Verified Commit b66bb0c8 authored by Michal Nowak's avatar Michal Nowak
Browse files

Tweak and reword release notes

parent 188d605c
......@@ -27,10 +27,10 @@ New Features
- ``dig`` has been extended to support DNS-over-HTTPS (DoH) queries,
using ``dig +https`` and related options. [GL #1641]
- A new option, ``purge-keys``, has been added to ``dnssec-policy``. It sets
the time how long key files should be retained after they have become
obsolete (due to a key rollover). Default is 90 days, and the feature can
be disabled by setting it to 0. [GL #2408]
- A new ``purge-keys`` option has been added to ``dnssec-policy``. It
sets the period of time that key files are retained after becoming
obsolete due to a key rollover; the default is 90 days. This feature
can be disabled by setting ``purge-keys`` to 0. [GL #2408]
Removed Features
~~~~~~~~~~~~~~~~
......@@ -45,33 +45,35 @@ Feature Changes
Bug Fixes
~~~~~~~~~
- If an invalid key name (e.g. "a..b") was specified in a ``primaries``
list in ``named.conf``, the wrong size was passed to ``isc_mem_put()``,
which resulted in the returned memory being put on the wrong freed
list. This has been fixed. [GL #2460]
- If an invalid key name (e.g. ``a..b``) was specified in a
``primaries`` list in ``named.conf``, the wrong size was passed to
``isc_mem_put()``, which resulted in the returned memory being put on
the wrong free list and prevented ``named`` from starting up. This has
been fixed. [GL #2460]
- If an outgoing packet would exceed max-udp-size, it would be dropped instead
of sending a proper response back. Rollback setting the IP_DONTFRAG on the
UDP sockets that we enabled during the DNS Flag Day 2020 to fix this issue.
[GL #2487]
- If an outgoing packet exceeded ``max-udp-size``, ``named`` dropped it
instead of sending back a proper response. To prevent this problem,
the ``IP_DONTFRAG`` option is no longer set on UDP sockets, which has
been happening since BIND 9.17.6. [GL #2466]
- NSEC3 records were not immediately created when signing a dynamic zone with
``dnssec-policy`` and ``nsec3param``. This has been fixed [GL #2498].
- NSEC3 records were not immediately created when signing a dynamic zone
using ``dnssec-policy`` with ``nsec3param``. This has been fixed.
[GL #2498]
- An invalid direction field (not one of 'N'/'S' or 'E'/'W') in a LOC record
triggered an INSIST failure. [GL #2499]
- An invalid direction field (not one of ``N``, ``S``, ``E``, ``W``) in
a LOC record resulted in an INSIST failure when a zone file containing
such a record was loaded. [GL #2499]
- Previously, a BIND server could experience an unexpected server termination
(crash) if the return of stale cached answers was enabled and
``stale-answer-client-timeout`` was applied to a client query in process.
This has been fixed. [GL #2503]
- ``named`` crashed when it was allowed to serve stale answers and
``stale-answer-client-timeout`` was triggered without any (stale) data
available in the cache to answer the query. [GL #2503]
- Zone journal (``.jnl``) files created by versions of ``named`` prior
to 9.16.12 were no longer compatible; this could cause problems when
upgrading if journal files were not synchronized first. This has been
corrected: older journal files can now be read when starting up. When
an old-style journal file is detected, it is updated to the new
format immediately after loading.
upgrading if journal files were not synchronized first. This has been
corrected: older journal files can now be read when starting up. When
an old-style journal file is detected, it is updated to the new format
immediately after loading.
Note that journals created by the current version of ``named`` are not
usable by versions prior to 9.16.12. Before downgrading to a prior
......@@ -81,10 +83,4 @@ Bug Fixes
A journal file's format can be changed manually by running
``named-journalprint -d`` (downgrade) or ``named-journalprint -u``
(upgrade). Note that this *must not* be done while ``named`` is
running. [GL #2505]
- Dynamic zones with ``dnssec-policy`` that were frozen could not be thawed.
This has been fixed. [GL #2523]
- Fix a crash when transferring a zone over TLS, after "named" previously
skipped a master. [GL #2562]
running. [GL #2505]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment