From 45d6379135504814ab723b57f0eb8be23393a51d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 09:24:22 +0200 Subject: Adding upstream version 1:9.16.44. Signed-off-by: Daniel Baumann --- doc/notes/notes-9.16.10.rst | 58 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 doc/notes/notes-9.16.10.rst (limited to 'doc/notes/notes-9.16.10.rst') diff --git a/doc/notes/notes-9.16.10.rst b/doc/notes/notes-9.16.10.rst new file mode 100644 index 0000000..782011a --- /dev/null +++ b/doc/notes/notes-9.16.10.rst @@ -0,0 +1,58 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.16.10 +---------------------- + +New Features +~~~~~~~~~~~~ + +- NSEC3 support was added to KASP. A new option for ``dnssec-policy``, + ``nsec3param``, can be used to set the desired NSEC3 parameters. + NSEC3 salt collisions are automatically prevented during resalting. + :gl:`#1620` + +Feature Changes +~~~~~~~~~~~~~~~ + +- The default value of ``max-recursion-queries`` was increased from 75 + to 100. Since the queries sent towards root and TLD servers are now + included in the count (as a result of the fix for CVE-2020-8616), + ``max-recursion-queries`` has a higher chance of being exceeded by + non-attack queries, which is the main reason for increasing its + default value. :gl:`#2305` + +- The default value of ``nocookie-udp-size`` was restored back to 4096 + bytes. Since ``max-udp-size`` is the upper bound for + ``nocookie-udp-size``, this change relieves the operator from having + to change ``nocookie-udp-size`` together with ``max-udp-size`` in + order to increase the default EDNS buffer size limit. + ``nocookie-udp-size`` can still be set to a value lower than + ``max-udp-size``, if desired. :gl:`#2250` + +Bug Fixes +~~~~~~~~~ + +- Handling of missing DNS COOKIE responses over UDP was tightened by + falling back to TCP. :gl:`#2275` + +- The CNAME synthesized from a DNAME was incorrectly followed when the + QTYPE was CNAME or ANY. :gl:`#2280` + +- Building with native PKCS#11 support for AEP Keyper has been broken + since BIND 9.16.6. This has been fixed. :gl:`#2315` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + ` for a list of all known issues affecting this + BIND 9 branch. -- cgit v1.2.3