diff --git a/CHANGES b/CHANGES index c45dad2826..d8927398b5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.14.2 released --- + 5233. [bug] Negative trust anchors did not work with "forward only;" to validating resolvers. [GL #997] diff --git a/README b/README index de9fce81d9..869b4ed1ce 100644 --- a/README +++ b/README @@ -148,6 +148,10 @@ BIND 9.14.1 BIND 9.14.1 is a maintenance release, and addresses security vulnerabilities disclosed in CVE-2018-5743 and CVE-2019-6467. +BIND 9.14.2 + +BIND 9.14.2 is a maintenance release. + Building BIND Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler, diff --git a/README.md b/README.md index 97f34a024f..2bf4893e4a 100644 --- a/README.md +++ b/README.md @@ -165,6 +165,10 @@ by the C compiler. Non-threaded builds are no longer supported. BIND 9.14.1 is a maintenance release, and addresses security vulnerabilities disclosed in CVE-2018-5743 and CVE-2019-6467. +#### BIND 9.14.2 + +BIND 9.14.2 is a maintenance release. + ### Building BIND Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler, diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 9153ead074..91fc10c9ed 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -10,12 +10,12 @@ .\" Title: named.conf .\" Author: .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 2019-02-06 +.\" Date: 2019-04-25 .\" Manual: BIND9 .\" Source: ISC .\" Language: English .\" -.TH "NAMED\&.CONF" "5" "2019\-02\-06" "ISC" "BIND9" +.TH "NAMED\&.CONF" "5" "2019\-04\-25" "ISC" "BIND9" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -409,11 +409,12 @@ options { resolver\-retry\-interval \fIinteger\fR; response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size \fIinteger\fR; - response\-policy { zone \fIstring\fR [ log \fIboolean\fR ] [ max\-policy\-ttl - \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname | - disabled | drop | given | no\-op | nodata | nxdomain | passthru - | tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [ - nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ + response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log + \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval + \fIttlval\fR ] [ policy ( cname | disabled | drop | given | no\-op | + nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [ + recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [ + nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ] @@ -761,11 +762,12 @@ view \fIstring\fR [ \fIclass\fR ] { resolver\-retry\-interval \fIinteger\fR; response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size \fIinteger\fR; - response\-policy { zone \fIstring\fR [ log \fIboolean\fR ] [ max\-policy\-ttl - \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname | - disabled | drop | given | no\-op | nodata | nxdomain | passthru - | tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [ - nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ + response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log + \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval + \fIttlval\fR ] [ policy ( cname | disabled | drop | given | no\-op | + nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [ + recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [ + nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ] diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 76a9898b60..3683f3ee18 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -13,7 +13,7 @@ - 2019-02-06 + 2019-04-25 ISC @@ -403,11 +403,12 @@ options { resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ log boolean ] [ max-policy-ttl - ttlval ] [ min-update-interval ttlval ] [ policy ( cname | - disabled | drop | given | no-op | nodata | nxdomain | passthru - | tcp-only quoted_string ) ] [ recursive-only boolean ] [ - nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ + response-policy { zone string [ add-soa boolean ] [ log + boolean ] [ max-policy-ttl ttlval ] [ min-update-interval + ttlval ] [ policy ( cname | disabled | drop | given | no-op | + nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ + recursive-only boolean ] [ nsip-enable boolean ] [ + nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] @@ -735,11 +736,12 @@ view string [ class ] { resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ log boolean ] [ max-policy-ttl - ttlval ] [ min-update-interval ttlval ] [ policy ( cname | - disabled | drop | given | no-op | nodata | nxdomain | passthru - | tcp-only quoted_string ) ] [ recursive-only boolean ] [ - nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ + response-policy { zone string [ add-soa boolean ] [ log + boolean ] [ max-policy-ttl ttlval ] [ min-update-interval + ttlval ] [ policy ( cname | disabled | drop | given | no-op | + nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ + recursive-only boolean ] [ nsip-enable boolean ] [ + nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index a77e646f06..a5f131f3d7 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -390,11 +390,12 @@ options resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
    integer;
- response-policy { zone string [ log boolean ] [ max-policy-ttl
-     ttlval ] [ min-update-interval ttlval ] [ policy ( cname |
-     disabled | drop | given | no-op | nodata | nxdomain | passthru
-     | tcp-only quoted_string ) ] [ recursive-only boolean ] [
-     nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [
+ response-policy { zone string [ add-soa boolean ] [ log
+     boolean ] [ max-policy-ttl ttlval ] [ min-update-interval
+     ttlval ] [ policy ( cname | disabled | drop | given | no-op |
+     nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
+     recursive-only boolean ] [ nsip-enable boolean ] [
+     nsdname-enable boolean ]; ... } [ add-soa boolean ] [
    break-dnssec boolean ] [ max-policy-ttl ttlval ] [
    min-update-interval ttlval ] [ min-ns-dots integer ] [
    nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
@@ -727,11 +728,12 @@ view resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
    integer;
- response-policy { zone string [ log boolean ] [ max-policy-ttl
-     ttlval ] [ min-update-interval ttlval ] [ policy ( cname |
-     disabled | drop | given | no-op | nodata | nxdomain | passthru
-     | tcp-only quoted_string ) ] [ recursive-only boolean ] [
-     nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [
+ response-policy { zone string [ add-soa boolean ] [ log
+     boolean ] [ max-policy-ttl ttlval ] [ min-update-interval
+     ttlval ] [ policy ( cname | disabled | drop | given | no-op |
+     nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
+     recursive-only boolean ] [ nsip-enable boolean ] [
+     nsdname-enable boolean ]; ... } [ add-soa boolean ] [
    break-dnssec boolean ] [ max-policy-ttl ttlval ] [
    min-update-interval ttlval ] [ min-ns-dots integer ] [
    nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index 0c46be3166..e88f9b9b41 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -614,6 +614,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html index b4686a097f..46badf6bda 100644 --- a/doc/arm/Bv9ARM.ch02.html +++ b/doc/arm/Bv9ARM.ch02.html @@ -146,6 +146,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index d756e697a0..6373b3b40c 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -856,6 +856,6 @@ controls { -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 27593a5a68..42c214a8ef 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -2863,6 +2863,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index d8b7bc6772..80f877d56f 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -2590,11 +2590,12 @@ badresp:1,adberr:0,findfail:0,valfail:0] resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ log boolean ] [ max-policy-ttl - ttlval ] [ min-update-interval ttlval ] [ policy ( cname | - disabled | drop | given | no-op | nodata | nxdomain | passthru - | tcp-only quoted_string ) ] [ recursive-only boolean ] [ - nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ + response-policy { zone string [ add-soa boolean ] [ log + boolean ] [ max-policy-ttl ttlval ] [ min-update-interval + ttlval ] [ policy ( cname | disabled | drop | given | no-op | + nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ + recursive-only boolean ] [ nsip-enable boolean ] [ + nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] @@ -3409,6 +3410,12 @@ options { by the disable-algorithms will be treated as insecure.

+

+ Configured trust anchors in trusted-keys + or managed-keys that match a disabled + algorithm will be ignored and treated as if they were not + configured at all. +

disable-ds-digests
@@ -4115,30 +4122,55 @@ options {
minimal-responses

- If set to yes, then when generating - responses the server will only add records to the authority - and additional data sections when they are required (e.g. - delegations, negative responses). This may improve the - performance of the server. + This option controls the addition of records to the + authority and additional sections of responses. Such + records may be included in responses to be helpful + to clients; for example, NS or MX records may + have associated address records included in the additional + section, obviating the need for a separate address lookup. + However, adding these records to responses is not mandatory + and requires additional database lookups, causing extra + latency when marshalling responses. + minimal-responses takes one of + four values: +

+
    +
  • + no: the server will be + as complete as possible when generating responses. +
    • +
  • + yes: the server will only add + records to the authority and additional sections when + such records are required by the DNS protocol (for + example, when returning delegations or negative + responses). This provides the best server performance + but may result in more client queries. +
    • +
  • + no-auth: the server + will omit records from the authority section except + when they are required, but it may still add records + to the additional section. +
    • +
  • + no-auth-recursive: the same + as no-auth when recursion is + requested in the query (RD=1), or the same as + no if recursion is not + requested. +
    • +
+

+ no-auth and + no-auth-recursive are useful when + answering stub clients, which usually ignore the + authority section. no-auth-recursive + is meant for use in mixed-mode servers that handle both + authoritative and recursive queries.

- When set to no-auth, the - server will omit records from the authority section - unless they are required, but it may still add - records to the additional section. When set to - no-auth-recursive, this - is only done if the query is recursive. When the - query is not recursive, the effect is same as if - no was specified. These - settings are useful when answering stub clients, - which usually ignore the authority section. - no-auth-recursive is - designed for mixed-mode servers which handle - both authoritative and recursive queries. -

-

- The default is - no-auth-recursive. + The default is no-auth-recursive.

glue-cache
@@ -7810,7 +7842,7 @@ deny-answer-aliases { "example.net"; }; The empty set of resource records is specified by CNAME whose target is the wildcard top-level domain (*.). - It rewrites the response to NODATA or ANCOUNT=1. + It rewrites the response to NODATA or ANCOUNT=0.

Local Data
@@ -14852,6 +14884,6 @@ HOST-127.EXAMPLE. MX 0 . -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 3335aff8c1..7286603025 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -361,6 +361,6 @@ allow-query { !{ !10/8; any; }; key example; }; -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index 14c57d37c4..0ea543ff5b 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -191,6 +191,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index 44c3ab8a99..74510a7548 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -36,7 +36,7 @@

Table of Contents

-
Release Notes for BIND Version 9.14.1
+
Release Notes for BIND Version 9.14.2
Introduction
Note on Version Numbering
@@ -54,7 +54,7 @@

-Release Notes for BIND Version 9.14.1

+Release Notes for BIND Version 9.14.2

@@ -173,7 +173,19 @@ Feature Changes

@@ -260,6 +272,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index c00001e551..788fcd8817 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -148,6 +148,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html index 6b8d0d7f41..016eff4376 100644 --- a/doc/arm/Bv9ARM.ch10.html +++ b/doc/arm/Bv9ARM.ch10.html @@ -914,6 +914,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html index ccda1adeca..4a68685e25 100644 --- a/doc/arm/Bv9ARM.ch11.html +++ b/doc/arm/Bv9ARM.ch11.html @@ -533,6 +533,6 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html index cb2eda01dd..550a6544e1 100644 --- a/doc/arm/Bv9ARM.ch12.html +++ b/doc/arm/Bv9ARM.ch12.html @@ -210,6 +210,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index bbcd3bb868..19038ba3ac 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -32,7 +32,7 @@

BIND 9 Administrator Reference Manual

-

BIND Version 9.14.1

+

BIND Version 9.14.2

Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")

@@ -242,7 +242,7 @@
A. Release Notes
-
Release Notes for BIND Version 9.14.1
+
Release Notes for BIND Version 9.14.2
Introduction
Note on Version Numbering
@@ -439,6 +439,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf index 224cbbe2f6..37d4efe731 100644 Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 030a48be2e..e10bbd83f9 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -90,6 +90,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 7841b203d2..7074b1e2ec 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -220,6 +220,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index 0bd73d93f9..a88fa99cf9 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -625,6 +625,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index 68ed22a650..09e852de64 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -1151,6 +1151,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-cds.html b/doc/arm/man.dnssec-cds.html index c7fbc43df0..72c4c49814 100644 --- a/doc/arm/man.dnssec-cds.html +++ b/doc/arm/man.dnssec-cds.html @@ -376,6 +376,6 @@ nsupdate -l -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index e2fff9485f..9caee46c42 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -150,6 +150,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index d428cbf206..0680f8ca5e 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -270,6 +270,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index 72182827f0..18b52a87f9 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -352,6 +352,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html index b20b439ba8..aaba2ea026 100644 --- a/doc/arm/man.dnssec-importkey.html +++ b/doc/arm/man.dnssec-importkey.html @@ -250,6 +250,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 495123cb0d..94e8f50132 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -498,6 +498,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index c1e5cef9b3..3390172e88 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -557,6 +557,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-keymgr.html b/doc/arm/man.dnssec-keymgr.html index 3c1944770b..bfe13e0609 100644 --- a/doc/arm/man.dnssec-keymgr.html +++ b/doc/arm/man.dnssec-keymgr.html @@ -405,6 +405,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index ab6128e1f8..fd4090c55d 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -171,6 +171,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index 3b9518d545..42249c531c 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -349,6 +349,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index 3afaba7a53..c445d71933 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -701,6 +701,6 @@ db.example.com.signed -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index dc58c02dac..0db8c70ee3 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -202,6 +202,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html index 0d7103b04c..63ea15be81 100644 --- a/doc/arm/man.dnstap-read.html +++ b/doc/arm/man.dnstap-read.html @@ -143,6 +143,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.filter-aaaa.html b/doc/arm/man.filter-aaaa.html index c5c9f3b143..3fc242c270 100644 --- a/doc/arm/man.filter-aaaa.html +++ b/doc/arm/man.filter-aaaa.html @@ -168,6 +168,6 @@ plugin query "/usr/local/lib/filter-aaaa.so" { -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index a2b995cd30..ec47df0e54 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -366,6 +366,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html index 0316dd4c2d..e68dfe6372 100644 --- a/doc/arm/man.mdig.html +++ b/doc/arm/man.mdig.html @@ -604,6 +604,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index 2eda42ffe2..100f28dd67 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -208,6 +208,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 8c9f39c0ef..0cf966dc25 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -463,6 +463,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 60a5b6835c..bf280272e3 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -117,6 +117,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html index aaf573c3ed..03755fd2a2 100644 --- a/doc/arm/man.named-nzd2nzf.html +++ b/doc/arm/man.named-nzd2nzf.html @@ -119,6 +119,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index b134d8b96c..3ab51fce62 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -121,6 +121,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index d7bc85447c..2487fe1ed4 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -408,11 +408,12 @@ options resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
    integer;
- response-policy { zone string [ log boolean ] [ max-policy-ttl
-     ttlval ] [ min-update-interval ttlval ] [ policy ( cname |
-     disabled | drop | given | no-op | nodata | nxdomain | passthru
-     | tcp-only quoted_string ) ] [ recursive-only boolean ] [
-     nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [
+ response-policy { zone string [ add-soa boolean ] [ log
+     boolean ] [ max-policy-ttl ttlval ] [ min-update-interval
+     ttlval ] [ policy ( cname | disabled | drop | given | no-op |
+     nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
+     recursive-only boolean ] [ nsip-enable boolean ] [
+     nsdname-enable boolean ]; ... } [ add-soa boolean ] [
    break-dnssec boolean ] [ max-policy-ttl ttlval ] [
    min-update-interval ttlval ] [ min-ns-dots integer ] [
    nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
@@ -745,11 +746,12 @@ view resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
    integer;
- response-policy { zone string [ log boolean ] [ max-policy-ttl
-     ttlval ] [ min-update-interval ttlval ] [ policy ( cname |
-     disabled | drop | given | no-op | nodata | nxdomain | passthru
-     | tcp-only quoted_string ) ] [ recursive-only boolean ] [
-     nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [
+ response-policy { zone string [ add-soa boolean ] [ log
+     boolean ] [ max-policy-ttl ttlval ] [ min-update-interval
+     ttlval ] [ policy ( cname | disabled | drop | given | no-op |
+     nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
+     recursive-only boolean ] [ nsip-enable boolean ] [
+     nsdname-enable boolean ]; ... } [ add-soa boolean ] [
    break-dnssec boolean ] [ max-policy-ttl ttlval ] [
    min-update-interval ttlval ] [ min-ns-dots integer ] [
    nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
@@ -1073,6 +1075,6 @@ zone -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index 2c9794e219..74ddba5b34 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -492,6 +492,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index a8cd038c88..32b75bfab9 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -155,6 +155,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html index 88f04dce98..1156c7450d 100644 --- a/doc/arm/man.nslookup.html +++ b/doc/arm/man.nslookup.html @@ -437,6 +437,6 @@ nslookup -query=hinfo -timeout=10 -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 2d65371ef6..bc2b9816ec 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -818,6 +818,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html index 07e2b40d03..dbc9003638 100644 --- a/doc/arm/man.pkcs11-destroy.html +++ b/doc/arm/man.pkcs11-destroy.html @@ -162,6 +162,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html index c06b2ab262..e7fe4583ad 100644 --- a/doc/arm/man.pkcs11-keygen.html +++ b/doc/arm/man.pkcs11-keygen.html @@ -200,6 +200,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html index a9356ffc5c..e3ea9eee94 100644 --- a/doc/arm/man.pkcs11-list.html +++ b/doc/arm/man.pkcs11-list.html @@ -158,6 +158,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html index af9fc1031c..61b4409cc6 100644 --- a/doc/arm/man.pkcs11-tokens.html +++ b/doc/arm/man.pkcs11-tokens.html @@ -123,6 +123,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 30c50e197f..9d4fb03e6f 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -260,6 +260,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 5767862b44..0b1e943844 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -268,6 +268,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 1adfa69ea7..81252c8daa 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -1024,6 +1024,6 @@ -

BIND 9.14.1 (Stable Release)

+

BIND 9.14.2 (Stable Release)

diff --git a/doc/arm/notes.html b/doc/arm/notes.html index 730829900d..b86d99ddfa 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -15,7 +15,7 @@

-Release Notes for BIND Version 9.14.1

+Release Notes for BIND Version 9.14.2

@@ -134,7 +134,19 @@ Feature Changes

  • - None. + When trusted-keys and + managed-keys are both configured for the + same name, or when trusted-keys is used to + configure a trust anchor for the root zone and + dnssec-validation is set to the default + value of auto, automatic RFC 5011 key + rollovers will fail. +

    +

    + This combination of settings was never intended to work, + but there was no check for it in the parser. This has been + corrected; a warning is now logged. (In BIND 9.15 and + higher this error will be fatal.) [GL #868]

diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf index af19cbd388..effb146be1 100644 Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ diff --git a/doc/arm/notes.txt b/doc/arm/notes.txt index 99fe4873dd..f349ef7dea 100644 --- a/doc/arm/notes.txt +++ b/doc/arm/notes.txt @@ -1,4 +1,4 @@ -Release Notes for BIND Version 9.14.1 +Release Notes for BIND Version 9.14.2 Introduction @@ -69,7 +69,15 @@ New Features Feature Changes - * None. + * When trusted-keys and managed-keys are both configured for the same + name, or when trusted-keys is used to configure a trust anchor for the + root zone and dnssec-validation is set to the default value of auto, + automatic RFC 5011 key rollovers will fail. + + This combination of settings was never intended to work, but there was + no check for it in the parser. This has been corrected; a warning is + now logged. (In BIND 9.15 and higher this error will be fatal.) [GL # + 868] Bug Fixes diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml index 7439ee3e4f..37e677a72b 100644 --- a/doc/arm/options.grammar.xml +++ b/doc/arm/options.grammar.xml @@ -241,11 +241,12 @@ resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ log boolean ] [ max-policy-ttl - ttlval ] [ min-update-interval ttlval ] [ policy ( cname | - disabled | drop | given | no-op | nodata | nxdomain | passthru - | tcp-only quoted_string ) ] [ recursive-only boolean ] [ - nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ + response-policy { zone string [ add-soa boolean ] [ log + boolean ] [ max-policy-ttl ttlval ] [ min-update-interval + ttlval ] [ policy ( cname | disabled | drop | given | no-op | + nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ + recursive-only boolean ] [ nsip-enable boolean ] [ + nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] diff --git a/lib/bind9/api b/lib/bind9/api index 0f300c7574..4b38f850c9 100644 --- a/lib/bind9/api +++ b/lib/bind9/api @@ -10,5 +10,5 @@ # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 LIBINTERFACE = 1302 -LIBREVISION = 2 +LIBREVISION = 3 LIBAGE = 0 diff --git a/lib/dns/api b/lib/dns/api index 908b91898a..6ac470f629 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -9,6 +9,6 @@ # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 -LIBINTERFACE = 1307 +LIBINTERFACE = 1308 LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isc/api b/lib/isc/api index 01cec9945a..6ac470f629 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -9,6 +9,6 @@ # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 -LIBINTERFACE = 1307 +LIBINTERFACE = 1308 LIBREVISION = 0 -LIBAGE = 1 +LIBAGE = 0 diff --git a/lib/ns/api b/lib/ns/api index f8000eafb1..f821a8a65a 100644 --- a/lib/ns/api +++ b/lib/ns/api @@ -9,6 +9,6 @@ # 9.11: 160-169 # 9.12: 1200-1299 # 9.13/9.14: 1300-1499 -LIBINTERFACE = 1305 +LIBINTERFACE = 1306 LIBREVISION = 0 LIBAGE = 0 diff --git a/version b/version index 881d24a813..1e5281e778 100644 --- a/version +++ b/version @@ -5,7 +5,7 @@ PRODUCT=BIND DESCRIPTION="(Stable Release)" MAJORVER=9 MINORVER=14 -PATCHVER=1 +PATCHVER=2 RELEASETYPE= RELEASEVER= EXTENSIONS=