mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-24 02:10:30 -05:00
130 lines
5 KiB
Text
130 lines
5 KiB
Text
4639. [bug] Fix a regression in --with-tuning reporting introduced
|
|
by change 4488. [RT #45396]
|
|
|
|
4638. [bug] Reloading or reconfiguring named could fail on
|
|
some platforms when LMDB was in use. [RT #45203]
|
|
|
|
4630. [bug] "dyndb" is dependent on dlopen existing / being
|
|
enabled. [RT #45291]
|
|
|
|
4625. [bug] Running "rndc addzone" and "rndc delzone" at close
|
|
to the same time could trigger a deadlock if using
|
|
LMDB. [RT #45209]
|
|
|
|
4619. [bug] Call isc_mem_put instead of isc_mem_free in
|
|
bin/named/server.c:setup_newzones. [RT #45202]
|
|
|
|
4618. [bug] Check isc_mem_strdup results in dns_view_setnewzones.
|
|
Add logging for lmdb call failures. [RT #45204]
|
|
|
|
4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure.
|
|
[RT #43601]
|
|
|
|
4531. [security] 'is_zone' was not being properly updated by redirect2
|
|
and subsequently preserved leading to an assertion
|
|
failure. (CVE-2016-9778) [RT #43837]
|
|
|
|
4520. [cleanup] Alphabetize more of the grammar when printing it
|
|
out. Fix unbalanced indenting. [RT #43755]
|
|
|
|
4471. [cleanup] Render client/query logging format consistent for
|
|
ease of log file parsing. (Note that this affects
|
|
"querylog" format: there is now an additional field
|
|
indicating the client object address.) [RT #43238]
|
|
|
|
4425. [bug] arpaname, dnstap-read and named-rrchecker were not
|
|
being installed into ${prefix}/bin. Tidy up
|
|
installation issues with CHANGE 4421. [RT #42910]
|
|
|
|
4348. [func] dnssec-keymgr: A new python-based DNSSEC key
|
|
management utility, which reads a policy definition
|
|
file and can create or update DNSSEC keys as needed
|
|
to ensure that a zone's keys match policy, roll over
|
|
correctly on schedule, etc. Thanks to Sebastian
|
|
Castro for assistance in development. [RT #39211]
|
|
|
|
4307. [bug] "dig +subnet" and "mdig +subnet" could send
|
|
incorrectly-formatted Client Subnet options
|
|
if the prefix length was not divisible by 8.
|
|
Also fixed a memory leak in "mdig". [RT #45178]
|
|
|
|
4303. [bug] "dig +subnet" was unable to send a prefix length of
|
|
zero, as it was incorrectly changed to 32 for v4
|
|
prefixes or 128 for v6 prefixes. In addition to
|
|
fixing this, "dig +subnet=0" has been added as a
|
|
short form for 0.0.0.0/0. The same changes have
|
|
also been made in "mdig". [RT #41553]
|
|
|
|
4300. [bug] A flag could be set in the wrong field when setting
|
|
up non-recursive queries; this could cause the
|
|
SERVFAIL cache to cache responses it shouldn't.
|
|
New querytrace logging has been added which
|
|
identified this error. [RT #41155]
|
|
|
|
4161. [test] Add JSON test for traffic size stats; also test
|
|
for consistency between "rndc stats" and the XML
|
|
and JSON statistics channel contents. [RT #38700]
|
|
|
|
4135. [cleanup] Log expired NTA at startup. [RT #39680]
|
|
|
|
4056. [bug] Expanded automatic testing of trust anchor
|
|
management and fixed several small bugs including
|
|
a memory leak and a possible loss of key state
|
|
information. [RT #38458]
|
|
|
|
3983. [bug] Change #3940 was incomplete: negative trust anchors
|
|
could be set to last up to a week, but the
|
|
"nta-lifetime" and "nta-recheck" options were
|
|
still limited to one day. [RT #37522]
|
|
|
|
3979. [bug] Negative trust anchor fetches were not properly
|
|
managed. [RT #37488]
|
|
|
|
3977. [cleanup] "rndc secroots" reported a "not found" error when
|
|
there were no negative trust anchors set. [RT #37506]
|
|
|
|
3949. [experimental] Experimental support for draft-andrews-edns1 by sending
|
|
EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
|
|
building). Add support for limiting the EDNS version
|
|
advertised to servers: server { edns-version 0; };
|
|
Log the EDNS version received in the query log.
|
|
[RT #35864]
|
|
|
|
3938. [func] Added quotas to be used in recursive resolvers
|
|
that are under high query load for names in zones
|
|
whose authoritative servers are nonresponsive or
|
|
are experiencing a denial of service attack.
|
|
|
|
- "fetches-per-server" limits the number of
|
|
simultaneous queries that can be sent to any
|
|
single authoritative server. The configured
|
|
value is a starting point; it is automatically
|
|
adjusted downward if the server is partially or
|
|
completely non-responsive. The algorithm used to
|
|
adjust the quota can be configured via the
|
|
"fetch-quota-params" option.
|
|
- "fetches-per-zone" limits the number of
|
|
simultaneous queries that can be sent for names
|
|
within a single domain. (Note: Unlike
|
|
"fetches-per-server", this value is not
|
|
self-tuning.)
|
|
- New stats counters have been added to count
|
|
queries spilled due to these quotas.
|
|
|
|
See the ARM for details of these options. [RT #37125]
|
|
|
|
3930. [bug] "rndc nta -r" could cause a server hang if the
|
|
NTA was not found. [RT #36909]
|
|
|
|
3920. [doc] Added doc for masterfile-style. [RT #36823]
|
|
|
|
3876. [bug] Improve efficiency of DLZ redirect zones by
|
|
suppressing unnecessary database lookups. [RT #35835]
|
|
|
|
3875. [cleanup] Clarify log message when unable to read private
|
|
key files. [RT #24702]
|
|
|
|
3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic
|
|
update and transaction support. Thanks to Marty
|
|
Lee for the contribution. [RT #35656]
|
|
|