From: Michał Kępień Date: Thu, 4 Feb 2021 11:07:40 +0000 (+0100) Subject: Tweak and reword recent CHANGES entries X-Git-Tag: v9.16.12~1^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d94037568a6a4b021e4e22a7c2567d52d1512f4;p=thirdparty%2Fbind9.git Tweak and reword recent CHANGES entries --- diff --git a/CHANGES b/CHANGES index 151bae28654..cb158aeb228 100644 --- a/CHANGES +++ b/CHANGES @@ -1,39 +1,40 @@ 5578. [protocol] Make "check-names" accept A records below "_spf", - "_spf_rate" and "_spf_verify" labels in order to cater + "_spf_rate", and "_spf_verify" labels in order to cater for the "exists" SPF mechanism specified in RFC 7208 - section 5.7. and appendix D. [GL #2377] + section 5.7 and appendix D.1. [GL #2377] -5577. [bug] Fix the "three is a crowd" key rollover bug in - dnssec-policy by correctly implementing Equation(2) of - the "Flexible and Robust Key Rollover" paper. [GL #2375] +5577. [bug] Fix the "three is a crowd" key rollover bug in KASP by + correctly implementing Equation (2) of the "Flexible and + Robust Key Rollover" paper. [GL #2375] -5575. [bug] When migrating to dnssec-policy, BIND considered keys - with the "Inactive" and/or "Delete" timing metadata as +5575. [bug] When migrating to KASP, BIND 9 considered keys with the + "Inactive" and/or "Delete" timing metadata to be possible active keys. This has been fixed. [GL #2406] -5572. [bug] Address potential double free in generatexml. +5572. [bug] Address potential double free in generatexml(). [GL #2420] -5571. [bug] If a zone had a non-builtin named allow-update acl - named failed to start. [GL #2413] +5571. [bug] named failed to start when its configuration included a + zone with a non-builtin "allow-update" ACL attached. + [GL #2413] -5570. [bug] Improve the performance of dnssec-verify by reducing - the number of repeated calls to dns_dnssec_keyfromrdata. - [GL #2073] +5570. [bug] Improve performance of the DNSSEC verification code by + reducing the number of repeated calls to + dns_dnssec_keyfromrdata(). [GL #2073] -5569. [bug] Emit useful error message when 'rndc retransfer' is +5569. [bug] Emit useful error message when "rndc retransfer" is applied to a zone of inappropriate type. [GL #2342] 5568. [bug] Fixed a crash in "dnssec-keyfromlabel" when using ECDSA keys. [GL #2178] 5567. [bug] Dig now reports unknown dash options while pre-parsing - the options. This prevents '-multi' instead of - '+multi' reporting memory usage before ending option - parsing on 'Invalid option: -lti'. [GL #2403] + the options. This prevents "-multi" instead of "+multi" + from reporting memory usage before ending option parsing + with "Invalid option: -lti". [GL #2403] -5566. [func] Add "stale-answer-client-timeout" option, which - is the amount of time a recursive resolver waits before +5566. [func] Add "stale-answer-client-timeout" option, which is the + amount of time a recursive resolver waits before attempting to answer the query using stale data from cache. [GL #2247] @@ -44,15 +45,14 @@ 5562. [security] Fix off-by-one bug in ISC SPNEGO implementation. (CVE-2020-8625) [GL #2354] -5561. [bug] KASP incorrectly set signature validity to the value - of the DNSKEY signature validity. This is now fixed. +5561. [bug] KASP incorrectly set signature validity to the value of + the DNSKEY signature validity. This is now fixed. [GL #2383] 5560. [func] The default value of "max-stale-ttl" has been changed from 12 hours to 1 day and the default value of - "stale-answer-ttl" has been changed from 1 second to - 30 seconds, following RFC 8767 recommendations. - [GL #2248] + "stale-answer-ttl" has been changed from 1 second to 30 + seconds, following RFC 8767 recommendations. [GL #2248] 5456. [func] Added "primaries" as a synonym for "masters" in named.conf, and "primary-only" as a synonym for