For details see:
https://downloads.isc.org/isc/bind9/9.20.11/doc/arm/html/notes.html#notes-for-bind-9-20-11
"Notes for BIND 9.20.11
Security Fixes
Fix a possible assertion failure when stale-answer-client-timeout is
set to 0.
In specific circumstances the named resolver process could exit with an
assertion failure when stale answers were enabled and the
stale-answer-client-timeout configuration option was set to 0. This has
been fixed. (CVE-2025-40777) [GL #5372]
New Features
Add support for the CO flag to dig.
Add support for Compact Denial of Existence to dig. This includes
showing the CO (Compact Answers OK) flag when displaying messages and
adding an option to set the CO flag when making queries (dig +coflag).
[GL #5319]
Bug Fixes
Correct the default interface-interval from 60s to 60m.
When the interface-interval parser was changed from a uint32 parser to
a duration parser, the default value stayed at plain number 60 which
now means 60 seconds instead of 60 minutes. The documentation also
incorrectly states that the value is in minutes. That has been fixed.
[GL #5246]
Fix a purge-keys bug when using multiple views of a zone.
Previously, when a DNSSEC key was purged by one zone view, other zone
views would return an error about missing key files. This has been
fixed. [GL #5315]
Use IPv6 queries in delv +ns.
delv +ns invokes the same code to perform name resolution as named, but
it neglected to set up an IPv6 dispatch object first. Consequently, it
was behaving more like named -4. It now sets up dispatch objects for
both address families, and performs resolver queries to both IPv4 and
IPv6 addresses, except when one of the address families has been
suppressed by using delv -4 or delv -6. [GL #5352]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / commit
