Update bind912 to 9.12.3pl1 (BIND 9.12.3-P1).
--- 9.12.3-P1 released ---
5108. [bug] Named could fail to determine bottom of zone when
removing out of date keys leading to invalid NSEC
and NSEC3 records being added to the zone. [GL #771]
--- 9.12.3 released ---
--- 9.12.3rc1 released ---
5038. [bug] Chaosnet addresses were compared incorrectly.
[GL #562]
5035. [test] Fixed errors that prevented the DNSRPS subtests
from running in the rpz and rpzrecurse system
tests. [GL #503]
5034. [bug] A race between threads could prevent zone maintenance
scheduled immediately after zone load from being
performed. [GL #542]
5033. [bug] When adding NTAs to multiple views using "rndc nta",
the text returned via rndc was incorrectly terminated
after the first line, making it look as if only one
NTA had been added. Also, it was not possible to
differentiate between views with the same name but
different classes; this has been corrected with the
addition of a "-class" option. [GL #105]
5032. [func] Add krb5-selfsub and ms-selfsub update policy rules.
[GL #511]
5030. [bug] Align CMSG buffers to a 64-bit boundary, fixes crash
on architectures with strict alignment. [GL #521]
5028. [bug] Spread the initial RRSIG expiration times over the
entire working sig-validity-interval when signing a
zone in named to even out re-signing and transfer
loads. [GL #418]
5026. [bug] rndc reconfig should not touch already loaded zones.
[GL #276]
5022. [doc] Update ms-self, ms-subdomain, krb5-self, and
krb5-subdomain documentation. [GL !708]
5021. [bug] dig returned a non-zero exit code when it received a
reply over TCP after a retry. [GL #487]
5019. [cleanup] A message is now logged when ixfr-from-differences is
set at zone level for an inline-signed zone. [GL #470]
5018. [bug] Fix incorrect sizeof arguments in lib/isc/pk11.c.
[GL !588]
5017. [bug] lib/isc/pk11.c failed to unlink the session before
releasing the lock which is unsafe. [GL !589]
5016. [bug] Named could assert with overlapping filter-aaaa and
dns64 acls. [GL #445]
5015. [bug] Reloading all zones caused zone maintenance to cease
for inline-signed zones. [GL #435]
5014. [bug] Signatures loaded from the journal for the signed
version of an inline-signed zone were not scheduled for
refresh. [GL #482]
5013. [bug] A referral response with a non-empty ANSWER section was
inadvertently being treated as an error. [GL #390]
5012. [bug] Fix lock order reversal in pk11_initialize. [GL !590]
5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL
error queue was not logged. [GL #476]
5008. [bug] "rndc signing -nsec3param ..." requests were silently
ignored for zones which were not yet loaded or
transferred. [GL #468]
5007. [cleanup] Replace custom ISC boolean and integer data types
with C99 stdint.h and stdbool.h types. [GL #9]
5006. [cleanup] Code preparing a delegation response was extracted from
query_delegation() and query_zone_delegation() into a
separate function in order to decrease code
duplication. [GL #431]
5005. [bug] dnssec-verify, and dnssec-signzone at the verification
step, failed on some validly signed zones. [GL #442]
5004. [bug] 'rndc reconfig' could cause inline zones to stop
re-signing. [GL #439]
5003. [bug] dns_acl_isinsecure did not handle geoip elements.
[GL #406]
5002. [bug] mdig: Handle malformed +ednsopt option, support 100
+ednsopt options per query rather than 100 total and
address memory leaks if +ednsopt was specified.
[GL #410]
5001. [bug] Fix refcount errors on error paths. [GL !563]
5000. [bug] named_server_servestale() could leave the server in
exclusive mode if an error occured. [GL #441]
4996. [bug] dig: Handle malformed +ednsopt option. [GL #403]
4995. [test] Add tests for "tcp-self" update policy. [GL !282]
4994. [bug] Trust anchor telemetry queries were not being sent
upstream for locally served zones. [GL #392]
4992. [bug] The wrong address was being logged for trust anchor
telemetry queries. [GL #379]
4990. [bug] Prevent a possible NULL reference in pkcs11-keygen.
[GL #401]
4988. [bug] Don't synthesize NXDOMAIN from NSEC for records under
a DNAME. [GL #386]
Update bind912 to 9.12.2pl2 (BIND 9.12.2-P2).
--- 9.12.2-P2 released ---
5022. [doc] Update ms-self, ms-subdomain, krb5-self, and
krb5-subdomain documentation. [GL !708]
5015. [bug] Reloading all zones caused zone maintenance to cease
for inline-signed zones. [GL #435]
5014. [bug] Signatures loaded from the journal for the signed
version of an inline-signed zone were not scheduled for
refresh. [GL #482]
5013. [bug] A referral response with a non-empty ANSWER section was
inadvertently being treated as an error. [GL #390]
5004. [bug] 'rndc reconfig' could cause inline zones to stop
re-signing. [GL #439]
Add bind-9.12.2pl1 (BIND 9.12.2-P1) pacakge.
Note: named(8) requires writable permission to current directory when
start up or the directory specified by "directory" in options statement.
BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite
of nearly all aspects of the underlying BIND architecture. Some
of the important features of BIND-9 are:
- DNS Security
- IP version 6
- DNS Protocol Enhancements
- Views
- Multiprocessor Support
- Improved Portability Architecture
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self
This package contains the BIND 9.12 release.
- named and related libraries have been substantially refactored for
improved query performance.
- Code implementing the name server query processing logic has been
moved into a new libns library.
- The DNS Response Policy Service API (DNSRPS) is now supported.
- Log file timestamps can now also be formatted in ISO 8601 (local)
or ISO 8601 (UTC) formats.
- Added support for the EDNS Padding and Keepalive options.
- 'new-zones-directory' option sets the location where the
configuration data for zones added by rndc addzone is stored.
- The default key algorithm in rndc-confgen is now hmac-sha256.
- filter-aaaa-on-v4 and filter-aaaa-on-v6 options are now available
by default without a configure option.
- The obsolete isc-hmac-fixup command has been removed.
