1497bf0b8Schristos.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 28260f9a8Schristos.. 3497bf0b8Schristos.. SPDX-License-Identifier: MPL-2.0 4497bf0b8Schristos.. 5497bf0b8Schristos.. This Source Code Form is subject to the terms of the Mozilla Public 6497bf0b8Schristos.. License, v. 2.0. If a copy of the MPL was not distributed with this 7497bf0b8Schristos.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8497bf0b8Schristos.. 9497bf0b8Schristos.. See the COPYRIGHT file distributed with this work for additional 10497bf0b8Schristos.. information regarding copyright ownership. 118260f9a8Schristos 128260f9a8SchristosNotes for BIND 9.16.7 138260f9a8Schristos--------------------- 148260f9a8Schristos 158260f9a8SchristosNew Features 168260f9a8Schristos~~~~~~~~~~~~ 178260f9a8Schristos 188260f9a8Schristos- Add a new ``rndc`` command, ``rndc dnssec -checkds``, which signals to 198260f9a8Schristos ``named`` that a DS record for a given zone or key has been published 208260f9a8Schristos or withdrawn from the parent. This command replaces the time-based 21b9eb1a82Schristos ``parent-registration-delay`` configuration option. :gl:`#1613` 228260f9a8Schristos 23b9eb1a82Schristos- Log when ``named`` adds a CDS/CDNSKEY to the zone. :gl:`#1748` 248260f9a8Schristos 258260f9a8SchristosBug Fixes 268260f9a8Schristos~~~~~~~~~ 278260f9a8Schristos 288260f9a8Schristos- In rare circumstances, ``named`` would exit with an assertion failure 298260f9a8Schristos when the number of nodes stored in the red-black tree exceeded the 30b9eb1a82Schristos maximum allowed size of the internal hash table. :gl:`#2104` 318260f9a8Schristos 328260f9a8Schristos- Silence spurious system log messages for an EPROTO(71) error code that 338260f9a8Schristos was seen on older operating systems, where unhandled ICMPv6 errors 348260f9a8Schristos resulted in a generic protocol error being returned instead of a more 35b9eb1a82Schristos specific error code. :gl:`#1928` 368260f9a8Schristos 378260f9a8Schristos- With query name minimization enabled, ``named`` failed to resolve 388260f9a8Schristos ``ip6.arpa.`` names that had extra labels to the left of the IPv6 398260f9a8Schristos part. For example, when ``named`` attempted query name minimization on 408260f9a8Schristos a name like ``A.B.1.2.3.4.(...).ip6.arpa.``, it stopped at the 418260f9a8Schristos leftmost IPv6 label, i.e. ``1.2.3.4.(...).ip6.arpa.``, without 428260f9a8Schristos considering the extra labels (``A.B``). That caused a query loop when 438260f9a8Schristos resolving the name: if ``named`` received NXDOMAIN answers, then the 448260f9a8Schristos same query was repeatedly sent until the number of queries sent 458260f9a8Schristos reached the value of the ``max-recursion-queries`` configuration 46b9eb1a82Schristos option. :gl:`#1847` 478260f9a8Schristos 488260f9a8Schristos- Parsing of LOC records was made more strict by rejecting a sole period 498260f9a8Schristos (``.``) and/or ``m`` as a value. These changes prevent zone files 508260f9a8Schristos using such values from being loaded. Handling of negative altitudes 51b9eb1a82Schristos which are not integers was also corrected. :gl:`#2074` 528260f9a8Schristos 538260f9a8Schristos- Several problems found by `OSS-Fuzz`_ were fixed. (None of these are 54b9eb1a82Schristos security issues.) :gl:`!3953` :gl:`!3975` 558260f9a8Schristos 56*4bcbe0a3SchristosKnown Issues 57*4bcbe0a3Schristos~~~~~~~~~~~~ 58*4bcbe0a3Schristos 59*4bcbe0a3Schristos- There are no new known issues with this release. See :ref:`above 60*4bcbe0a3Schristos <relnotes_known_issues>` for a list of all known issues affecting this 61*4bcbe0a3Schristos BIND 9 branch. 62*4bcbe0a3Schristos 638260f9a8Schristos.. _OSS-Fuzz: https://github.com/google/oss-fuzz 64