Opened 15 months ago

Closed 14 months ago

Last modified 14 months ago

#15302 closed enhancement (fixed)

bind9 bind 9.16.19

Reported by: Douglas R. Reno Owned by: thomas
Priority: normal Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point versions of BIND and bind-utils

Change History (3)

comment:1 by thomas, 15 months ago

Owner: changed from blfs-book to thomas
Status: newassigned

--- 9.16.19 released ---

  1. [bug] A race condition could occur where two threads were

competing for the same set of key file locks, leading to a deadlock. This has been fixed. [GL #2786]

  1. [bug] create_keydata() created an invalid placeholder keydata

record upon a refresh failure, which prevented the database of managed keys from subsequently being read back. This has been fixed. [GL #2686]

  1. [func] KASP support was extended with the "check DS" feature.

Zones with "dnssec-policy" and "parental-agents" configured now check for DS presence and can perform automatic KSK rollovers. [GL #1126]

  1. [bug] Rescheduling a setnsec3param() task when a zone failed

to load on startup caused a hang on shutdown. This has been fixed. [GL #2791]

  1. [bug] The configuration-checking code failed to account for

the inheritance rules of the "dnssec-policy" option. This has been fixed. [GL #2780]

  1. [doc] The safe "edns-udp-size" value was tweaked to match the

probing value from BIND 9.16 for better compatibility. [GL #2183]

  1. [bug] If nsupdate sends an SOA request and receives a REFUSED

response, it now fails over to the next available server. [GL #2758]

  1. [func] For UDP messages larger than the path MTU, named now

sends an empty response with the TC (TrunCated) bit set. In addition, setting the DF (Don't Fragment) flag on outgoing UDP sockets was re-enabled. [GL #2790]

  1. [bug] Views with recursion disabled are now configured with a

default cache size of 2 MB unless "max-cache-size" is explicitly set. This prevents cache RBT hash tables from being needlessly preallocated for such views. [GL #2777]

  1. [bug] Change 5644 inadvertently introduced a deadlock: when

locking the key file mutex for each zone structure in a different view, the "in-view" logic was not considered. This has been fixed. [GL #2783]

  1. [bug] Increasing "max-cache-size" for a running named instance

(using "rndc reconfig") did not cause the hash tables used by cache databases to be grown accordingly. This has been fixed. [GL #2770]

  1. [bug] Signed, insecure delegation responses prepared by named

either lacked the necessary NSEC records or contained duplicate NSEC records when both wildcard expansion and CNAME chaining were required to prepare the response. This has been fixed. [GL #2759]

  1. [bug] A bug that caused the NSEC3 salt to be changed on every

restart for zones using KASP has been fixed. [GL #2725]

comment:2 by thomas, 14 months ago

Resolution: fixed
Status: assignedclosed

Fixed in [27a26c2121]

comment:3 by Bruce Dubbs, 14 months ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.