mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-25 10:59:35 -05:00
Set up release notes for BIND 9.19.5
This commit is contained in:
Michał Kępień
parent
0841080ce4
commit
255629769e
1 changed files with 3 additions and 33 deletions
|
|
@ -9,7 +9,7 @@
|
|||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.19.4
|
||||
Notes for BIND 9.19.5
|
||||
---------------------
|
||||
|
||||
Security Fixes
|
||||
|
|
@ -32,42 +32,12 @@ Removed Features
|
|||
|
||||
- None.
|
||||
|
||||
- The use of the ``max-zone-ttl`` option in ``options`` and ``zone``
|
||||
blocks has been deprecated; it should now be configured as part of
|
||||
``dnssec-policy``. A warning is logged if this option is used in
|
||||
``options`` or ``zone``. In a future release, it will become
|
||||
nonoperational. :gl:`#2918`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- DNSSEC ``RSASHA1`` and ``NSEC3RSASHA1`` are automatically disabled
|
||||
on systems (e.g. RHEL9) where they are disallowed by the security
|
||||
policy. Primary zones using those algorithms need to be moved
|
||||
off of them prior to running on these systems as graceful migration
|
||||
to different DNSSEC algorithms is not possible when RSASHA1 is
|
||||
disallowed by the OS. :gl:`#3469`
|
||||
|
||||
- Fetch limit log messages have been improved to provide more complete
|
||||
information. Specifically, the final values of allowed and spilled fetches
|
||||
will now be logged before the counter object gets destroyed. :gl:`#3461`
|
||||
- None.
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- When running as a validating resolver forwarding all queries to
|
||||
another resolver, :iscman:`named` could crash with an assertion
|
||||
failure. These crashes occurred when the configured forwarder sent a
|
||||
broken DS response and :iscman:`named` failed its attempts to find a
|
||||
proper one instead. This has been fixed. :gl:`#3439`
|
||||
|
||||
- A DNS compression would be applied on the root zone name if it is repeatedly
|
||||
used in the same RRSet. :gl:`#3423`
|
||||
|
||||
- Non-dynamic zones that inherit dnssec-policy from the view or
|
||||
options level were not marked as inline-signed, and thus were never
|
||||
scheduled to be re-signed. This is now fixed. :gl:`#3438`
|
||||
|
||||
- Fix `rndc dumpdb -expired` to include expired RRsets, even if the cache
|
||||
cleaning time window has passed. This will now show expired RRsets that are
|
||||
stuck in the cache. :gl:`#3462`
|
||||
- None.
|
||||
|
|
|
|||
Loading…
Reference in a new issue