closelogs`. The second is ``kill -USR1 <pid>``. They are intended to
be used with external log rotation tools. :gl:`#4780` :gl:`!9113`
-Feature Changes
-~~~~~~~~~~~~~~~
+- :iscman:`dig` now reports missing QUESTION section for opcode QUERY.
+
+ Query responses should contain the QUESTION section with some
+ exceptions. :iscman:`dig` was not reporting this. :gl:`#4808`
+ :gl:`!9233`
+
+Removed Features
+~~~~~~~~~~~~~~~~
- Remove OpenSSL 1.x engine support.
support from BIND 9 in favor of OpenSSL 3.x providers. :gl:`#4828`
:gl:`!9252`
+Feature Changes
+~~~~~~~~~~~~~~~
+
- Require at least OpenSSL 1.1.1.
OpenSSL 1.1.1 or newer (or an equivalent LibreSSL version) is now
converted to seconds before applying the limit. :gl:`#4320`
:gl:`!9091`
+- Raise the log level of priming failures.
+
+ When a priming query is complete, it was previously logged at level
+ ``ISC_LOG_DEBUG(1)``, regardless of success or failure. It is now
+ logged to ``ISC_LOG_NOTICE`` in the case of failure. :gl:`#3516`
+ :gl:`!9121`
+
Bug Fixes
~~~~~~~~~
+- Fix a crash caused by valid TSIG signatures with invalid time.
+
+ An assertion failure was triggered when the TSIG had valid
+ cryptographic signature, but the time was invalid. This could happen
+ when the times between the primary and secondary servers were not
+ synchronised. The crash has now been fixed. :gl:`#4811` :gl:`!9234`
+
+- Return SERVFAIL for a too long CNAME chain.
+
+ When cutting a long CNAME chain, :iscman:`named` was returning NOERROR
+ instead of SERVFAIL (alongside with a partial answer). This has been
+ fixed. :gl:`#4449` :gl:`!9090`
+
- Reconfigure catz member zones during :iscman:`named` reconfiguration.
During a reconfiguration, :iscman:`named` wasn't reconfiguring catalog
zones' member zones. This has been fixed. :gl:`#4733`
-- Fix ``--enable-tracing`` build on systems without dtrace.
-
- Missing ``util/dtrace.sh`` file prevented builds on systems without
- the ``dtrace`` utility. This has been corrected.
-
-- :iscman:`dig` now reports missing QUESTION section for opcode QUERY.
+- Update key lifetime and metadata after :any:`dnssec-policy` reconfig.
- Query responses should contain the QUESTION section with some
- exceptions. :iscman:`dig` was not reporting this. :gl:`#4808`
- :gl:`!9233`
+ Adjust key state and timing metadata if :any:`dnssec-policy` key
+ lifetime configuration is updated, so that it also affects existing
+ keys. :gl:`#4677` :gl:`!9118`
- Fix assertion failure in glue cache code.
between ``free_gluetable()`` and ``addglue()`` on the same headers.
:gl:`#4691` :gl:`!9126`
-- Raise the log level of priming failures.
-
- When a priming query is complete, it was previously logged at level
- ``ISC_LOG_DEBUG(1)``, regardless of success or failure. It is now
- logged to ``ISC_LOG_NOTICE`` in the case of failure. :gl:`#3516`
- :gl:`!9121`
-
- Fix assertion failure when checking :iscman:`named-checkconf` version.
Checking the version of `named-checkconf` would end with assertion
failure. This has been fixed. :gl:`#4827` :gl:`!9243`
-- Fix a crash caused by valid TSIG signatures with invalid time.
-
- An assertion failure was triggered when the TSIG had valid
- cryptographic signature, but the time was invalid. This could happen
- when the times between the primary and secondary servers were not
- synchronised. The crash has now been fixed. :gl:`#4811` :gl:`!9234`
-
- Fix generation of 6to4-self name expansion from IPv4 address.
The period between the most significant nibble of the encoded IPv4
address and the 2.0.0.2.IP6.ARPA suffix was missing, resulting in the
wrong name being checked. This has been fixed. :gl:`#4766` :gl:`!9099`
-- Fix false QNAME minimisation error being reported.
-
- Remove the false positive ``success resolving`` log message when QNAME
- minimisation is in effect and the final result is an NXDOMAIN.
- :gl:`#4784` :gl:`!9117`
-
- :option:`dig +yaml` was producing unexpected and/or invalid YAML
output. :gl:`#4796` :gl:`!9127`
:gl:`#4775` :gl:`!9106`
-- Return SERVFAIL for a too long CNAME chain.
+- Fix false QNAME minimisation error being reported.
- When cutting a long CNAME chain, :iscman:`named` was returning NOERROR
- instead of SERVFAIL (alongside with a partial answer). This has been
- fixed. :gl:`#4449` :gl:`!9090`
+ Remove the false positive ``success resolving`` log message when QNAME
+ minimisation is in effect and the final result is an NXDOMAIN.
+ :gl:`#4784` :gl:`!9117`
-- Update key lifetime and metadata after :any:`dnssec-policy` reconfig.
+- Fix ``--enable-tracing`` build on systems without dtrace.
- Adjust key state and timing metadata if :any:`dnssec-policy` key
- lifetime configuration is updated, so that it also affects existing
- keys. :gl:`#4677` :gl:`!9118`
+ Missing ``util/dtrace.sh`` file prevented builds on systems without
+ the ``dtrace`` utility. This has been corrected.
Known Issues
~~~~~~~~~~~~
projects / thirdparty / bind9.git / commitdiff
