upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 12:02:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
32812 commits 18 branches 854 tags 440 MiB
Commit graph

129 commits

Author SHA1 Message Date
Mark Andrews
65013e5c32 Add release note for [GL #2499] 
(cherry picked from commit 3d340ecfd2)
 2021-02-19 11:39:47 +11:00
Michał Kępień
f08646ea4d Set up release notes for BIND 9.16.13 2021-02-17 22:39:53 +01:00
Michał Kępień
84708ad977 Prepare release notes for BIND 9.16.12 2021-02-17 22:36:08 +01:00
Michał Kępień
996c9135ca Add release note for GL #2073 2021-02-17 22:36:08 +01:00
Michał Kępień
3bfc7756e4 Reorder release notes 2021-02-17 22:36:08 +01:00
Michał Kępień
70d8f9182c Tweak and reword release notes 2021-02-17 22:36:08 +01:00
Michał Kępień
dcf5204f7a Use :rfc:<number> references in release notes 2021-02-17 22:36:08 +01:00
Ondřej Surý
55e103dfe0 Add CHANGES and release note for GL #2354 2021-02-17 22:36:08 +01:00
Ondřej Surý
c1292e126f Add CHANGES and release notes for GL #2487 
(cherry picked from commit 6d442e9c04)
 2021-02-17 14:42:53 +01:00
Evan Hunt
df541c63c6 some release note corrections 
(cherry picked from commit 3126eb652d)
 2021-02-16 17:00:21 -08:00
Matthijs Mekking
e02ce9e833 Add notes and change entry for [#2434] 
This concludes the serve-stale improvements.

(cherry picked from commit ed8421693c)
 2021-02-08 16:09:36 +01:00
Mark Andrews
4bd8bcf236 Add release note entry 
(cherry picked from commit 1294918702)
 2021-02-03 16:32:43 +01:00
Matthijs Mekking
c0e98d8adb Add change and release note for [#2375] 
News worthy.

(cherry picked from commit 7947f7f9c6)
 2021-02-03 15:48:09 +01:00
Matthijs Mekking
4170288a91 Correctly initialize old key with state file 
The 'key_init()' function is used to initialize a state file for keys
that don't have one yet. This can happen if you are migrating from a
'auto-dnssec' or 'inline-signing' to a 'dnssec-policy' configuration.

It did not look at the "Inactive" and "Delete" timing metadata and so
old keys left behind in the key directory would also be considered as
a possible active key. This commit fixes this and now explicitly sets
the key goal to OMNIPRESENT for keys that have their "Active/Publish"
timing metadata in the past, but their "Inactive/Delete" timing
metadata in the future. If the "Inactive/Delete" timing metadata is
also in the past, the key goal is set to HIDDEN.

If the "Inactive/Delete" timing metadata is in the past, also the
key states are adjusted to either UNRETENTIVE or HIDDEN, depending on
how far in the past the metadata is set.

(cherry picked from commit 76cf72e65a)
 2021-02-03 08:42:32 +01:00
Diego Fronza
b89fc52cd1 Add documentation for stale-answer-client-timeout 
(cherry picked from commit 6ab9070457)
 2021-01-29 10:39:31 +01:00
Mark Andrews
4d08f4aa4f Add release note for [GL #2413] 
(cherry picked from commit 79fad620a2)
 2021-01-28 13:43:48 +11:00
Matthijs Mekking
56b0861049 Add notes and changes for [#2178] 
(cherry picked from commit 37d11f5be0)
 2021-01-26 15:04:30 +01:00
Evan Hunt
f5362ed135 CHANGES and release note 2021-01-26 12:38:32 +01:00
Ondřej Surý
88c098b467 Add CHANGES and release note for GL #2387 
(cherry picked from commit b30aaa3748)
 2021-01-25 15:28:09 +01:00
Michał Kępień
0847e40635 Set up release notes for BIND 9.16.12 2021-01-21 09:33:16 +01:00
Michał Kępień
2e8eb485e9 Prepare release notes for BIND 9.16.11 2021-01-21 09:11:54 +01:00
Michał Kępień
19bd23df6a Add release note for GL #2091 2021-01-21 09:11:54 +01:00
Michał Kępień
db3380e5ee Reorder release notes 2021-01-21 09:11:54 +01:00
Michał Kępień
9396f3ef13 Tweak and reword release notes 2021-01-21 09:11:54 +01:00
Michał Kępień
d17c8903cf Restore release note for GL #2245 2021-01-21 09:11:54 +01:00
Matthijs Mekking
4d48df7f97 Update serve-stale config defaults 
Change the serve-stale configuration defaults so that they match the
recommendations from RFC 8767.

(cherry picked from commit e15a433b23)
 2021-01-15 10:38:30 +01:00
Evan Hunt
aa13408757 CHANGES, release note 
(cherry picked from commit 565f99f9e5)
 2021-01-12 15:21:14 +01:00
Matthijs Mekking
c4520620dc Fix signatures-validity config option 
KASP was using 'signatures-validity-dnskey' instead of
'signatures-validity'.

(cherry picked from commit ad63e9e4f8)
 2021-01-12 13:13:05 +01:00
Mark Andrews
5874c04d13 Add release note 
(cherry picked from commit 584e589d84)
 2021-01-06 16:33:32 +11:00
Matthijs Mekking
7fdd0f7be9 Add notes for [#2341] 
Mention the bugfix in the release.

(cherry picked from commit 08b6e8c2c9)
 2020-12-23 12:06:35 +01:00
Matthijs Mekking
decdd1d3e1 Add documentation and notes for [#1750] 
(cherry picked from commit 7825d8f916)
 2020-12-23 12:06:09 +01:00
Mark Andrews
b8c44c8e1f Add CHANGES and release notes for [GL #2245] 
(cherry picked from commit fc4af548e7)
 2020-12-23 09:26:50 +11:00
Ondřej Surý
66bb0a1e80 Add CHANGES and release notes for GL #2058 
(cherry picked from commit ba887a688c)
 2020-12-12 08:08:49 +01:00
Ondřej Surý
099fc1fdf8 Add CHANGES and release notes 2020-12-09 10:46:16 +01:00
Michał Kępień
a01961260d Prepare release notes for BIND 9.16.10 2020-12-09 10:46:16 +01:00
Michał Kępień
2ef1784b85 Reorder release notes 2020-12-09 10:45:49 +01:00
Michał Kępień
3f6f0b9f66 Tweak and reword release notes 2020-12-09 10:45:49 +01:00
Ondřej Surý
9d35c9b96d Add CHANGES and release not for GL #2250 
(cherry picked from commit c7d81f12f8)
 2020-12-02 12:02:10 +01:00
Mark Andrews
5c10b5a4e8 Adjust default value of "max-recursion-queries" 
Since the queries sent towards root and TLD servers are now included in
the count (as a result of the fix for CVE-2020-8616),
"max-recursion-queries" has a higher chance of being exceeded by
non-attack queries.  Increase its default value from 75 to 100.

(cherry picked from commit ab0bf49203)
 2020-12-02 00:53:49 +11:00
Mark Andrews
45719ff249 Add release note for [GL #2315] 
(cherry picked from commit 356243aaec)
 2020-12-01 23:29:43 +11:00
Mark Andrews
e98edb871d Add release note for [GL #2275] 
(cherry picked from commit d0dd71380b)
 2020-11-27 08:44:00 +11:00
Matthijs Mekking
6db879160f Detect NSEC3 salt collisions 
When generating a new salt, compare it with the previous NSEC3
paremeters to ensure the new parameters are different from the
previous ones.

This moves the salt generation call from 'bin/named/*.s' to
'lib/dns/zone.c'. When setting new NSEC3 parameters, you can set a new
function parameter 'resalt' to enforce a new salt to be generated. A
new salt will also be generated if 'salt' is set to NULL.

Logging salt with zone context can now be done with 'dnssec_log',
removing the need for 'dns_nsec3_log_salt'.

(cherry picked from commit 6b5d7357df)
 2020-11-26 14:15:05 +00:00
Matthijs Mekking
c993bc19a0 Add changes and notes for kasp NSEC3 support 
This feature is news worthy.

(cherry picked from commit 9adad77ac3)
 2020-11-26 14:15:03 +00:00
Michał Kępień
ce18f66336 Set up release notes for BIND 9.16.10 2020-11-26 12:30:25 +01:00
Michał Kępień
259bcc5cc2 Prepare release notes for BIND 9.16.9 2020-11-26 12:25:53 +01:00
Michał Kępień
d857435c02 Add release note for GL #2244 2020-11-26 12:25:53 +01:00
Michał Kępień
6a99a2f5e0 Add release note for GL #2236 2020-11-26 12:25:53 +01:00
Michał Kępień
9d847cb96b Add release note for GL #1736 2020-11-26 12:25:53 +01:00
Michał Kępień
10459b8151 Reorder release notes 2020-11-26 12:25:53 +01:00
Michał Kępień
51a5b64993 Tweak and reword release notes 2020-11-26 12:25:53 +01:00