See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
-.. _relnotes-9.16.4:
+.. _relnotes-9.16.5:
-Notes for BIND 9.16.4
+Notes for BIND 9.16.5
=====================
-.. _relnotes-9.16.4-security:
+.. _relnotes-9.16.5-security:
Security Fixes
--------------
-- None.
+- None.
-.. _relnotes-9.16.4-known:
+.. _relnotes-9.16.5-known:
Known Issues
------------
-- None
+- None
-.. _relnotes-9.16.4-changes:
-
-- ``named`` and ``named-checkzone`` now reject master zones that
- have a DS RRset at the zone apex. Attempts to add DS records
- at the zone apex via UPDATE will be logged but otherwise ignored.
- DS records belong in the parent zone, not at the zone apex. [GL #1798]
+.. _relnotes-9.16.5-changes:
Feature Changes
---------------
-- ``dig`` and other tools can now print the Extended DNS Error (EDE)
- option when it appears in a request or response. [GL #1834]
-
-.. _relnotes-9.16.4-bugs:
-
-- The default value of ``max-stale-ttl`` has changed from 1 week to 12 hours.
- This option controls how long named retains expired RRsets in cache as a
- potential mitigation mechanism, should there be a problem with one or more
- domains. Note that cache content retention is independent of whether or not
- stale answers will be used in response to client queries
- (``stale-answer-enable yes|no`` and ``rndc serve-stale on|off``). Serving of
- stale answers when the authoritative servers are not responding must be
- explicitly enabled, whereas the retention of expired cache content takes
- place automatically on all versions of BIND that have this feature available.
- [GL #1877]
-
- .. warning:
- This change may be significant for administrators who expect that stale
- cache content will be automatically retained for up to 1 week. Add
- option ``max-stale-ttl 1w;`` to named.conf to keep the previous behavior
- of named.
+- None.
-- listen-on-v6 { any; } creates separate sockets for all interfaces,
- while previously it created one socket on systems conforming to
- :rfc:`3493` and :rfc:`3542`, this change was introduced in 9.16.0
- but accudently ommited from documentation.
+.. _relnotes-9.16.5-bugs:
Bug Fixes
---------
-- ``named`` could crash with an assertion failure if the name of a
- database node was looked up while the database was being modified.
- [GL #1857]
-- Missing mutex and conditional destruction in netmgr code leads to a memory
- leak on BSD systems. [GL #1893].
-- Fix a bug in dnssec-policy keymgr where the check if a key has a
- successor would return a false positive if any other key in the
- keyring has a successor. [GL #1845]
-
-- With dnssec-policy, when creating a successor key, the goal state of
- the current active key (the predecessor) was not changed and thus was
- never is removed from the zone. [GL #1846]
-
-- Fix a data race in resolver.c:formerr() that could lead to assertion
- failure. [GL #1808]
-
-- The dsset returned by dns_keynode_dsset() was not thread safe. This
- could result in a INSIST being triggered. [GL #1926]
+- Properly handle missing ``kyua`` command so that ``make check`` does
+ not fail unexpectedly when CMocka is installed, but Kyua is not.
+ [GL #1950]
projects / thirdparty / bind9.git / commitdiff
