+5553. [bug] When reconfiguring named, removing "auto-dnssec"
+ actually did not turn off DNSSEC maintenance.
+ This has been fixed. [GL #2341]
+
+5552. [func] When switching to "dnssec-policy none;", named
+ now permits a safe transition to insecure mode
+ and publishes the CDS and CDNSKEY DELETE
+ records, as described in RFC 8078. [GL #1750]
+
5551. [bug] Only assign threads to CPUs in the CPU affinity set.
Thanks to Ole Bjørn Hessen. [GL #2245]
Feature Changes
~~~~~~~~~~~~~~~
-- ``ipv4only.arpa`` is now served when ``dns64`` is configured. [GL #385]
+- It is now possible to transition a zone from secure to insecure mode
+ without making it bogus in the process: changing to ``dnssec-policy
+ none;`` also causes CDS and CDNSKEY DELETE records to be published, to
+ signal that the entire DS RRset at the parent must be removed, as
+ described in RFC 8078. [GL #1750]
- When using the ``unixtime`` or ``date`` method to update the SOA
serial number, ``named`` and ``dnssec-signzone`` silently fell back to
projects / thirdparty / bind9.git / commitdiff
