to recover from them. [GL #2600]
5612. [bug] Continued refactoring of the network manager:
- - allow recovery from read and connect timeout events
+ - allow recovery from read and connect timeout events,
- ensure that calls to isc_nm_*connect() always
return the connection status via a callback
function.
right after recursion for a client query finished.
[GL #2594]
-5609. [func] GSSAPI support no longer uses the ISC SPNEGO
- implementation. [GL #2607]
+5609. [func] The ISC implementation of SPNEGO was removed from BIND 9
+ source code. It was no longer necessary as all major
+ contemporary Kerberos/GSSAPI libraries include support
+ for SPNEGO. [GL #2607]
-5608. [bug] Dig now honors +retry=0 and +tries=1 when queries
- are sent over TCP (+tcp) and the remote server closes
- the connection prematurely. [GL #2490]
+5608. [bug] When sending queries over TCP, dig now properly handles
+ "+tries=1 +retry=0" by not retrying the connection when
+ the remote server closes the connection prematurely.
+ [GL #2490]
-5607. [bug] Rekey after 'rndc dnssec -checkds' or 'rndc dnssec
- -rollover' command is received, because such a command
- may influence the next key event. [GL #2488]
+5607. [bug] As "rndc dnssec -checkds" and "rndc dnssec -rollover"
+ commands may affect the next scheduled key event,
+ reconfiguration of zone keys is now triggered after
+ receiving either of these commands to prevent
+ unnecessary key rollover delays. [GL #2488]
-5606. [bug] CDS/CDNSKEY DELETE records were not removed when a zone
- transitioned from secure to insecure. "named-checkzone"
- should not complain if such records exist in an
- unsigned zone. [GL #2517]
+5606. [bug] CDS/CDNSKEY DELETE records are now removed when a zone
+ transitions from a secure to an insecure state.
+ named-checkzone also no longer reports an error when
+ such records are found in an unsigned zone. [GL #2517]
-5605. [bug] "dig -u" now uses CLOCK_REALTIME for more accurate
- time reporting. [GL #2592]
+5605. [bug] "dig -u" now uses the CLOCK_REALTIME clock source for
+ more accurate time reporting. [GL #2592]
5604. [experimental] A "filter-a.so" plugin, which is similar to the
"filter-aaaa.so" plugin but which omits A records
instead of AAAA records, has been added. Thanks to
- '@treysis' (GitLab). [GL #2585]
+ GitLab user @treysis. [GL #2585]
5603. [placeholder]
-5602. [bug] Fix the TCPDNS and TLSDNS timers, so TCP initial
- and idle timers work correctly. [GL #2573]
+5602. [bug] Fix TCPDNS and TLSDNS timers in Network Manager. This
+ makes the "tcp-initial-timeout" and "tcp-idle-timeout"
+ options work correctly again. [GL #2583]
-5601. [bug] Dynamic zones with dnssec-policy could not be thawed
- because KASP zones were always considered dynamic;
- previously, dynamic KASP zones did not check whether
- updates were disabled. This has been fixed. [GL #2523]
+5601. [bug] Zones using KASP could not be thawed after they were
+ frozen using "rndc freeze". This has been fixed.
+ [GL #2523]
-5600. [bug] Load a certificate chain file so that the full chain is
- sent to DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH)
- clients that require full chain verification. [GL #2514]
+5600. [bug] Send a full certificate chain instead of just the leaf
+ certificate to DNS-over-TLS (DoT) and DNS-over-HTTPS
+ (DoH) clients. This makes BIND 9 DoT/DoH servers
+ compatible with a broader set of clients. [GL #2514]
-5599. [bug] Fix a crash when transferring a zone over TLS,
- after "named" previously skipped a master. [GL #2562]
+5599. [bug] Fix a named crash which occurred after skipping a
+ primary server while transferring a zone over TLS.
+ [GL #2562]
-5598. [port] Cast (char) to (unsigned char) when calling ctype
- tests. [GL #2567]
+5598. [port] Silence -Wchar-subscripts compiler warnings triggered on
+ some platforms due to calling character classification
+ functions declared in the <ctype.h> header with
+ arguments of type char. [GL #2567]
--- 9.17.11 released ---
projects / thirdparty / bind9.git / commitdiff
