- --- 9.14.5 released ---
+ --- 9.14.5 released ---
5277. [bug] Cache DB statistics could underflow when serve-stale
was in use, because of a bug in counter maintenance
referred to entries in the "bind9-bugs" RT database, which was not open to
the public. More recent entries use the form [GL #NNN] or, less often, [GL
!NNN], which, respectively, refer to issues or merge requests in the
-Gitlab database. Most of these are publically readable, unless they
-include information which is confidential or security senstive.
+Gitlab database. Most of these are publicly readable, unless they include
+information which is confidential or security senstive.
To look up a Gitlab issue by its number, use the URL https://
gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
.PP
\fB+[no]cmd\fR
.RS 4
-Toggles the printing of the initial comment in the output identifying the version of
+Toggles the printing of the initial comment in the output, identifying the version of
\fBdig\fR
-and the query options that have been applied\&. This comment is printed by default\&.
+and the query options that have been applied\&. This option always has global effect; it cannot be set globally and then overridden on a per\-lookup basis\&. The default is to print this comment\&.
.RE
.PP
\fB+[no]comments\fR
.RS 4
-Toggle the display of comment lines in the output\&. The default is to print comments\&.
+Toggles the display of some comment lines in the output, containing information about the packet header and OPT pseudosection, and the names of the response section\&. The default is to print these comments\&.
+.sp
+Other types of comments in the output are not affected by this option, but can be controlled using other command line switches\&. These include
+\fB+[no]cmd\fR,
+\fB+[no]question\fR,
+\fB+[no]stats\fR, and
+\fB+[no]rrcomments\fR\&.
.RE
.PP
\fB+[no]cookie\fR\fB[=####]\fR
.PP
\fB+[no]qr\fR
.RS 4
-Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
+Toggles the display of the query message as it is sent\&. By default, the query is not printed\&.
.RE
.PP
\fB+[no]question\fR
.RS 4
-Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
+Toggles the display of the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
.RE
.PP
\fB+[no]raflag\fR
.PP
\fB+[no]short\fR
.RS 4
-Provide a terse answer\&. The default is to print the answer in a verbose form\&.
+Provide a terse answer\&. The default is to print the answer in a verbose form\&. This option always has global effect; it cannot be set globally and then overridden on a per\-lookup basis\&.
.RE
.PP
\fB+[no]showsearch\fR
.PP
\fB+[no]stats\fR
.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics\&.
+Toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics as a comment after each lookup\&.
.RE
.PP
\fB+[no]subnet=addr[/prefix\-length]\fR
<dd>
<p>
Toggles the printing of the initial comment in the
- output identifying the version of <span class="command"><strong>dig</strong></span>
- and the query options that have been applied. This
- comment is printed by default.
+ output, identifying the version of <span class="command"><strong>dig</strong></span>
+ and the query options that have been applied. This option
+ always has global effect; it cannot be set globally
+ and then overridden on a per-lookup basis. The default
+ is to print this comment.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd>
<p>
- Toggle the display of comment lines in the output.
- The default is to print comments.
+ Toggles the display of some comment lines in the output,
+ containing information about the packet header and
+ OPT pseudosection, and the names of the response
+ section. The default is to print these comments.
+ </p>
+ <p>
+ Other types of comments in the output are not affected by
+ this option, but can be controlled using other command
+ line switches. These include <span class="command"><strong>+[no]cmd</strong></span>,
+ <span class="command"><strong>+[no]question</strong></span>,
+ <span class="command"><strong>+[no]stats</strong></span>, and
+ <span class="command"><strong>+[no]rrcomments</strong></span>.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd>
<p>
- Print [do not print] the query as it is sent. By
- default, the query is not printed.
+ Toggles the display of the query message as it is sent.
+ By default, the query is not printed.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd>
<p>
- Print [do not print] the question section of a query
+ Toggles the display of the question section of a query
when an answer is returned. The default is to print
the question section as a comment.
</p>
<dd>
<p>
Provide a terse answer. The default is to print the
- answer in a verbose form.
+ answer in a verbose form. This option always has global
+ effect; it cannot be set globally and then overridden on
+ a per-lookup basis.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd>
<p>
- This query option toggles the printing of statistics:
- when the query was made, the size of the reply and
- so on. The default behavior is to print the query
- statistics.
+ Toggles the printing of statistics: when the query was made,
+ the size of the reply and so on. The default behavior is to
+ print the query statistics as a comment after each lookup.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]subnet=addr[/prefix-length]</code></span></dt>
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 2019-04-25
+.\" Date: 2019-07-21
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
-.TH "NAMED\&.CONF" "5" "2019\-04\-25" "ISC" "BIND9"
+.TH "NAMED\&.CONF" "5" "2019\-07\-21" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
check\-wildcard \fIboolean\fR;
cleaning\-interval \fIinteger\fR;
clients\-per\-query \fIinteger\fR;
- cookie\-algorithm ( aes | sha1 | sha256 );
+ cookie\-algorithm ( aes | sha1 | sha256 | siphash24 );
cookie\-secret \fIstring\fR;
coresize ( default | unlimited | \fIsizeval\fR );
datasize ( default | unlimited | \fIsizeval\fR );
check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
- cookie-algorithm ( aes | sha1 | sha256 );<br>
+ cookie-algorithm ( aes | sha1 | sha256 | siphash24 );<br>
cookie-secret <em class="replaceable"><code>string</code></em>;<br>
coresize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
datasize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.14.4</p></div>
+<div><p class="releaseinfo">BIND Version 9.14.5</p></div>
<div><p class="copyright">Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.5</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.14.4</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.14.5</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
as a result of a zone update. [GL #513]
</p>
</li>
+<li class="listitem">
+ <p>
+ A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added.
+ [GL #605]
+ </p>
+ <p>
+ If you are running multiple DNS Servers (different versions of BIND 9
+ or DNS server from multiple vendors) responding from the same IP
+ address (anycast or load-balancing scenarios), you'll have to make
+ sure that all the servers are configured with the same DNS Cookie
+ algorithm and same Server Secret for the best performance.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ DS records included in DNS referral messages can now be validated
+ and cached immediately, reducing the number of queries needed for
+ a DNSSEC validation. [GL #964]
+ </p>
+ </li>
</ul></div>
</div>
to root priming queries; this has been corrected. [GL #1092]
</p>
</li>
+<li class="listitem">
+ <p>
+ Cache database statistics counters could report invalid values
+ when stale answers were enabled, because of a bug in counter
+ maintenance when cache data becomes stale. The statistics counters
+ have been corrected to report the number of RRsets for each
+ RR type that are active, stale but still potentially served,
+ or stale and marked for deletion. [GL #602]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
+ cause unexpected results; this has been fixed. [GL #1106]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named-checkconf</strong></span> now checks DNS64 prefixes
+ to ensure bits 64-71 are zero. [GL #1159]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named-checkconf</strong></span> could crash during
+ configuration if configured to use "geoip continent" ACLs with
+ legacy GeoIP. [GL #1163]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named-checkconf</strong></span> now correctly reports missing
+ <span class="command"><strong>dnstap-output</strong></span> option when
+ <span class="command"><strong>dnstap</strong></span> is set. [GL #1136]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Handle ETIMEDOUT error on connect() with a non-blocking
+ socket. [GL #1133]
+ </p>
+ </li>
</ul></div>
</div>
-Release Notes for BIND Version 9.14.4
+Release Notes for BIND Version 9.14.5
Introduction
maintenance, as opposed to having been generated as a result of a zone
update. [GL #513]
+ * A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added.
+ [GL #605]
+
+ If you are running multiple DNS Servers (different versions of BIND 9
+ or DNS server from multiple vendors) responding from the same IP
+ address (anycast or load-balancing scenarios), you'll have to make
+ sure that all the servers are configured with the same DNS Cookie
+ algorithm and same Server Secret for the best performance.
+
+ * DS records included in DNS referral messages can now be validated and
+ cached immediately, reducing the number of queries needed for a DNSSEC
+ validation. [GL #964]
+
Bug Fixes
* When qname-minimization was set to relaxed, some improperly configured
* Glue address records were not being returned in responses to root
priming queries; this has been corrected. [GL #1092]
+ * Cache database statistics counters could report invalid values when
+ stale answers were enabled, because of a bug in counter maintenance
+ when cache data becomes stale. The statistics counters have been
+ corrected to report the number of RRsets for each RR type that are
+ active, stale but still potentially served, or stale and marked for
+ deletion. [GL #602]
+
+ * Interaction between DNS64 and RPZ No Data rule (CNAME *.) could cause
+ unexpected results; this has been fixed. [GL #1106]
+
+ * named-checkconf now checks DNS64 prefixes to ensure bits 64-71 are
+ zero. [GL #1159]
+
+ * named-checkconf could crash during configuration if configured to use
+ "geoip continent" ACLs with legacy GeoIP. [GL #1163]
+
+ * named-checkconf now correctly reports missing dnstap-output option
+ when dnstap is set. [GL #1136]
+
+ * Handle ETIMEDOUT error on connect() with a non-blocking socket. [GL #
+ 1133]
+
License
BIND is open source software licensed under the terms of the Mozilla
projects / thirdparty / bind9.git / commitdiff
