From: Petr Špaček Date: Thu, 4 Sep 2025 06:19:27 +0000 (+0200) Subject: Prepare release notes for BIND 9.21.12 X-Git-Tag: v9.21.12~1^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e8fe3b4f00ac70902e6222c517a70b822350c85;p=thirdparty%2Fbind9.git Prepare release notes for BIND 9.21.12 --- diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 25c1f5e84ea..9a5a74633ca 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -47,6 +47,7 @@ The list of known issues affecting the latest version in the 9.21 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.21 +.. include:: ../notes/notes-9.21.12.rst .. include:: ../notes/notes-9.21.11.rst .. include:: ../notes/notes-9.21.10.rst .. include:: ../notes/notes-9.21.9.rst diff --git a/doc/notes/notes-9.21.12.rst b/doc/notes/notes-9.21.12.rst new file mode 100644 index 00000000000..ea15c81a532 --- /dev/null +++ b/doc/notes/notes-9.21.12.rst @@ -0,0 +1,93 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.21.12 +---------------------- + +New Features +~~~~~~~~~~~~ + +- Add manual mode configuration option to dnsec-policy. + + Add a new option ``manual-mode`` to :any:`dnssec-policy`. The intended + use is that if it is enabled, it will not automatically move to the + next state transition, but instead the transition is logged. Only + after manual confirmation with ``rndc dnssec -step`` the transition is + made. :gl:`#4606` + +- Add a new 'servfail-until-ready' configuration option for RPZ. + + By default, when :iscman:`named` is started it may start answering to + queries before the response policy zones are completely loaded and + processed. This new feature gives an option to the users to tell + :iscman:`named` that incoming requests should result in SERVFAIL + answer until all the response policy zones are processed and ready. + Note that if one or more response policy zones fail to load, + :iscman:`named` starts responding to queries according to those zones + that did load. :gl:`#5222` + +- Support for parsing HHIT and BRID records has been added. + + :gl:`#5444` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Deprecate the "tkey-gssapi-credential" statement. + + The :any:`tkey-gssapi-keytab` statement allows GSS-TSIG to be set up + in a simpler and more reliable way than using the + :any:`tkey-gssapi-credential` statement and setting environment + variables (e.g. ``KRB5_KTNAME``). Therefore, the + :any:`tkey-gssapi-credential` statement has been deprecated; + :any:`tkey-gssapi-keytab` should be used instead. + + For configurations currently using a combination of both + :any:`tkey-gssapi-keytab` *and* :any:`tkey-gssapi-credential`, the + latter should be dropped and the keytab pointed to by + :any:`tkey-gssapi-keytab` should now only contain the credential + previously specified by :any:`tkey-gssapi-credential`. :gl:`#4204` + +- Obsolete the "tkey-domain" statement. + + Mark the ``tkey-domain`` statement as obsolete, since it has not had + any effect on server behavior since support for TKEY Mode 2 + (Diffie-Hellman) was removed (in BIND 9.20.0). :gl:`#4204` + +Bug Fixes +~~~~~~~~~ + +- Prevent spurious SERVFAILs for certain 0-TTL resource records. + + Under certain circumstances, BIND 9 can return SERVFAIL when updating + existing entries in the cache with new NS, A, AAAA, or DS records with + 0-TTL. :gl:`#5294` + +- Batch minor meson fixes. + + This MR fixes various meson issues that are found after the first + meson release and are too small to have a MR on their own. :gl:`#5379` + +- RPZ canonical warning displays zone entry incorrectly. + + When an IPv6 rpz prefix entry is entered incorrectly the log message + was just displaying the prefix rather than the full entry. This has + been corrected. :gl:`#5491` + +- Fix a catalog zone issue when having an unset 'default-primaries' + configuration clause. + + A catalog zone with an unset ``default-primaries`` clause could cause + an unexpected termination of the :iscman:`named` process after two + reloading or reconfiguration commands. This has been fixed. + :gl:`#5494` + +