Opened 7 years ago
Closed 7 years ago
#10936 closed enhancement (fixed)
bind bind9-9.13.2
| Reported by: | Bruce Dubbs | Owned by: | thomas |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.3 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
Changes in 9.13.2:
- [cleanup] dns_rdataslab_tordataset() and its related
dns_rdatasetmethods_t callbacks were removed as they were not being used by anything in BIND. [GL #371]
- [func] When built on Linux, BIND now requires the libcap
library to set process privileges, unless capability support is explicitly overridden with "configure --disable-linux-caps". [GL #321]
- [func] Add a new slave zone option, "mirror", to enable
serving a non-authoritative copy of a zone that is subject to DNSSEC validation before being used. For now, this option is only meant to facilitate deployment of an RFC 7706-style local copy of the root zone. [GL #33]
- [bug] Improve handling of very large incremental
zone transfers to prevent journal corruption. [GL #339]
- [func] Add the ability to not return a DNS COOKIE option
when one is present in the request (answer-cookie no;). [GL #173]
- [cleanup] Return FORMERR if the question section is empty
and no COOKIE option is present; this restores older behavior except in the newly specified COOKIE case. [GL #260]
- [bug] Fix race in cmsg buffer usage in socket code.
[GL #180]
- [bug] Named-checkconf failed to detect bad in-view targets.
[GL #288]
- [placeholder]
- [test] Fix error handling and resolver configuration in the
"rpz" system test. [GL #312]
- [func] When starting up, log the same details that
would be reported by 'named -V'. [GL #247]
- [bug] Log the label with invalid prefix length correctly
when loading RPZ zones. [GL #254]
- [bug] The server cookie computation for sha1 and sha256 did
not match the method described in RFC 7873. [GL #356]
- [bug] Restore default rrset-order to random. [GL #336]
- [func] verifyzone() and the functions it uses were moved to
libdns and refactored to prevent exit() from being called upon failure. A side effect of that is that dnssec-signzone and dnssec-verify now check for memory leaks upon shutdown. [GL #266]
- [func] Declare the 'rdata' argument for dns_rdata_tostruct()
to be const. [GL #341]
- [bug] dnssec-signzone and dnssec-verify did not treat records
below a DNAME as out-of-zone data. [GL #298]
- [func] Add QNAME minimization option to resolver. [GL #16]
- [cleanup] Refactor zone logging functions. [GL #269]
Change History (4)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
comment:3 by , 7 years ago
Seems reasonable. I think this is just for the server though. I don't think it affects the bind-utilities page.
comment:4 by , 7 years ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
Fixed in r20234
"... BIND can also be built without capability support by using configure --disable-linux-caps, at the cost of some loss of security. ..."
Because of security, i'd like to make libcap "recommended" and add a not about --disable-linux-caps to disable