All the things that need to be fixed before 9.20
This is an overarching issue for keeping track on all the things that need to be completed before the 9.20.0 release.
Features
-
#1128 Offline KSK ( ⚙ @matthijs) -
#1129 (closed) HSM support via pkcs11-provider -
#4363 (closed) Enforce stricter NSEC3 parameter limits -
#4388 (closed) Accepting PROXYv2 -
#4241 (closed) Expose data about 'first time' zone maintenance in-progress -
#2099 Implement ZoneMD signature generation and verification. ( ⚙ !5217 @marka, @each)
Config incompatibilities
-
#4364 (closed) named-compilezone defaults -
#4373 (closed) safer "dnssec-validation yes" -
#4447 (closed) "stale-answer-client-timeout" must be zero ( ⚙ !8699 (merged) @aram)
Refactoring
-
#4411 (closed) QPDB lite ( ⚙ !8726 (merged) @matthijs, @each) -
Use qpmulti for the cache ( ⚙ !8868 @each) -
#4251 (closed) system test runner
Bugs
-
#4340 (closed) "max-cache-size" is a no-op since BIND 9.19.16 -
#4213 (closed) BIND shutdown hang in checkds/ns9/ in cross-version-config-tests job -
#4060 (closed) named doesn't shut down after receiving rndc stop command -
#4211 (closed) AssertionError: named crashed, shutdown crash -
#4403 (closed) Resolve spike in memory at start of named ( ⚙ @ondrej) -
#4481 TCP issue ( ⚙ isc-private/bind9!639 @ondrej) -
#4475 (closed) Data races in isc_buffer_peekuint8, rdataset_settrust, and memmove ( ⚙ !8946 (merged) @marka @ondrej) -
#4625 (closed) DNSSEC validation incompatibility -
#4652 (closed) Server crash caused by external UDP queries -
#4659 (closed) Wrong DNSSEC answers handed out with QPDB (a.k.a. "rootkeysentinal test fails for certain values of oldid") -
Fuzzing rbt vs qp bug (issue to be created)
Other Changes
-
#3516 Log root priming failures at severity NOTICE