Feature Changes
~~~~~~~~~~~~~~~
-- Provide more information when the memory allocation fails.
-
- Provide more information about the failure when the memory allocation
- fails.
-
- Reduce the number of outgoing queries.
- Reduces the number of outgoing queries when resolving the nameservers
- for delegation points. This helps the DNS resolver with cold cache
+ Reduce the number of outgoing queries when resolving the nameservers
+ for delegation points. This helps a DNS resolver with a cold cache
resolve client queries with complex delegation chains and
- redirections.
+ redirections. :gl:`!11148`
+
+- Provide more information when memory allocation fails.
+
+ BIND now provides more information about the failure when memory allocation
+ fails. :gl:`!11272`
Bug Fixes
~~~~~~~~~
-- Fix the spurious timeouts while resolving names.
+- Adding NSEC3 opt-out records could leave invalid records in chain.
+
+ When creating an NSEC3 opt-out chain, a node in the chain could be
+ removed too soon. The previous NSEC3 would therefore not be found,
+ resulting in invalid NSEC3 records being left in the zone. This has
+ been fixed. :gl:`#5671`
- Sometimes the loops in the resolving (e.g. to resolve or validate
- ns1.example.com we need to resolve ns1.example.com) were not properly
- detected leading to spurious 10 seconds delay. This has been fixed
- and such loops are properly detected. :gl:`#3033`, #5578
+- Fix spurious timeouts while resolving names.
+
+ Sometimes, loops in the resolving process (e.g., to resolve or validate
+ ``ns1.example.com``, we need to resolve ``ns1.example.com``) were not properly
+ detected, leading to a spurious 10-second delay. This has been fixed,
+ and such loops are properly detected. :gl:`#3033` :gl:`#5578`
- Fix bug where zone switches from NSEC3 to NSEC after retransfer.
- When a zone is re-transferred, but the zone journal on an
- inline-signing secondary is out of sync, the zone could fall back to
+ When a zone was re-transferred but the zone journal on an
+ inline-signing secondary was out of sync, the zone could fall back to
using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527`
-- AMTRELAY type 0 presentation format handling was wrong.
+- ``AMTRELAY`` type 0 presentation format handling was wrong.
- RFC 8777 specifies a placeholder value of "." for the gateway field
- when the gateway type is 0 (no gateway). This was not being checked
- for nor emitted when displaying the record. This has been corrected.
+ :rfc:`8777` specifies a placeholder value of ``.`` for the gateway field
+ when the gateway type is 0 (no gateway). This was not being checked
+ for, nor was it emitted when displaying the record. This has been corrected.
Instances of this record will need the placeholder period added to
them when upgrading. :gl:`#5639`
-- Fix parsing bug in remote-servers with key or tls.
+- Fix parsing bug in :any:`remote-servers` with key or TLS.
- The :any:`remote-servers` clause enable the following pattern using a
- named ``server-list``:
+ The :any:`remote-servers` clause enables the following pattern using a
+ named ``server-list``::
- remote-servers a { 1.2.3.4; ... }; remote-servers b { a key
- foo; };
+ remote-servers a { 1.2.3.4; ... };
+ remote-servers b { a key foo; };
- However, such configuration was wrongly rejected, with an "unexpected
- token 'foo'" error. Such configuration is now accepted. :gl:`#5646`
+ However, such a configuration was wrongly rejected, with an ``unexpected
+ token 'foo'`` error. This configuration is now accepted. :gl:`#5646`
-- Fix TLS contexts cache object usage bug in the resolver.
+- Fix DoT reconfigure/reload bug in the resolver.
- :iscman:`named` could terminate unexpectedly when reconfiguring or
- reloading, and if client-side TLS transport was in use (for example,
- when forwarding queries to a DoT server). This has been fixed.
+ If client-side TLS transport was in use (for example, when
+ forwarding queries to a DoT server), :iscman:`named` could
+ terminate unexpectedly when reconfiguring or reloading. This
+ has been fixed.
:gl:`#5653`
-- Adding NSEC3 opt-out records could leave invalid records in
- chain.
-
- When creating an NSEC3 opt-out chain, a node in the chain could be
- removed too soon, causing the previous NSEC3 being unable to be found,
- resulting in invalid NSEC3 records to be left in the zone. This has
- been fixed.
-
- Closes [#5671](#5671)
-
projects / thirdparty / bind9.git / commitdiff
