From: Witold Kręcicki <wpk@isc.org>
Date: Tue, 21 Jul 2020 12:56:45 +0000 (+0200)
Subject: Add CHANGES and release note for GL #2038
X-Git-Tag: v9.17.4~20^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94eda43ab28383c59df21280d6c06fc84260cc4f;p=thirdparty%2Fbind9.git

Add CHANGES and release note for GL #2038
---

diff --git a/CHANGES b/CHANGES
index 7bfcbc1ab32..05f3252f0d5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,7 @@
-5481.	[placeholder]
+5481.	[bug]		BIND 9 would fail to bind to IPv6 addresses in a
+			tentative state when a new IPv6 address was added to the
+			system, but the Duplicate Address Detection (DAD)
+			mechanism had not yet finished. [GL #2038]
 
 5480.	[placeholder]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index f315ffe6706..0480bcbf6b7 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -60,3 +60,12 @@ Bug Fixes
 - The introduction of KASP support broke whether the second field
   of sig-validity-interval was treated as days or hours. (Thanks to
   Tony Finch.) [GL !3735]
+
+- The IPv6 Duplicate Address Detection (DAD) mechanism could cause the operating
+  system to report the new IPv6 addresses to the applications via the
+  getifaddrs() API in a tentative (DAD not yet finished) or duplicate (DAD
+  failed) state. Such addresses cannot be bound by an application, and named
+  failed to listen on IPv6 addresses after the DAD mechanism finished. It is
+  possible to work around the issue by setting the IP_FREEBIND option on the
+  socket and trying to bind() to the IPv6 address again if the first bind() call
+  fails with EADDRNOTAVAIL. [GL #2038]