upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/doc/notes/notes-9.16.10.rst
Michał Kępień 902e4482e0 Add a Sphinx role for linking GitLab issues/MRs 
Define a :gl: Sphinx role that takes a GitLab issue/MR number as an
argument and creates a hyperlink to the relevant ISC GitLab URL.  This
makes it easy to reach ISC GitLab pages directly from the release notes.

Make all GitLab references in the release notes use the new Sphinx role.

(cherry picked from commit 2fadf29e6b)
2021-04-29 13:35:05 +02:00

50 lines
1.8 KiB
ReStructuredText
Raw Blame History

..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.16.10
----------------------
New Features
~~~~~~~~~~~~
- NSEC3 support was added to KASP. A new option for ``dnssec-policy``,
``nsec3param``, can be used to set the desired NSEC3 parameters.
NSEC3 salt collisions are automatically prevented during resalting.
:gl:`#1620`
Feature Changes
~~~~~~~~~~~~~~~
- The default value of ``max-recursion-queries`` was increased from 75
to 100. Since the queries sent towards root and TLD servers are now
included in the count (as a result of the fix for CVE-2020-8616),
``max-recursion-queries`` has a higher chance of being exceeded by
non-attack queries, which is the main reason for increasing its
default value. :gl:`#2305`
- The default value of ``nocookie-udp-size`` was restored back to 4096
bytes. Since ``max-udp-size`` is the upper bound for
``nocookie-udp-size``, this change relieves the operator from having
to change ``nocookie-udp-size`` together with ``max-udp-size`` in
order to increase the default EDNS buffer size limit.
``nocookie-udp-size`` can still be set to a value lower than
``max-udp-size``, if desired. :gl:`#2250`
Bug Fixes
~~~~~~~~~
- Handling of missing DNS COOKIE responses over UDP was tightened by
falling back to TCP. :gl:`#2275`
- The CNAME synthesized from a DNAME was incorrectly followed when the
QTYPE was CNAME or ANY. :gl:`#2280`
- Building with native PKCS#11 support for AEP Keyper has been broken
since BIND 9.16.6. This has been fixed. :gl:`#2315`
Reference in a new issue View git blame Copy permalink