~~~~~~~~~~~~~~~~
- Dynamic updates that add and remove DNSKEY and NSEC3PARAM records no
- longer trigger key rollovers and denial of existence operations. This
- also means that the option :any:`dnssec-secure-to-insecure` has been
+ longer trigger key rollovers and denial-of-existence operations. This
+ also means that the :any:`dnssec-secure-to-insecure` option has been
obsoleted. :gl:`#3686`
Feature Changes
~~~~~~~~~~~~~~~
-- The NSEC3PARAM TTL was previously set to 0 and is now changed to be the same
- value as in the SOA MINIMUM field. :gl:`#3570`
+- The TTL of the NSEC3PARAM record for every NSEC3-signed zone was
+ previously set to 0. It is now changed to match the SOA MINIMUM value
+ for the given zone. :gl:`#3570`
-- A ``configure`` option ``--with-tuning`` has been removed. The compile-time
- settings that required different values based on "workload" have been either
- removed or a sensible default has been picked. :gl:`#3664`
+- The ``--with-tuning`` option for ``configure`` has been removed. Each
+ of the compile-time settings that required different values based on
+ the "workload" (which were previously affected by the value of the
+ ``--with-tuning`` option) has either been removed or changed to a
+ sensible default. :gl:`#3664`
-- The option :any:`auto-dnssec` is deprecated and will be removed in 9.19.
- Please migrate to :any:`dnssec-policy`. :gl:`#3667`
+- The :any:`auto-dnssec` option has been deprecated and will be removed
+ in a future BIND 9.19.x release. Please migrate to
+ :any:`dnssec-policy`. :gl:`#3667`
-- Remove setting the operating system limit (``coresize``, ``datasize``,
- ``files`` and ``stacksize``) from ``named.conf``. These options should be set
- from the operating system (``ulimit``) or from the process supervisor
- (e.g. ``systemd``). :gl:`#3676`
+- The ``coresize``, ``datasize``, ``files``, and ``stacksize`` options
+ have been removed. The limits these options set should be enforced
+ externally, either by manual configuration (e.g. using ``ulimit``) or
+ via the process supervisor (e.g. ``systemd``). :gl:`#3676`
-- On startup, ``named`` will set the current number of open files to maximum
- allowed by the operating system instead of trying to set it to unlimited
- which worked only very briefly on Linux 2.6.28 (and was causing performance
- problems and thus the change was reverted in the kernel). :gl:`#3676`
+- Setting alternate local addresses for inbound zone transfers has been
+ deprecated. The relevant options (:any:`alt-transfer-source`,
+ :any:`alt-transfer-source-v6`, and :any:`use-alt-transfer-source`)
+ will be removed in a future BIND 9.19.x release. :gl:`#3694`
+
+- On startup, :iscman:`named` now sets the limit on the number of open
+ files to the maximum allowed by the operating system, instead of
+ trying to set it to "unlimited". :gl:`#3676`
Bug Fixes
~~~~~~~~~
-- Increase the number of HTTP headers in the statistics channel from
- 10 to 100 to accomodate for some browsers that send more that 10
- headers by default. :gl:`#3670`
+- The number of HTTP headers allowed in requests sent to
+ :iscman:`named`'s statistics channel has been increased from 10 to
+ 100, to accommodate some browsers that send more than 10 headers
+ by default. :gl:`#3670`
-- Copy TLS identifier when setting up primaries for catalog member
- zones. :gl:`#3638`
+- TLS configuration for primary servers was not applied for zones that
+ were members of a catalog zone. This has been fixed. :gl:`#3638`
-- Fix an assertion failure in the statschannel caused by reading from the HTTP
- connection closed prematurely (connection error, shutdown). :gl:`#3693`
+- :iscman:`named` could crash due to an assertion failure when an HTTP
+ connection to the statistics channel was closed prematurely (due to a
+ connection error, shutdown, etc.). This has been fixed. :gl:`#3693`
- The ``zone <name>/<class>: final reference detached`` log message was
moved from the INFO log level to the DEBUG(1) log level to prevent the
- The new name compression code in BIND 9.19.7 was not compressing
names in zone transfers that should have been compressed, so zone
- transfers were larger than before. :gl:`#3706`
-
-- When a catalog zone is removed from the configuration, in some
- cases a dangling pointer could cause a :iscman:`named` process
- crash. This has been fixed. :gl:`#3683`
+ transfers were larger than before. This has been fixed. :gl:`#3706`
-- The ``named`` would wait for some outstanding recursing queries
- to finish before shutting down. This has been fixed. :gl:`#3183`
+- When a catalog zone was removed from the configuration, in some cases
+ a dangling pointer could cause the :iscman:`named` process to crash.
+ This has been fixed. :gl:`#3683`
-- When a zone is deleted from a server, an key management objects related to
- that zone would be kept in the memory and released only at the server
- shutdown. This could lead to constantly increasing memory usage for servers
- with a high zone churn. :gl:`#3727`
+- In certain cases, :iscman:`named` waited for the resolution of
+ outstanding recursive queries to finish before shutting down. This was
+ unintended and has been fixed. :gl:`#3183`
+- When a zone was deleted from a server, a key management object related
+ to that zone was inadvertently kept in memory and only released upon
+ shutdown. This could lead to constantly increasing memory use on
+ servers with a high rate of changes affecting the set of zones being
+ served. This has been fixed. :gl:`#3727`
Known Issues
~~~~~~~~~~~~