Commit 864dc79d authored by Evan Hunt's avatar Evan Hunt

[master] add missing release notes and fix other doc nits

parent 9d990968
......@@ -67,10 +67,10 @@ BIND 9.11.0
- Added support for "dyndb", a new API for loading zone data
from an external database, developed by Red Hat for the FreeIPA
project.
- New "fetchlimit" quotas are now available for the use of
recursive resolvers that are are under high query load for
domains whose authoritative servers are nonresponsive or are
experiencing a denial of service attack:
- "fetchlimit" quotas are now compiled in by default. These
are for the use of recursive resolvers that are are under
high query load for domains whose authoritative servers are
nonresponsive or are experiencing a denial of service attack:
+ "fetches-per-server" limits the number of simultaneous queries
that can be sent to any single authoritative server. The
configured value is a starting point; it is automatically
......
......@@ -4890,7 +4890,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<command>fstrm-set-buffer-hint</command>: The
threshold number of bytes to accumulate in the output
buffer before forcing a buffer flush. The minimum is
1K, the maximum is 64K, and the default is 8K.
1024, the maximum is 65536, and the default is 8096.
</simpara>
</listitem>
<listitem>
......
......@@ -144,10 +144,15 @@
</listitem>
<listitem>
<para>
New quotas have been added to limit the queries that are
sent by recursive resolvers to authoritative servers
experiencing denial-of-service attacks. When configured,
these options can both reduce the harm done to authoritative
Fetch quotas are now compiled in by default: they
no longer require BIND to be configured with
<command>--enable-fetchlimit</command>, as was the case
when the feature was introduced in BIND 9.10.3.
</para>
<para>
These quotas limit the queries that are sent by recursive
resolvers to authoritative servers experiencing denial-of-service
attacks. They can both reduce the harm done to authoritative
servers and also avoid the resource exhaustion that can be
experienced by recursive servers when they are being used as a
vehicle for such an attack.
......@@ -558,7 +563,7 @@
recursive lookup returns NXDOMAIN, a second lookup is
initiated with the specified name appended to the query
name. This allows NXDOMAIN redirection data to be supplied
by multiple zones configured on the server or by recursive
by multiple zones configured on the server, or by recursive
queries to other servers. (The older method, using
a single <command>type redirect</command> zone, has
better average performance but is less flexible.) [RT #37989]
......@@ -778,14 +783,6 @@
[RT #39047]
</para>
</listitem>
<listitem>
<para>
A alternative NXDOMAIN redirect method (nxdomain-redirect)
which allows the redirect information to be looked up from
a namespace on the Internet rather than requiring a zone
to be configured on the server is now available.
</para>
</listitem>
<listitem>
<para>
Retrieving the local port range from net.ipv4.ip_local_port_range
......@@ -816,7 +813,7 @@
<listitem>
<para>
The default preferred glue is now the address type of the
transport the query was received over.
transport the query was received over.
</para>
</listitem>
<listitem>
......@@ -852,14 +849,26 @@
does the same but only when answering recursive queries.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes_port"><info><title>Porting Changes</title></info>
<itemizedlist>
<listitem>
<para>
None.
At server startup time, the queues for processing
notify and zone refresh queries are now processed in
LIFO rather than FIFO order, to speed up
loading of newly added zones. [RT #42825]
</para>
</listitem>
<listitem>
<para>
When answering queries of type MX or SRV, TLSA records for
the target name are now included in the additional section
to speed up DANE processing. [RT #42894]
</para>
</listitem>
<listitem>
<para>
<command>named</command> can now use the TCP Fast Open
mechanism on the server side, if supported by the
local operating system. [RT #42866]
</para>
</listitem>
</itemizedlist>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment