Opened 9 years ago

Closed 9 years ago

#6592 closed enhancement (fixed)

bind9.10.2-P1 and BIND Utilities-9.10.2-P1

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.8
Component: BOOK Version: SVN
Severity: normal Keywords:


Release Notes for BIND Version 9.10.2-P1


   This document summarizes changes since BIND 9.10.2.

   BIND 9.10.2-P1 addresses several bugs that have been identified in the
   BIND 9.10 implementation of response-policy zones (RPZ). The bugs are
   in code which optimizes searching through multiple policy zones. In
   some cases, they can cause RPZ to behave inefficiently by searching for
   query matches in more policy zones than are strictly necessary, or to
   behave unpredictably by failing to search a policy zone that should
   have been searched. In the worst case, they can lead to assertion
   failures, terminating named.

   If you are using RPZ in BIND 9.10 in a production environment, and
   particularly if you have multiple policy zones, you should upgrade to
   BIND 9.10.2-P1. Otherwise, this upgrade is not urgent.


Security Fixes

     * None

New Features

     * None

Feature Changes

     * None

Bug Fixes

     * Asynchronous zone loads were not handled correctly when the zone
       load was already in progress; this could trigger a crash in zt.c.
       [RT #37573]
     * Several bugs have been fixed in the RPZ implementation:
          + Policy zones that did not specifically require recursion could
            be treated as if they did; consequently, setting
            qname-wait-recurse no; was sometimes ineffective. This has
            been corrected. In most configurations, behavioral changes due
            to this fix will not be noticeable. [RT #39229]
          + The server could crash if policy zones were updated (e.g. via
            rndc reload or an incoming zone transfer) while RPZ processing
            was still ongoing for an active query. [RT #39415]
          + On servers with one or more policy zones configured as slaves,
            if a policy zone updated during regular operation (rather than
            at startup) using a full zone reload, such as via AXFR, a bug
            could allow the RPZ summary data to fall out of sync,
            potentially leading to an assertion failure in rpz.c when
            further incremental updates were made to the zone, such as via
            IXFR. [RT #39567]
          + The server could match a shorter prefix than what was
            available in CLIENT-IP policy triggers, and so, an unexpected
            action could be taken. This has been corrected. [RT #39481]
          + The server could crash if a reload of an RPZ zone was
            initiated while another reload of the same zone was already in
            progress. [RT #39649]

Change History (4)

comment:1 by Fernando de Oliveira, 9 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by bdubbs@…, 9 years ago

Summary: bind-9.10.2-P1 and BIND Utilities-9.10.2-P1bind9.10.2-P1 and BIND Utilities-9.10.2-P1

comment:3 by Fernando de Oliveira, 9 years ago

Test results:

I:System test result summary:
I:       4 FAIL
I:      59 PASS
I:       5 SKIPPED
I:       7 UNTESTED


ecdsa masterformat reclimit tsiggss

First and second failed at a previous version.

Following sed (pronounced sed or essedee?), not tested in this version, should disable them, but will not include in the update, tomorrow. Just include -k and some tests fail for unknown reasons.

comment:4 by Fernando de Oliveira, 9 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r16112.

Note: See TracTickets for help on using tickets.