upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-09 17:50:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/doc/notes/notes-9.17.16.rst
Ondřej Surý 58bd26b6cf Update the copyright information in all files in the repository 
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.
2022-01-11 09:05:02 +01:00

79 lines
2.9 KiB
ReStructuredText
Raw Blame History

.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.17.16
----------------------
Security Fixes
~~~~~~~~~~~~~~
- Sending DNS messages with the OPCODE field set to anything other than
QUERY (0) via DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH) channels
triggered an assertion failure in ``named``. This has been fixed.
ISC would like to thank Ville Heikkila of Synopsys Cybersecurity
Research Center for bringing this vulnerability to our attention.
:gl:`#2787`
New Features
~~~~~~~~~~~~
- Using a new configuration option, ``parental-agents``, each zone can
now be associated with a list of servers that can be used to check the
DS RRset in the parent zone. This enables automatic KSK rollovers.
:gl:`#1126`
Removed Features
~~~~~~~~~~~~~~~~
- Support for compiling and running BIND 9 natively on Windows has been
completely removed. The last stable release branch that has working
Windows support is BIND 9.16. :gl:`#2690`
Feature Changes
~~~~~~~~~~~~~~~
- IP fragmentation has been disabled for outgoing UDP sockets. Errors
triggered by sending DNS messages larger than the specified path MTU
are properly handled by sending empty DNS replies with the ``TC``
(TrunCated) bit set, which forces DNS clients to fall back to TCP.
:gl:`#2790`
Bug Fixes
~~~~~~~~~
- The code managing :rfc:`5011` trust anchors created an invalid
placeholder keydata record upon a refresh failure, which prevented the
database of managed keys from subsequently being read back. This has
been fixed. :gl:`#2686`
- Signed, insecure delegation responses prepared by ``named`` either
lacked the necessary NSEC records or contained duplicate NSEC records
when both wildcard expansion and CNAME chaining were required to
prepare the response. This has been fixed. :gl:`#2759`
- If ``nsupdate`` sends an SOA request and receives a REFUSED response,
it now fails over to the next available server. :gl:`#2758`
- A bug that caused the NSEC3 salt to be changed on every restart for
zones using KASP has been fixed. :gl:`#2725`
- The configuration-checking code failed to account for the inheritance
rules of the ``dnssec-policy`` option. This has been fixed.
:gl:`#2780`
- The fix for :gl:`#1875` inadvertently introduced a deadlock: when
locking key files for reading and writing, the ``in-view`` logic was
not considered. This has been fixed. :gl:`#2783`
- A race condition could occur where two threads were competing for the
same set of key file locks, leading to a deadlock. This has been
fixed. :gl:`#2786`
Reference in a new issue View git blame Copy permalink