From 45d6379135504814ab723b57f0eb8be23393a51d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 09:24:22 +0200 Subject: Adding upstream version 1:9.16.44. Signed-off-by: Daniel Baumann --- doc/notes/notes-9.16.13.rst | 79 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 doc/notes/notes-9.16.13.rst (limited to 'doc/notes/notes-9.16.13.rst') diff --git a/doc/notes/notes-9.16.13.rst b/doc/notes/notes-9.16.13.rst new file mode 100644 index 0000000..d7650ee --- /dev/null +++ b/doc/notes/notes-9.16.13.rst @@ -0,0 +1,79 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.16.13 +---------------------- + +New Features +~~~~~~~~~~~~ + +- A new ``purge-keys`` option has been added to ``dnssec-policy``. It + sets the period of time that key files are retained after becoming + obsolete due to a key rollover; the default is 90 days. This feature + can be disabled by setting ``purge-keys`` to 0. :gl:`#2408` + +Feature Changes +~~~~~~~~~~~~~~~ + +- When serve-stale is enabled and stale data is available, ``named`` now + returns stale answers upon encountering any unexpected error in the + query resolution process. This may happen, for example, if the + ``fetches-per-server`` or ``fetches-per-zone`` limits are reached. In + this case, ``named`` attempts to answer DNS requests with stale data, + but does not start the ``stale-refresh-time`` window. :gl:`#2434` + +Bug Fixes +~~~~~~~~~ + +- Zone journal (``.jnl``) files created by versions of ``named`` prior + to 9.16.12 were no longer compatible; this could cause problems when + upgrading if journal files were not synchronized first. This has been + corrected: older journal files can now be read when starting up. When + an old-style journal file is detected, it is updated to the new format + immediately after loading. + + Note that journals created by the current version of ``named`` are not + usable by versions prior to 9.16.12. Before downgrading to a prior + release, users are advised to ensure that all dynamic zones have been + synchronized using ``rndc sync -clean``. + + A journal file's format can be changed manually by running + ``named-journalprint -d`` (downgrade) or ``named-journalprint -u`` + (upgrade). Note that this *must not* be done while ``named`` is + running. :gl:`#2505` + +- ``named`` crashed when it was allowed to serve stale answers and + ``stale-answer-client-timeout`` was triggered without any (stale) data + available in the cache to answer the query. :gl:`#2503` + +- If an outgoing packet exceeded ``max-udp-size``, ``named`` dropped it + instead of sending back a proper response. To prevent this problem, + the ``IP_DONTFRAG`` option is no longer set on UDP sockets, which has + been happening since BIND 9.16.11. :gl:`#2466` + +- NSEC3 records were not immediately created when signing a dynamic zone + using ``dnssec-policy`` with ``nsec3param``. This has been fixed. + :gl:`#2498` + +- A memory leak occurred when ``named`` was reconfigured after adding an + inline-signed zone with ``auto-dnssec maintain`` enabled. This has + been fixed. :gl:`#2041` + +- An invalid direction field (not one of ``N``, ``S``, ``E``, ``W``) in + a LOC record resulted in an INSIST failure when a zone file containing + such a record was loaded. :gl:`#2499` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + ` for a list of all known issues affecting this + BIND 9 branch. -- cgit v1.2.3