+++ /dev/null
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-
-<section xml:id="relnotes-9.17.2"><info><title>Notes for BIND 9.17.2</title></info>
-
- <section xml:id="relnotes-9.17.2-security"><info><title>Security Fixes</title></info>
- <itemizedlist>
- <listitem>
- <para>
- A bug in dnstap initialization could prevent some dnstap data from
- being logged, especially on recursive resolvers. [GL #1795]
- </para>
- </listitem>
- </itemizedlist>
- </section>
-
- <section xml:id="relnotes-9.17.2-known"><info><title>Known Issues</title></info>
- <itemizedlist>
- <listitem>
- <para>
- In this release, the build system has been significantly changed (see
- below), and there's number of unresolved issues that you need to be
- aware of if you are using a development release. Please refer to
- GitLab issue #4 https://gitlab.isc.org/isc-projects/bind9/-/issues/4
- for a list of not yet resolved issues that will be fixed in the
- following releases.
- </para>
- <para>
- BIND crashes on startup when linked against libuv 1.36. This issue is
- related to recvmmsg() support in libuv which was first included in
- libuv 1.35. The problem was addressed in libuv 1.37, but the relevant
- libuv code change requires a special flag to be set during library
- initialization in order for recvmmsg() support to be enabled. This
- BIND release sets that special flag when required, so recvmmsg()
- support is now enabled when BIND is compiled against either libuv 1.35
- or libuv 1.37+; libuv 1.36 is still not usable with BIND. [GL #1761]
- [GL #1797]
- </para>
- </listitem>
- </itemizedlist>
- </section>
-
- <section xml:id="relnotes-9.17.2-new"><info><title>New Features</title></info>
- <itemizedlist>
- <listitem>
- <para>
- The BIND 9 build system has been changed to use the normal build tool
- stack consisting of autoconf+automake+libtool. This should not make
- any difference for people building BIND 9 from the release tarballs,
- but if you are building BIND 9 from the git repository you will need
- to run "autoreconf -fi" first. If you are using non-standard
- <command>./configure</command> option, you will
- need to pay extra attention. [GL #4]
- </para>
- </listitem>
- <listitem>
- <para>
- The native PKCS#11 EdDSA implementation has been updated to PKCS#11
- v3.0 and thus made operational again. Contributed by Aaron Thompson.
- [GL !3326]
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenSSL ECDSA implementation has been updated to support PKCS#11
- via OpenSSL engine (see engine_pkcs11 from libp11 project). [GL #1534]
- </para>
- </listitem>
- <listitem>
- <para>
- The OpenSSL EdDSA implementation has been updated to support PKCS#11
- via OpenSSL engine. Please note that you need EdDSA capable OpenSSL
- engine and there's only proof-of-concept as of this moment.
- Contributed by Aaron Thompson. [GL #1763]
- </para>
- </listitem>
- <listitem>
- <para>
- Added a new logging category "rpz-passthru", it allows RPZ passthru
- actions to be logged into a separate channel. [GL #54]
- </para>
- </listitem>
- <listitem>
- <para>
- The zone timers are now exported to the statistics channel. For the
- primary zones, only the loaded time is exported. For the secondary
- zones, the exported timers also include expire and refresh times.
- Contributed by Paul Frieden, Verizon Media. [GL #1232]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>dig</command> and other tools can now print the Extended
- DNS Error (EDE) option when it appears in a request or response.
- [GL #1834]
- </para>
- </listitem>
- </itemizedlist>
- </section>
-
- <section xml:id="relnotes-9.17.2-changes"><info><title>Feature Changes</title></info>
- <itemizedlist>
- <listitem>
- <para>
- The default rwlock implementation has been changed back to the native
- BIND 9 rwlock implementation. [GL #1753]
- </para>
- </listitem>
- <listitem>
- <para>
- Message ids in inbound AXFR transfers are now checked for
- consistency. Streams with inconsistent message ids are rejected.
- [GL #1674]
- </para>
- </listitem>
- <listitem>
- <para>
- BIND 9 no longer sets the recv and send buffer sizes for sockets, relying
- on system defaults instead. [GL #1713]
- </para>
- </listitem>
- </itemizedlist>
- </section>
-
- <section xml:id="relnotes-9.17.2-bugs"><info><title>Bug Fixes</title></info>
- <itemizedlist>
- <listitem>
- <para>
- When running on a system with Linux capabilities support,
- <command>named</command> drops root privileges very soon after system
- startup. This was causing a spurious log message, <quote>unable to set
- effective uid to 0: Operation not permitted</quote>, which has now been
- silenced. [GL #1042] [GL #1090]
- </para>
- </listitem>
- </itemizedlist>
- </section>
-
-</section>
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
-.. _relnotes_security:
-
-Security Fixes
---------------
-
-- None.
-
-.. _relnotes_features:
-
-New Features
-------------
-
-- The new ``add-soa`` option specifies whether or not the
- ``response-policy`` zone's SOA record should be included in the
- additional section of RPZ responses. [GL #865]
-
-.. _relnotes_removed:
-
-Removed Features
-----------------
-
-- The ``dnssec-enable`` option has been deprecated and no longer has
- any effect. DNSSEC responses are always enabled if signatures and
- other DNSSEC data are present. [GL #866]
-
-.. _relnotes_changes:
-
-Feature Changes
----------------
-
-- None.
-
-.. _relnotes_bugs:
-
-Bug Fixes
----------
-
-- The ``allow-update`` and ``allow-update-forwarding`` options were
- inadvertently treated as configuration errors when used at the
- ``options`` or ``view`` level. This has now been corrected. [GL #913]
-
+.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.17.1.rst
.. include:: ../notes/notes-9.17.0.rst
--- /dev/null
+..
+ Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+
+ This Source Code Form is subject to the terms of the Mozilla Public
+ License, v. 2.0. If a copy of the MPL was not distributed with this
+ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ See the COPYRIGHT file distributed with this work for additional
+ information regarding copyright ownership.
+
+Notes for BIND 9.17.2
+---------------------
+
+Security Fixes
+~~~~~~~~~~~~~~
+
+- None.
+
+Known Issues
+~~~~~~~~~~~~
+
+- In this release, the build system has been significantly changed (see
+ below), and there is a number of unresolved issues to be aware of
+ when using a development release. Please refer to `GitLab issue #4`_
+ for a list of not yet resolved issues that will be fixed in the
+ following releases. [GL #4]
+
+.. _GitLab issue #4: https://gitlab.isc.org/isc-projects/bind9/-/issues/4
+
+- BIND crashes on startup when linked against libuv 1.36. This issue
+ is related to ``recvmmsg()`` support in libuv which was first
+ included in libuv 1.35. The problem was addressed in libuv 1.37, but
+ the relevant libuv code change requires a special flag to be set
+ during library initialization in order for ``recvmmsg()`` support to
+ be enabled. This BIND release sets that special flag when required,
+ so ``recvmmsg()`` support is now enabled when BIND is compiled
+ against either libuv 1.35 or libuv 1.37+; libuv 1.36 is still not
+ usable with BIND. [GL #1761] [GL #1797]
+
+New Features
+~~~~~~~~~~~~
+
+- The BIND 9 build system has been changed to use a typical
+ autoconf+automake+libtool stack. This should not make any difference
+ for people building BIND 9 from release tarballs, but when building
+ BIND 9 from the Git repository, ``autoreconf -fi`` needs to be run
+ first. Extra attention is also needed when using non-standard
+ ``./configure`` options. [GL #4]
+
+- Added a new logging category ``rpz-passthru`` which allows RPZ
+ passthru actions to be logged into a separate channel. [GL #54]
+
+- Zone timers are now exported via statistics channel. For primary
+ zones, only the load time is exported. For secondary zones, exported
+ timers also include expire and refresh times. Contributed by Paul
+ Frieden, Verizon Media. [GL #1232]
+
+- ``dig`` and other tools can now print the Extended DNS Error (EDE)
+ option when it appears in a request or response. [GL #1834]
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- BIND 9 no longer sets receive/send buffer sizes for UDP sockets,
+ relying on system defaults instead. [GL #1713]
+
+- The default rwlock implementation has been changed back to the native
+ BIND 9 rwlock implementation. [GL #1753]
+
+- The native PKCS#11 EdDSA implementation has been updated to PKCS#11
+ v3.0 and thus made operational again. Contributed by Aaron Thompson.
+ [GL !3326]
+
+- The OpenSSL ECDSA implementation has been updated to support PKCS#11
+ via OpenSSL engine (see engine_pkcs11 from libp11 project). [GL
+ #1534]
+
+- The OpenSSL EdDSA implementation has been updated to support PKCS#11
+ via OpenSSL engine. Please note that an EdDSA-capable OpenSSL engine
+ is required and thus this code is only a proof-of-concept for the
+ time being. Contributed by Aaron Thompson. [GL #1763]
+
+- Message IDs in inbound AXFR transfers are now checked for
+ consistency. Log messages are emitted for streams with inconsistent
+ message IDs. [GL #1674]
+
+Bug Fixes
+~~~~~~~~~
+
+- A bug in dnstap initialization could prevent some dnstap data from
+ being logged, especially on recursive resolvers. [GL #1795]
+
+- When running on a system with support for Linux capabilities,
+ ``named`` drops root privileges very soon after system startup. This
+ was causing a spurious log message, *unable to set effective uid to
+ 0: Operation not permitted*, which has now been silenced. [GL #1042]
+ [GL #1090]
+
+- When ``named-checkconf -z`` was run, it would sometimes incorrectly
+ set its exit code. It reflected the status of the last view found; if
+ zone-loading errors were found in earlier configured views but not in
+ the last one, the exit code indicated success. Thanks to Graham
+ Clinch. [GL #1807]
+
+- When built without LMDB support, ``named`` failed to restart after a
+ zone with a double quote (") in its name was added with ``rndc
+ addzone``. Thanks to Alberto Fernández. [GL #1695]
./doc/arm/logging-categories.rst RST 2020
./doc/arm/managed-keys.rst RST 2020
./doc/arm/manpages.rst RST 2020
-./doc/arm/notes-9.17.2.xml SGML 2020
./doc/arm/notes.rst RST 2020
./doc/arm/pkcs11.rst RST 2020
./doc/arm/plugins.rst RST 2020
./doc/misc/stub.zoneopt X 2018,2019,2020
./doc/notes/notes-9.17.0.rst RST 2020
./doc/notes/notes-9.17.1.rst RST 2020
+./doc/notes/notes-current.rst RST 2020
./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020
projects / thirdparty / bind9.git / commitdiff
