Commit 4809a164 authored by Michał Kępień's avatar Michał Kępień

Merge branch 'security-master-docs' into 'security-master'

Prepare documentation for BIND 9.17.2

See merge request isc-private/bind9!172
parents 06bc27fb 12aa6a03
......@@ -5,7 +5,8 @@
5438. [bug] Fix a race in TCP accepting code. [GL #1930]
5437. [bug] Fix a data race in resolver log_formerr. [GL #1808]
5437. [bug] Fix a data race in lib/dns/resolver.c:log_formerr().
[GL #1808]
5436. [security] It was possible to trigger an INSIST when determining
whether a record would fit into a TCP message buffer.
......@@ -21,63 +22,64 @@
5433. [placeholder]
5432. [bug] Check the question section when processing AXFR, IXFR
and SOA replies when transfer a zone in. [GL #1683]
5432. [bug] Check the question section when processing AXFR, IXFR,
and SOA replies when transferring a zone in. [GL #1683]
5431. [func] Reject DS records at the zone apex when loading
master files. Log but otherwise ignore attempts to
add DS records at the zone apex via UPDATE. [GL #1798]
5430. [doc] Update docs - with netmgr we're creating separate
socket for each IPv6 interface, just as with IPv4.
5430. [doc] Update docs - with netmgr, a separate listening socket
is created for each IPv6 interface (just as with IPv4).
[GL #1782]
5429. [cleanup] Move BIND binaries which are neither daemons nor
administrative programs to $bindir. [GL #1724]
5428. [bug] Cleanup GSSAPI resources in nsupdate only after taskmgr
5428. [bug] Clean up GSSAPI resources in nsupdate only after taskmgr
has been destroyed. Thanks to Petr Menšík. [GL !3316]
5427. [placeholder]
5426. [bug] Don't fail when setting SO_INCOMING_CPU on the socket
5426. [bug] Don't abort() when setting SO_INCOMING_CPU on the socket
fails. [GL #1911]
5425. [func] The default value of "max-stale-ttl" has been change
5425. [func] The default value of "max-stale-ttl" has been changed
from 1 week to 12 hours. [GL #1877]
5424. [bug] With kasp, when creating a successor key, the goal
5424. [bug] With KASP, when creating a successor key, the "goal"
state of the current active key (predecessor) was not
changed and thus was never is removed from the zone.
[GL #1846]
changed and thus never removed from the zone. [GL #1846]
5423. [bug] Fix a bug in keymgr_key_has_successor: it would
return a false positive if any other key in the
keyring has a successor. [GL #1845]
5423. [bug] Fix a bug in keymgr_key_has_successor(): it incorrectly
returned true if any other key in the keyring had a
successor. [GL #1845]
5422. [bug] When using dnssec-policy, print correct keytiming
5422. [bug] When using dnssec-policy, print correct key timing
metadata. [GL #1843]
5421. [bug] Fixed a race that could cause named to crash when
looking up the nodename of an RBT node if the tree
was modified. [GL #1857]
5421. [bug] Fix a race that could cause named to crash when looking
up the nodename of an RBT node if the tree was modified.
[GL #1857]
5420. [bug] Add missing isc_{mutex,conditional}_destroy calls
5420. [bug] Add missing isc_{mutex,conditional}_destroy() calls
that caused a memory leak on FreeBSD. [GL #1893]
5419. [func] "dig +qid=<num>" sets the query ID to an arbitrary
value. "configure --enable-singletrace" allows
trace logging of a single query when QID is set to 0.
[GL #1851]
5419. [func] Add new dig command line option, "+qid=<num>", which
allows the query ID to be set to an arbitrary value.
Add a new ./configure option, --enable-singletrace,
which allows trace logging of a single query when QID is
set to 0. [GL #1851]
5418. [bug] delv failed to parse deprecated trusted-keys style
5418. [bug] delv failed to parse deprecated trusted-keys-style
trust anchors. [GL #1860]
5417. [cleanup] The code determining the advertised UDP buffer size in
outgoing EDNS queries has been refactored to improve its
clarity. [GL #1868]
5416. [bug] Fix a lock order inversion in unix/socket.c. [GL #1859]
5416. [bug] Fix a lock order inversion in lib/isc/unix/socket.c.
[GL #1859]
5415. [test] Address race in dnssec system test that led to
test failures. [GL #1852]
......@@ -89,22 +91,21 @@
5413. [test] Address race in autosign system test that led to
test failures. [GL #1852]
5412. [bug] 'provide-ixfr no;' fail to return up-to-date responses
5412. [bug] 'provide-ixfr no;' failed to return up-to-date responses
when the serial was greater than or equal to the
current serial. [GL #1714]
5411. [cleanup] Refactoring of TCP accept code to use a single accept()
and pass the accepted socket to child threads for
processing. [GL !3320]
5411. [cleanup] TCP accept code has been refactored to use a single
accept() and pass the accepted socket to child threads
for processing. [GL !3320]
5410. [func] Add the ability to specify per-type record count
limits in an "update-policy" statement, which
are enforced when adding records via UPDATE.
[GL #1657]
5410. [func] Add the ability to specify per-type record count limits,
which are enforced when adding records via UPDATE, in an
"update-policy" statement. [GL #1657]
5409. [performance] When looking up NSEC3 data in a zone database, skip
the check for empty non-terminal nodes; the NSEC3
tree doesn't have any. [GL #1834]
5409. [performance] When looking up NSEC3 data in a zone database, skip the
check for empty non-terminal nodes; the NSEC3 tree does
not have any. [GL #1834]
5408. [protocol] Print Extended DNS Errors if present in OPT record.
[GL #1835]
......@@ -112,13 +113,13 @@
5407. [func] Zone timers are now exported via statistics channel.
Thanks to Paul Frieden, Verizon Media. [GL #1232]
5406. [func] Added a new logging category, "rpz-passthru". It allows
RPZ passthru actions to be logged into a separate
channel. [GL #54]
5406. [func] Add a new logging category, "rpz-passthru", which allows
RPZ passthru actions to be logged in a separate channel.
[GL #54]
5405. [bug] 'named-checkconf -p' could include spurious text
in server-addresses statements due to an uninitialized
DSCP value. [GL #1812]
5405. [bug] 'named-checkconf -p' could include spurious text in
server-addresses statements due to an uninitialized DSCP
value. [GL #1812]
5404. [bug] 'named-checkconf -z' could incorrectly indicate
success if errors were found in one view but not in a
......
......@@ -62,7 +62,7 @@ https://www.isc.org/download/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.17.2.rst
.. include:: ../notes/notes-9.17.1.rst
.. include:: ../notes/notes-9.17.0.rst
......
......@@ -36,15 +36,13 @@ Known Issues
~~~~~~~~~~~~
- In this release, the build system has been significantly changed (see
below), and there is a number of unresolved issues to be aware of
when using a development release. Please refer to `GitLab issue #4`_
for a list of not yet resolved issues that will be fixed in the
following releases. [GL #4]
.. _GitLab issue #4: https://gitlab.isc.org/isc-projects/bind9/-/issues/4
below) and there are several unresolved issues to be aware of when
using a development release. Please refer to `GitLab issue #4`_ for a
list of not-yet-resolved issues that will be fixed in future
releases. [GL #4]
- BIND crashes on startup when linked against libuv 1.36. This issue
is related to ``recvmmsg()`` support in libuv which was first
is related to ``recvmmsg()`` support in libuv, which was first
included in libuv 1.35. The problem was addressed in libuv 1.37, but
the relevant libuv code change requires a special flag to be set
during library initialization in order for ``recvmmsg()`` support to
......@@ -63,7 +61,28 @@ New Features
first. Extra attention is also needed when using non-standard
``./configure`` options. [GL #4]
- Added a new logging category ``rpz-passthru`` which allows RPZ
- Documentation was converted from DocBook to reStructuredText. The
BIND 9 ARM is now generated using Sphinx and published on `Read the
Docs`_. Release notes are no longer available as a separate document
accompanying a release. [GL #83]
- ``named`` and ``named-checkzone`` now reject master zones that have a
DS RRset at the zone apex. Attempts to add DS records at the zone
apex via UPDATE will be logged but otherwise ignored. DS records
belong in the parent zone, not at the zone apex. [GL #1798]
- Per-type record count limits can now be specified in
``update-policy`` statements, to limit the number of records of a
particular type that can be added to a domain name via dynamic
update. [GL #1657]
- ``dig`` and other tools can now print the Extended DNS Error (EDE)
option when it appears in a request or a response. [GL #1835]
- ``dig +qid=<num>`` allows the user to specify a particular query ID
for testing purposes. [GL #1851]
- A new logging category, ``rpz-passthru``, was added, which allows RPZ
passthru actions to be logged into a separate channel. [GL #54]
- Zone timers are now exported via statistics channel. For primary
......@@ -71,27 +90,43 @@ New Features
timers also include expire and refresh times. Contributed by Paul
Frieden, Verizon Media. [GL #1232]
- ``dig`` and other tools can now print the Extended DNS Error (EDE)
option when it appears in a request or response. [GL #1834]
- Per-type record count limits can now be specified in ``update-policy``
statements, to limit the number of records of a particular type
that can be added to a domain name via dynamic update. [GL #1657]
- ``named`` and ``named-checkzone`` now reject master zones that
have a DS RRset at the zone apex. Attempts to add DS records
at the zone apex via UPDATE will be logged but otherwise ignored.
DS records belong in the parent zone, not at the zone apex. [GL #1798]
Feature Changes
~~~~~~~~~~~~~~~
- The default value of ``max-stale-ttl`` has changed from 1 week to 12
hours. This option controls how long ``named`` retains expired RRsets
in cache as a potential mitigation mechanism, should there be a
problem with one or more domains. Note that cache content retention
is independent of whether stale answers are used in response to
client queries (``stale-answer-enable yes|no`` and ``rndc serve-stale
on|off``). Serving of stale answers when the authoritative servers
are not responding must be explicitly enabled, whereas the retention
of expired cache content takes place automatically on all versions of
BIND 9 that have this feature available. [GL #1877]
.. warning::
This change may be significant for administrators who expect that
stale cache content will be automatically retained for up to 1
week. Add option ``max-stale-ttl 1w;`` to ``named.conf`` to keep
the previous behavior of ``named``.
- BIND 9 no longer sets receive/send buffer sizes for UDP sockets,
relying on system defaults instead. [GL #1713]
- The default rwlock implementation has been changed back to the native
BIND 9 rwlock implementation. [GL #1753]
- BIND 9 binaries which are neither daemons nor administrative programs
were moved to ``$bindir``. Only ``ddns-confgen``, ``named``,
``rndc``, ``rndc-confgen``, and ``tsig-confgen`` were left in
``$sbindir``. [GL #1724]
- ``listen-on-v6 { any; }`` creates a separate socket for each
interface. Previously, just one socket was created on systems
conforming to :rfc:`3493` and :rfc:`3542`. This change was introduced
in BIND 9.16.0, but it was accidentally omitted from documentation.
[GL #1782]
- The native PKCS#11 EdDSA implementation has been updated to PKCS#11
v3.0 and thus made operational again. Contributed by Aaron Thompson.
[GL !3326]
......@@ -109,78 +144,72 @@ Feature Changes
consistency. Log messages are emitted for streams with inconsistent
message IDs. [GL #1674]
- ``dig +qid=<num>`` allows the user to specify a particular query ID
for testing purposes. [GL #1851]
- The default value of ``max-stale-ttl`` has changed from 1 week to 12 hours.
This option controls how long named retains expired RRsets in cache as a
potential mitigation mechanism, should there be a problem with one or more
domains. Note that cache content retention is independent of whether or not
stale answers will be used in response to client queries
(``stale-answer-enable yes|no`` and ``rndc serve-stale on|off``). Serving of
stale answers when the authoritative servers are not responding must be
explicitly enabled, whereas the retention of expired cache content takes
place automatically on all versions of BIND that have this feature available.
[GL #1877]
.. warning:
This change may be significant for administrators who expect that stale
cache content will be automatically retained for up to 1 week. Add
option ``max-stale-ttl 1w;`` to named.conf to keep the previous behavior
of named.
- BIND binaries which are neither daemons nor administrative programs
were moved to ``$bindir``. Only ``ddns-confgen``, ``named``,
``rndc``, ``rndc-confgen``, and ``tsig-confgen`` were left in
``$sbindir``. [GL #1724]
- listen-on-v6 { any; } creates separate sockets for all interfaces,
while previously it created one socket on systems conforming to
:rfc:`3493` and :rfc:`3542`, this change was introduced in 9.16.0
but accudently ommited from documentation.
- The question section is now checked when processing AXFR, IXFR
- The question section is now checked when processing AXFR, IXFR,
and SOA replies while transferring a zone in. [GL #1683]
Bug Fixes
~~~~~~~~~
- A bug in dnstap initialization could prevent some dnstap data from
being logged, especially on recursive resolvers. [GL #1795]
- When fully updating the NSEC3 chain for a large zone via IXFR, a
temporary loss of performance could be experienced on the secondary
server when answering queries for nonexistent data that required
DNSSEC proof of non-existence (in other words, queries that required
the server to find and to return NSEC3 data). The unnecessary
processing step that was causing this delay has now been removed.
[GL #1834]
- ``named`` could crash with an assertion failure if the name of a
database node was looked up while the database was being modified.
[GL #1857]
- When running on a system with support for Linux capabilities,
``named`` drops root privileges very soon after system startup. This
was causing a spurious log message, *unable to set effective uid to
0: Operation not permitted*, which has now been silenced. [GL #1042]
was causing a spurious log message, ``unable to set effective uid to
0: Operation not permitted``, which has now been silenced. [GL #1042]
[GL #1090]
- A possible deadlock in ``lib/isc/unix/socket.c`` was fixed.
[GL #1859]
- Previously, ``named`` did not destroy some mutexes and conditional
variables in netmgr code, which caused a memory leak on FreeBSD. This
has been fixed. [GL #1893]
- A data race in ``lib/dns/resolver.c:log_formerr()`` that could lead
to an assertion failure was fixed. [GL #1808]
- Previously, ``provide-ixfr no;`` failed to return up-to-date
responses when the serial number was greater than or equal to the
current serial number. [GL #1714]
- A bug in dnstap initialization could prevent some dnstap data from
being logged, especially on recursive resolvers. [GL #1795]
- A bug in dnssec-policy keymgr was fixed, where the check for the
existence of a given key's successor would incorrectly return
``true`` if any other key in the keyring had a successor. [GL #1845]
- With dnssec-policy, when creating a successor key, the "goal" state
of the current active key (the predecessor) was not changed and thus
never removed from the zone. [GL #1846]
- When ``named-checkconf -z`` was run, it would sometimes incorrectly
set its exit code. It reflected the status of the last view found; if
zone-loading errors were found in earlier configured views but not in
the last one, the exit code indicated success. Thanks to Graham
Clinch. [GL #1807]
- ``named-checkconf -p`` could include spurious text in
``server-addresses`` statements due to an uninitialized DSCP value.
This has been fixed. [GL #1812]
- When built without LMDB support, ``named`` failed to restart after a
zone with a double quote (") in its name was added with ``rndc
addzone``. Thanks to Alberto Fernández. [GL #1695]
- Missing mutex and conditional destruction in netmgr code leads to a
memory leak on BSD systems. [GL #1893]
- The ARM has been updated to indicate that the TSIG session key is
generated when named starts, regardless of whether it is needed.
[GL #1842]
- ``named`` could crash with an assertion failure if the name of a
database node was looked up while the database was being modified.
[GL #1857]
- Fix a bug in dnssec-policy keymgr where the check if a key has a
successor would return a false positive if any other key in the
keyring has a successor. [GL #1845]
- With dnssec-policy, when creating a successor key, the goal state of
the current active key (the predecessor) was not changed and thus was
never is removed from the zone. [GL #1846]
- Fix a data race in resolver.c:formerr() that could lead to assertion
failure. [GL #1808]
- The dsset returned by dns_keynode_dsset() was not thread safe. This
could result in a INSIST being triggered. [GL #1926]
.. _GitLab issue #4: https://gitlab.isc.org/isc-projects/bind9/-/issues/4
.. _Read the Docs: https://bind9.readthedocs.io/
......@@ -1226,7 +1226,7 @@
./doc/misc/stub.zoneopt X 2018,2019,2020
./doc/notes/notes-9.17.0.rst RST 2020
./doc/notes/notes-9.17.1.rst RST 2020
./doc/notes/notes-current.rst RST 2020
./doc/notes/notes-9.17.2.rst RST 2020
./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment