5578. [protocol] Make "check-names" accept A records below "_spf",
- "_spf_rate" and "_spf_verify" labels in order to cater
+ "_spf_rate", and "_spf_verify" labels in order to cater
for the "exists" SPF mechanism specified in RFC 7208
- section 5.7. and appendix D. [GL #2377]
+ section 5.7 and appendix D.1. [GL #2377]
-5577. [bug] Fix the "three is a crowd" key rollover bug in
- dnssec-policy by correctly implementing Equation(2) of
- the "Flexible and Robust Key Rollover" paper. [GL #2375]
+5577. [bug] Fix the "three is a crowd" key rollover bug in KASP by
+ correctly implementing Equation (2) of the "Flexible and
+ Robust Key Rollover" paper. [GL #2375]
-5575. [bug] When migrating to dnssec-policy, BIND considered keys
- with the "Inactive" and/or "Delete" timing metadata as
+5575. [bug] When migrating to KASP, BIND 9 considered keys with the
+ "Inactive" and/or "Delete" timing metadata to be
possible active keys. This has been fixed. [GL #2406]
-5572. [bug] Address potential double free in generatexml.
+5572. [bug] Address potential double free in generatexml().
[GL #2420]
-5571. [bug] If a zone had a non-builtin named allow-update acl
- named failed to start. [GL #2413]
+5571. [bug] named failed to start when its configuration included a
+ zone with a non-builtin "allow-update" ACL attached.
+ [GL #2413]
-5570. [bug] Improve the performance of dnssec-verify by reducing
- the number of repeated calls to dns_dnssec_keyfromrdata.
- [GL #2073]
+5570. [bug] Improve performance of the DNSSEC verification code by
+ reducing the number of repeated calls to
+ dns_dnssec_keyfromrdata(). [GL #2073]
-5569. [bug] Emit useful error message when 'rndc retransfer' is
+5569. [bug] Emit useful error message when "rndc retransfer" is
applied to a zone of inappropriate type. [GL #2342]
5568. [bug] Fixed a crash in "dnssec-keyfromlabel" when using ECDSA
keys. [GL #2178]
5567. [bug] Dig now reports unknown dash options while pre-parsing
- the options. This prevents '-multi' instead of
- '+multi' reporting memory usage before ending option
- parsing on 'Invalid option: -lti'. [GL #2403]
+ the options. This prevents "-multi" instead of "+multi"
+ from reporting memory usage before ending option parsing
+ with "Invalid option: -lti". [GL #2403]
-5566. [func] Add "stale-answer-client-timeout" option, which
- is the amount of time a recursive resolver waits before
+5566. [func] Add "stale-answer-client-timeout" option, which is the
+ amount of time a recursive resolver waits before
attempting to answer the query using stale data from
cache. [GL #2247]
5562. [security] Fix off-by-one bug in ISC SPNEGO implementation.
(CVE-2020-8625) [GL #2354]
-5561. [bug] KASP incorrectly set signature validity to the value
- of the DNSKEY signature validity. This is now fixed.
+5561. [bug] KASP incorrectly set signature validity to the value of
+ the DNSKEY signature validity. This is now fixed.
[GL #2383]
5560. [func] The default value of "max-stale-ttl" has been changed
from 12 hours to 1 day and the default value of
- "stale-answer-ttl" has been changed from 1 second to
- 30 seconds, following RFC 8767 recommendations.
- [GL #2248]
+ "stale-answer-ttl" has been changed from 1 second to 30
+ seconds, following RFC 8767 recommendations. [GL #2248]
5456. [func] Added "primaries" as a synonym for "masters" in
named.conf, and "primary-only" as a synonym for
projects / thirdparty / bind9.git / commitdiff
