mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 03:40:00 -04:00
BIND 9.19.6
-----BEGIN PGP SIGNATURE----- iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmNDwzcPHG1pY2hhbEBp c2Mub3JnAAoJEO0Fc//IRWEF1J0P/A3nRfW//8azItZk1F+AIONmqzVNljC5wP62 fvsPfjvaro+nt7FuXTIv+uC5lK6GuKNZmHHJJO1U40CiT125xYfhTbPC1XCnhVFH F66m0fOMExJ7t0UWIwoFqJJgZbMffIgB0zfhwCna9EZzxDVew3YWUoi9jw3C8LyE JyD6FDTr/BmZ1Sp9dpJf/PNvEcB3evfB3DOxtYKt7vm6KQ6azTaDOaWsnssp/8i6 QLo1Sgnr7uyXAvq7ce53uLM8hkgU6hdXzv5F0JYxX54aVCDaH1pX8qY9FT2sw0tM tSFgQTtnOVIMKXQQHnWM10bTslDKiopXIFn6EojR+jnB5lL6oWLbaPf/f/s4Xkwp n3cG77v8Quxe5Vznk041B615P8rY4xjg0C5qmCiHmD3bTjX3nYrubT0aAcYjzcL7 XPu1m4M6j8pVb+Ad+ue/d48+PJ420o7Qj6tBAOMOyUUqYlsSah4AebIrQ+UTluAD m3YZoh10QUL7Hifsws3rOPjSpt/6JVBxLUFSigvkcBp/JZBZrhZSPX8AAeU3SJlq VZak9B+J8RQ//5znROrv8aAJCpXsixMP+L/3PEMlSvoP38WR2bswI4n+x8OTFWWp EVndONt/XFS/YWJ0gxYtlRbPeOEokd7oMe6ANwkRyykxBA4B5u9qYDZODzV62Q7p GkGsb1EJ =msVB -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEIz+ZTe/bbr1Q+/5RJKPoRjruXlYFAmNRDoIACgkQJKPoRjru Xlbj3Q//ReMwzMD9uog249scAVKVMEZv7RfH1Ra3ibKh5lGCJUFasPsEtKYKTHBK bUwCx/ITsyZtcyQj/P+HVhuTCGwGnznHVcEK9Gsa4RogwOesKlfNhF+tSyx0oU45 cDXqMZ9oqxp5Gp6vtPD9f4rJ7V7uW5ajM/qHci2A2+fMWREgciWCTqEuoSsr2Rlg tMgzfStBGyXg7+NuPsmPtD9qzBUv7OUdb1EO78xVX+Zlg1xAxo0Glew+Aw0C1GUj s9k3CgyDxGjMoZauhEvMZh22Pc6eOny2Ncdbg7e/uQP+MT09nxrYHxminMd+usIv j0kOEoZIOk4P9vGzQDh/f/16Gro2jsu9UjJp/JPiue/3m0YUD7WeXCdeR74JMxh+ Kq+7Lusg1X2c8lEJKXezcm+exFezpD+lag8OQjtjcuhlcqgRVGJvxlShXkIEhQqI JwW1p7BThdhJvC7oKYj9ru5JiRo+C2IHF8yL/7z9qYBCCnVEHcpKfqfMdkFd6nyv 8KYbofUyz2B5axCvj1gX0NIakg87lfsvllXP2gndMuicPHQWezBBJaZ0nf9v4PYs bprgobkNEQxZg/ztz4oZepyz3Ab9i1HPC257lctcRJNN+ddEawRqTnOs5GNxZdjM ZfUwwHYInxqhuaPqwPD59++MTrlg2pg6WOGf4dMnrAoB8rv/Ip0= =+jC+ -----END PGP SIGNATURE----- Merge tag 'v9_19_6' BIND 9.19.6
This commit is contained in:
Michal Nowak
commit
97b9a7eb56
3 changed files with 101 additions and 0 deletions
2
CHANGES
2
CHANGES
|
|
@ -24,6 +24,8 @@
|
|||
the structure. Remove DNS_NAMEATTR_* macros.
|
||||
Fix latent attribute handling bug in RBT. [GL !6902]
|
||||
|
||||
--- 9.19.6 released ---
|
||||
|
||||
5992. [func] Introduce the new isc_mem_*x() APIs that takes extra
|
||||
flags as the last argument. Currently ISC_MEM_ZERO
|
||||
and ISC_MEM_ALIGN(n) flags have been implemented that
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ https://www.isc.org/download/. There you will find additional
|
|||
information about each release, and source code.
|
||||
|
||||
.. include:: ../notes/notes-current.rst
|
||||
.. include:: ../notes/notes-9.19.6.rst
|
||||
.. include:: ../notes/notes-9.19.5.rst
|
||||
.. include:: ../notes/notes-9.19.4.rst
|
||||
.. include:: ../notes/notes-9.19.3.rst
|
||||
|
|
|
|||
98
doc/notes/notes-9.19.6.rst
Normal file
98
doc/notes/notes-9.19.6.rst
Normal file
|
|
@ -0,0 +1,98 @@
|
|||
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
..
|
||||
.. SPDX-License-Identifier: MPL-2.0
|
||||
..
|
||||
.. This Source Code Form is subject to the terms of the Mozilla Public
|
||||
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
..
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.19.6
|
||||
---------------------
|
||||
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Upgrading from BIND 9.16.32, 9.18.6, 9.19.4, or any older version may
|
||||
require a manual configuration change. The following configurations
|
||||
are affected:
|
||||
|
||||
- :any:`type primary` zones configured with :any:`dnssec-policy` but
|
||||
without either :any:`allow-update` or :any:`update-policy`,
|
||||
- :any:`type secondary` zones configured with :any:`dnssec-policy`.
|
||||
|
||||
In these cases please add :namedconf:ref:`inline-signing yes;
|
||||
<inline-signing>` to the individual zone configuration(s). Without
|
||||
applying this change, :iscman:`named` will fail to start. For more
|
||||
details, see
|
||||
https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Support for parsing and validating the ``dohpath`` service parameter
|
||||
in SVCB records was added. :gl:`#3544`
|
||||
|
||||
- :iscman:`named` now supports forwarding Dynamic DNS updates through
|
||||
DNS-over-TLS (DoT). :gl:`#3512`
|
||||
|
||||
- The :iscman:`nsupdate` tool now supports DNS-over-TLS (DoT).
|
||||
:gl:`#1781`
|
||||
|
||||
- :iscman:`named` now logs the supported cryptographic algorithms during
|
||||
startup and in the output of :option:`named -V`. :gl:`#3541`
|
||||
|
||||
- A new configuration option :any:`require-cookie` has been introduced.
|
||||
It specifies whether there should be a DNS COOKIE in the response for
|
||||
a given prefix; if not, :iscman:`named` falls back to TCP. This is
|
||||
useful if it is known that a given server supports DNS COOKIE. It can
|
||||
also be used to force all non-DNS COOKIE responses to fall back to
|
||||
TCP. :gl:`#2295`
|
||||
|
||||
- Support for libsystemd's ``sd_notify()`` function was added, enabling
|
||||
:iscman:`named` to report its status to the init system. This allows
|
||||
systemd to wait until :iscman:`named` is fully ready before starting
|
||||
other services that depend on name resolution. :gl:`#1176`
|
||||
|
||||
- The ``recursion not available`` and ``query (cache) '...' denied`` log
|
||||
messages were extended to include the name of the ACL that caused a
|
||||
given query to be denied. :gl:`#3587`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- When an international domain name is not valid according to IDNA2008,
|
||||
:iscman:`dig` now tries to convert it according to IDNA2003 rules, or
|
||||
pass it through unchanged, instead of stopping with an error message.
|
||||
The ``idna2`` utility can be used to check IDNA syntax. :gl:`#3527`
|
||||
|
||||
- The DNSSEC signing data included in zone statistics identified
|
||||
keys only by the key ID; this caused confusion when two keys using
|
||||
different algorithms had the same ID. Zone statistics now identify
|
||||
keys using the algorithm number, followed by "+", followed by the
|
||||
key ID: for example, ``8+54274``. :gl:`#3525`
|
||||
|
||||
- The ability to use PKCS#11 via engine_pkcs11 has been restored, by
|
||||
using only deprecated APIs in OpenSSL 3.0.0. BIND 9 needs to be
|
||||
compiled with ``-DOPENSSL_API_COMPAT=10100`` specified in the CFLAGS
|
||||
environment variable at compile time. :gl:`#3578`
|
||||
|
||||
- Compiling BIND 9 now requires at least libuv version 1.34.0 or higher.
|
||||
libuv should be available on all supported platforms either as a
|
||||
native package or as a backport. :gl:`#3567`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- An assertion failure was fixed in :iscman:`named` that was caused by
|
||||
aborting the statistics channel connection while sending statistics
|
||||
data to the client. :gl:`#3542`
|
||||
|
||||
- :iscman:`named` could incorrectly return non-truncated, glueless
|
||||
referrals for responses whose size was close to the UDP packet size
|
||||
limit. This has been fixed. :gl:`#1967`
|
||||
|
||||
- Changing just the TSIG key names for primaries in catalog zones'
|
||||
member zones was not effective. This has been fixed. :gl:`#3557`
|
||||
Loading…
Reference in a new issue