Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#15064 closed enhancement (fixed)

bind9-9.16.16

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 3 years ago

--- 9.16.16 released ---

  1. [func] Change the default value of the "max-ixfr-ratio" option to "unlimited".
  1. [bug] named and named-checkconf did not report an error when multiple zones with the "dnssec-policy" option set were using the same zone file.
  1. [bug] Journal compaction could fail when a journal with invalid transaction headers was not detected at startup.

  1. [bug] If "dnssec-policy" was active and a private key file was temporarily offline during a rekey event, named could incorrectly introduce replacement keys and break a signed zone.

  1. [doc] The "inline-signing" option was incorrectly described as being inherited from the "options"/"view" levels and was incorrectly accepted at those levels without effect.

  1. [func] Add a new built-in KASP, "insecure", which is used to transition a zone from a signed to an unsigned state. The existing built-in KASP "none" should no longer be used to unsign a zone.

  1. [protocol] Update the implementation of the ZONEMD RR type to match RFC 8976.
  1. [func] Treat DNSSEC responses containing NSEC3 records with iteration counts greater than 150 as insecure.

  1. [func] Reduce the maximum supported number of NSEC3 iterations that can be configured for a zone to 150.
  1. [bug] RRSIG(SOA) RRsets placed anywhere other than at the zone apex were triggering infinite resigning loops.
  1. [bug] When generating zone signing keys, KASP now also checks for key ID conflicts among newly created keys, rather than just between new and existing ones.

  1. [bug] A deadlock could occur when multiple "rndc addzone", "rndc delzone", and/or "rndc modzone" commands were invoked simultaneously for different zones.
  1. [cleanup] The lib/samples/ directory has been removed, as export versions of libraries are no longer maintained.
  1. [protocol] Implement draft-vandijk-dnsop-nsec-ttl, updating the protocol such that NSEC(3) TTL values are set to the minimum of the SOA MINIMUM value or the SOA TTL.
  1. [bug] Change 5149 introduced some inconsistencies in the way record TTLs were presented in cache dumps.

comment:3 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: assignedclosed 
Fixed at d3ad4c0f91479af8364484994f18ee9f969c1cfa

Update to Test-Differences-0.68 (Perl module)
Update to bind9-9.16.16
Update to mesa-21.1.1
Update to pipewire-0.3.28
Update to libsigc++-2.10.7 and libsigc++-3.0.7
Update to glibmm-2.66.1

comment:4 by Bruce Dubbs, 3 years ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.