+ --- 9.11.4rc2 released ---
+
4984. [bug] Improve handling of very large incremental
zone transfers to prevent journal corruption. [GL #339]
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 2017-08-15
+.\" Date: 2018-06-21
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
-.TH "NAMED\&.CONF" "5" "2017\-08\-15" "ISC" "BIND9"
+.TH "NAMED\&.CONF" "5" "2018\-06\-21" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
] [ dscp \fIinteger\fR ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ];
+ answer\-cookie \fIboolean\fR;
attach\-cache \fIstring\fR;
auth\-nxdomain \fIboolean\fR; // default changed
auto\-dnssec ( allow | maintain | off );
min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ];
root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
\fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
secroots\-file \fIquoted_string\fR;
min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ];
root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
\fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
send\-cookie \fIboolean\fR;
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
- <date>2017-08-15</date>
+ <date>2018-06-21</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
] [ dscp <replaceable>integer</replaceable> ];
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
+ answer-cookie <replaceable>boolean</replaceable>;
attach-cache <replaceable>string</replaceable>;
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
auto-dnssec ( allow | maintain | off );
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
secroots-file <replaceable>quoted_string</replaceable>;
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
send-cookie <replaceable>boolean</replaceable>;
    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |<br>
    * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
+ answer-cookie <em class="replaceable"><code>boolean</code></em>;<br>
attach-cache <em class="replaceable"><code>string</code></em>;<br>
auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
auto-dnssec ( allow | maintain | off );<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
send-cookie <em class="replaceable"><code>boolean</code></em>;<br>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>alt-transfer-source-v6</strong></span> ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |
* ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
+ <span class="command"><strong>answer-cookie</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>attach-cache</strong></span> <em class="replaceable"><code>string</code></em>;
<span class="command"><strong>auth-nxdomain</strong></span> <em class="replaceable"><code>boolean</code></em>; // default changed
<span class="command"><strong>auto-dnssec</strong></span> ( allow | maintain | off );
<span class="command"><strong>min-ns-dots</strong></span> <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>qname-wait-recurse</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];
<span class="command"><strong>root-delegation-only</strong></span> [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];
+ <span class="command"><strong>root-key-sentinel</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>rrset-order</strong></span> { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name
<em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };
<span class="command"><strong>secroots-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
options level, not per-view.
</p>
<p>
- <span class="command"><strong>answer-cookie</strong></span> is only available
- as a temporary measure, for use when
- <span class="command"><strong>named</strong></span> shares an IP address
- with other servers that do not yet support DNS
- COOKIE. A mismatch between servers on the same
- address is not expected to cause operational
- problems, but the option to disable COOKIE responses
- so that all servers have the same behavior is
- provided out of an abundance of caution. DNS COOKIE
- is an important security mechanism and should not be
- disabled unless absolutely necessary. The
- <span class="command"><strong>answer-cookie</strong></span> option is obsolete
- as of BIND 9.13.
+ <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
+ temporary measure, for use when <span class="command"><strong>named</strong></span>
+ shares an IP address with other servers that do not yet
+ support DNS COOKIE. A mismatch between servers on the
+ same address is not expected to cause operational
+ problems, but the option to disable COOKIE responses so
+ that all servers have the same behavior is provided out
+ of an abundance of caution. DNS COOKIE is an important
+ security mechanism, and should not be disabled unless
+ absolutely necessary.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>send-cookie</strong></span></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.4rc1</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.4rc2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<code class="filename">named.conf</code>. [GL #173]
</p>
<p>
- <span class="command"><strong>answer-cookie</strong></span> is only available as a
+ <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
temporary measure, for use when <span class="command"><strong>named</strong></span>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
but the option to disable COOKIE responses so that all
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
- mechanism and should not be disabled unless absolutely
- necessary. The <span class="command"><strong>answer-cookie</strong></span> option
- is obsolete as of BIND 9.13.
+ mechanism, and should not be disabled unless absolutely
+ necessary.
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> now rejects excessively large
+ incremental (IXFR) zone transfers in order to prevent
+ possible corruption of journal files which could cause
+ <span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
+ </p>
+ </li>
+<li class="listitem">
<p>
<span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
to leak memory if it was invoked before the zone loading actions
from a previous <span class="command"><strong>rndc reload</strong></span> command were
completed. [RT #47076]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.11.4rc1</p></div>
+<div><p class="releaseinfo">BIND Version 9.11.4rc2</p></div>
<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |<br>
    * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
+ answer-cookie <em class="replaceable"><code>boolean</code></em>;<br>
attach-cache <em class="replaceable"><code>string</code></em>;<br>
auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
auto-dnssec ( allow | maintain | off );<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
send-cookie <em class="replaceable"><code>boolean</code></em>;<br>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
</body>
</html>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.11.4rc1</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.11.4rc2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<code class="filename">named.conf</code>. [GL #173]
</p>
<p>
- <span class="command"><strong>answer-cookie</strong></span> is only available as a
+ <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
temporary measure, for use when <span class="command"><strong>named</strong></span>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
but the option to disable COOKIE responses so that all
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
- mechanism and should not be disabled unless absolutely
- necessary. The <span class="command"><strong>answer-cookie</strong></span> option
- is obsolete as of BIND 9.13.
+ mechanism, and should not be disabled unless absolutely
+ necessary.
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named</strong></span> now rejects excessively large
+ incremental (IXFR) zone transfers in order to prevent
+ possible corruption of journal files which could cause
+ <span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
+ </p>
+ </li>
+<li class="listitem">
<p>
<span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
to leak memory if it was invoked before the zone loading actions
from a previous <span class="command"><strong>rndc reload</strong></span> command were
completed. [RT #47076]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
-Release Notes for BIND Version 9.11.4rc1
+Release Notes for BIND Version 9.11.4rc2
Introduction
present in the request. To prevent a cookie being returned, add
answer-cookie no; to named.conf. [GL #173]
- answer-cookie is only available as a temporary measure, for use when
+ answer-cookie no is only intended as a temporary measure, for use when
named shares an IP address with other servers that do not yet support
DNS COOKIE. A mismatch between servers on the same address is not
expected to cause operational problems, but the option to disable
COOKIE responses so that all servers have the same behavior is
provided out of an abundance of caution. DNS COOKIE is an important
- security mechanism and should not be disabled unless absolutely
- necessary. The answer-cookie option is obsolete as of BIND 9.13.
+ security mechanism, and should not be disabled unless absolutely
+ necessary.
Removed Features
Bug Fixes
+ * named now rejects excessively large incremental (IXFR) zone transfers
+ in order to prevent possible corruption of journal files which could
+ cause named to abort when loading zones. [GL #339]
+
* rndc reload could cause named to leak memory if it was invoked before
the zone loading actions from a previous rndc reload command were
completed. [RT #47076]
<filename>named.conf</filename>. [GL #173]
</para>
<para>
- <command>answer-cookie</command> is only available as a
+ <command>answer-cookie no</command> is only intended as a
temporary measure, for use when <command>named</command>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
but the option to disable COOKIE responses so that all
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
- mechanism and should not be disabled unless absolutely
+ mechanism, and should not be disabled unless absolutely
necessary.
</para>
</listitem>
using (now obsolete) idnkit-1 library.
</para>
</listitem>
- <listitem>
- <para>
- Add the ability to not return a DNS COOKIE option when one
- is present in the request. To prevent a cookie being returned
- add <command>answer-cookie no;</command> to
- <filename>named.conf</filename>. [GL #173]
- </para>
- <para>
- <command>answer-cookie no</command> is only intended as a
- temporary measure, for use when <command>named</command>
- shares an IP address with other servers that do not yet
- support DNS COOKIE. A mismatch between servers on the
- same address is not expected to cause operational problems,
- but the option to disable COOKIE responses so that all
- servers have the same behavior is provided out of an
- abundance of caution. DNS COOKIE is an important security
- mechanism, and should not be disabled unless absolutely
- necessary.
- </para>
- </listitem>
</itemizedlist>
</section>
] [ dscp <replaceable>integer</replaceable> ];
<command>alt-transfer-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
+ <command>answer-cookie</command> <replaceable>boolean</replaceable>;
<command>attach-cache</command> <replaceable>string</replaceable>;
<command>auth-nxdomain</command> <replaceable>boolean</replaceable>; // default changed
<command>auto-dnssec</command> ( allow | maintain | off );
<command>min-ns-dots</command> <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
<command>qname-wait-recurse</command> <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
<command>root-delegation-only</command> [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ <command>root-key-sentinel</command> <replaceable>boolean</replaceable>;
<command>rrset-order</command> { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
<command>secroots-file</command> <replaceable>quoted_string</replaceable>;
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
-LIBREVISION = 7
+LIBREVISION = 8
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 1102
+LIBINTERFACE = 1103
LIBREVISION = 0
-LIBAGE = 0
+LIBAGE = 1
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 169
-LIBREVISION = 2
+LIBREVISION = 3
LIBAGE = 0
tp: symtab_test
tp: task_test
tp: taskpool_test
-tp: timer_test
tp: time_test
+tp: timer_test
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 162
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 2
MINORVER=11
PATCHVER=4
RELEASETYPE=rc
-RELEASEVER=1
+RELEASEVER=2
EXTENSIONS=
projects / thirdparty / bind9.git / commitdiff
