4881. [bug] Only include dst_openssl.h when OpenSSL is required.
[RT #47068]
-4880. [bug] Named wasn't returning the target of a cross zone
- CNAME between to served zones when recursion was
- desired and available (RD=1, RA=1). Don't return
- the CNAME target otherwise to prevent accidental
- cache poisoning. [RT #47078]
+4880. [bug] Named wasn't returning the target of a cross-zone
+ CNAME between two served zones when recursion was
+ desired and available (RD=1, RA=1). (When this is
+ not the case, the CNAME target is deliberately
+ withheld to prevent accidental cache poisoning.)
+ [RT #47078]
4879. [bug] dns_rdata_caa:value_len field was too small.
[RT #47086]
<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
<itemizedlist>
+ <listitem>
+ <para>
+ When answering authoritative queries, <command>named</command>
+ does not return the target of a cross-zone CNAME between two
+ locally served zones; this prevents accidental cache poisoning.
+ This same restriction was incorrectly applied to recursive
+ queries as well; this has been fixed. [RT #47078]
+ </para>
+ </listitem>
<listitem>
<para>
Attempting to validate improperly unsigned CNAME responses
projects / thirdparty / bind9.git / commitdiff
