+
+ --- 9.6-ESV-R5rc1 released ---
+
3118. [bug] nsupdate could dump core on shutdown when using
SIG(0) keys. [RT #24604]
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
+
+ <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2824820"></a>Introduction</h2></div></div></div>
+
+ <p>
+ BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
+ </p>
+ <p>
+ This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5.
+ Please see the CHANGES file in the source code release for a
+ complete list of all changes.
+ </p>
+ </div>
+
+ <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691321"></a>Download</h2></div></div></div>
+
+ <p>
+ The latest release of BIND 9 software can always be found
+ on our web site at
+ <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
+ There you will find additional information about each release,
+ source code, and some pre-compiled versions for certain operating
+ systems.
+ </p>
+ </div>
+
+ <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691366"></a>Support</h2></div></div></div>
+
+ <p>Product support information is available on
+ <a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
+ for paid support options. Free support is provided by our user
+ community via a mailing list. Information on all public email
+ lists is available at
+ <a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
+ </p>
+ </div>
+
+ <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691310"></a>New Features</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id2824840"></a>9.6-ESV-R5</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+Added a tool able to generate malformed packets to allow testing
+of how named handles them.
+[RT #24096]
+</li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2824832"></a>Feature Changes</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3691431"></a>9.6-ESV-R5</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+Merged in the NetBSD ATF test framework (currently
+version 0.12) for development of future unit tests.
+Use configure --with-atf to build ATF internally
+or configure --with-atf=prefix to use an external
+copy. [RT #23209]
+</li><li class="listitem">
+Added more verbose error reporting from DLZ LDAP. [RT #23402]
+</li><li class="listitem">
+Replaced compile time constant with STDTIME_ON_32BITS.
+[RT #23587]
+</li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691458"></a>Bug Fixes</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3689360"></a>9.6-ESV-R5</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+During RFC5011 processing some journal write errors were not detected.
+This could lead to managed-keys changes being committed but not
+recorded in the journal files, causing potential inconsistencies
+during later processing. [RT #20256]
+</li><li class="listitem">
+A potential NULL pointer deference in the DNS64 code could cause
+named to terminate unexpectedly. [RT #20256]
+</li><li class="listitem">
+A state variable relating to DNSSEC could fail to be set during
+some infrequently-executed code paths, allowing it to be used whilst
+in an unitialized state during cache updates, with unpredictable results.
+[RT #20256]
+</li><li class="listitem">
+A potential NULL pointer deference in DNSSEC signing code could
+cause named to terminate unexpectedly [RT #20256]
+</li><li class="listitem">
+Several cosmetic code changes were made to silence warnings
+generated by a static code analysis tool. [RT #20256]
+</li><li class="listitem">
+Cause named to terminate at startup or rndc reconfig
+reload to fail, if a log file specified in the
+conf file isn't a plain file. (RT #22771]
+</li><li class="listitem">
+After an external code review, a code cleanup was done. [RT #22521]
+</li><li class="listitem">
+named now forces the ADB cache time for glue related data to zero
+instead of relying on TTL. This corrects problematic behavior in cases
+where a server was authoritative for the A record of a nameserver for a
+delegated zone and was queried to recursively resolve records within
+that zone. [RT #22842]
+</li><li class="listitem">
+Fix the zonechecks system test to fail on error (warning in 9.6,
+fatal in 9.7) to match behaviour for 9.4. [RT #22905]
+</li><li class="listitem">
+Fixed precedence order bug with NS and DNAME records if both are
+present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
+</li><li class="listitem">
+The secure zone update feature in named is based on the zone being
+signed and configured for dynamic updates. A bug in the ACL processing
+for "allow-update { none; };" resulted in a zone that is supposed to
+be static being treated as a dynamic zone. Thus, named would try to
+sign/re-sign that zone erroneously. [RT #23120]
+</li><li class="listitem">
+If a slave initiates a TSIG signed AXFR from the master and the master
+fails to correctly TSIG sign the final message, the slave would be left
+with the zone in an unclean state. named detected this error too late
+and named would crash with an INSIST. The order dependancy has been
+fixed. [RT #23254]
+</li><li class="listitem">
+If the server has an IPv6 address but does not have IPv6 connectivity
+to the internet, dig +trace could fail attempting to use IPv6
+addresses. [RT #23297]
+</li><li class="listitem">
+Changing TTL did not cause dnssec-signzone to generate new signatures.
+[RT #23330]
+</li><li class="listitem">
+Have the validating resolver use RRSIG original TTL to compute
+validated RRset and RRSIG TTL. [RT #23332]
+</li><li class="listitem">
+In "make test" bin/tests/resolver, hold the socket manager lock
+while freeing the socket.
+[RT #23333]
+</li><li class="listitem">
+If named encountered a CNAME instead of a DS record when walking
+the chain of trust down from the trust anchor, it incorrectly stopped
+validating. [RT #23338]
+</li><li class="listitem">
+RRSIG records could have time stamps too far in the future.
+[RT #23356]
+</li><li class="listitem">
+named stores cached data in an in-memory database and keeps track of
+how recently the data is used with a heap. The heap is stored within the
+cache's memory space. Under a sustained high query load and with a small
+cache size, this could lead to the heap exhausting the cache space. This
+would result in cache misses and SERVFAILs, with named never releasing
+the cache memory the heap used up and never recovering.
+
+This fix removes the heap into its own memory space, preventing the heap
+from exhausting the cache space and allowing named to recover gracefully
+when the high query load abates. [RT #23371]
+</li><li class="listitem">
+If running on a powerpc CPU and with atomic operations enabled,
+named could lock up. Added sync instructions to the end of atomic
+operations. [RT #23469]
+</li><li class="listitem">
+If OpenSSL was built without engine support, named would have
+compile errors and fail to build.
+[RT #23473]
+</li><li class="listitem">
+Handle isc_event_allocate failures in t_tasks test.
+[RT #23572]
+</li><li class="listitem">
+ixfr-from-differences {master|slave};
+failed to select the master/slave zones, resulting in on diff/journal
+file being created.
+[RT #23580]
+</li><li class="listitem">
+If a DNAME substitution failed, named returned NOERROR. The correct
+response should be YXDOMAIN.
+[RT #23591]
+</li><li class="listitem">
+Remove bin/tests/system/logfileconfig/ns1/named.conf and
+add setup.sh in order to resolve changing named.conf issue. [RT #23687]
+</li><li class="listitem">
+NOTIFY messages were not being sent when generating
+a NSEC3 chain incrementally. [RT #23702]
+</li><li class="listitem">
+Signatures for records at the zone apex could go
+stale due to an incorrect timer setting. [RT #23769]
+</li><li class="listitem">
+The autosign tests attempted to open ports within reserved ranges. Test
+now avoids those ports.
+[RT #23957]
+</li><li class="listitem">
+Clean up some cross-compiling issues and added two undocumented
+configure options, --with-gost and --with-rlimtype, to allow over-riding
+default settings (gost=no and rlimtype="long int") when cross-compiling.
+[RT #24367]
+</li><li class="listitem">
+When trying sign with NSEC3, if dnssec-signzone couldn't find the
+KSK, it would give an incorrect error "NSEC3 iterations too big for
+weakest DNSKEY strength" rather than the correct "failed to find
+keys at the zone apex: not found" [RT #24369]
+</li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691472"></a>Known issues in this release</h2></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+ <p>
+ "make test" will fail on OSX and possibly other operating systems.
+ The failure occurs in a new test to check for allow-query ACLs.
+ The failure is caused because the source address is not specified on
+ the dig commands issued in the test.
+ </p>
+ <p>
+ If running "make test" is part of your usual acceptance process,
+ please edit the file <code class="code">bin/tests/system/allow_query/test.sh</code>
+ and add
+ </p><p>
+ <code class="code">-b 10.53.0.2</code>
+ </p><p>
+ to the <code class="code">DIGOPTS</code> line.
+ </p>
+ </li></ul></div>
+ </div>
+
+ <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3691695"></a>Thank You</h2></div></div></div>
+
+ <p>
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to make
+ quality open source software, please visit our donations page at
+ <a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
+ </p>
+ </div>
+</div></body></html>
--- /dev/null
+ __________________________________________________________________
+
+Introduction
+
+ BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
+
+ This document summarizes changes from BIND 9.6-ESV-R4 to BIND
+ 9.6-ESV-R5. Please see the CHANGES file in the source code release for
+ a complete list of all changes.
+
+Download
+
+ The latest release of BIND 9 software can always be found on our web
+ site at http://www.isc.org/software/bind. There you will find
+ additional information about each release, source code, and some
+ pre-compiled versions for certain operating systems.
+
+Support
+
+ Product support information is available on
+ http://www.isc.org/services/support for paid support options. Free
+ support is provided by our user community via a mailing list.
+ Information on all public email lists is available at
+ https://lists.isc.org/mailman/listinfo.
+
+New Features
+
+9.6-ESV-R5
+
+ * Added a tool able to generate malformed packets to allow testing of
+ how named handles them. [RT #24096]
+
+Feature Changes
+
+9.6-ESV-R5
+
+ * Merged in the NetBSD ATF test framework (currently version 0.12)
+ for development of future unit tests. Use configure --with-atf to
+ build ATF internally or configure --with-atf=prefix to use an
+ external copy. [RT #23209]
+ * Added more verbose error reporting from DLZ LDAP. [RT #23402]
+ * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
+
+Bug Fixes
+
+9.6-ESV-R5
+
+ * During RFC5011 processing some journal write errors were not
+ detected. This could lead to managed-keys changes being committed
+ but not recorded in the journal files, causing potential
+ inconsistencies during later processing. [RT #20256]
+ * A potential NULL pointer deference in the DNS64 code could cause
+ named to terminate unexpectedly. [RT #20256]
+ * A state variable relating to DNSSEC could fail to be set during
+ some infrequently-executed code paths, allowing it to be used
+ whilst in an unitialized state during cache updates, with
+ unpredictable results. [RT #20256]
+ * A potential NULL pointer deference in DNSSEC signing code could
+ cause named to terminate unexpectedly [RT #20256]
+ * Several cosmetic code changes were made to silence warnings
+ generated by a static code analysis tool. [RT #20256]
+ * Cause named to terminate at startup or rndc reconfig reload to
+ fail, if a log file specified in the conf file isn't a plain file.
+ (RT #22771]
+ * After an external code review, a code cleanup was done. [RT #22521]
+ * named now forces the ADB cache time for glue related data to zero
+ instead of relying on TTL. This corrects problematic behavior in
+ cases where a server was authoritative for the A record of a
+ nameserver for a delegated zone and was queried to recursively
+ resolve records within that zone. [RT #22842]
+ * Fix the zonechecks system test to fail on error (warning in 9.6,
+ fatal in 9.7) to match behaviour for 9.4. [RT #22905]
+ * Fixed precedence order bug with NS and DNAME records if both are
+ present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
+ * The secure zone update feature in named is based on the zone being
+ signed and configured for dynamic updates. A bug in the ACL
+ processing for "allow-update { none; };" resulted in a zone that is
+ supposed to be static being treated as a dynamic zone. Thus, named
+ would try to sign/re-sign that zone erroneously. [RT #23120]
+ * If a slave initiates a TSIG signed AXFR from the master and the
+ master fails to correctly TSIG sign the final message, the slave
+ would be left with the zone in an unclean state. named detected
+ this error too late and named would crash with an INSIST. The order
+ dependancy has been fixed. [RT #23254]
+ * If the server has an IPv6 address but does not have IPv6
+ connectivity to the internet, dig +trace could fail attempting to
+ use IPv6 addresses. [RT #23297]
+ * Changing TTL did not cause dnssec-signzone to generate new
+ signatures. [RT #23330]
+ * Have the validating resolver use RRSIG original TTL to compute
+ validated RRset and RRSIG TTL. [RT #23332]
+ * In "make test" bin/tests/resolver, hold the socket manager lock
+ while freeing the socket. [RT #23333]
+ * If named encountered a CNAME instead of a DS record when walking
+ the chain of trust down from the trust anchor, it incorrectly
+ stopped validating. [RT #23338]
+ * RRSIG records could have time stamps too far in the future. [RT
+ #23356]
+ * named stores cached data in an in-memory database and keeps track
+ of how recently the data is used with a heap. The heap is stored
+ within the cache's memory space. Under a sustained high query load
+ and with a small cache size, this could lead to the heap exhausting
+ the cache space. This would result in cache misses and SERVFAILs,
+ with named never releasing the cache memory the heap used up and
+ never recovering. This fix removes the heap into its own memory
+ space, preventing the heap from exhausting the cache space and
+ allowing named to recover gracefully when the high query load
+ abates. [RT #23371]
+ * If running on a powerpc CPU and with atomic operations enabled,
+ named could lock up. Added sync instructions to the end of atomic
+ operations. [RT #23469]
+ * If OpenSSL was built without engine support, named would have
+ compile errors and fail to build. [RT #23473]
+ * Handle isc_event_allocate failures in t_tasks test. [RT #23572]
+ * ixfr-from-differences {master|slave}; failed to select the
+ master/slave zones, resulting in on diff/journal file being
+ created. [RT #23580]
+ * If a DNAME substitution failed, named returned NOERROR. The correct
+ response should be YXDOMAIN. [RT #23591]
+ * Remove bin/tests/system/logfileconfig/ns1/named.conf and add
+ setup.sh in order to resolve changing named.conf issue. [RT #23687]
+ * NOTIFY messages were not being sent when generating a NSEC3 chain
+ incrementally. [RT #23702]
+ * Signatures for records at the zone apex could go stale due to an
+ incorrect timer setting. [RT #23769]
+ * The autosign tests attempted to open ports within reserved ranges.
+ Test now avoids those ports. [RT #23957]
+ * Clean up some cross-compiling issues and added two undocumented
+ configure options, --with-gost and --with-rlimtype, to allow
+ over-riding default settings (gost=no and rlimtype="long int") when
+ cross-compiling. [RT #24367]
+ * When trying sign with NSEC3, if dnssec-signzone couldn't find the
+ KSK, it would give an incorrect error "NSEC3 iterations too big for
+ weakest DNSKEY strength" rather than the correct "failed to find
+ keys at the zone apex: not found" [RT #24369]
+
+Known issues in this release
+
+ * "make test" will fail on OSX and possibly other operating systems.
+ The failure occurs in a new test to check for allow-query ACLs. The
+ failure is caused because the source address is not specified on
+ the dig commands issued in the test.
+ If running "make test" is part of your usual acceptance process,
+ please edit the file bin/tests/system/allow_query/test.sh and add
+ -b 10.53.0.2
+ to the DIGOPTS line.
+
+Thank You
+
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to
+ make quality open source software, please visit our donations page at
+ http://www.isc.org/supportisc.
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<article xmlns="http://docbook.org/ns/docbook"
+ xmlns:xl="http://www.w3.org/1999/xlink" version="5.0">
+
+ <section>
+ <title>Introduction</title>
+ <para>
+ BIND 9.6-ESV-R5 is a maintenance release for BIND 9.6-ESV.
+ </para>
+ <para>
+ This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5.
+ Please see the CHANGES file in the source code release for a
+ complete list of all changes.
+ </para>
+ </section>
+
+ <section>
+ <title>Download</title>
+ <para>
+ The latest release of BIND 9 software can always be found
+ on our web site at
+ <link xl:href="http://www.isc.org/software/bind">http://www.isc.org/software/bind</link>.
+ There you will find additional information about each release,
+ source code, and some pre-compiled versions for certain operating
+ systems.
+ </para>
+ </section>
+
+ <section>
+ <title>Support</title>
+ <para>Product support information is available on
+ <link xl:href="http://www.isc.org/services/support">http://www.isc.org/services/support</link>
+ for paid support options. Free support is provided by our user
+ community via a mailing list. Information on all public email
+ lists is available at
+ <link xl:href="https://lists.isc.org/mailman/listinfo">https://lists.isc.org/mailman/listinfo</link>.
+ </para>
+ </section>
+
+ <section>
+ <title>New Features</title>
+ <section>
+ <title>9.6-ESV-R5</title>
+ <itemizedlist>
+<listitem>
+Added a tool able to generate malformed packets to allow testing
+of how named handles them.
+[RT #24096]
+</listitem>
+ </itemizedlist>
+ </section>
+ </section>
+
+ <section>
+ <title>Feature Changes</title>
+ <section>
+ <title>9.6-ESV-R5</title>
+ <itemizedlist>
+<listitem>
+Merged in the NetBSD ATF test framework (currently
+version 0.12) for development of future unit tests.
+Use configure --with-atf to build ATF internally
+or configure --with-atf=prefix to use an external
+copy. [RT #23209]
+</listitem>
+<listitem>
+Added more verbose error reporting from DLZ LDAP. [RT #23402]
+</listitem>
+<listitem>
+Replaced compile time constant with STDTIME_ON_32BITS.
+[RT #23587]
+</listitem>
+ </itemizedlist>
+ </section>
+ </section>
+
+ <section>
+ <title>Bug Fixes</title>
+ <section>
+ <title>9.6-ESV-R5</title>
+ <itemizedlist>
+<listitem>
+During RFC5011 processing some journal write errors were not detected.
+This could lead to managed-keys changes being committed but not
+recorded in the journal files, causing potential inconsistencies
+during later processing. [RT #20256]
+</listitem>
+<listitem>
+A potential NULL pointer deference in the DNS64 code could cause
+named to terminate unexpectedly. [RT #20256]
+</listitem>
+<listitem>
+A state variable relating to DNSSEC could fail to be set during
+some infrequently-executed code paths, allowing it to be used whilst
+in an unitialized state during cache updates, with unpredictable results.
+[RT #20256]
+</listitem>
+<listitem>
+A potential NULL pointer deference in DNSSEC signing code could
+cause named to terminate unexpectedly [RT #20256]
+</listitem>
+<listitem>
+Several cosmetic code changes were made to silence warnings
+generated by a static code analysis tool. [RT #20256]
+</listitem>
+<listitem>
+Cause named to terminate at startup or rndc reconfig
+reload to fail, if a log file specified in the
+conf file isn't a plain file. (RT #22771]
+</listitem>
+<listitem>
+named now forces the ADB cache time for glue related data to zero
+instead of relying on TTL. This corrects problematic behavior in cases
+where a server was authoritative for the A record of a nameserver for a
+delegated zone and was queried to recursively resolve records within
+that zone. [RT #22842]
+</listitem>
+<listitem>
+Fix the zonechecks system test to fail on error (warning in 9.6,
+fatal in 9.7) to match behaviour for 9.4. [RT #22905]
+</listitem>
+<listitem>
+Fixed precedence order bug with NS and DNAME records if both are present.
+[RT #23035]
+</listitem>
+<listitem>
+The secure zone update feature in named is based on the zone being
+signed and configured for dynamic updates. A bug in the ACL processing
+for "allow-update { none; };" resulted in a zone that is supposed to
+be static being treated as a dynamic zone. Thus, named would try to
+sign/re-sign that zone erroneously. [RT #23120]
+</listitem>
+<listitem>
+If a slave initiates a TSIG signed AXFR from the master and the master
+fails to correctly TSIG sign the final message, the slave would be left
+with the zone in an unclean state. named detected this error too late
+and named would crash with an INSIST. The order dependancy has been
+fixed. [RT #23254]
+</listitem>
+<listitem>
+If the server has an IPv6 address but does not have IPv6 connectivity
+to the internet, dig +trace could fail attempting to use IPv6
+addresses. [RT #23297]
+</listitem>
+<listitem>
+Changing TTL did not cause dnssec-signzone to generate new signatures.
+[RT #23330]
+</listitem>
+<listitem>
+Have the validating resolver use RRSIG original TTL to compute
+validated RRset and RRSIG TTL. [RT #23332]
+</listitem>
+<listitem>
+In "make test" bin/tests/resolver, hold the socket manager lock
+while freeing the socket.
+[RT #23333]
+</listitem>
+<listitem>
+If named encountered a CNAME instead of a DS record when walking
+the chain of trust down from the trust anchor, it incorrectly stopped
+validating. [RT #23338]
+</listitem>
+<listitem>
+RRSIG records could have time stamps too far in the future.
+[RT #23356]
+</listitem>
+<listitem>
+named stores cached data in an in-memory database and keeps track of
+how recently the data is used with a heap. The heap is stored within the
+cache's memory space. Under a sustained high query load and with a small
+cache size, this could lead to the heap exhausting the cache space. This
+would result in cache misses and SERVFAILs, with named never releasing
+the cache memory the heap used up and never recovering.
+
+This fix removes the heap into its own memory space, preventing the heap
+from exhausting the cache space and allowing named to recover gracefully
+when the high query load abates. [RT #23371]
+</listitem>
+<listitem>
+If running on a powerpc CPU and with atomic operations enabled,
+named could lock up. Added sync instructions to the end of atomic
+operations. [RT #23469]
+</listitem>
+<listitem>
+If OpenSSL was built without engine support, named would have
+compile errors and fail to build.
+[RT #23473]
+</listitem>
+<listitem>
+Handle isc_event_allocate failures in t_tasks test.
+[RT #23572]
+</listitem>
+<listitem>
+ixfr-from-differences {master|slave};
+failed to select the master/slave zones, resulting in on diff/journal
+file being created.
+[RT #23580]
+</listitem>
+<listitem>
+If a DNAME substitution failed, named returned NOERROR. The correct
+response should be YXDOMAIN.
+[RT #23591]
+</listitem>
+<listitem>
+Remove bin/tests/system/logfileconfig/ns1/named.conf and
+add setup.sh in order to resolve changing named.conf issue. [RT #23687]
+</listitem>
+<listitem>
+NOTIFY messages were not being sent when generating
+a NSEC3 chain incrementally. [RT #23702]
+</listitem>
+<listitem>
+Signatures for records at the zone apex could go
+stale due to an incorrect timer setting. [RT #23769]
+</listitem>
+<listitem>
+The autosign tests attempted to open ports within reserved ranges. Test
+now avoids those ports.
+[RT #23957]
+</listitem>
+<listitem>
+Clean up some cross-compiling issues and added two undocumented
+configure options, --with-gost and --with-rlimtype, to allow over-riding
+default settings (gost=no and rlimtype="long int") when cross-compiling.
+[RT #24367]
+</listitem>
+<listitem>
+When trying sign with NSEC3, if dnssec-signzone couldn't find the
+KSK, it would give an incorrect error "NSEC3 iterations too big for
+weakest DNSKEY strength" rather than the correct "failed to find
+keys at the zone apex: not found" [RT #24369]
+</listitem>
+ </itemizedlist>
+ </section>
+ </section>
+
+ <section>
+ <title>Known issues in this release</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ "make test" will fail on OSX and possibly other operating systems.
+ The failure occurs in a new test to check for allow-query ACLs.
+ The failure is caused because the source address is not specified on
+ the dig commands issued in the test.
+ </para>
+ <para>
+ If running "make test" is part of your usual acceptance process,
+ please edit the file <code>bin/tests/system/allow_query/test.sh</code>
+ and add
+ <para>
+ <code>-b 10.53.0.2</code>
+ </para>
+ to the <code>DIGOPTS</code> line.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
+ <section>
+ <title>Thank You</title>
+ <para>
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to make
+ quality open source software, please visit our donations page at
+ <link xl:href="http://www.isc.org/supportisc">http://www.isc.org/supportisc</link>.
+ </para>
+ </section>
+</article>
--- /dev/null
+body {
+ background-color: #ffffff;
+ color: #333333;
+ font-family: "Helvetica Neue", "ArialMT", "Verdana", "Arial", "Helvetica", sans-serif;
+ font-size: 14px;
+ line-height: 18px;
+ margin: 2em auto;
+ width: 700px;
+}
+
+.command {
+ font-family: "Courier New", "Courier", monospace;
+ font-weight: normal;
+}
+
+.note {
+ background-color: #ddeedd;
+ border: 1px solid #aaccaa;
+ margin: 1em 0 1em 0;
+ padding: 0.5em 1em 0.5em 1em;
+ -moz-border-radius: 10px;
+ -webkit-border-radius: 10px;
+}
+
+.screen {
+ background-color: #ffffee;
+ border: 1px solid #ddddaa;
+ padding: 0.25em 1em 0.25em 1em;
+ margin: 1em 0 1em 0;
+ -moz-border-radius: 10px;
+ -webkit-border-radius: 10px;
+}
+
+.section.title {
+ font-size: 150%;
+ font-weight: bold;
+}
+
+.section.section.title {
+ font-size: 130%;
+ font-weight: bold;
+}
-# $Id: version,v 1.43.12.12 2011/04/08 02:19:06 marka Exp $
+# $Id: version,v 1.43.12.13 2011/05/23 23:19:09 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
MINORVER=6
PATCHVER=
RELEASETYPE=-ESV
-RELEASEVER=-R5b1
+RELEASEVER=-R5rc1
projects / thirdparty / bind9.git / commitdiff
