For details see:
https://downloads.isc.org/isc/bind9/9.11.19/RELEASE-NOTES-bind-9.11.19.html
"Security Fixes
To prevent exhaustion of server resources by a maliciously
configured domain, the number of recursive queries that can be
triggered by a request before aborting recursion has been further
limited. Root and top-level domain servers are no longer exempt from
the max-recursion-queries limit. Fetches for missing name server
address records are limited to 4 for any domain. This issue was
disclosed in CVE-2020-8616. [GL #1388]
Replaying a TSIG BADTIME response as a request could trigger
an assertion failure. This was disclosed in CVE-2020-8617. [GL
#1703]
Feature Changes
Message IDs in inbound AXFR transfers are now checked for
consistency. Log messages are emitted for streams with inconsistent
message IDs. [GL #1674]
Bug Fixes
When running on a system with support for Linux capabilities, named
drops root privileges very soon after system startup. This was
causing a spurious log message, "unable to set effective uid to 0:
Operation not permitted", which has now been silenced. [GL #1042]
[GL #1090]
When named-checkconf -z was run, it would sometimes incorrectly set
its exit code. It reflected the status of the last view found;
if zone-loading errors were found in earlier configured views but
not in the last one, the exit code indicated success. Thanks
to Graham Clinch. [GL #1807]
When built without LMDB support, named failed to restart after
a zone with a double quote (") in its name was added with rndc
addzone. Thanks to Alberto Fernández. [GL #1695]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>