+ --- 9.12.2rc2 released ---
+
4984. [bug] Improve handling of very large incremental
zone transfers to prevent journal corruption. [GL #339]
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 2017-10-26
+.\" Date: 2018-06-21
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
-.TH "NAMED\&.CONF" "5" "2017\-10\-26" "ISC" "BIND9"
+.TH "NAMED\&.CONF" "5" "2018\-06\-21" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
] [ dscp \fIinteger\fR ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ];
+ answer\-cookie \fIboolean\fR;
attach\-cache \fIstring\fR;
auth\-nxdomain \fIboolean\fR; // default changed
auto\-dnssec ( allow | maintain | off );
dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR
} ];
root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
\fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
secroots\-file \fIquoted_string\fR;
dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR
} ];
root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
\fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
send\-cookie \fIboolean\fR;
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
- <date>2017-10-26</date>
+ <date>2018-06-21</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
] [ dscp <replaceable>integer</replaceable> ];
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
+ answer-cookie <replaceable>boolean</replaceable>;
attach-cache <replaceable>string</replaceable>;
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
auto-dnssec ( allow | maintain | off );
dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
secroots-file <replaceable>quoted_string</replaceable>;
dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
send-cookie <replaceable>boolean</replaceable>;
    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |<br>
    * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
+ answer-cookie <em class="replaceable"><code>boolean</code></em>;<br>
attach-cache <em class="replaceable"><code>string</code></em>;<br>
auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
auto-dnssec ( allow | maintain | off );<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
send-cookie <em class="replaceable"><code>boolean</code></em>;<br>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>alt-transfer-source-v6</strong></span> ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |
* ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
+ <span class="command"><strong>answer-cookie</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>attach-cache</strong></span> <em class="replaceable"><code>string</code></em>;
<span class="command"><strong>auth-nxdomain</strong></span> <em class="replaceable"><code>boolean</code></em>; // default changed
<span class="command"><strong>auto-dnssec</strong></span> ( allow | maintain | off );
<span class="command"><strong>dnsrps-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em>
} ];
<span class="command"><strong>root-delegation-only</strong></span> [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];
+ <span class="command"><strong>root-key-sentinel</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>rrset-order</strong></span> { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name
<em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };
<span class="command"><strong>secroots-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
options level, not per-view.
</p>
<p>
- <span class="command"><strong>answer-cookie</strong></span> is only available
- as a temporary measure, for use when
- <span class="command"><strong>named</strong></span> shares an IP address
- with other servers that do not yet support DNS
- COOKIE. A mismatch between servers on the same
- address is not expected to cause operational
- problems, but the option to disable COOKIE responses
- so that all servers have the same behavior is
- provided out of an abundance of caution. DNS COOKIE
- is an important security mechanism and should not be
- disabled unless absolutely necessary. The
- <span class="command"><strong>answer-cookie</strong></span> option is obsolete
- as of BIND 9.13.
+ <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
+ temporary measure, for use when <span class="command"><strong>named</strong></span>
+ shares an IP address with other servers that do not yet
+ support DNS COOKIE. A mismatch between servers on the
+ same address is not expected to cause operational
+ problems, but the option to disable COOKIE responses so
+ that all servers have the same behavior is provided out
+ of an abundance of caution. DNS COOKIE is an important
+ security mechanism, and should not be disabled unless
+ absolutely necessary.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>send-cookie</strong></span></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.12.2rc1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.12.2rc2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.12.2rc1</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.12.2rc2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<p>
Add the ability to not return a DNS COOKIE option when one
is present in the request. To prevent a cookie being returned
- add 'answer-cookie no;' to named.conf. [GL #173]
+ add <span class="command"><strong>answer-cookie no;</strong></span> to
+ <code class="filename">named.conf</code>. [GL #173]
</p>
<p>
- <span class="command"><strong>answer-cookie</strong></span> is only available as a
+ <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
temporary measure, for use when <span class="command"><strong>named</strong></span>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
but the option to disable COOKIE responses so that all
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
- mechanism and should not be disabled unless absolutely
- necessary. The <span class="command"><strong>answer-cookie</strong></span> option
- is obsolete as of BIND 9.13.
+ mechanism, and should not be disabled unless absolutely
+ necessary.
</p>
</li>
</ul></div>
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> will now log a warning if the old
- root DNSSEC key is explicitly configured and has not been updated.
- [RT #43670]
- </p>
- </li>
<li class="listitem">
<p>
BIND now can be compiled against libidn2 library to add
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- When answering authoritative queries, <span class="command"><strong>named</strong></span>
- does not return the target of a cross-zone CNAME between two
- locally served zones; this prevents accidental cache poisoning.
- This same restriction was incorrectly applied to recursive
- queries as well; this has been fixed. [RT #47078]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when acting as a slave for a
- catalog zone if zone contained a master definition without an IP
- address. [RT #45999]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash due to a race condition when
- rolling <span class="command"><strong>dnstap</strong></span> log files. [RT #46942]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- <span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
- to leak memory if it was invoked before the zone loading actions
- from a previous <span class="command"><strong>rndc reload</strong></span> command were
- completed. [RT #47076]
+ <span class="command"><strong>named</strong></span> now rejects excessively large
+ incremental (IXFR) zone transfers in order to prevent
+ possible corruption of journal files which could cause
+ <span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
</p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when rolling a
- <span class="command"><strong>dnstap</strong></span> log file. [RT #46942]
- </p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.12.2rc1</p></div>
+<div><p class="releaseinfo">BIND Version 9.12.2rc2</p></div>
<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.12.2rc1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.12.2rc2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |<br>
    * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
+ answer-cookie <em class="replaceable"><code>boolean</code></em>;<br>
attach-cache <em class="replaceable"><code>string</code></em>;<br>
auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
auto-dnssec ( allow | maintain | off );<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+ root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
send-cookie <em class="replaceable"><code>boolean</code></em>;<br>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc1</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.12.2rc2</p>
</body>
</html>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.12.2rc1</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.12.2rc2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<p>
Add the ability to not return a DNS COOKIE option when one
is present in the request. To prevent a cookie being returned
- add 'answer-cookie no;' to named.conf. [GL #173]
+ add <span class="command"><strong>answer-cookie no;</strong></span> to
+ <code class="filename">named.conf</code>. [GL #173]
</p>
<p>
- <span class="command"><strong>answer-cookie</strong></span> is only available as a
+ <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
temporary measure, for use when <span class="command"><strong>named</strong></span>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
but the option to disable COOKIE responses so that all
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
- mechanism and should not be disabled unless absolutely
- necessary. The <span class="command"><strong>answer-cookie</strong></span> option
- is obsolete as of BIND 9.13.
+ mechanism, and should not be disabled unless absolutely
+ necessary.
</p>
</li>
</ul></div>
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> will now log a warning if the old
- root DNSSEC key is explicitly configured and has not been updated.
- [RT #43670]
- </p>
- </li>
<li class="listitem">
<p>
BIND now can be compiled against libidn2 library to add
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- When answering authoritative queries, <span class="command"><strong>named</strong></span>
- does not return the target of a cross-zone CNAME between two
- locally served zones; this prevents accidental cache poisoning.
- This same restriction was incorrectly applied to recursive
- queries as well; this has been fixed. [RT #47078]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when acting as a slave for a
- catalog zone if zone contained a master definition without an IP
- address. [RT #45999]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash due to a race condition when
- rolling <span class="command"><strong>dnstap</strong></span> log files. [RT #46942]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- <span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
- to leak memory if it was invoked before the zone loading actions
- from a previous <span class="command"><strong>rndc reload</strong></span> command were
- completed. [RT #47076]
+ <span class="command"><strong>named</strong></span> now rejects excessively large
+ incremental (IXFR) zone transfers in order to prevent
+ possible corruption of journal files which could cause
+ <span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
</p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when rolling a
- <span class="command"><strong>dnstap</strong></span> log file. [RT #46942]
- </p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
-Release Notes for BIND Version 9.12.2rc1
+Release Notes for BIND Version 9.12.2rc2
Introduction
named.conf. [GL #37]
* Add the ability to not return a DNS COOKIE option when one is present
- in the request. To prevent a cookie being returned add 'answer-cookie
- no;' to named.conf. [GL #173]
+ in the request. To prevent a cookie being returned add answer-cookie
+ no; to named.conf. [GL #173]
- answer-cookie is only available as a temporary measure, for use when
+ answer-cookie no is only intended as a temporary measure, for use when
named shares an IP address with other servers that do not yet support
DNS COOKIE. A mismatch between servers on the same address is not
expected to cause operational problems, but the option to disable
COOKIE responses so that all servers have the same behavior is
provided out of an abundance of caution. DNS COOKIE is an important
- security mechanism and should not be disabled unless absolutely
- necessary. The answer-cookie option is obsolete as of BIND 9.13.
+ security mechanism, and should not be disabled unless absolutely
+ necessary.
Feature Changes
- * named will now log a warning if the old root DNSSEC key is explicitly
- configured and has not been updated. [RT #43670]
-
* BIND now can be compiled against libidn2 library to add IDNA2008
support. Previously BIND only supported IDNA2003 using (now obsolete)
idnkit-1 library.
Bug Fixes
- * When answering authoritative queries, named does not return the target
- of a cross-zone CNAME between two locally served zones; this prevents
- accidental cache poisoning. This same restriction was incorrectly
- applied to recursive queries as well; this has been fixed. [RT #47078]
-
- * named could crash when acting as a slave for a catalog zone if zone
- contained a master definition without an IP address. [RT #45999]
-
- * named could crash due to a race condition when rolling dnstap log
- files. [RT #46942]
-
- * rndc reload could cause named to leak memory if it was invoked before
- the zone loading actions from a previous rndc reload command were
- completed. [RT #47076]
-
- * named could crash when rolling a dnstap log file. [RT #46942]
+ * named now rejects excessively large incremental (IXFR) zone transfers
+ in order to prevent possible corruption of journal files which could
+ cause named to abort when loading zones. [GL #339]
License
<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
<itemizedlist>
- <listitem>
- <para>
- <command>named</command> will now log a warning if the old
- root DNSSEC key is explicitly configured and has not been updated.
- [RT #43670]
- </para>
- </listitem>
<listitem>
<para>
BIND now can be compiled against libidn2 library to add
<command>named</command> to abort when loading zones. [GL #339]
</para>
</listitem>
- <listitem>
- <para>
- When answering authoritative queries, <command>named</command>
- does not return the target of a cross-zone CNAME between two
- locally served zones; this prevents accidental cache poisoning.
- This same restriction was incorrectly applied to recursive
- queries as well; this has been fixed. [RT #47078]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>named</command> could crash when acting as a slave for a
- catalog zone if zone contained a master definition without an IP
- address. [RT #45999]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>named</command> could crash due to a race condition when
- rolling <command>dnstap</command> log files. [RT #46942]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>rndc reload</command> could cause <command>named</command>
- to leak memory if it was invoked before the zone loading actions
- from a previous <command>rndc reload</command> command were
- completed. [RT #47076]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>named</command> could crash when rolling a
- <command>dnstap</command> log file. [RT #46942]
- </para>
- </listitem>
</itemizedlist>
</section>
] [ dscp <replaceable>integer</replaceable> ];
<command>alt-transfer-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
+ <command>answer-cookie</command> <replaceable>boolean</replaceable>;
<command>attach-cache</command> <replaceable>string</replaceable>;
<command>auth-nxdomain</command> <replaceable>boolean</replaceable>; // default changed
<command>auto-dnssec</command> ( allow | maintain | off );
<command>dnsrps-enable</command> <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
<command>root-delegation-only</command> [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ <command>root-key-sentinel</command> <replaceable>boolean</replaceable>;
<command>rrset-order</command> { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
<command>secroots-file</command> <replaceable>quoted_string</replaceable>;
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 1200
-LIBREVISION = 6
+LIBREVISION = 7
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 1205
+LIBINTERFACE = 1206
LIBREVISION = 0
-LIBAGE = 0
+LIBAGE = 1
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 1203
-LIBREVISION = 2
+LIBREVISION = 3
LIBAGE = 3
tp: symtab_test
tp: task_test
tp: taskpool_test
-tp: timer_test
tp: time_test
+tp: timer_test
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 1202
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 2
MINORVER=12
PATCHVER=2
RELEASETYPE=rc
-RELEASEVER=1
+RELEASEVER=2
EXTENSIONS=
projects / thirdparty / bind9.git / commitdiff
