Opened 3 years ago

Closed 3 years ago

#10936 closed enhancement (fixed)

bind bind9-9.13.2

Reported by: Bruce Dubbs Owned by: thomas
Priority: normal Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by thomas)

Changes in 9.13.2:

  1. [cleanup] dns_rdataslab_tordataset() and its related

dns_rdatasetmethods_t callbacks were removed as they were not being used by anything in BIND. [GL #371]

  1. [func] When built on Linux, BIND now requires the libcap

library to set process privileges, unless capability support is explicitly overridden with "configure --disable-linux-caps". [GL #321]

  1. [func] Add a new slave zone option, "mirror", to enable

serving a non-authoritative copy of a zone that is subject to DNSSEC validation before being used. For now, this option is only meant to facilitate deployment of an RFC 7706-style local copy of the root zone. [GL #33]

  1. [bug] Improve handling of very large incremental

zone transfers to prevent journal corruption. [GL #339]

  1. [func] Add the ability to not return a DNS COOKIE option

when one is present in the request (answer-cookie no;). [GL #173]

  1. [cleanup] Return FORMERR if the question section is empty

and no COOKIE option is present; this restores older behavior except in the newly specified COOKIE case. [GL #260]

  1. [bug] Fix race in cmsg buffer usage in socket code.

[GL #180]

  1. [bug] Named-checkconf failed to detect bad in-view targets.

[GL #288]

  1. [placeholder]
  1. [test] Fix error handling and resolver configuration in the

"rpz" system test. [GL #312]

  1. [func] When starting up, log the same details that

would be reported by 'named -V'. [GL #247]

  1. [bug] Log the label with invalid prefix length correctly

when loading RPZ zones. [GL #254]

  1. [bug] The server cookie computation for sha1 and sha256 did

not match the method described in RFC 7873. [GL #356]

  1. [bug] Restore default rrset-order to random. [GL #336]
  1. [func] verifyzone() and the functions it uses were moved to

libdns and refactored to prevent exit() from being called upon failure. A side effect of that is that dnssec-signzone and dnssec-verify now check for memory leaks upon shutdown. [GL #266]

  1. [func] Declare the 'rdata' argument for dns_rdata_tostruct()

to be const. [GL #341]

  1. [bug] dnssec-signzone and dnssec-verify did not treat records

below a DNAME as out-of-zone data. [GL #298]

  1. [func] Add QNAME minimization option to resolver. [GL #16]
  1. [cleanup] Refactor zone logging functions. [GL #269]

Change History (4)

comment:1 by thomas, 3 years ago

Owner: changed from blfs-book to thomas
Status: newassigned

comment:2 by thomas, 3 years ago

"... BIND can also be built without capability support by using configure --disable-linux-caps, at the cost of some loss of security. ..."

Because of security, i'd like to make libcap "recommended" and add a not about --disable-linux-caps to disable

comment:3 by Bruce Dubbs, 3 years ago

Seems reasonable. I think this is just for the server though. I don't think it affects the bind-utilities page.

comment:4 by thomas, 3 years ago

Description: modified (diff)
Resolution: fixed
Status: assignedclosed

Fixed in r20234

Note: See TracTickets for help on using tickets.