option (or use the default values of 2 or 3
respectively). [GL #3407]
+5929. [bug] The "max-zone-ttl" option in "dnssec-policy" was
+ not fully effective; it was used for timing key
+ rollovers but did not actually place an upper limit
+ on TTLs when loading a zone. This has been
+ corrected, and the documentation has been clarified
+ to indicate that the old "max-zone-ttl" zone option
+ is now ignored when "dnssec-policy" is in use.
+ [GL #2918]
+
5927. [bug] A race was possible in dns_dispatch_connect()
that could trigger an assertion failure if two
threads called it near-simultaneously. [GL #3456]
- Non-dynamic zones that inherit dnssec-policy from the view or
options level were not marked as inline-signed, and thus were never
scheduled to be re-signed. This is now fixed. :gl:`#3438`
+
+- The old ``max-zone-ttl`` zone option was meant to be superseded by
+ the ``max-zone-ttl`` option in ``dnssec-policy``; however, the latter
+ option was not fully effective. This has been corrected: zones will
+ not load if they contain TTLs greater than the limit configured in
+ ``dnssec-policy``. In zones with both the old ``max-zone-ttl``
+ option and ``dnssec-policy`` configured, the old option will be
+ ignored, and a warning will be generated. :gl:`#2918`
projects / thirdparty / bind9.git / commitdiff
