b650``
The `dialup` and `heartbeat-interval` options have been removed, along
with all code implementing them. Using these options is now a fatal
error. :gl:`#4237` :gl:`!8160`
- Remove outdated perllib integration. ``f73a19bb3e9``
The code in conftools/ directory hasn't been touched since 2000.
Nobody knows what it does and nobody even knows how to build it or
test it. Just remove the whole directory. :gl:`!9302`
Feature Changes
~~~~~~~~~~~~~~~
- Use deterministic ecdsa for openssl >= 3.2. ``069c6c22654``
OpenSSL has added support for deterministic ECDSA (RFC 6979) with
version 3.2.
Use it by default as it removes arguably its most fragile side of
ECDSA. The derandomization doesn't pose a risk for DNS usecases and is
allowed by FIPS 186-5. :gl:`#299` :gl:`!9128`
- Exempt prefetches from the fetches-per-zone and fetches-per-server
quotas. ``4cd73e2536c``
Fetches generated automatically as a result of 'prefetch' are now
exempt from the 'fetches-per-zone' and 'fetches-per-server' quotas.
This should help in maintaining the cache from which query responses
can be given. :gl:`#4219` :gl:`!9095`
- Restore the ability to select individual unit tests. ``2299aba5c20``
This add the command line arguments: `-d` (debug), `-l` (list tests)
and `-t test` (run this test) to the unit tests, e.g.:
.. code::
% ./rdata_test -t zonemd
[==========] selected:
Running 1 test(s).
[ RUN ] zonemd
[ OK ] zonemd
[==========] selected: 1 test(s) run.
[ PASSED ] 1 test(s).
%
:gl:`#4579` :gl:`!9384`
- Process also the ISC_R_CANCELED result code in rpz_rewrite()
``d0d6ad0c52e``
Log canceled resolver queries (e.g. when shutting down a hung fetch)
in DEBUG3 level instead of DEBUG1 which is used for the "unrecognized"
result codes. :gl:`#4797` :gl:`!9148`
- Use single logging context for everything. ``aa408051d6c``
Instead of juggling different logging context, use one single logging
context that gets initialized in the libisc constructor and destroyed
in the libisc destructor. :gl:`#4848` :gl:`!9301`
- Remove code to read and parse /proc/net/if_inet6 on Linux.
``8071384324b``
The getifaddr() works fine for years, so we don't have to keep the
callback to parse /proc/net/if_inet6 anymore. :gl:`#4852` :gl:`!9315`
- Use seteuid()/setegid() instead of setreseuid()/setresgid()
``558ec133ea1``
It looks like that all supported systems now have support for
_POSIX_SAVED_IDS, so it's safe to use setegid() and setegid() because
those will not change saved used/group IDs. :gl:`#4862` :gl:`!9363`
- Follow the number of CPU set by taskset/cpuset. ``9afcdc2b184``
Administrators may wish to constrain the set of cores that BIND 9 runs
on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on
other O/S).
If the admin has used taskset, the `named` will now follow to
automatically use the given number of CPUs rather than the system wide
count. :gl:`#4884` :gl:`!9398`
- Double the number of threadpool threads. ``cfdded46676``
Introduce this temporary workaround to reduce the impact of long-
running tasks in offload threads which can block the resolution of
queries. :gl:`#4898`
Bug Fixes
~~~~~~~~~
- Delay release of root privileges until after configuring controls.
``8a09d54d6be``
Delay relinquishing root privileges until the control channel has been
configured, for the benefit of systems that require root to use
privileged port numbers. This mostly affects systems without fine-
grained privilege systems (i.e., other than Linux). :gl:`#4793`
:gl:`!9123`
- Fix the assertion failure in the isc_hashmap iterator. ``c31cd677882``
When the round robin hashing reorders the map entries on deletion, we
were adjusting the iterator table size only when the reordering was
happening at the internal table boundary. The iterator table size had
to be reduced by one to prevent seeing the entry that resized on
position [0] twice because it migrated to [iter->size - 1] position.
However, the same thing could happen when the same entry migrates a
second time from [iter->size - 1] to [iter->size - 2] position (and so
on) because the check that we are manipulating the entry just in the
[0] position was insufficient. Instead of checking the position [pos
== 0], we now check that the [pos % iter->size == 0], thus ignoring
all the entries that might have moved back to the end of the internal
table. :gl:`#4838` :gl:`!9292`
- Add -Wno-psabi to CFLAGS for x86 (32-bit) builds. ``75021765f8d``
GCC 11.1+ emits a note during compilation when there are 64-bit atomic
fields in a structure, because it fixed a compiler bug by changing the
alignment of such fields, which caused ABI change.
Add -Wno-psabi to CFLAGS for such builds in order to silence the
warning. That shouldn't be a problem since we don't expose our
structures to the outside. :gl:`#4841` :gl:`!9319`
- Check if logconfig is NULL before using it in isc_log_doit()
``ebd669a8303``
Check if 'lctx->logconfig' is NULL before using it in isc_log_doit(),
because it's possible that isc_log_destroy() was already called, e.g.
when a 'call_rcu' function wants to log a message during shutdown.
:gl:`#4842` :gl:`!9297`
- Change the NS_PER_SEC (and friends) from enum to static const.
``2d12e1142ae``
New version of clang (19) has introduced a stricter checks when mixing
integer (and float types) with enums. In this case, we used enum {}
as C17 doesn't have constexpr yet. Change the time conversion
constants to be static const unsigned int instead of enum values.
:gl:`#4845` :gl:`!9313`
- Check the result of dirfd() before calling unlinkat() ``661981be7b0``
Instead of directly using the result of dirfd() in the unlinkat()
call, check whether the returned file descriptor is actually valid.
That doesn't really change the logic as the unlinkat() would fail with
invalid descriptor anyway, but this is cleaner and will report the
right error returned directly by dirfd() instead of EBADF from
unlinkat(). :gl:`#4853` :gl:`!9316`
- Fix rare assertion failure when shutting down incoming transfer.
``14d2040934e``
A very rare assertion failure can be triggered when the incoming
transfer is either forcefully shut down or it is finished during
printing the details about the statistics channel. This has been
fixed. :gl:`#4860` :gl:`!9336`
- Fix the resesuid() shim implementation for NetBSD. ``5bfed08b253``
The shim implementation of setresuid() was wrong - there was a copy
and paste error and it was calling setresgid() instead. This only
affects NetBSD because Linux, FreeBSD and OpenBSD have setresuid() and
setresgid() implementation available from the system library.
:gl:`#4862` :gl:`!9359`
- Fix algoritm rollover bug when there are two keys with the same
keytag. ``8dbd57116bf``
If there is an algorithm rollover and two keys of different algorithm
share the same keytags, then there is a possibility that if we check
that a key matches a specific state, we are checking against the wrong
key. This has been fixed by not only checking for matching key tag but
also key algorithm. :gl:`#4878` :gl:`!9381`
- Stop using malloc_usable_size and malloc_size. ``f99da39934d``
The `malloc_usable_size()` can return size larger than originally
allocated and when these sizes disagree the fortifier enabled by
`_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution
abruptly. Stop using these convenience functions as they are primary
used for introspection-only. :gl:`#4880` :gl:`!9400`
- Preserve statement tag order in documentation. ``0b9ce9c05b1``
This supports bit-for-bit reproducibility of built documentation.
:gl:`#4886` :gl:`!9399`
- Fix an assertion failure in validate_dnskey_dsset_done()
``31245213a09``
Under rare circumstances, named could terminate unexpectedly when
validating a DNSKEY resource record if the validation was canceled in
the meantime. This has been fixed. :gl:`#4911`
- Silence all warnings that stem from the default config.
``f4e0d0e460b``
As we now setup the logging very early, parsing the default config
would always print warnings about experimental (and possibly
deprecated) options in the default config. This would even mess with
commands like `named -V` and it is also wrong to warn users about
using experimental options in the default config, because they can't
do anything about this. Add CFG_PCTX_NODEPRECATED and
CFG_PCTX_NOEXPERIMENTAL options that we can pass to cfg parser and
silence the early warnings caused by using experimental options in the
default config. :gl:`!9304`

22367
doc/changelog/changelog-history.rst Normal file
View file

File diff suppressed because it is too large Load diff