<title>Feature Changes</title>
<itemizedlist>
<listitem>
- <para>
- NXDOMAIN responses to queries of type DS are now cached separately
- from those for other types. This helps when using "grafted" zones
- of type forward, for which the parent zone does not contain a
- delegation, such as local top-level domains. Previously a query
- of type DS for such a zone could cause the zone apex to be cached
- as NXDOMAIN, blocking all subsequent queries. (Note: This
- change is only helpful when DNSSEC validation is not enabled.
- "Grafted" zones without a delegation in the parent are not a
- recommended configuration.)
- </para>
- </listitem>
- <listitem>
- <para>
- NOTIFY messages that are sent because a zone has been updated
- are now given priority above NOTIFY messages that were scheduled
- when the server started up. This should mitigate delays in zone
- propagation when servers are restarted frequently.
- </para>
- </listitem>
- <listitem>
- <para>
- Errors reported when running <command>rndc addzone</command>
- (e.g., when a zone file cannot be loaded) have been clarified
- to make it easier to diagnose problems.
- </para>
- </listitem>
- <listitem>
- <para>
- Added support for OPENPGPKEY type.
- </para>
- </listitem>
- <listitem>
- <para>
- When encountering an authoritative name server whose name is
- an alias pointing to another name, the resolver treats
- this as an error and skips to the next server. Previously
- this happened silently; now the error will be logged to
- the newly-created "cname" log category.
- </para>
- </listitem>
- <listitem>
- <para>
- If named is not configured to validate the answer then
- allow fallback to plain DNS on timeout even when we know
- the server supports EDNS. This will allow the server to
- potentially resolve signed queries when TCP is being
- blocked.
- </para>
+ <para>None</para>
</listitem>
</itemizedlist>
</sect2>
<title>Bug Fixes</title>
<itemizedlist>
<listitem>
- <para>
- <command>dig</command>, <command>host</command> and
- <command>nslookup</command> aborted when encountering
- a name which, after appending search list elements,
- exceeded 255 bytes. Such names are now skipped, but
- processing of other names will continue. [RT #36892]
- </para>
- </listitem>
- <listitem>
- <para>
- The error message generated when
- <command>named-checkzone</command> or
- <command>named-checkconf -z</command> encounters a
- <option>$TTL</option> directive without a value has
- been clarified. [RT #37138]
- </para>
- </listitem>
- <listitem>
- <para>
- Semicolon characters (;) included in TXT records were
- incorrectly escaped with a backslash when the record was
- displayed as text. This is actually only necessary when there
- are no quotation marks. [RT #37159]
- </para>
- </listitem>
- <listitem>
- <para>
- When files opened for writing by <command>named</command>,
- such as zone journal files, were referenced more than once
- in <filename>named.conf</filename>, it could lead to file
- corruption as multiple threads wrote to the same file. This
- is now detected when loading <filename>named.conf</filename>
- and reported as an error. [RT #37172]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>dnssec-keygen -S</command> failed to generate successor
- keys for some algorithm types (including ECDSA and GOST) due to
- a difference in the content of private key files. This has been
- corrected. [RT #37183]
- </para>
- </listitem>
- <listitem>
- <para>
- UPDATE messages that arrived too soon after
- an <command>rndc thaw</command> could be lost. [RT #37233]
- </para>
- </listitem>
- <listitem>
- <para>
- Forwarding of UPDATE messages did not work when they were
- signed with SIG(0); they resulted in a BADSIG response code.
- [RT #37216]
- </para>
- </listitem>
- <listitem>
- <para>
- When checking for updates to trust anchors listed in
- <option>managed-keys</option>, <command>named</command>
- now revalidates keys based on the current set of
- active trust anchors, without relying on any cached
- record of previous validation. [RT #37506]
- </para>
- </listitem>
- <listitem>
- <para>
- When NXDOMAIN redirection is in use, queries for a name
- that is present in the redirection zone but a type that
- is not present will now return NOERROR instead of NXDOMAIN.
- </para>
- </listitem>
- <listitem>
- <para>
- When a zone contained a delegation to an IPv6 name server
- but not an IPv4 name server, it was possible for a memory
- reference to be left un-freed. This caused an assertion
- failure on server shutdown, but was otherwise harmless.
- [RT #37796]
- </para>
- </listitem>
- <listitem>
- <para>
- Due to an inadvertent removal of code in the previous
- release, when <command>named</command> encountered an
- authoritative name server which dropped all EDNS queries,
- it did not always try plain DNS. This has been corrected.
- [RT #37965]
- </para>
- </listitem>
- <listitem>
- <para>
- A regression caused nsupdate to use the default recursive servers
- rather than the SOA MNAME server when sending the UPDATE.
- </para>
- </listitem>
- <listitem>
- <para>
- Adjusted max-recursion-queries to better accommodate empty
- caches.
- </para>
- </listitem>
- <listitem>
- <para>
- Built-in "empty" zones did not correctly inherit the
- "allow-transfer" ACL from the options or view. [RT #38310]
- </para>
- </listitem>
- <listitem>
- <para>
- A mutex leak was fixed that could cause <command>named</command>
- processes to grow to very large sizes. [RT #38454]
- </para>
- </listitem>
- <listitem>
- <para>
- Fixed some bugs in RFC 5011 trust anchor management,
- including a memory leak and a possible loss of state
- information.[RT #38458]
- </para>
+ <para>None</para>
</listitem>
</itemizedlist>
</sect2>
projects / thirdparty / bind9.git / commitdiff
