From 0439e92fa06bd8f911541d47d01c748c76da5962 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 8 Jun 2021 08:41:36 +0200 Subject: [PATCH 1/8] Remove leftover release note for GL #2603 --- doc/notes/notes-current.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index a068f1911f..9021236ff9 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -60,9 +60,6 @@ Bug Fixes views with different ``dnssec-policy``. Using the same ``key-directory`` for such zones is not allowed. :gl:`#2463` -- ``named-checkconf`` now complains if zones with ``dnssec-policy`` reference - the same zone file more than once. :gl:`#2603` - - The calculation of the estimated IXFR transaction size by `dns_journal_iter_init()` was invalid. This resulted in excessive AXFR-style-IXFR responses. :gl:`#2685` From 59a9fa4863ecea7d5174630a459593e5b8d541f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 8 Jun 2021 08:41:36 +0200 Subject: [PATCH 2/8] Tweak and reword recent CHANGES entries --- CHANGES | 68 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 31 deletions(-) diff --git a/CHANGES b/CHANGES index 76d90e7aa9..ed902263a2 100644 --- a/CHANGES +++ b/CHANGES @@ -14,54 +14,60 @@ for KASP zones on restart. [GL #2725] -5652. [bug] Copy and paste error caused the socket option to - be enabled instead of disabled. [GL #2746] +5652. [bug] A copy-and-paste error in change 5584 caused the + IP_DONTFRAG socket option to be enabled instead of + disabled. This has been fixed. [GL #2746] -5651. [func] Refactor zone dumping to be processed asynchronously - via the uv_work_t thread pool API. [GL #2732] +5651. [func] Refactor zone dumping to be processed asynchronously via + the uv_work_t thread pool API. [GL #2732] -5650. [bug] Prevent a crash that could occur if serve-stale - was enabled and a prefetch was triggered during a - query restart. [GL #2733] +5650. [bug] Prevent a crash that could occur if serve-stale was + enabled and a prefetch was triggered during a query + restart. [GL #2733] -5649. [bug] If a query was answered with stale data on a server - with DNS64 enabled, an assertion could occur if a - non-stale answer arrived afterward. [GL #2731] +5649. [bug] If a query was answered with stale data on a server with + DNS64 enabled, an assertion could occur if a non-stale + answer arrived afterward. [GL #2731] -5648. [bug] The calculation of the estimated IXFR transaction - size by dns_journal_iter_init() was invalid. [GL #2685] +5648. [bug] The calculation of the estimated IXFR transaction size + in dns_journal_iter_init() was invalid. [GL #2685] -5647. [func] The interfacemgr has been refactored to use fewer - clientmgr objects, which in turn use fewer memory - contexts and tasks. This should result in less +5647. [func] The interface manager has been refactored to use fewer + client manager objects, which in turn use fewer memory + contexts and tasks. This should result in less fragmented memory and better startup performance. [GL #2433] -5646. [bug] The default TCP timeout for rndc has been increased - to 60 seconds. This was its original value, but it - had been inadvertently lowered to 10. [GL #2643] +5646. [bug] The default TCP timeout for rndc has been increased to + 60 seconds. This was its original value, but it had been + inadvertently lowered to 10 when rndc was updated to use + the network manager. [GL #2643] -5645. [cleanup] Remove the rarely-used dns_name_copy() function - and rename dns_name_copynf() to dns_name_copy(). - [GL !5081] +5645. [cleanup] Remove the rarely-used dns_name_copy() function and + rename dns_name_copynf() to dns_name_copy(). [GL !5081] 5644. [bug] Fix a race condition in reading and writing key files - for KASP zones in multiple views. [GL #1875] + for zones using KASP and configured in multiple views. + [GL #1875] 5643. [placeholder] -5642. [bug] Check "key-directory" conflicts in "named.conf" for - zones in multiple views with different "dnssec-policy". - [GL #2463]. +5642. [bug] Zones which are configured in multiple views with + different values set for "dnssec-policy" and with + identical values set for "key-directory" are now + detected and treated as a configuration error. + [GL #2463] -5641. [bug] Address potential memory leak in dst_key_fromnamedfile. - [GL #2689] +5641. [bug] Address a potential memory leak in + dst_key_fromnamedfile(). [GL #2689] -5640. [func] Add new configuration option to set the operating system - receive and send buffers. [GL #2313] +5640. [func] Add new configuration options for setting the size of + receive and send buffers in the operating system: + "tcp-receive-buffer", "tcp-send-buffer", + "udp-receive-buffer", and "udp-send-buffer". [GL #2313] -5639. [bug] Check that the first and last SOA record of an AXFR - are consistent. [GL #2528] +5639. [bug] Check that the first and last SOA record of an AXFR are + consistent. [GL #2528] --- 9.17.13 released --- From 451b29cbbfb8c574940554a09bf68c72059f79c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 8 Jun 2021 08:41:36 +0200 Subject: [PATCH 3/8] Tweak and reword release notes --- doc/notes/notes-current.rst | 63 +++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 9021236ff9..ae0d0dde7e 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -24,17 +24,18 @@ Known Issues New Features ~~~~~~~~~~~~ -- New configuration options, ``tcp-receive-buffer``, ``tcp-send-buffer``, - ``udp-receive-buffer``, and ``udp-send-buffer``, have been added. These - options allows the operator to fine tune the receiving and sending - buffers in the operating system. On busy servers, increasing the value - of the receive buffers can prevent the server from dropping the packets - during short spikes, and decreasing the value would prevent the server to - became clogged up with queries that are too old and have already timeouted - on the receiving side. :gl:`#2313` +- New configuration options, ``tcp-receive-buffer``, + ``tcp-send-buffer``, ``udp-receive-buffer``, and ``udp-send-buffer``, + have been added. These options allow the operator to fine-tune the + receiving and sending buffers in the operating system. On busy + servers, increasing the size of the receive buffers can prevent the + server from dropping packets during short traffic spikes, and + decreasing it can prevent the server from becoming clogged with + queries that are too old and have already timed out. :gl:`#2313` -- Run zone dumping tasks on separate asynchronous thread pools. This change - makes zone dumping no longer block networking I/O. :gl:`#2732` +- Zone dumping tasks are now run on separate asynchronous thread pools. + This change prevents zone dumping from blocking network I/O. + :gl:`#2732` Removed Features ~~~~~~~~~~~~~~~~ @@ -46,35 +47,37 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ -- The interface handling code has been refactored to use fewer resources, - which should lead to less memory fragmentation and better startup - performance. :gl:`#2433` +- The interface handling code has been refactored to use fewer + resources, which should lead to less memory fragmentation and better + startup performance. :gl:`#2433` Bug Fixes ~~~~~~~~~ -- Fix a race condition in reading and writing key files for KASP zones in - multiple views. :gl:`#1875` +- A race condition could occur when reading and writing key files for + zones using KASP and configured in multiple views. This has been + fixed. :gl:`#1875` -- Check ``key-directory`` conflicts in ``named.conf`` for zones in multiple - views with different ``dnssec-policy``. Using the same ``key-directory`` for - such zones is not allowed. :gl:`#2463` +- Zones which are configured in multiple views, with different values + set for ``dnssec-policy`` and with identical values set for + ``key-directory``, are now detected and treated as a configuration + error. :gl:`#2463` -- The calculation of the estimated IXFR transaction size by - `dns_journal_iter_init()` was invalid. This resulted in excessive - AXFR-style-IXFR responses. :gl:`#2685` +- The calculation of the estimated IXFR transaction size in + ``dns_journal_iter_init()`` was invalid. This resulted in excessive + AXFR-style IXFR responses. :gl:`#2685` -- If a query was answered with stale data on a server with DNS64 enabled, - an assertion could occur if a non-stale answer arrived afterward. This - has been fixed. :gl:`#2731` +- If a query was answered with stale data on a server with DNS64 + enabled, an assertion could occur if a non-stale answer arrived + afterward. This has been fixed. :gl:`#2731` -- Fixed an assertion failure that could occur if stale data was used - to answer a query, and then a prefetch was triggered after the query - was restarted (for example, to follow a CNAME). :gl:`#2733` +- Fixed an assertion failure that could occur if stale data was used to + answer a query, and then a prefetch was triggered after the query was + restarted (for example, to follow a CNAME). :gl:`#2733` -- Fix an error that would enable don't fragment socket option instead - of disabling it leading to errors when sending the oversized UDP - packets. [GL #2746] +- Fixed an error which caused the ``IP_DONTFRAG`` socket option to be + enabled instead of disabled, leading to errors when sending oversized + UDP packets. :gl:`#2746` - Fixed a bug that caused the NSEC salt to be changed for KASP zones on every startup. :gl:`#2725` From 54842d63491ad26f8e8b7fea617d9f3e1e40703c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 8 Jun 2021 08:41:36 +0200 Subject: [PATCH 4/8] Reorder release notes --- doc/notes/notes-current.rst | 44 ++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index ae0d0dde7e..8045c44278 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -33,10 +33,6 @@ New Features decreasing it can prevent the server from becoming clogged with queries that are too old and have already timed out. :gl:`#2313` -- Zone dumping tasks are now run on separate asynchronous thread pools. - This change prevents zone dumping from blocking network I/O. - :gl:`#2732` - Removed Features ~~~~~~~~~~~~~~~~ @@ -47,6 +43,10 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ +- Zone dumping tasks are now run on separate asynchronous thread pools. + This change prevents zone dumping from blocking network I/O. + :gl:`#2732` + - The interface handling code has been refactored to use fewer resources, which should lead to less memory fragmentation and better startup performance. :gl:`#2433` @@ -54,30 +54,30 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- A race condition could occur when reading and writing key files for - zones using KASP and configured in multiple views. This has been - fixed. :gl:`#1875` +- The calculation of the estimated IXFR transaction size in + ``dns_journal_iter_init()`` was invalid. This resulted in excessive + AXFR-style IXFR responses. :gl:`#2685` + +- Fixed an assertion failure that could occur if stale data was used to + answer a query, and then a prefetch was triggered after the query was + restarted (for example, to follow a CNAME). :gl:`#2733` + +- If a query was answered with stale data on a server with DNS64 + enabled, an assertion could occur if a non-stale answer arrived + afterward. This has been fixed. :gl:`#2731` + +- Fixed an error which caused the ``IP_DONTFRAG`` socket option to be + enabled instead of disabled, leading to errors when sending oversized + UDP packets. :gl:`#2746` - Zones which are configured in multiple views, with different values set for ``dnssec-policy`` and with identical values set for ``key-directory``, are now detected and treated as a configuration error. :gl:`#2463` -- The calculation of the estimated IXFR transaction size in - ``dns_journal_iter_init()`` was invalid. This resulted in excessive - AXFR-style IXFR responses. :gl:`#2685` - -- If a query was answered with stale data on a server with DNS64 - enabled, an assertion could occur if a non-stale answer arrived - afterward. This has been fixed. :gl:`#2731` - -- Fixed an assertion failure that could occur if stale data was used to - answer a query, and then a prefetch was triggered after the query was - restarted (for example, to follow a CNAME). :gl:`#2733` - -- Fixed an error which caused the ``IP_DONTFRAG`` socket option to be - enabled instead of disabled, leading to errors when sending oversized - UDP packets. :gl:`#2746` +- A race condition could occur when reading and writing key files for + zones using KASP and configured in multiple views. This has been + fixed. :gl:`#1875` - Fixed a bug that caused the NSEC salt to be changed for KASP zones on every startup. :gl:`#2725` From 652d4a74fecf5b4f042bcee91163ee31a8a410d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 8 Jun 2021 08:41:36 +0200 Subject: [PATCH 5/8] Prepare release notes for BIND 9.17.14 --- doc/arm/notes.rst | 2 +- .../{notes-current.rst => notes-9.17.14.rst} | 25 ------------------- 2 files changed, 1 insertion(+), 26 deletions(-) rename doc/notes/{notes-current.rst => notes-9.17.14.rst} (78%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index c83e2b1561..8e56d7c8fb 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -51,7 +51,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.17.14.rst .. include:: ../notes/notes-9.17.13.rst .. include:: ../notes/notes-9.17.12.rst .. include:: ../notes/notes-9.17.11.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.17.14.rst similarity index 78% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.17.14.rst index 8045c44278..4ece21dd95 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.17.14.rst @@ -11,16 +11,6 @@ Notes for BIND 9.17.14 ---------------------- -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -Known Issues -~~~~~~~~~~~~ - -- None. - New Features ~~~~~~~~~~~~ @@ -33,13 +23,6 @@ New Features decreasing it can prevent the server from becoming clogged with queries that are too old and have already timed out. :gl:`#2313` -Removed Features -~~~~~~~~~~~~~~~~ - -- Support for compiling and running BIND 9 natively on Windows has been - completely removed. The last release branch that has working Windows - support is BIND 9.16. :gl:`#2690` - Feature Changes ~~~~~~~~~~~~~~~ @@ -78,11 +61,3 @@ Bug Fixes - A race condition could occur when reading and writing key files for zones using KASP and configured in multiple views. This has been fixed. :gl:`#1875` - -- Fixed a bug that caused the NSEC salt to be changed for KASP zones on - every startup. :gl:`#2725` - -- Signed, insecure delegation responses prepared by ``named`` either - lacked the necessary NSEC records or contained duplicate NSEC records - when both wildcard expansion and CNAME chaining were required to - prepare the response. This has been fixed. :gl:`#2759` From 2f3b74dec939872c53f0fd937e0e37e9bd02ff1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 8 Jun 2021 09:00:49 +0200 Subject: [PATCH 6/8] Add a CHANGES marker --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index ed902263a2..6d31e82b2f 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,8 @@ for KASP zones on restart. [GL #2725] + --- 9.17.14 released --- + 5652. [bug] A copy-and-paste error in change 5584 caused the IP_DONTFRAG socket option to be enabled instead of disabled. This has been fixed. [GL #2746] From 7e0e2dd6670584051d72baff6810889a6e6a0b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 8 Jun 2021 09:00:49 +0200 Subject: [PATCH 7/8] Update BIND version to 9.17.14 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 36d612d4c6..44f222b8a2 100644 --- a/configure.ac +++ b/configure.ac @@ -14,7 +14,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 17)dnl -m4_define([bind_VERSION_PATCH], 13)dnl +m4_define([bind_VERSION_PATCH], 14)dnl m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl From f9e8c8057dd6ff94ea0ef13a2d59b066f04fc94e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 16 Jun 2021 22:18:12 +0200 Subject: [PATCH 8/8] Set up release notes for BIND 9.17.15 --- doc/arm/notes.rst | 1 + doc/notes/notes-current.rst | 50 +++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 doc/notes/notes-current.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 8e56d7c8fb..4cce67f9ad 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -51,6 +51,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. +.. include:: ../notes/notes-current.rst .. include:: ../notes/notes-9.17.14.rst .. include:: ../notes/notes-9.17.13.rst .. include:: ../notes/notes-9.17.12.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst new file mode 100644 index 0000000000..f553c45c76 --- /dev/null +++ b/doc/notes/notes-current.rst @@ -0,0 +1,50 @@ +.. + Copyright (C) Internet Systems Consortium, Inc. ("ISC") + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, you can obtain one at https://mozilla.org/MPL/2.0/. + + See the COPYRIGHT file distributed with this work for additional + information regarding copyright ownership. + +Notes for BIND 9.17.15 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- None. + +Known Issues +~~~~~~~~~~~~ + +- None. + +New Features +~~~~~~~~~~~~ + +- None. + +Removed Features +~~~~~~~~~~~~~~~~ + +- Support for compiling and running BIND 9 natively on Windows has been + completely removed. The last release branch that has working Windows + support is BIND 9.16. :gl:`#2690` + +Feature Changes +~~~~~~~~~~~~~~~ + +- None. + +Bug Fixes +~~~~~~~~~ + +- Fixed a bug that caused the NSEC salt to be changed for KASP zones on + every startup. :gl:`#2725` + +- Signed, insecure delegation responses prepared by ``named`` either + lacked the necessary NSEC records or contained duplicate NSEC records + when both wildcard expansion and CNAME chaining were required to + prepare the response. This has been fixed. :gl:`#2759`