that can be queried normally if allowed.
It is usually best to restrict those queries with something like
<span class="command"><strong>allow-query { localhost; };</strong></span>.
+ Note that zones using <span class="command"><strong>masterfile-format map</strong></span>
+ cannot be used as policy zones.
</p>
<p>
A <span class="command"><strong>response-policy</strong></span> option can support
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
</p></li>
+<li class="listitem"><p>
+ Incorrect reference counting could result in an INSIST
+ failure if a socket error occurred while performing a
+ lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
+ </p></li>
<li class="listitem"><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
could trigger an assertion failure. This flaw is disclosed
Negative trust anchors (NTAs) were incorrectly deleted
when the server was reloaded or reconfigured. [RT #41058]
</p></li>
+<li class="listitem"><p>
+ Zones configured to use <span class="command"><strong>map</strong></span> format
+ master files can't be used as policy zones because RPZ
+ summary data isn't compiled when such zones are mapped into
+ memory. This limitation may be fixed in a future release,
+ but in the meantime it has been documented, and attempting
+ to use such zones in <span class="command"><strong>response-policy</strong></span>
+ statements is now a configuration error. [RT #38321]
+ </p></li>
</ul></div>
</li>
</ul></div>
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
</p></li>
+<li class="listitem"><p>
+ Incorrect reference counting could result in an INSIST
+ failure if a socket error occurred while performing a
+ lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
+ </p></li>
<li class="listitem"><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
could trigger an assertion failure. This flaw is disclosed
Negative trust anchors (NTAs) were incorrectly deleted
when the server was reloaded or reconfigured. [RT #41058]
</p></li>
+<li class="listitem"><p>
+ Zones configured to use <span class="command"><strong>map</strong></span> format
+ master files can't be used as policy zones because RPZ
+ summary data isn't compiled when such zones are mapped into
+ memory. This limitation may be fixed in a future release,
+ but in the meantime it has been documented, and attempting
+ to use such zones in <span class="command"><strong>response-policy</strong></span>
+ statements is now a configuration error. [RT #38321]
+ </p></li>
</ul></div>
</li>
</ul></div>