diff options
Diffstat (limited to 'doc/notes/notes-9.16.11.rst')
-rw-r--r-- | doc/notes/notes-9.16.11.rst | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/doc/notes/notes-9.16.11.rst b/doc/notes/notes-9.16.11.rst new file mode 100644 index 0000000..70a6658 --- /dev/null +++ b/doc/notes/notes-9.16.11.rst @@ -0,0 +1,74 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.16.11 +---------------------- + +Feature Changes +~~~~~~~~~~~~~~~ + +- The new networking code introduced in BIND 9.16 (netmgr) was + overhauled in order to make it more stable, testable, and + maintainable. :gl:`#2321` + +- Earlier releases of BIND versions 9.16 and newer required the + operating system to support load-balanced sockets in order for + ``named`` to be able to achieve high performance (by distributing + incoming queries among multiple threads). However, the only operating + systems currently known to support load-balanced sockets are Linux and + FreeBSD 12, which means both UDP and TCP performance were limited to a + single thread on other systems. As of BIND 9.16.11, ``named`` attempts + to distribute incoming queries among multiple threads on systems which + lack support for load-balanced sockets (except Windows). :gl:`#2137` + +- It is now possible to transition a zone from secure to insecure mode + without making it bogus in the process; changing to ``dnssec-policy + none;`` also causes CDS and CDNSKEY DELETE records to be published, to + signal that the entire DS RRset at the parent must be removed, as + described in :rfc:`8078`. :gl:`#1750` + +- When using the ``unixtime`` or ``date`` method to update the SOA + serial number, ``named`` and ``dnssec-signzone`` silently fell back to + the ``increment`` method to prevent the new serial number from being + smaller than the old serial number (using serial number arithmetics). + ``dnssec-signzone`` now prints a warning message, and ``named`` logs a + warning, when such a fallback happens. :gl:`#2058` + +Bug Fixes +~~~~~~~~~ + +- Multiple threads could attempt to destroy a single RBTDB instance at + the same time, resulting in an unpredictable but low-probability + assertion failure in ``free_rbtdb()``. This has been fixed. + :gl:`#2317` + +- ``named`` no longer attempts to assign threads to CPUs outside the CPU + affinity set. Thanks to Ole Bjørn Hessen. :gl:`#2245` + +- When reconfiguring ``named``, removing ``auto-dnssec`` did not turn + off DNSSEC maintenance. This has been fixed. :gl:`#2341` + +- The report of intermittent BIND assertion failures triggered in + ``lib/dns/resolver.c:dns_name_issubdomain()`` has now been closed + without further action. Our initial response to this was to add + diagnostic logging instead of terminating ``named``, anticipating that + we would receive further useful troubleshooting input. This workaround + first appeared in BIND releases 9.17.5 and 9.16.7. However, since + those releases were published, there have been no new reports of + assertion failures matching this issue, but also no further diagnostic + input, so we have closed the issue. :gl:`#2091` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + <relnotes_known_issues>` for a list of all known issues affecting this + BIND 9 branch. |