Feature Changes
~~~~~~~~~~~~~~~
-- The SONAMEs for BIND 9 libraries now include the current BIND 9
- version number, in an effort to tightly couple internal libraries with
- a specific release. This change makes the BIND 9 release process both
- simpler and more consistent while also unequivocally preventing BIND 9
- binaries from silently loading wrong versions of shared libraries (or
- multiple versions of the same shared library) at startup. [GL #2387]
-
-- The default value of ``max-stale-ttl`` has been changed from 12 hours
- to 1 day and the default value of ``stale-answer-ttl`` has been
- changed from 1 second to 30 seconds, following :rfc:`8767`
- recommendations. [GL #2248]
-
- As part of an ongoing effort to use :rfc:`8499` terminology,
``primaries`` can now be used as a synonym for ``masters`` in
``named.conf``. Similarly, ``notify primary-only`` can now be used as
zonestatus`` now uses ``primary`` and ``secondary`` terminology.
[GL #1948]
+- The default value of ``max-stale-ttl`` has been changed from 12 hours
+ to 1 day and the default value of ``stale-answer-ttl`` has been
+ changed from 1 second to 30 seconds, following :rfc:`8767`
+ recommendations. [GL #2248]
+
+- The SONAMEs for BIND 9 libraries now include the current BIND 9
+ version number, in an effort to tightly couple internal libraries with
+ a specific release. This change makes the BIND 9 release process both
+ simpler and more consistent while also unequivocally preventing BIND 9
+ binaries from silently loading wrong versions of shared libraries (or
+ multiple versions of the same shared library) at startup. [GL #2387]
+
- When ``check-names`` is in effect, A records below an ``_spf``,
``_spf_rate``, or ``_spf_verify`` label (which are employed by the
``exists`` SPF mechanism defined in :rfc:`7208` section 5.7/appendix
Bug Fixes
~~~~~~~~~
-- KASP incorrectly set signature validity to the value of the DNSKEY
- signature validity. This has been fixed. [GL #2383]
+- ``named`` failed to start when its configuration included a zone with
+ a non-builtin ``allow-update`` ACL attached. [GL #2413]
- Previously, ``dnssec-keyfromlabel`` crashed when operating on an ECDSA
key. This has been fixed. [GL #2178]
-- ``named`` failed to start when its configuration included a zone with
- a non-builtin ``allow-update`` ACL attached. [GL #2413]
+- KASP incorrectly set signature validity to the value of the DNSKEY
+ signature validity. This has been fixed. [GL #2383]
- When migrating to KASP, BIND 9 considered keys with the ``Inactive``
and/or ``Delete`` timing metadata to be possible active keys. This has
projects / thirdparty / bind9.git / commitdiff
