-5711. [bug] "map" files exceeding 2GB in size could fail to
- load due to a size comparison that incorrectly
- treated the file size as a signed integer. [GL #2878]
+5711. [bug] "map" files exceeding 2GB in size failed to load due to
+ a size comparison that incorrectly treated the file size
+ as a signed integer. [GL #2878]
-5710. [port] win32: incorrect parentheses resulted in incorrect
- sizeof tests being used to pick correct Windows
- atomic operations for the object's size. [GL #2891]
+5710. [port] win32: incorrect parentheses resulted in the wrong
+ sizeof() tests being used to pick the appropriate
+ Windows atomic operations for the object's size.
+ [GL #2891]
5709. [cleanup] Enum values throughout the code have been updated
- to use "primary" and "secondary" terminology.
- [GL #1944]
-
-5708. [bug] The thread-local isc_tid_v variable hasn't been properly
- initialized when running BIND 9 as a Windows Service
- leading to out-of-bounds access. [GL #2837]
-
-5705. [bug] Change #5686 altered the internal memory structure
- of zone databases, but neglected to update the
- MAPAPI value for map-format zone files. This caused
- named to attempt to load incompatible map files,
- triggering an assertion failure on startup. [GL #2872]
-
-5704. [bug] TCP keepalive settings were not being applied
- correctly. [GL #1927]
+ to use the terms "primary" and "secondary" instead of
+ "master" and "slave", respectively. [GL #1944]
+
+5708. [bug] The thread-local isc_tid_v variable was not properly
+ initialized when running BIND 9 as a Windows Service,
+ leading to a crash on startup. [GL #2837]
+
+5705. [bug] Change #5686 altered the internal memory structure of
+ zone databases, but neglected to update the MAPAPI value
+ for zone files in "map" format. This caused named to
+ attempt to load incompatible map files, triggering an
+ assertion failure on startup. The MAPAPI value has now
+ been updated, so named rejects outdated files when
+ encountering them. [GL #2872]
+
+5704. [bug] Change #5317 caused the EDNS TCP Keepalive option to be
+ ignored inadvertently in client requests. It has now
+ been fixed and this option is handled properly again.
+ [GL #1927]
5701. [bug] named-checkconf failed to detect syntactically invalid
- key names. [GL #2461]
+ values of the "key" and "tls" parameters used to define
+ members of remote server lists. [GL #2461]
-5700. [bug] Journals were not being removed when a catalog zone
- was removed. [GL #2842]
+5700. [bug] When a member zone was removed from a catalog zone,
+ journal files for the former were not deleted.
+ [GL #2842]
-5699. [func] Grow and shrink dnssec-sign statistics on key rollover
+5699. [func] Data structures holding DNSSEC signing statistics are
+ now grown and shrunk as necessary upon key rollover
events. [GL #1721]
-5698. [bug] Migrate a single key to CSK when reconfiguring a zone
- to use 'dnssec-policy'. [GL #2857]
-
-5696. [protocol] Add support for HTTPS and SVCB record types. [GL #1132]
-
-5694. [bug] BIND looks up the deepest zone cut in cache in order
- to iterate a query. When this node is stale, it may
- bypass QNAME minimization. This has been fixed.
- [GL #2665]
-
-5691. [bug] 'rndc freeze' with in-view zones present would
- spuriously report failures. [GL #2844]
-
-5690. [func] Change "dnssec-signzone" to honor the Predecessor and
- Successor metadata values, and allow for gradual
- replacement of RRSIGs. In other words, don't sign
- with the successor key if there is an RRSIG from the
- predecessor key that does not need to be refreshed.
- [GL #1551]
+5698. [bug] When a DNSSEC-signed zone which only has a single
+ signing key available is migrated to use KASP, that key
+ is now treated as a Combined Signing Key (CSK).
+ [GL #2857]
+
+5696. [protocol] Support for HTTPS and SVCB record types has been added.
+ (This does not include ADDITIONAL section processing for
+ these record types, only basic support for RR type
+ parsing and printing.) [GL #1132]
+
+5694. [bug] Stale data in the cache could cause named to send
+ non-minimized queries despite QNAME minimization being
+ enabled. [GL #2665]
+
+5691. [bug] When a dynamic zone was made available in another view
+ using the "in-view" statement, running "rndc freeze"
+ always reported an "already frozen" error even though
+ the zone was successfully frozen. [GL #2844]
+
+5690. [func] dnssec-signzone now honors Predecessor and Successor
+ metadata found in private key files: if a signature for
+ an RRset generated by the inactive predecessor exists
+ and does not need to be replaced, no additional
+ signature is now created for that RRset using the
+ successor key. This enables dnssec-signzone to gradually
+ replace RRSIGs during a ZSK rollover. [GL #1551]
--- 9.16.20 released ---
projects / thirdparty / bind9.git / commitdiff
