GitLab

                        suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]

                        as referrals. [RT #18884]

			anchors for a view. [RT #20211]

                        test. [RT #20453]

                        [RT #17261]

                        more than a normal amount of glue below a delegation.
                        [RT #20191]

			that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]

			if built with './configure --enable-filter-aaaa'.
			Filters out AAAA answers to clients connecting
			via IPv4.  (This is NOT recommended for general
			use.) [RT #20339]

			will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]

                        TTL. [RT #20451]

			dnssec-signzone now warn immediately if asked to
			write into a nonexistent directory. [RT #20278]

			path. [RT #20154]

			RSASHA256 and RSASHA512. [RT #20023]

                        were failing. [RT #20448]

			isc_base64_totext(), didn't always mark regions of
			memory as fully consumed after conversion.  [RT #20445]

                        a node in a rbt tree is not altered during the life
                        of the node. [RT #20431]

                        generator. [RT #20369]

			assert if the DNSKEY record was unsigned. [RT #20406]

                        [RT #20392]

                        incorrect. [RT #20394]

                        the last private type record was removed as a result
                        of completing the signing the zone with a key.
                        [RT #20399]

                        [RT #20288]

                        flags.

                        __isync() calls.

			to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]

			build. [RT #20372]

			zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]

			private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]

                        update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.

			to be specified in the label if there is a default
			engine or the -E option has been used.  Also, it
			now uses default algorithms as dnssec-keygen does
			(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
			[RT #20371]

			trigger an assert. [RT #20368]