From: Michał Kępień Date: Thu, 3 Jul 2025 20:54:36 +0000 (+0200) Subject: Prepare release notes for BIND 9.21.10 X-Git-Tag: v9.21.10~1^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=beb5214586aacc8150eafa139f87d930cf69ce7f;p=thirdparty%2Fbind9.git Prepare release notes for BIND 9.21.10 --- diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 7b2b7883e3c..00c8d5f8ed3 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -47,6 +47,7 @@ The list of known issues affecting the latest version in the 9.21 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.21 +.. include:: ../notes/notes-9.21.10.rst .. include:: ../notes/notes-9.21.9.rst .. include:: ../notes/notes-9.21.8.rst .. include:: ../notes/notes-9.21.7.rst diff --git a/doc/notes/notes-9.21.10.rst b/doc/notes/notes-9.21.10.rst new file mode 100644 index 00000000000..063dfb0bdca --- /dev/null +++ b/doc/notes/notes-9.21.10.rst @@ -0,0 +1,80 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.21.10 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- [CVE-2025-40777] Fix a possible assertion failure when using the + 'stale-answer-client-timeout 0' option. + + In specific circumstances the :iscman:`named` resolver process could + terminate unexpectedly when stale answers were enabled and the + ``stale-answer-client-timeout 0`` configuration option was used. This + has been fixed. :gl:`#5372` + +New Features +~~~~~~~~~~~~ + +- "Add code paths to fully support PRIVATEDNS and PRIVATEOID keys" + + Added support for PRIVATEDNS and PRIVATEOID key usage. Added + PRIVATEOID test algorithms using the assigned OIDs for RSASHA256 and + RSASHA512. + + Added code to support proposed DS digest types that encode the + PRIVATEDNS and PRIVATEOID identifiers at the start of the digest field + of the DS record. This code is disabled by default. :gl:`#3240` + +- Add "named-makejournal" tool. + + The `named-makejournal` tool reads two zone files for the same domain, + compares them, and generates a journal file from the differences. + :gl:`#5164` + +- Add support to set and display the CO flag. + + Add support to display the CO (Compact denial of existence Ok flag) + when displaying messages. + + Add support to set the CO flag when making queries in dig (+coflag). + :gl:`#5319` + +Bug Fixes +~~~~~~~~~ + +- Fix the default interface-interval from 60s to 60m. + + When the interface-interval parser was changed from uint32 parser to + duration parser, the default value stayed at plain number `60` which + now means 60 seconds instead of 60 minutes. The documentation also + incorrectly states that the value is in minutes. That has been fixed. + :gl:`#5246` + +- Fix purge-keys bug when using views. + + Previously, when a DNSSEC key was purged by one zone view, other zone + views would return an error about missing key files. This has been + fixed. :gl:`#5315` + +- Use IPv6 queries in delv +ns. + + `delv +ns` invokes the same code to perform name resolution as + `named`, but it neglected to set up an IPv6 dispatch object first. + Consequently, it was behaving more like `named -4`. It now sets up + dispatch objects for both address families, and performs resolver + queries to both v4 and v6 addresses, except when one of the address + families has been suppressed by using `delv -4` or `delv -6`. + :gl:`#5352` + +