upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-29 09:59:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/doc/notes/notes-current.rst
Ondřej Surý 9d69ee740f Add CHANGES and release note for GL #1996
2020-08-05 12:57:58 +02:00

71 lines
2.7 KiB
ReStructuredText
Raw Blame History

..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.16.6
---------------------
Security Fixes
~~~~~~~~~~~~~~
- It was possible to trigger an assertion failure by sending a specially
crafted large TCP DNS message. This was disclosed in CVE-2020-8620.
ISC would like to thank Emanuel Almeida of Cisco Systems, Inc. for
bringing this vulnerability to our attention. [GL #1996]
Known Issues
~~~~~~~~~~~~
- None.
New Features
~~~~~~~~~~~~
- None.
- A new configuration option ``stale-cache-enable`` has been introduced to
enable or disable the keeping of stale answers in cache. [GL #1712]
Feature Changes
~~~~~~~~~~~~~~~
- BIND's cache database implementation has been updated to use a faster
hash-function with better distribution. In addition, the effective
max-cache-size (configured explicitly, defaulting to a value based on system
memory or set to 'unlimited') now pre-allocates fixed size hash tables. This
prevents interruption to query resolution when the hash tables need to be
increased in size. [GL #1775]
- The resource records received with 0 TTL are no longer kept in the cache
to be used for stale answers. [GL #1829]
Bug Fixes
~~~~~~~~~
- Addressed an error in recursive clients stats reporting.
There were occasions when an incoming query could trigger a prefetch for
some eligible rrset, and if the prefetch code were executed before recursion,
no increment in recursive clients stats would take place. Conversely,
when processing the answers, if the recursion code were executed before the
prefetch, the same counter would be decremented without a matching increment.
[GL #1719]
- The introduction of KASP support broke whether the second field
of sig-validity-interval was treated as days or hours. (Thanks to
Tony Finch.) [GL !3735]
- The IPv6 Duplicate Address Detection (DAD) mechanism could cause the operating
system to report the new IPv6 addresses to the applications via the
getifaddrs() API in a tentative (DAD not yet finished) or duplicate (DAD
failed) state. Such addresses cannot be bound by an application, and named
failed to listen on IPv6 addresses after the DAD mechanism finished. It is
possible to work around the issue by setting the IP_FREEBIND option on the
socket and trying to bind() to the IPv6 address again if the first bind() call
fails with EADDRNOTAVAIL. [GL #2038]
Reference in a new issue View git blame Copy permalink