diff --git a/CHANGES b/CHANGES index 3beb716547..1c31fcefd3 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,8 @@ compression is disabled in the non-improving case. [GL #3423] + --- 9.19.3 released --- + 5919. [func] The "rndc fetchlimit" command lists name servers and domain names that are being rate-limited by "fetches-per-server" or "fetches-per-zone" limits. diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 3474046add..9ad8bd03c4 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -37,6 +37,7 @@ https://www.isc.org/download/. There you will find additional information about each release, and source code. .. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.3.rst .. include:: ../notes/notes-9.19.2.rst .. include:: ../notes/notes-9.19.1.rst .. include:: ../notes/notes-9.19.0.rst diff --git a/doc/notes/notes-9.19.3.rst b/doc/notes/notes-9.19.3.rst new file mode 100644 index 0000000000..941fe5f11d --- /dev/null +++ b/doc/notes/notes-9.19.3.rst @@ -0,0 +1,70 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.19.3 +--------------------- + +New Features +~~~~~~~~~~~~ + +- A new command, :option:`rndc fetchlimit`, prints a list of name server + addresses that are currently rate-limited due to + :any:`fetches-per-server` and domain names that are rate-limited due + to :any:`fetches-per-zone`. :gl:`#665` + +Removed Features +~~~~~~~~~~~~~~~~ + +- The ``glue-cache`` *option* has been removed. The glue cache *feature* + still works and is now permanently *enabled*. :gl:`#2147` + +Feature Changes +~~~~~~~~~~~~~~~ + +- To reduce unnecessary memory consumption in the cache, NXDOMAIN + records are no longer retained past the normal negative cache TTL, + even if :any:`stale-cache-enable` is set to ``yes``. :gl:`#3386` + +- The :option:`dnssec-signzone -H` default value has been changed to 0 + additional NSEC3 iterations. This change aligns the + :iscman:`dnssec-signzone` default with the default used by the + :any:`dnssec-policy` feature. At the same + time, documentation about NSEC3 has been aligned with the `Best + Current Practice`_. :gl:`#3395` + +.. _Best Current Practice: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10 + +Bug Fixes +~~~~~~~~~ + +- An assertion failure caused by a TCP connection closing between a + connect (or accept) and a read from a socket has been fixed. + :gl:`#3400` + +- When grafting non-delegated namespace onto delegated namespace, + :any:`synth-from-dnssec` could incorrectly synthesize non-existence of + records within the non-delegated namespace using NSEC records from + higher zones. :gl:`#3402` + +- Previously, :iscman:`named` immediately returned a SERVFAIL response + to the client when it received a FORMERR response from an + authoritative server during recursive resolution. This has been fixed: + :iscman:`named` acting as a resolver now attempts to contact other + authoritative servers for a given domain when it receives a FORMERR + response from one of them. :gl:`#3152` + +- Previously, :option:`rndc reconfig` did not pick up changes to + :any:`endpoints` statements in :any:`http` blocks. This has been + fixed. :gl:`#3415` + +- It was possible for a catalog zone consumer to process a catalog zone + member zone when there was a configured pre-existing forward-only + forward zone with the same name. This has been fixed. :gl:`#2506`