New Features
~~~~~~~~~~~~
-- Add support for User Statically Defined Tracing (USDT) probes - static tracing
- points for user-level software. This allows a fine-grained application
- tracing with zero-overhead when the probes are not enabled. :gl:`#4041`
+- Support for User Statically Defined Tracing (USDT) probes has been
+ added. These probes enable fine-grained application tracing and
+ introduce no overhead when they are not enabled. :gl:`#4041`
Removed Features
~~~~~~~~~~~~~~~~
-- The :any:`dnssec-must-be-secure` option has been deprecated and will be
- removed in a future release. :gl:`#4263`
+- The :any:`dnssec-must-be-secure` option has been deprecated and will
+ be removed in a future release. :gl:`#4263`
Feature Changes
~~~~~~~~~~~~~~~
-- Make :iscman:`nsupdate` honor the ``-v`` option for SOA queries, that is send
- the request over TCP, only if the server is specified. :gl:`#1181`
+- If the ``server`` command is specified, :iscman:`nsupdate` now honors
+ the :option:`nsupdate -v` option for SOA queries by sending both the
+ UPDATE request and the initial query over TCP. :gl:`#1181`
-- Extend client side support for the EDNS EXPIRE option to IXFR and
- AXFR query types. ``named`` will now be making EDNS queries AXFR
- and IXFR queries with EDNS options present. :gl:`#4170`
+- The client-side support of the EDNS EXPIRE option has been expanded to
+ include IXFR and AXFR query types. This enhancement enables
+ :iscman:`named` to perform AXFR and IXFR queries while incorporating
+ the EDNS EXPIRE option. :gl:`#4170`
-- Compiling with jemalloc versions older than 4.0.0 is no longer supported;
- those versions do not provide the features required by current BIND 9
- releases. :gl:`#4296`
+- Compiling with jemalloc versions older than 4.0.0 is no longer
+ supported; those versions do not provide the features required by
+ current BIND 9 releases. :gl:`#4296`
Bug Fixes
~~~~~~~~~
-- The value of If-Modified-Since header in statistics channel was not checked
- for length leading to possible buffer overflow by an authorized user. We
- would like to emphasize that statistics channel must be properly setup to
- allow access only from authorized users of the system. :gl:`#4124`
+- The value of the If-Modified-Since header in the statistics channel
+ was not being correctly validated for its length, potentially allowing
+ an authorized user to trigger a buffer overflow. Ensuring the
+ statistics channel is configured correctly to grant access exclusively
+ to authorized users is essential (see the :any:`statistics-channels`
+ block definition and usage section). :gl:`#4124`
- This issue was reported independently by Eric Sesterhenn of X41 D-SEC and
- Cameron Whitehead.
+ This issue was reported independently by Eric Sesterhenn of X41 D-Sec
+ GmbH and Cameron Whitehead.
-- The value of Content-Length header in statistics channel was not
- bound checked and negative or large enough value could lead to
- overflow and assertion failure. :gl:`#4125`
+- The Content-Length header in the statistics channel was lacking proper
+ bounds checking. A negative or excessively large value could
+ potentially trigger an integer overflow and result in an assertion
+ failure. :gl:`#4125`
- This issue was reported by Eric Sesterhenn of X41 D-SEC.
+ This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
-- Address memory leaks due to not clearing OpenSSL error stack. :gl:`#4159`
+- Several memory leaks caused by not clearing the OpenSSL error stack
+ were fixed. :gl:`#4159`
- This issue was reported by Eric Sesterhenn of X41 D-SEC.
+ This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
-- Following the introduction of krb5-subdomain-self-rhs and
- ms-subdomain-self-rhs update rules, removal of nonexistent PTR
- and SRV records via UPDATE could fail. This has been fixed. :gl:`#4280`
+- The introduction of ``krb5-subdomain-self-rhs`` and
+ ``ms-subdomain-self-rhs`` UPDATE policies accidentally caused
+ :iscman:`named` to return SERVFAIL responses to deletion requests for
+ non-existent PTR and SRV records. This has been fixed. :gl:`#4280`
-- The value of :any:`stale-refresh-time` was set to zero after ``rndc flush``.
- This has been fixed. :gl:`#4278`
+- The :any:`stale-refresh-time` feature was mistakenly disabled when the
+ server cache was flushed by :option:`rndc flush`. This has been fixed.
+ :gl:`#4278`
-- BIND could consume more memory than it needs. That has been fixed by
- using specialised jemalloc memory arenas dedicated to sending buffers. It
- allowed us to optimize the process of returning memory pages back to
- the operating system. :gl:`#4038`
+- BIND's memory consumption has been improved by implementing dedicated
+ jemalloc memory arenas for sending buffers. This optimization ensures
+ that memory usage is more efficient and better manages the return of
+ memory pages to the operating system. :gl:`#4038`
Known Issues
~~~~~~~~~~~~
projects / thirdparty / bind9.git / commitdiff
