From: Andoni Duarte Pintado Date: Fri, 7 Mar 2025 19:38:43 +0000 (+0100) Subject: Prepare release notes for BIND 9.18.35 X-Git-Tag: v9.18.35~1^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6869f1e4d22f2d68882680651993d244e37359d;p=thirdparty%2Fbind9.git Prepare release notes for BIND 9.18.35 --- diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 3cbb9ae138f..0d0a366e32d 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -45,6 +45,7 @@ The list of known issues affecting the latest version in the 9.18 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.18 +.. include:: ../notes/notes-9.18.35.rst .. include:: ../notes/notes-9.18.34.rst .. include:: ../notes/notes-9.18.33.rst .. include:: ../notes/notes-9.18.32.rst diff --git a/doc/notes/notes-9.18.35.rst b/doc/notes/notes-9.18.35.rst new file mode 100644 index 00000000000..ddaf7b1dbc1 --- /dev/null +++ b/doc/notes/notes-9.18.35.rst @@ -0,0 +1,52 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.35 +---------------------- + +Bug Fixes +~~~~~~~~~ + +- Fix deferred validation of unsigned DS and DNSKEY records. + + When processing a query with the "checking disabled" bit set (CD=1), + `named` stores the unvalidated result in the cache, marked "pending". + When the same query is sent with CD=0, the cached data is validated, + and either accepted as an answer, or ejected from the cache as + invalid. This deferred validation was not attempted for DS and DNSKEY + records if they had no cached signatures, causing spurious validation + failures. We now complete the deferred validation in this scenario. + + Also, if deferred validation fails, we now re-query the data to find + out whether the zone has been corrected since the invalid data was + cached. :gl:`#5066` + +- Fix RPZ race condition during a reconfiguration. + + With RPZ in use, `named` could terminate unexpectedly because of a + race condition when a reconfiguration command was received using + `rndc`. This has been fixed. :gl:`#5146` + +- "CNAME and other data check" not applied to all types. + + An incorrect optimization caused "CNAME and other data" errors not to + be detected if certain types were at the same node as a CNAME. This + has been fixed. :gl:`#5150` + +- Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse. + + Previously, when parsing responses, named incorrectly rejected + responses without matching RRSIG records for NSEC/DS/NSEC3 records in + the authority section. This rejection, if appropriate, should have + been left for the validator to determine and has been fixed. + :gl:`#5185` + +