mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-06 23:40:25 -05:00
2f37ab1dac
Intertwining release notes from different BIND releases in a single XML file has caused confusion in the past due to different (and often arbitrary) approaches to keeping/removing release notes from older releases on different BIND branches. Divide doc/arm/notes.xml into per-version sections to simplify determining the set of changes introduced by a given release and to make adding/reviewing release notes less error-prone.
125 lines
4.8 KiB
XML
125 lines
4.8 KiB
XML
<!--
|
|
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
-
|
|
- This Source Code Form is subject to the terms of the Mozilla Public
|
|
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
-
|
|
- See the COPYRIGHT file distributed with this work for additional
|
|
- information regarding copyright ownership.
|
|
-->
|
|
|
|
<section xml:id="relnotes-9.15.3"><info><title>Notes for BIND 9.15.3</title></info>
|
|
|
|
<section xml:id="relnotes-9.15.3-new"><info><title>New Features</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Statistics channel groups are now toggleable. [GL #1030]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section xml:id="relnotes-9.15.3-removed"><info><title>Removed Features</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
DNSSEC Lookaside Validation (DLV) is now obsolete.
|
|
The <command>dnssec-lookaside</command> option has been
|
|
marked as deprecated; when used in <filename>named.conf</filename>,
|
|
it will generate a warning but will otherwise be ignored.
|
|
All code enabling the use of lookaside validation has been removed
|
|
from the validator, <command>delv</command>, and the DNSSEC tools.
|
|
[GL #7]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section xml:id="relnotes-9.15.3-changes"><info><title>Feature Changes</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added and
|
|
made default. Old non-default HMAC-SHA based DNS Cookie algorithms
|
|
have been removed, and only the default AES algorithm is being kept
|
|
for legacy reasons. This change doesn't have any operational impact
|
|
in most common scenarios. [GL #605]
|
|
</para>
|
|
<para>
|
|
If you are running multiple DNS Servers (different versions of BIND 9
|
|
or DNS server from multiple vendors) responding from the same IP
|
|
address (anycast or load-balancing scenarios), you'll have to make
|
|
sure that all the servers are configured with the same DNS Cookie
|
|
algorithm and same Server Secret for the best performance.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The information from the <command>dnssec-signzone</command> and
|
|
<command>dnssec-verify</command> commands is now printed to standard
|
|
output. The standard error output is only used to print warnings and
|
|
errors, and in case the user requests the signed zone to be printed to
|
|
standard output with <command>-f -</command> option. A new
|
|
configuration option <command>-q</command> has been added to silence
|
|
all output on standard output except for the name of the signed zone.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
DS records included in DNS referral messages can now be validated
|
|
and cached immediately, reducing the number of queries needed for
|
|
a DNSSEC validation. [GL #964]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section xml:id="relnotes-9.15.3-bugs"><info><title>Bug Fixes</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Cache database statistics counters could report invalid values
|
|
when stale answers were enabled, because of a bug in counter
|
|
maintenance when cache data becomes stale. The statistics counters
|
|
have been corrected to report the number of RRsets for each
|
|
RR type that are active, stale but still potentially served,
|
|
or stale and marked for deletion. [GL #602]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
|
|
cause unexpected results; this has been fixed. [GL #1106]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named-checkconf</command> now checks DNS64 prefixes
|
|
to ensure bits 64-71 are zero. [GL #1159]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named-checkconf</command> now correctly reports a missing
|
|
<command>dnstap-output</command> option when
|
|
<command>dnstap</command> is set. [GL #1136]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Handle ETIMEDOUT error on connect() with a non-blocking
|
|
socket. [GL #1133]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>dig</command> now correctly expands the IPv6 address
|
|
when run with <command>+expandaaaa +short</command>. [GL #1152]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
</section>
|