Revision tags: bind-9-18-24-1 bind-9-18-24
|
#
1.1.1.3 |
|
21-Feb-2024 |
christos |
Import bind-9.18.24 (previous was 9.16.42)
--- 9.18.24 released ---
6343. [bug] Fix case insensitive setting for isc_ht hashtable. [GL #4568]
--- 9.18.23 released ---
6322. [security] Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. (CVE-2023-50387) [GL #4424]
6321. [security] Change 6315 inadvertently introduced regressions that could cause named to crash. [GL #4234]
6320. [bug] Under some circumstances, the DoT code in client mode could process more than one message at a time when that was not expected. That has been fixed. [GL #4487]
--- 9.18.22 released ---
6319. [func] Limit isc_task_send() overhead for RBTDB tree pruning. [GL #4383]
6317. [security] Restore DNS64 state when handling a serve-stale timeout. (CVE-2023-5679) [GL #4334]
6316. [security] Specific queries could trigger an assertion check with nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
6315. [security] Speed up parsing of DNS messages with many different names. (CVE-2023-4408) [GL #4234]
6314. [bug] Address race conditions in dns_tsigkey_find(). [GL #4182]
6312. [bug] Conversion from NSEC3 signed to NSEC signed could temporarily put the zone into a state where it was treated as unsigned until the NSEC chain was built. Additionally conversion from one set of NSEC3 parameters to another could also temporarily put the zone into a state where it was treated as unsigned until the new NSEC3 chain was built. [GL #1794] [GL #4495]
6310. [bug] Memory leak in zone.c:sign_zone. When named signed a zone it could leak dst_keys due to a misplaced 'continue'. [GL #4488]
6306. [func] Log more details about the cause of "not exact" errors. [GL #4500]
6304. [bug] The wrong time was being used to determine what RRSIGs where to be generated when dnssec-policy was in use. [GL #4494]
6302. [func] The "trust-anchor-telemetry" statement is no longer marked as experimental. This silences a relevant log message that was emitted even when the feature was explicitly disabled. [GL #4497]
6300. [bug] Fix statistics export to use full 64 bit signed numbers instead of truncating values to unsigned 32 bits. [GL #4467]
6299. [port] NetBSD has added 'hmac' to libc which collides with our use of 'hmac'. [GL #4478]
--- 9.18.21 released ---
6297. [bug] Improve LRU cleaning behaviour. [GL #4448]
6296. [func] The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are deprecated; a warning will be logged if they are used. [GL #4405]
6294. [bug] BIND might sometimes crash after startup or re-configuration when one 'tls' entry is used multiple times to connect to remote servers due to initialisation attempts from contexts of multiple threads. That has been fixed. [GL #4464]
6290. [bug] Dig +yaml will now report "no servers could be reached" also for UDP setup failure when no other servers or tries are left. [GL #1229]
6287. [bug] Recognize escapes when reading the public key from file. [GL !8502]
6286. [bug] Dig +yaml will now report "no servers could be reached" on TCP connection failure as well as for UDP timeouts. [GL #4396]
6282. [func] Deprecate AES-based DNS cookies. [GL #4421]
--- 9.18.20 released ---
6280. [bug] Fix missing newlines in the output of "rndc nta -dump". [GL !8454]
6277. [bug] Take into account local authoritative zones when falling back to serve-stale. [GL #4355]
6275. [bug] Fix assertion failure when using lock-file configuration option together -X argument to named. [GL #4386]
6274. [bug] The 'lock-file' file was being removed when it shouldn't have been making it ineffective if named was started 3 or more times. [GL #4387]
6271. [bug] Fix a shutdown race in dns__catz_update_cb(). [GL #4381]
6269. [maint] B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b. [GL #4101]
6267. [func] The timeouts for resending zone refresh queries over UDP were lowered to enable named to more quickly determine that a primary is down. [GL #4260]
6265. [bug] Don't schedule resign operations on the raw version of an inline-signing zone. [GL #4350]
6261. [bug] Fix a possible assertion failure on an error path in resolver.c:fctx_query(), when using an uninitialized link. [GL #4331]
6254. [cleanup] Add semantic patch to do an explicit cast from char to unsigned char in ctype.h class of functions. [GL #4327]
6252. [test] Python system tests have to be executed by invoking pytest directly. Executing them with the legacy test runner is no longer supported. [GL #4250]
6250. [bug] The wrong covered value was being set by dns_ncache_current for RRSIG records in the returned rdataset structure. This resulted in TYPE0 being reported as the covered value of the RRSIG when dumping the cache contents. [GL #4314]
--- 9.18.19 released ---
6246. [security] Fix use-after-free error in TLS DNS code when sending data. (CVE-2023-4236) [GL #4242]
6245. [security] Limit the amount of recursion that can be performed by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]
6244. [bug] Adjust log levels on malformed messages to NOTICE when transferring in a zone. [GL #4290]
6241. [bug] Take into account the possibility of partial TLS writes in TLS DNS code. That helps to prevent DNS messages corruption on long DNS over TLS streams. [GL #4255]
6240. [bug] Use dedicated per-worker thread jemalloc memory arenas for send buffers allocation to reduce memory consumption and avoid lock contention. [GL #4038]
6239. [func] Deprecate the 'dnssec-must-be-secure' option. [GL #3700]
6237. [bug] Address memory leaks due to not clearing OpenSSL error stack. [GL #4159]
6235. [doc] Clarify BIND 9 time formats. [GL #4266]
6234. [bug] Restore stale-refresh-time value after flushing the cache. [GL #4278]
6232. [bug] Following the introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs update rules, removal of nonexistent PTR and SRV records via UPDATE could fail. [GL #4280]
6231. [func] Make nsupdate honor -v for SOA requests if the server is specified. [GL #1181]
6230. [bug] Prevent an unnecessary query restart if a synthesized CNAME target points to the CNAME owner. [GL #3835]
6227. [bug] Check the statistics-channel HTTP Content-length to prevent negative or overflowing values from causing a crash. [GL #4125]
6224. [bug] Check the If-Modified-Since value length to prevent out-of-bounds write. [GL #4124]
--- 9.18.18 released ---
6220. [func] Deprecate the 'dialup' and 'heartbeat-interval' options. [GL #3700]
6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'. [GL #4032]
6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured. [GL #4225]
6213. [bug] Mark a primary server as temporarily unreachable if the TCP connection attempt times out. [GL #4215]
6212. [bug] Don't process detach and close netmgr events when the netmgr has been paused. [GL #4200]
--- 9.18.17 released ---
6206. [bug] Add shutdown checks in dns_catz_dbupdate_callback() to avoid a race with dns_catz_shutdown_catzs(). [GL #4171]
6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs. [GL #4154]
6204. [bug] Use NS records for relaxed QNAME-minimization mode. This reduces the number of queries named makes when resolving, as it allows the non-existence of NS RRsets at non-referral nodes to be cached in addition to the referrals that are normally cached. [GL #3325]
6200. [bug] Fix nslookup erroneously reporting a timeout when the input is delayed. [GL #4044]
6199. [bug] Improve HTTP Connection: header protocol conformance in the statistics channel. [GL #4126]
6198. [func] Remove the holes in the isc_result_t enum to compact the isc_result tables. [GL #4149]
6197. [bug] Fix a data race between the dns_zone and dns_catz modules when registering/unregistering a database update notification callback for a catalog zone. [GL #4132]
6196. [cleanup] Report "permission denied" instead of "unexpected error" when trying to update a zone file on a read-only file system. Thanks to Midnight Veil. [GL #4134]
6193. [bug] Fix a catz db update notification callback registration logic error, which could crash named when receiving an AXFR update for a catalog zone while the previous update process of the catalog zone was already running. [GL #4136]
6166. [func] Retry without DNS COOKIE on FORMERR if it appears that the FORMERR was due to the presence of a DNS COOKIE option. [GL #4049]
|
Revision tags: bind-9-16-42
|
#
1.1.1.2 |
|
26-Jun-2023 |
christos |
branches: 1.1.1.2.2; Import 9.16.42 (last was 9.16.37)
--- 9.16.42 released ---
6192. [security] A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for 'named' to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the cache going over the configured limit. (CVE-2023-2828) [GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in resolv.conf otherwise the next line is not properly processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [GL #4054]
--- 9.16.41 released ---
6157. [bug] When removing delegations in an OPTOUT range empty-non-terminal NSEC3 records generated by those delegations were not removed. [GL #4027]
--- 9.16.40 released ---
6142. [bug] Reduce the number of dns_dnssec_verify calls made determining if revoked keys needs to be removed from the trust anchors. [GL #3981]
6138. [doc] Fix the DF-flag documentation on the outgoing UDP packets. [GL #3710]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is never read. [GL #3965]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to an NSEC3 incapable DNSSEC algorithm using KASP the zone could sometimes be incompletely signed. [GL #3937]
5741. [bug] Log files with "timestamp" suffixes could be left in place after rolling, even if the number of preserved log files exceeded the configured "versions" limit. [GL #828] [GL #3959]
--- 9.16.39 released ---
6119. [bug] Make sure to revert the reconfigured zones to the previous version of the view, when the new view reconfiguration fails during the configuration of one of the configured zones. [GL #3911]
6116. [bug] Fix error path cleanup issue in the dns_catz_new_zones() function. [GL #3900]
6115. [bug] Unregister db update notify callback before detaching from the previous db inside the catz update notify callback. [GL #3777]
6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in configure_rpz() and configure_catz(), respectively, just after attaching it to the new view. [GL #3880]
6098. [test] Don't test HMAC-MD5 when not supported by libcrypto. [GL #3871]
6095. [test] Test various 'islands of trust' configurations when using managed keys. [GL #3662]
6094. [bug] Building against (or running with) libuv versions 1.35.0 and 1.36.0 is now a fatal error. The rules for mixing and matching compile-time and run-time libuv versions have been tightened for libuv versions between 1.35.0 and 1.40.0. [GL #3840]
--- 9.16.38 released ---
6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently broken by change 6042. [GL #3827]
6081. [bug] Handle primary server address lookup failures in nsupdate more gracefully. [GL #3830]
6080. [bug] 'named -V' leaked memory. [GL #3829]
6079. [bug] Force set the DS state after a 'rdnc dnssec -checkds' command. [GL #3822]
6075. [bug] Add missing node lock when setting node->wild in add_wildcard_magic. [GL #3799]
6072. [bug] Avoid the OpenSSL lock contention when initializing Message Digest Contexts by using explicit algorithm fetching, initializing static contexts for every supported algorithms, and initializing the new context by copying the static copy. [GL #3795]
6069. [bug] Detach from the view in zone_shutdown() to release the memory held by the dead view early. [GL #3801]
|
Revision tags: bind-9-16-37
|
#
1.1.1.1 |
|
25-Jan-2023 |
christos |
Import bind-9.16.37 (previous was bind-9.16.33)
--- 9.16.37 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active. (CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new "update-quota" statement that controls the number of simultaneous UPDATE messages that can be processed or forwarded. The default is 100. A stats counter has been added to record events when the update quota is exceeded, and the XML and JSON statistics version numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has only been partly operational since 9.16.0, is now marked as deprecated. Configuring DSCP values in named.conf will cause a warning will be logged. [GL #3773]
6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone() by detaching from the zone manager outside of the write lock. [GL #3768]
6059. [bug] In some serve stale scenarios, like when following an expired CNAME record, named could return SERVFAIL if the previous request wasn't successful. Consider non-stale data when in serve-stale mode. [GL #3678]
6058. [bug] Prevent named from crashing when "rndc delzone" attempts to delete a zone added by a catalog zone. [GL #3745]
6050. [bug] Changes to the RPZ response-policy min-update-interval and add-soa options now take effect as expected when named is reconfigured. [GL #3740]
6048. [bug] Fix a log message error in dns_catz_update_from_db(), where serials with values of 2^31 or larger were logged incorrectly as negative numbers. [GL #3742]
6045. [cleanup] The list of supported DNSSEC algorithms changed log level from "warning" to "notice" to match named's other startup messages. [GL !7217]
6044. [bug] There was an "RSASHA236" typo in a log message. [GL !7206]
--- 9.16.36 released ---
6043. [bug] The key file IO locks objects would never get deleted from the hashtable due to off-by-one error. [GL #3727]
6042. [bug] ANY responses could sometimes have the wrong TTL. [GL #3613]
6040. [bug] Speed up the named shutdown time by explicitly canceling all recursing ns_client objects for each ns_clientmgr. [GL #3183]
6039. [bug] Removing a catalog zone from catalog-zones without also removing the referenced zone could leave a dangling pointer. [GL #3683]
6031. [bug] Move the "final reference detached" log message from dns_zone unit to the DEBUG(1) log level. [GL #3707]
6024. [func] Deprecate 'auto-dnssec'. [GL #3667]
6021. [bug] Use the current domain name when checking answers from a dual-stack-server. [GL #3607]
6020. [bug] Ensure 'named-checkconf -z' respects the check-wildcard option when loading a zone. [GL #1905]
6017. [bug] The view's zone table was not locked when it should have been leading to race conditions when external extensions that manipulate the zone table where in use. [GL #3468]
--- 9.16.35 released ---
6013. [bug] Fix a crash that could happen when you change a dnssec-policy zone with NSEC3 to start using inline-signing. [GL #3591]
6009. [bug] Don't trust a placeholder KEYDATA from the managed-keys zone by adding it into secroots. [GL #2895]
6008. [bug] Fixed a race condition that could cause a crash in dns_zone_synckeyzone(). [GL #3617]
6002. [bug] Fix a resolver prefetch bug when the record's TTL value is equal to the configured prefetch eligibility value, but the record was erroneously not treated as eligible for prefetching. [GL #3603]
6001. [bug] Always call dns_adb_endudpfetch() after calling dns_adb_beginudpfetch() for UDP queries in resolver.c, in order to adjust back the quota. [GL #3598]
6000. [bug] Fix a startup issue on Solaris systems with many (reportedly > 510) CPUs. Thanks to Stacey Marshall from Oracle for deep investigation of the problem. [GL #3563]
5999. [bug] rpz-ip rules could be ineffective in some scenarios with CD=1 queries. [GL #3247]
5998. [bug] The RecursClients statistics counter could overflow in certain resolution scenarios. [GL #3584]
5996. [bug] Fix a couple of bugs in cfg_print_duration(), which could result in generating incomplete duration values when printing the configuration using named-checkconf. [GL !6880]
--- 9.16.34 released ---
5991. [protocol] Add support for parsing and validating "dohpath" to SVCB. [GL #3544]
5988. [bug] Some out of memory conditions in opensslrsa_link.c could lead to memory leaks. [GL #3551]
5984. [func] 'named -V' now reports the list of supported DNSSEC/DS/HMAC algorithms and the supported TKEY modes. [GL #3541]
5983. [bug] Changing just the TSIG key names for primaries in catalog zones' member zones was not effective. [GL #3557]
5973. [bug] Fixed a possible invalid detach in UPDATE processing. [GL #3522]
5963. [bug] Ensure struct named_server is properly initialized. [GL #6531]
5921. [test] Convert system tests to use a default DNSKEY algorithm where the test is not DNSKEY algorithm specific. [GL #3440]
|
Revision tags: bind-9-16-42
|
#
1.1.1.2 |
|
26-Jun-2023 |
christos |
Import 9.16.42 (last was 9.16.37)
--- 9.16.42 released ---
6192. [security] A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for 'named' to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the cache going over the configured limit. (CVE-2023-2828) [GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in resolv.conf otherwise the next line is not properly processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [GL #4054]
--- 9.16.41 released ---
6157. [bug] When removing delegations in an OPTOUT range empty-non-terminal NSEC3 records generated by those delegations were not removed. [GL #4027]
--- 9.16.40 released ---
6142. [bug] Reduce the number of dns_dnssec_verify calls made determining if revoked keys needs to be removed from the trust anchors. [GL #3981]
6138. [doc] Fix the DF-flag documentation on the outgoing UDP packets. [GL #3710]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is never read. [GL #3965]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to an NSEC3 incapable DNSSEC algorithm using KASP the zone could sometimes be incompletely signed. [GL #3937]
5741. [bug] Log files with "timestamp" suffixes could be left in place after rolling, even if the number of preserved log files exceeded the configured "versions" limit. [GL #828] [GL #3959]
--- 9.16.39 released ---
6119. [bug] Make sure to revert the reconfigured zones to the previous version of the view, when the new view reconfiguration fails during the configuration of one of the configured zones. [GL #3911]
6116. [bug] Fix error path cleanup issue in the dns_catz_new_zones() function. [GL #3900]
6115. [bug] Unregister db update notify callback before detaching from the previous db inside the catz update notify callback. [GL #3777]
6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in configure_rpz() and configure_catz(), respectively, just after attaching it to the new view. [GL #3880]
6098. [test] Don't test HMAC-MD5 when not supported by libcrypto. [GL #3871]
6095. [test] Test various 'islands of trust' configurations when using managed keys. [GL #3662]
6094. [bug] Building against (or running with) libuv versions 1.35.0 and 1.36.0 is now a fatal error. The rules for mixing and matching compile-time and run-time libuv versions have been tightened for libuv versions between 1.35.0 and 1.40.0. [GL #3840]
--- 9.16.38 released ---
6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently broken by change 6042. [GL #3827]
6081. [bug] Handle primary server address lookup failures in nsupdate more gracefully. [GL #3830]
6080. [bug] 'named -V' leaked memory. [GL #3829]
6079. [bug] Force set the DS state after a 'rdnc dnssec -checkds' command. [GL #3822]
6075. [bug] Add missing node lock when setting node->wild in add_wildcard_magic. [GL #3799]
6072. [bug] Avoid the OpenSSL lock contention when initializing Message Digest Contexts by using explicit algorithm fetching, initializing static contexts for every supported algorithms, and initializing the new context by copying the static copy. [GL #3795]
6069. [bug] Detach from the view in zone_shutdown() to release the memory held by the dead view early. [GL #3801]
|
Revision tags: bind-9-16-37
|
#
1.1.1.1 |
|
25-Jan-2023 |
christos |
Import bind-9.16.37 (previous was bind-9.16.33)
--- 9.16.37 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active. (CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new "update-quota" statement that controls the number of simultaneous UPDATE messages that can be processed or forwarded. The default is 100. A stats counter has been added to record events when the update quota is exceeded, and the XML and JSON statistics version numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has only been partly operational since 9.16.0, is now marked as deprecated. Configuring DSCP values in named.conf will cause a warning will be logged. [GL #3773]
6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone() by detaching from the zone manager outside of the write lock. [GL #3768]
6059. [bug] In some serve stale scenarios, like when following an expired CNAME record, named could return SERVFAIL if the previous request wasn't successful. Consider non-stale data when in serve-stale mode. [GL #3678]
6058. [bug] Prevent named from crashing when "rndc delzone" attempts to delete a zone added by a catalog zone. [GL #3745]
6050. [bug] Changes to the RPZ response-policy min-update-interval and add-soa options now take effect as expected when named is reconfigured. [GL #3740]
6048. [bug] Fix a log message error in dns_catz_update_from_db(), where serials with values of 2^31 or larger were logged incorrectly as negative numbers. [GL #3742]
6045. [cleanup] The list of supported DNSSEC algorithms changed log level from "warning" to "notice" to match named's other startup messages. [GL !7217]
6044. [bug] There was an "RSASHA236" typo in a log message. [GL !7206]
--- 9.16.36 released ---
6043. [bug] The key file IO locks objects would never get deleted from the hashtable due to off-by-one error. [GL #3727]
6042. [bug] ANY responses could sometimes have the wrong TTL. [GL #3613]
6040. [bug] Speed up the named shutdown time by explicitly canceling all recursing ns_client objects for each ns_clientmgr. [GL #3183]
6039. [bug] Removing a catalog zone from catalog-zones without also removing the referenced zone could leave a dangling pointer. [GL #3683]
6031. [bug] Move the "final reference detached" log message from dns_zone unit to the DEBUG(1) log level. [GL #3707]
6024. [func] Deprecate 'auto-dnssec'. [GL #3667]
6021. [bug] Use the current domain name when checking answers from a dual-stack-server. [GL #3607]
6020. [bug] Ensure 'named-checkconf -z' respects the check-wildcard option when loading a zone. [GL #1905]
6017. [bug] The view's zone table was not locked when it should have been leading to race conditions when external extensions that manipulate the zone table where in use. [GL #3468]
--- 9.16.35 released ---
6013. [bug] Fix a crash that could happen when you change a dnssec-policy zone with NSEC3 to start using inline-signing. [GL #3591]
6009. [bug] Don't trust a placeholder KEYDATA from the managed-keys zone by adding it into secroots. [GL #2895]
6008. [bug] Fixed a race condition that could cause a crash in dns_zone_synckeyzone(). [GL #3617]
6002. [bug] Fix a resolver prefetch bug when the record's TTL value is equal to the configured prefetch eligibility value, but the record was erroneously not treated as eligible for prefetching. [GL #3603]
6001. [bug] Always call dns_adb_endudpfetch() after calling dns_adb_beginudpfetch() for UDP queries in resolver.c, in order to adjust back the quota. [GL #3598]
6000. [bug] Fix a startup issue on Solaris systems with many (reportedly > 510) CPUs. Thanks to Stacey Marshall from Oracle for deep investigation of the problem. [GL #3563]
5999. [bug] rpz-ip rules could be ineffective in some scenarios with CD=1 queries. [GL #3247]
5998. [bug] The RecursClients statistics counter could overflow in certain resolution scenarios. [GL #3584]
5996. [bug] Fix a couple of bugs in cfg_print_duration(), which could result in generating incomplete duration values when printing the configuration using named-checkconf. [GL !6880]
--- 9.16.34 released ---
5991. [protocol] Add support for parsing and validating "dohpath" to SVCB. [GL #3544]
5988. [bug] Some out of memory conditions in opensslrsa_link.c could lead to memory leaks. [GL #3551]
5984. [func] 'named -V' now reports the list of supported DNSSEC/DS/HMAC algorithms and the supported TKEY modes. [GL #3541]
5983. [bug] Changing just the TSIG key names for primaries in catalog zones' member zones was not effective. [GL #3557]
5973. [bug] Fixed a possible invalid detach in UPDATE processing. [GL #3522]
5963. [bug] Ensure struct named_server is properly initialized. [GL #6531]
5921. [test] Convert system tests to use a default DNSKEY algorithm where the test is not DNSKEY algorithm specific. [GL #3440]
|