information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
+.. include:: ../notes/notes-known-issues.rst
+
.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.16.34.rst
.. include:: ../notes/notes-9.16.33.rst
Notes for BIND 9.16.0
---------------------
-*Note: this section only lists changes from BIND 9.14 (the previous
-stable branch of BIND).*
+.. note::
+
+ This section only lists changes from BIND 9.14 (the previous
+ stable branch of BIND).
New Features
~~~~~~~~~~~~
dispatch for reserved port") on some of them. There are currently no
plans to make such a combination of settings work again.
+- See :ref:`above <relnotes_known_issues>` for a list of all known
+ issues affecting this BIND 9 branch.
+
Feature Changes
~~~~~~~~~~~~~~~
- Building with native PKCS#11 support for AEP Keyper has been broken
since BIND 9.16.6. This has been fixed. :gl:`#2315`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
those releases were published, there have been no new reports of
assertion failures matching this issue, but also no further diagnostic
input, so we have closed the issue. :gl:`#2091`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- Performance of the DNSSEC verification code (used by
``dnssec-signzone``, ``dnssec-verify``, and mirror zones) has been
improved. :gl:`#2073`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- An invalid direction field (not one of ``N``, ``S``, ``E``, ``W``) in
a LOC record resulted in an INSIST failure when a zone file containing
such a record was loaded. :gl:`#2499`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- Previously, a memory leak could occur when ``named`` failed to bind a
UDP socket to a network interface. This has been fixed. :gl:`#2575`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- When generating zone signing keys, KASP now also checks for key ID
conflicts among newly created keys, rather than just between new and
existing ones. :gl:`#2628`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- A race condition could occur when reading and writing key files for
zones using KASP and configured in multiple views. This has been
fixed. :gl:`#1875`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
the code detecting ``key-directory`` conflicts for zones using KASP
incorrectly reported unique key directories as being reused. This has
been fixed. :gl:`#2778`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- A race condition could occur where two threads were competing for the
same set of key file locks, leading to a deadlock. This has been
fixed. :gl:`#2786`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- DNS rebinding protection was ineffective when BIND 9 is configured as
a forwarding DNS server. Found and responsibly reported by Tobias
- Klein.:gl:`#1574`
+ Klein. :gl:`#1574`
Known Issues
~~~~~~~~~~~~
used in the hash calculation). These are being investigated.
:gl:`#1685`
+- See :ref:`above <relnotes_known_issues>` for a list of all known
+ issues affecting this BIND 9 branch.
+
Feature Changes
~~~~~~~~~~~~~~~
- Authentication of ``rndc`` messages could fail if a ``controls``
statement was configured with multiple key algorithms for the same
listener. This has been fixed. :gl:`#2756`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
``in-view`` statement, running ``rndc freeze`` always reported an
``already frozen`` error even though the zone was successfully
frozen. This has been fixed. :gl:`#2844`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- When new IP addresses were set up by the operating system during
``named`` startup, it could fail to listen for TCP connections on the
newly added interfaces. :gl:`#2852`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- Reloading a catalog zone which referenced a missing/deleted member
zone triggered a runtime check failure, causing ``named`` to exit
prematurely. This has been fixed. :gl:`#2308`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
running ``rndc reconfig``, then bringing back the removed
``catalog-zone`` clause and running ``rndc reconfig`` again caused
``named`` to crash. This has been fixed. :gl:`#1608`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
contents after ``named`` restarted, if the unsigned zone file was
modified while ``named`` was not running. This has been fixed.
:gl:`#3071`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- Build errors were introduced in some DLZ modules due to an incomplete
change in the previous release. This has been fixed. :gl:`#3111`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
miscalculated in certain resolution scenarios, potentially causing the
value of the counter to drop below zero. This has been fixed.
:gl:`#3147`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- Handling of TCP write timeouts has been improved to track the timeout
for each TCP write separately, leading to a faster connection teardown
in case the other party is not reading the data. :gl:`#3200`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- Previously, CDS and CDNSKEY DELETE records were removed from the zone
when configured with the ``auto-dnssec maintain;`` option. This has
been fixed. :gl:`#2931`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
against either libuv 1.35 or libuv 1.37+; libuv 1.36 is still not
usable with BIND. :gl:`#1761` :gl:`#1797`
+- See :ref:`above <relnotes_known_issues>` for a list of all known
+ issues affecting this BIND 9 branch.
+
Feature Changes
~~~~~~~~~~~~~~~
ran, whether the metadata had changed or not. :iscman:`named` now
checks whether changes were applied before writing out the key files.
:gl:`#3302`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- :iscman:`named` could crash during a very rare situation that could
arise when validating a query which had timed out at that exact
moment. This has been fixed. :gl:`#3398`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- ``rndc dumpdb -expired`` was fixed to include
expired RRsets, even if ``stale-cache-enable`` is set to ``no`` and
the cache-cleaning time window has passed. :gl:`#3462`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
from cache for lookups that received duplicate queries or queries that
would be dropped. This bug resulted in premature SERVFAIL responses,
and has now been resolved. :gl:`#2982`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
will fail to start. For more details, see
https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
+- See :ref:`above <relnotes_known_issues>` for a list of all known
+ issues affecting this BIND 9 branch.
+
New Features
~~~~~~~~~~~~
of the current active key (the predecessor) was not changed and thus
never removed from the zone. :gl:`#1846`
-- ``named-checkconf -p`` could include spurious text in
- ``server-addresses`` statements due to an uninitialized DSCP value.
- This has been fixed. :gl:`#1812`
+- ``named-checkconf -p`` could include spurious text in
+ ``server-addresses`` statements due to an uninitialized DSCP value.
+ This has been fixed. :gl:`#1812`
- The ARM has been updated to indicate that the TSIG session key is
generated when named starts, regardless of whether it is needed.
:gl:`#1842`
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting
+ this BIND 9 branch.
+
.. _Read the Docs: https://bind9.readthedocs.io/
- The ``blackhole`` ACL was inadvertently disabled for client queries.
Blocked IP addresses were not used for upstream queries but queries
from those addresses could still be answered. :gl:`#1936`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- LMDB locking code was revised to make ``rndc reconfig`` work properly
on FreeBSD and with LMDB >= 0.9.26. :gl:`#1976`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- Several problems found by `OSS-Fuzz`_ were fixed. (None of these are
security issues.) :gl:`!3953` :gl:`!3975`
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
+
.. _OSS-Fuzz: https://github.com/google/oss-fuzz
- Updating contents of an RPZ zone which contained names spelled using
varying letter case could cause some processing rules in that RPZ zone
to be erroneously ignored. :gl:`#2169`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- ``UV_EOF`` is no longer treated as a ``TCP4RecvErr`` or a
``TCP6RecvErr``. :gl:`#2208`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
- None.
-Known Issues
-~~~~~~~~~~~~
-
-- None.
-
New Features
~~~~~~~~~~~~
- Fixed a crash that happens when you reconfigure a ``dnssec-policy``
zone that uses NSEC3 to enable ``inline-signing``. :gl:`#3591`
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+ <relnotes_known_issues>` for a list of all known issues affecting this
+ BIND 9 branch.
--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. _relnotes_known_issues:
+
+Known Issues
+------------
+
+- Upgrading from BIND 9.16.32 or any older version may require a manual
+ configuration change. The following configurations are affected:
+
+ - ``type primary`` zones configured with ``dnssec-policy`` but without
+ either ``allow-update`` or ``update-policy``,
+ - ``type secondary`` zones configured with ``dnssec-policy``.
+
+ In these cases please add ``inline-signing yes;`` to the individual
+ zone configuration(s). Without applying this change, :iscman:`named`
+ will fail to start. For more details, see
+ https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
+
+- BIND crashes on startup when linked against libuv 1.36. This issue is
+ related to ``recvmmsg()`` support in libuv, which was first included
+ in libuv 1.35. The problem was addressed in libuv 1.37, but the
+ relevant libuv code change requires a special flag to be set during
+ library initialization in order for ``recvmmsg()`` support to be
+ enabled. This BIND release sets that special flag when required, so
+ ``recvmmsg()`` support is now enabled when BIND is compiled against
+ either libuv 1.35 or libuv 1.37+; libuv 1.36 is still not usable with
+ BIND. :gl:`#1761` :gl:`#1797`
+
+- UDP network ports used for listening can no longer simultaneously be
+ used for sending traffic. An example configuration which triggers this
+ issue would be one which uses the same address:port pair for
+ ``listen-on(-v6)`` statements as for ``notify-source(-v6)`` or
+ ``transfer-source(-v6)``. While this issue affects all operating
+ systems, it only triggers log messages (e.g. "unable to create
+ dispatch for reserved port") on some of them. There are currently no
+ plans to make such a combination of settings work again.
projects / thirdparty / bind9.git / commitdiff
