+ --- 9.14.5 released ---
+
5277. [bug] Cache DB statistics could underflow when serve-stale
was in use, because of a bug in counter maintenance
when RRsets become stale.
and referred to entries in the "bind9-bugs" RT database, which was not open
to the public. More recent entries use the form `[GL #NNN]` or, less often,
`[GL !NNN]`, which, respectively, refer to issues or merge requests in the
-Gitlab database. Most of these are publically readable, unless they include
+Gitlab database. Most of these are publicly readable, unless they include
information which is confidential or security senstive.
To look up a Gitlab issue by its number, use the URL
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
- <date>2019-04-25</date>
+ <date>2019-07-21</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
<span class="command"><strong>check-wildcard</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>cleaning-interval</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>clients-per-query</strong></span> <em class="replaceable"><code>integer</code></em>;
- <span class="command"><strong>cookie-algorithm</strong></span> ( aes | sha1 | sha256 );
+ <span class="command"><strong>cookie-algorithm</strong></span> ( aes | sha1 | sha256 | siphash24 );
<span class="command"><strong>cookie-secret</strong></span> <em class="replaceable"><code>string</code></em>;
<span class="command"><strong>coresize</strong></span> ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );
<span class="command"><strong>datasize</strong></span> ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );
</p>
<p>
Compatible IPv6 prefixes have lengths of 32, 40, 48, 56,
- 64 and 96 as per RFC 6052.
+ 64 and 96 as per RFC 6052. Bits 64..71 inclusive must
+ be zero with the most significate bit of the prefix in
+ position 0.
</p>
<p>
Additionally a reverse IP6.ARPA zone will be created for
appear, they are not combined — the last one applies.
</p>
<p>
- By default, records are returned in indeterminate but
- consistent order (see <span class="command"><strong>none</strong></span> above).
+ By default, records are returned in <span class="command"><strong>random</strong></span> order.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
than that is a configuration error.
</p>
+ <p>
+ Rules encoded in response policy zones are processed after
+ <a class="link" href="Bv9ARM.ch05.html#access_control" title="Access Control">Access Control Lists
+ (ACLs)</a>. All queries from clients which are not
+ permitted access to the resolver will be answered with a
+ status code of REFUSED, regardless of configured RPZ rules.
+ </p>
+
<p>
Five policy triggers can be encoded in RPZ records.
</p>
</td>
<td>
<p>
- The number of RRsets per RR type and nonexistent
- names stored in the cache database.
- If the exclamation mark (!) is printed for a RR
- type, it means that particular type of RRset is
- known to be nonexistent (this is also known as
- "NXRRSET"). If a hash mark (#) is present then
- the RRset is marked for garbage collection.
- Maintained per view.
+ Statistics counters related to cache contents;
+ maintained per view.
+ </p>
+ <p>
+ The "NXDOMAIN" counter is the number of names
+ that have been cached as nonexistent.
+ Counters named for RR types indicate the
+ number of active RRsets for each type in the cache
+ database.
+ </p>
+ <p>
+ If an RR type name is preceded by an exclamation
+ mark (!), it represents the number of records in the
+ cache which indicate that the type does not exist
+ for a particular name (this is also known as "NXRRSET").
+ If an RR type name is preceded by a hash mark (#), it
+ represents the number of RRsets for this type that are
+ present in the cache but whose TTLs have expired; these
+ RRsets may only be used if stale answers are enabled.
+ If an RR type name is preceded by a tilde (~), it
+ represents the number of RRsets for this type that are
+ present in the cache database but are marked for garbage
+ collection; these RRsets cannot be used.
</p>
</td>
</tr>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.5</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.14.4</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.14.5</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
as a result of a zone update. [GL #513]
</p>
</li>
+<li class="listitem">
+ <p>
+ A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added.
+ [GL #605]
+ </p>
+ <p>
+ If you are running multiple DNS Servers (different versions of BIND 9
+ or DNS server from multiple vendors) responding from the same IP
+ address (anycast or load-balancing scenarios), you'll have to make
+ sure that all the servers are configured with the same DNS Cookie
+ algorithm and same Server Secret for the best performance.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ DS records included in DNS referral messages can now be validated
+ and cached immediately, reducing the number of queries needed for
+ a DNSSEC validation. [GL #964]
+ </p>
+ </li>
</ul></div>
</div>
to root priming queries; this has been corrected. [GL #1092]
</p>
</li>
+<li class="listitem">
+ <p>
+ Cache database statistics counters could report invalid values
+ when stale answers were enabled, because of a bug in counter
+ maintenance when cache data becomes stale. The statistics counters
+ have been corrected to report the number of RRsets for each
+ RR type that are active, stale but still potentially served,
+ or stale and marked for deletion. [GL #602]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
+ cause unexpected results; this has been fixed. [GL #1106]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named-checkconf</strong></span> now checks DNS64 prefixes
+ to ensure bits 64-71 are zero. [GL #1159]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named-checkconf</strong></span> could crash during
+ configuration if configured to use "geoip continent" ACLs with
+ legacy GeoIP. [GL #1163]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>named-checkconf</strong></span> now correctly reports missing
+ <span class="command"><strong>dnstap-output</strong></span> option when
+ <span class="command"><strong>dnstap</strong></span> is set. [GL #1136]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Handle ETIMEDOUT error on connect() with a non-blocking
+ socket. [GL #1133]
+ </p>
+ </li>
</ul></div>
</div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
<dd>
<p>
Toggles the printing of the initial comment in the
- output identifying the version of <span class="command"><strong>dig</strong></span>
- and the query options that have been applied. This
- comment is printed by default.
+ output, identifying the version of <span class="command"><strong>dig</strong></span>
+ and the query options that have been applied. This option
+ always has global effect; it cannot be set globally
+ and then overridden on a per-lookup basis. The default
+ is to print this comment.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd>
<p>
- Toggle the display of comment lines in the output.
- The default is to print comments.
+ Toggles the display of some comment lines in the output,
+ containing information about the packet header and
+ OPT pseudosection, and the names of the response
+ section. The default is to print these comments.
+ </p>
+ <p>
+ Other types of comments in the output are not affected by
+ this option, but can be controlled using other command
+ line switches. These include <span class="command"><strong>+[no]cmd</strong></span>,
+ <span class="command"><strong>+[no]question</strong></span>,
+ <span class="command"><strong>+[no]stats</strong></span>, and
+ <span class="command"><strong>+[no]rrcomments</strong></span>.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd>
<p>
- Print [do not print] the query as it is sent. By
- default, the query is not printed.
+ Toggles the display of the query message as it is sent.
+ By default, the query is not printed.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd>
<p>
- Print [do not print] the question section of a query
+ Toggles the display of the question section of a query
when an answer is returned. The default is to print
the question section as a comment.
</p>
<dd>
<p>
Provide a terse answer. The default is to print the
- answer in a verbose form.
+ answer in a verbose form. This option always has global
+ effect; it cannot be set globally and then overridden on
+ a per-lookup basis.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd>
<p>
- This query option toggles the printing of statistics:
- when the query was made, the size of the reply and
- so on. The default behavior is to print the query
- statistics.
+ Toggles the printing of statistics: when the query was made,
+ the size of the reply and so on. The default behavior is to
+ print the query statistics as a comment after each lookup.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]subnet=addr[/prefix-length]</code></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
- cookie-algorithm ( aes | sha1 | sha256 );<br>
+ cookie-algorithm ( aes | sha1 | sha256 | siphash24 );<br>
cookie-secret <em class="replaceable"><code>string</code></em>;<br>
coresize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
datasize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.5 (Stable Release)</p>
</body>
</html>
<listitem>
<para>
A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added.
+ [GL #605]
</para>
<para>
If you are running multiple DNS Servers (different versions of BIND 9
or stale and marked for deletion. [GL #602]
</para>
</listitem>
+ <listitem>
+ <para>
+ Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
+ cause unexpected results; this has been fixed. [GL #1106]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <command>named-checkconf</command> now checks DNS64 prefixes
+ to ensure bits 64-71 are zero. [GL #1159]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <command>named-checkconf</command> could crash during
+ configuration if configured to use "geoip continent" ACLs with
+ legacy GeoIP. [GL #1163]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <command>named-checkconf</command> now correctly reports missing
+ <command>dnstap-output</command> option when
+ <command>dnstap</command> is set. [GL #1136]
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Handle ETIMEDOUT error on connect() with a non-blocking
+ socket. [GL #1133]
+ </para>
+ </listitem>
</itemizedlist>
</section>
<command>check-wildcard</command> <replaceable>boolean</replaceable>;
<command>cleaning-interval</command> <replaceable>integer</replaceable>;
<command>clients-per-query</command> <replaceable>integer</replaceable>;
- <command>cookie-algorithm</command> ( aes | sha1 | sha256 );
+ <command>cookie-algorithm</command> ( aes | sha1 | sha256 | siphash24 );
<command>cookie-secret</command> <replaceable>string</replaceable>;
<command>coresize</command> ( default | unlimited | <replaceable>sizeval</replaceable> );
<command>datasize</command> ( default | unlimited | <replaceable>sizeval</replaceable> );
# 9.12: 1200-1299
# 9.13/9.14: 1300-1499
LIBINTERFACE = 1302
-LIBREVISION = 3
+LIBREVISION = 4
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13/9.14: 1300-1499
-LIBINTERFACE = 1309
-LIBREVISION = 1
+LIBINTERFACE = 1310
+LIBREVISION = 0
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13/9.14: 1300-1499
-LIBINTERFACE = 1308
-LIBREVISION = 1
+LIBINTERFACE = 1309
+LIBREVISION = 0
LIBAGE = 0
# 9.12: 1200-1299
# 9.13/9.14: 1300-1499
LIBINTERFACE = 1302
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 0
# 9.11: 160-169
# 9.12: 1200-1299
# 9.13/9.14: 1300-1499
-LIBINTERFACE = 1306
-LIBREVISION = 1
+LIBINTERFACE = 1307
+LIBREVISION = 0
LIBAGE = 0
DESCRIPTION="(Stable Release)"
MAJORVER=9
MINORVER=14
-PATCHVER=4
+PATCHVER=5
RELEASETYPE=
RELEASEVER=
EXTENSIONS=
projects / thirdparty / bind9.git / commitdiff
