From 849563797eb04982bfd6cdcc3792762dd8799535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 8 Sep 2022 12:45:56 +0200 Subject: [PATCH 1/3] Prepare release notes for BIND 9.19.5 --- doc/arm/notes.rst | 2 +- doc/notes/{notes-current.rst => notes-9.19.5.rst} | 10 ---------- 2 files changed, 1 insertion(+), 11 deletions(-) rename doc/notes/{notes-current.rst => notes-9.19.5.rst} (97%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index c29c9f5552..cba7ae0058 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -36,7 +36,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.5.rst .. include:: ../notes/notes-9.19.4.rst .. include:: ../notes/notes-9.19.3.rst .. include:: ../notes/notes-9.19.2.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.19.5.rst similarity index 97% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.19.5.rst index 802c344967..855503a29d 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.19.5.rst @@ -43,11 +43,6 @@ Security Fixes DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178) :gl:`#3487` -Known Issues -~~~~~~~~~~~~ - -- None. - New Features ~~~~~~~~~~~~ @@ -55,11 +50,6 @@ New Features significantly changing the architecture of the task, timer and networking systems for improved performance and code flow. :gl:`#3508` -Removed Features -~~~~~~~~~~~~~~~~ - -- None. - Feature Changes ~~~~~~~~~~~~~~~ From ef5e0641c32a0bd5e75111000860569015015492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 8 Sep 2022 12:45:56 +0200 Subject: [PATCH 2/3] Tweak and reword release notes --- doc/notes/notes-9.19.5.rst | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/doc/notes/notes-9.19.5.rst b/doc/notes/notes-9.19.5.rst index 855503a29d..4410801ec5 100644 --- a/doc/notes/notes-9.19.5.rst +++ b/doc/notes/notes-9.19.5.rst @@ -46,9 +46,10 @@ Security Fixes New Features ~~~~~~~~~~~~ -- Worker threads' event loops are now managed by a new "loop maanger" API, - significantly changing the architecture of the task, timer and networking - systems for improved performance and code flow. :gl:`#3508` +- Worker threads' event loops are now managed by a new "loop manager" + API, significantly changing the architecture of the task, timer, and + networking subsystems for improved performance and code flow. + :gl:`#3508` Feature Changes ~~~~~~~~~~~~~~~ @@ -57,23 +58,24 @@ Feature Changes subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. :gl:`#3459` -- Zones using ``dnssec-policy`` now require dynamic DNS or - ``inline-signing`` to be configured explicitly :gl:`#3381`. +- Zones using :any:`dnssec-policy` now require dynamic DNS or + :any:`inline-signing` to be configured explicitly. :gl:`#3381` -- When reconfiguring ``dnssec-policy`` from using NSEC with an NSEC-only DNSKEY - algorithm (e.g. RSASHA1) to a policy that uses NSEC3, BIND will no longer fail - to sign the zone, but keep using NSEC for a little longer until the offending - DNSKEY records have been removed from the zone, then switch to using NSEC3. - :gl:`#3486` +- When reconfiguring :any:`dnssec-policy` from using NSEC with an + NSEC-only DNSKEY algorithm (e.g. RSASHA1) to a policy that uses NSEC3, + BIND 9 no longer fails to sign the zone; instead, it keeps using NSEC + until the offending DNSKEY records have been removed from the zone, + then switches to using NSEC3. :gl:`#3486` -- Implement a backwards compatible approach for encoding the internationalized - domain names (IDN) in dig, and convert the domain to IDNA2008 form, and if - that fails try the IDNA2003 conversion. :gl:`#3485` +- A backward-compatible approach was implemented for encoding + internationalized domain names (IDN) in :iscman:`dig` and converting + the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 + conversion. :gl:`#3485` Bug Fixes ~~~~~~~~~ -- Fix a serve-stale bug, where BIND would try to return stale data from cache - for lookups that received duplicate queries or queries that would be dropped. - This bug resulted in premature SERVFAIL responses, and has now been resolved. - :gl:`#2982` +- A serve-stale bug was fixed, where BIND would try to return stale data + from cache for lookups that received duplicate queries or queries that + would be dropped. This bug resulted in premature SERVFAIL responses, + and has now been resolved. :gl:`#2982` From 41fdb42e9ca0f5fcd1d53a96abdfd37f82b71aba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 8 Sep 2022 12:45:56 +0200 Subject: [PATCH 3/3] Add release note for GL #3410 --- doc/notes/notes-9.19.5.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/notes/notes-9.19.5.rst b/doc/notes/notes-9.19.5.rst index 4410801ec5..b9a539b555 100644 --- a/doc/notes/notes-9.19.5.rst +++ b/doc/notes/notes-9.19.5.rst @@ -46,6 +46,11 @@ Security Fixes New Features ~~~~~~~~~~~~ +- A new Response Policy Zone (RPZ) :ref:`option`, ``ede``, was + added. It enables an :rfc:`8914` Extended DNS Error (EDE) code of + choice to be set for responses which have been modified by a given + RPZ. :gl:`#3410` + - Worker threads' event loops are now managed by a new "loop manager" API, significantly changing the architecture of the task, timer, and networking subsystems for improved performance and code flow.