+4993. [cleanup] Remove support for silently ignoring 'no-change' deltas
+ from BIND 8 when processing an IXFR stream. 'no-change'
+ deltas will now trigger a fallback to AXFR as the
+ recovery mechanism. [GL #369]
+
4992. [bug] The wrong address was being logged for trust anchor
telemetry queries. [GL #379]
abundance of caution. DNS COOKIE is an important security mechanism,
and should not be disabled unless absolutely necessary.
</para>
+ <para>
+ Remove support for silently ignoring 'no-change' deltas from
+ BIND 8 when processing an IXFR stream. 'no-change' deltas
+ will now trigger a fallback to AXFR as the recovery mechanism.
+ </para>
</listitem>
</itemizedlist>
</section>
* the "end" position in the header. The latter will
* be overwritten when new transactions are added.
*/
-/*%
- * When true, accept IXFR difference sequences where the
- * SOA serial number does not change (BIND 8 sends such
- * sequences).
- */
-static isc_boolean_t bind8_compat = ISC_TRUE; /* XXX config */
/**************************************************************************/
/*
j->filename, j->x.n_soa);
return (ISC_R_UNEXPECTED);
}
- if (! (DNS_SERIAL_GT(j->x.pos[1].serial, j->x.pos[0].serial) ||
- (bind8_compat &&
- j->x.pos[1].serial == j->x.pos[0].serial)))
- {
+ if (! DNS_SERIAL_GT(j->x.pos[1].serial, j->x.pos[0].serial)) {
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: malformed transaction: serial number "
- "would decrease", j->filename);
+ "did not increase", j->filename);
return (ISC_R_UNEXPECTED);
}
if (! JOURNAL_EMPTY(&j->header)) {
projects / thirdparty / bind9.git / commitdiff
