mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Merge branch 'pspacek/prepare-documentation-for-bind-9.17.22' into 'v9_17_22-release'
Prepare documentation for BIND 9.17.22 See merge request isc-private/bind9!345
This commit is contained in:
Michał Kępień
commit
9005d65287
3 changed files with 50 additions and 66 deletions
|
|
@ -52,7 +52,7 @@ The latest versions of BIND 9 software can always be found at
|
|||
https://www.isc.org/download/. There you will find additional
|
||||
information about each release, and source code.
|
||||
|
||||
.. include:: ../notes/notes-current.rst
|
||||
.. include:: ../notes/notes-9.17.22.rst
|
||||
.. include:: ../notes/notes-9.17.21.rst
|
||||
.. include:: ../notes/notes-9.17.20.rst
|
||||
.. include:: ../notes/notes-9.17.19.rst
|
||||
|
|
|
|||
49
doc/notes/notes-9.17.22.rst
Normal file
49
doc/notes/notes-9.17.22.rst
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
..
|
||||
.. SPDX-License-Identifier: MPL-2.0
|
||||
..
|
||||
.. This Source Code Form is subject to the terms of the Mozilla Public
|
||||
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
..
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.17.22
|
||||
----------------------
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- ``named`` now logs TLS pre-master secrets for debugging purposes when
|
||||
the ``SSLKEYLOGFILE`` environment variable is set. This enables
|
||||
troubleshooting issues with encrypted DNS traffic. :gl:`#2723`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- Overall memory use by ``named`` has been optimized and reduced,
|
||||
especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048`
|
||||
|
||||
- ``named`` formerly generated an ephemeral key and certificate for the
|
||||
``tls ephemeral`` configuration using the RSA algorithm with 4096-bit
|
||||
keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- On FreeBSD, TCP connections leaked a small amount of heap memory,
|
||||
leading to an eventual out-of-memory problem. This has been fixed.
|
||||
:gl:`#3051`
|
||||
|
||||
- If signatures created by the ZSK were expired and the ZSK private key
|
||||
was offline, the signatures were not replaced. This behavior has been
|
||||
amended to replace the expired signatures with new signatures created
|
||||
using the KSK. :gl:`#3049`
|
||||
|
||||
- Under certain circumstances, the signed version of an inline-signed
|
||||
zone could be dumped to disk without the serial number of the unsigned
|
||||
version of the zone. This prevented resynchronization of the zone
|
||||
contents after ``named`` restarted, if the unsigned zone file was
|
||||
modified while ``named`` was not running. This has been fixed.
|
||||
:gl:`#3071`
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
..
|
||||
.. SPDX-License-Identifier: MPL-2.0
|
||||
..
|
||||
.. This Source Code Form is subject to the terms of the Mozilla Public
|
||||
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
..
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.17.22
|
||||
----------------------
|
||||
|
||||
Security Fixes
|
||||
~~~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- ``named`` now logs TLS pre-master secrets for debugging purposes when
|
||||
the ``SSLKEYLOGFILE`` environment variable is set. This enables
|
||||
troubleshooting issues with encrypted DNS traffic. :gl:`#2723`
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
- The IPv6 sockets are now explicitly restricted to sending and receiving IPv6
|
||||
packets only. This renders the ``dig`` option ``+mapped`` non-functioning and
|
||||
thus the option has been removed. :gl:`#3093`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- If signatures created by the ZSK are expired, and the ZSK private key is offline,
|
||||
allow the expired signatures to be replaced with signatures created by the KSK.
|
||||
:gl:`#3049`
|
||||
|
||||
- On FreeBSD, a TCP connection would leak a small amount of heap memory leading
|
||||
to out-of-memory problem in a long run. This has been fixed. :gl:`#3051`
|
||||
|
||||
- Under certain circumstances, the signed version of an inline-signed
|
||||
zone could be dumped to disk without the serial number of the unsigned
|
||||
version of the zone, preventing resynchronization of zone contents
|
||||
after ``named`` restart in case the unsigned zone file gets modified
|
||||
while ``named`` is not running. This has been fixed. :gl:`#3071`
|
||||
|
||||
- Using ``rndc`` on a busy recursive server could cause the ``named`` to abort
|
||||
with assertion failure. This has been fixed. :gl:`#3079`
|
||||
|
||||
- With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named``
|
||||
reducing the maximum query-response performance. The recvmmsg support would
|
||||
be used only in libuv 1.35.0 and 1.36.0. This has been fixed. :gl:`#3095`
|
||||
Loading…
Reference in a new issue