From 95e756518dd7c7de4197bba2ab3827e9d45eea9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 14:43:47 +0200 Subject: [PATCH 1/8] Prepare release notes for BIND 9.19.3 --- doc/arm/notes.rst | 2 +- doc/notes/{notes-current.rst => notes-9.19.3.rst} | 10 ---------- 2 files changed, 1 insertion(+), 11 deletions(-) rename doc/notes/{notes-current.rst => notes-9.19.3.rst} (96%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 3474046add..b1999b73d0 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -36,7 +36,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.3.rst .. include:: ../notes/notes-9.19.2.rst .. include:: ../notes/notes-9.19.1.rst .. include:: ../notes/notes-9.19.0.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.19.3.rst similarity index 96% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.19.3.rst index 29682896e0..a370b11164 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.19.3.rst @@ -12,16 +12,6 @@ Notes for BIND 9.19.3 --------------------- -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -Known Issues -~~~~~~~~~~~~ - -- None. - New Features ~~~~~~~~~~~~ From 3f040489a6023ca721e0eea0149e89f9463f3514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 14:43:47 +0200 Subject: [PATCH 2/8] Tweak and reword release notes --- doc/notes/notes-9.19.3.rst | 41 ++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/doc/notes/notes-9.19.3.rst b/doc/notes/notes-9.19.3.rst index a370b11164..68e8b076e7 100644 --- a/doc/notes/notes-9.19.3.rst +++ b/doc/notes/notes-9.19.3.rst @@ -15,10 +15,10 @@ Notes for BIND 9.19.3 New Features ~~~~~~~~~~~~ -- The new ``rndc fetchlimit`` command prints a list of name server - addresses that are currently rate-limited due to ``fetches-per-server`` - and domain names that are rate limited due to ``fetches-per-zone``. - :gl:`#665` +- A new command, :option:`rndc fetchlimit`, prints a list of name server + addresses that are currently rate-limited due to + :any:`fetches-per-server` and domain names that are rate-limited due + to :any:`fetches-per-zone`. :gl:`#665` Removed Features ~~~~~~~~~~~~~~~~ @@ -29,24 +29,27 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ -- The :option:`dnssec-signzone -H` default value has been changed to 0 additional - NSEC3 iterations. This change aligns the :iscman:`dnssec-signzone` default with - the default used by the :ref:`dnssec-policy ` feature. - At the same time, documentation about NSEC3 has been aligned with - `Best Current Practice - `__. - :gl:`#3395` +- The :option:`dnssec-signzone -H` default value has been changed to 0 + additional NSEC3 iterations. This change aligns the + :iscman:`dnssec-signzone` default with the default used by the + :any:`dnssec-policy` feature. At the same + time, documentation about NSEC3 has been aligned with the `Best + Current Practice`_. :gl:`#3395` + +.. _Best Current Practice: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10 Bug Fixes ~~~~~~~~~ -- It was possible for a catalog zone consumer to process a catalog zone member - zone when there was a configured pre-existing forward-only forward zone with - the same name. This has been fixed. :gl:`#2506`. +- It was possible for a catalog zone consumer to process a catalog zone + member zone when there was a configured pre-existing forward-only + forward zone with the same name. This has been fixed. :gl:`#2506` -- Fix the assertion failure caused by TCP connection closing between the - connect (or accept) and the read from the socket. :gl:`#3400` +- An assertion failure caused by a TCP connection closing between a + connect (or accept) and a read from a socket has been fixed. + :gl:`#3400` -- When grafting on non-delegated namespace, synth-from-dnssec could incorrectly - synthesise non-existance of records within the grafted in namespace using - NSEC records from higher zones. :gl:`#3402` +- When grafting non-delegated namespace onto delegated namespace, + :any:`synth-from-dnssec` could incorrectly synthesize non-existence of + records within the non-delegated namespace using NSEC records from + higher zones. :gl:`#3402` From 058a64d69a4397f545744925b585fafa9394f957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 14:43:47 +0200 Subject: [PATCH 3/8] Reorder release notes --- doc/notes/notes-9.19.3.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/notes/notes-9.19.3.rst b/doc/notes/notes-9.19.3.rst index 68e8b076e7..6eb139b30c 100644 --- a/doc/notes/notes-9.19.3.rst +++ b/doc/notes/notes-9.19.3.rst @@ -41,10 +41,6 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- It was possible for a catalog zone consumer to process a catalog zone - member zone when there was a configured pre-existing forward-only - forward zone with the same name. This has been fixed. :gl:`#2506` - - An assertion failure caused by a TCP connection closing between a connect (or accept) and a read from a socket has been fixed. :gl:`#3400` @@ -53,3 +49,7 @@ Bug Fixes :any:`synth-from-dnssec` could incorrectly synthesize non-existence of records within the non-delegated namespace using NSEC records from higher zones. :gl:`#3402` + +- It was possible for a catalog zone consumer to process a catalog zone + member zone when there was a configured pre-existing forward-only + forward zone with the same name. This has been fixed. :gl:`#2506` From d22094810bfba7cd692ee502a5d00abea932db6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 14:43:47 +0200 Subject: [PATCH 4/8] Restore release note for GL #3386 --- doc/notes/notes-9.19.3.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/notes/notes-9.19.3.rst b/doc/notes/notes-9.19.3.rst index 6eb139b30c..82d3ae9e46 100644 --- a/doc/notes/notes-9.19.3.rst +++ b/doc/notes/notes-9.19.3.rst @@ -29,6 +29,10 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ +- To reduce unnecessary memory consumption in the cache, NXDOMAIN + records are no longer retained past the normal negative cache TTL, + even if :any:`stale-cache-enable` is set to ``yes``. :gl:`#3386` + - The :option:`dnssec-signzone -H` default value has been changed to 0 additional NSEC3 iterations. This change aligns the :iscman:`dnssec-signzone` default with the default used by the From a01550d25f1dfc8feb23f9753281f867679d2771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 14:43:47 +0200 Subject: [PATCH 5/8] Add release note for GL #3152 --- doc/notes/notes-9.19.3.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/notes/notes-9.19.3.rst b/doc/notes/notes-9.19.3.rst index 82d3ae9e46..4ca8a9a7d5 100644 --- a/doc/notes/notes-9.19.3.rst +++ b/doc/notes/notes-9.19.3.rst @@ -54,6 +54,13 @@ Bug Fixes records within the non-delegated namespace using NSEC records from higher zones. :gl:`#3402` +- Previously, :iscman:`named` immediately returned a SERVFAIL response + to the client when it received a FORMERR response from an + authoritative server during recursive resolution. This has been fixed: + :iscman:`named` acting as a resolver now attempts to contact other + authoritative servers for a given domain when it receives a FORMERR + response from one of them. :gl:`#3152` + - It was possible for a catalog zone consumer to process a catalog zone member zone when there was a configured pre-existing forward-only forward zone with the same name. This has been fixed. :gl:`#2506` From 61f183af3dfca3cd6a13838ff7732052738c4b41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 14:43:47 +0200 Subject: [PATCH 6/8] Add release note for GL #3415 --- doc/notes/notes-9.19.3.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/notes/notes-9.19.3.rst b/doc/notes/notes-9.19.3.rst index 4ca8a9a7d5..941fe5f11d 100644 --- a/doc/notes/notes-9.19.3.rst +++ b/doc/notes/notes-9.19.3.rst @@ -61,6 +61,10 @@ Bug Fixes authoritative servers for a given domain when it receives a FORMERR response from one of them. :gl:`#3152` +- Previously, :option:`rndc reconfig` did not pick up changes to + :any:`endpoints` statements in :any:`http` blocks. This has been + fixed. :gl:`#3415` + - It was possible for a catalog zone consumer to process a catalog zone member zone when there was a configured pre-existing forward-only forward zone with the same name. This has been fixed. :gl:`#2506` From de3f82fedfaeb4940206ba0ce8b87f165e9c6272 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 15:20:57 +0200 Subject: [PATCH 7/8] Add a CHANGES marker --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index ba3506a109..2d3d7b7ac2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.19.3 released --- + 5919. [func] The "rndc fetchlimit" command lists name servers and domain names that are being rate-limited by "fetches-per-server" or "fetches-per-zone" limits. From c043bad469ae13a313e6bcb407c26b1856f07ee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 7 Jul 2022 15:20:57 +0200 Subject: [PATCH 8/8] Update BIND 9 version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 34ba0d21ee..334bbe4d62 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 19)dnl m4_define([bind_VERSION_PATCH], 3)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl