From: Michal Nowak Date: Thu, 6 Nov 2025 10:48:00 +0000 (+0100) Subject: Prepare release notes for BIND 9.21.15 X-Git-Tag: v9.21.15~1^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e69c343e91d3c9f4a1c9ed3f3094d60b6a1bd96f;p=thirdparty%2Fbind9.git Prepare release notes for BIND 9.21.15 --- diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 97300c407d4..28d6c092ef0 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -47,6 +47,7 @@ The list of known issues affecting the latest version in the 9.21 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.21 +.. include:: ../notes/notes-9.21.15.rst .. include:: ../notes/notes-9.21.14.rst .. include:: ../notes/notes-9.21.13.rst .. include:: ../notes/notes-9.21.12.rst diff --git a/doc/notes/notes-9.21.15.rst b/doc/notes/notes-9.21.15.rst new file mode 100644 index 00000000000..3c4d40c3301 --- /dev/null +++ b/doc/notes/notes-9.21.15.rst @@ -0,0 +1,131 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.21.15 +---------------------- + +New Features +~~~~~~~~~~~~ + +- New "rndc showconf" command. + + The new `rndc showconf` command prints the running server + configuration. There are three options: - `rndc showconf -user` + displays the user configuration (i.e., the contents of `named.conf`). + - `rndc showconf -builtin` displays the default settings, similar to + `named -H`. - `rndc showconf -effective` displays the effective + configuration. This is the merged combination of the `-user` and + `-builtin` configurations. :gl:`#1075` + +- "named-checkconf -b" dumps the built-in configuration. + + `named-checkconf` now supports the command line switch `-b`, which + prints the default built-in configuration used by `named`. When + `-b` is in use, other options are ignored. :gl:`#1326` + +- Add support for Extended DNS Error 24 (Invalid Data) + + Extended DNS Error 24 (Invalid Data) is returned when the server + cannot answer data for a zone it is configured for. This occurs + typically when an authoritative server does not have loaded the DB of + a configured zone, or a secondary server zone is expired. + + See RFC 8914 section 4.25. :gl:`#1836` + +- Named-checkconf -e prints the effective configuration. + + The new `named-checkconf -e` option prints the effective server + configuration, including all the default settings, that would result + from loading the specified configuration file into `named`. + :gl:`#2798` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Remove the "tkey-domain" statement. + + The previously deprecated ``tkey-domain`` statement has now been + removed. :gl:`#4204` + +- Remove the "tkey-gssapi-credential" statement. + + The previously deprecated ``tkey-gssapi-credential`` statement and all + code related to it have now been removed. :gl:`#4204` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Minimal meson version required is 1.3.0. + + The minimal required meson version is 1.3.0. + + Where distribution repositories don't provide meson 1.3.0 or newer, + meson from PyPI may be used instead. + +Bug Fixes +~~~~~~~~~ + +- Report when a zone reload is already in progress. + + If a zone reload was already in progress when `rndc reload ` was + run, the message returned was "zone reload queued", which was + technically correct, but it was identical to the message returned when + a reload was not in progress. Consequently, a user could issue two + reload commands without realizing that only one reload had actually + taken place. This has been addressed by changing the message returned + to "zone reload was already queued". :gl:`#5140` + +- Fix dnssec-keygen key collision checking for KEY rrtype keys. + + The :iscman:`dnssec-keygen` utility program failed to detect possible + Key ID collisions with the existing keys generated using the + non-default ``-T KEY`` option (e.g. for ``SIG(0)``). This has been + fixed. :gl:`#5506` + +- Fix shutdown INSIST in dns_dispatchmgr_getblackhole. + + Previously, `named` could trigger an assertion in + `dns_dispatchmgr_getblackhole` while shutting down. This has been + fixed. :gl:`#5525` + +- Dnssec-verify now uses exit code 1 when failing due to illegal + options. + + Previously, dnssec-verify exited with code 0 if the options could not + be parsed. This has been fixed. :gl:`#5574` + +- Prevent assertion failures of dig when server is specified before the + -b option. + + Previously, :iscman:`dig` could exit with an assertion failure when + the server was specified before the :option:`dig -b` option. This has + been fixed. :gl:`#5609` + +- Skip unsupported algorithms when looking for signing key. + + A mix of supported and unsupported DNSSEC algorithms in the same zone + could have caused validation failures. Ignore the DNSSEC keys with + unsupported algorithm when looking for the signing keys. :gl:`#5622` + +- Fix fuzzing builds. + + Previously fuzzing builds were broken due to some typos in the + `meson.build`. + +- Skip buffer allocations if not logging. + + Currently, during IXFR we allocate a 2KB buffer for IXFR change + logging regardless of the log level. This commit introduces an early + check on the log level in dns_diff_print to avoid this. + + Results in a speedup from 28% in the test case from issue #5442. + +