changelog-9.20.12.rst revision 1.1
1 1.1 christos .. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2 1.1 christos .. 3 1.1 christos .. SPDX-License-Identifier: MPL-2.0 4 1.1 christos .. 5 1.1 christos .. This Source Code Form is subject to the terms of the Mozilla Public 6 1.1 christos .. License, v. 2.0. If a copy of the MPL was not distributed with this 7 1.1 christos .. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8 1.1 christos .. 9 1.1 christos .. See the COPYRIGHT file distributed with this work for additional 10 1.1 christos .. information regarding copyright ownership. 11 1.1 christos 12 1.1 christos BIND 9.20.12 13 1.1 christos ------------ 14 1.1 christos 15 1.1 christos New Features 16 1.1 christos ~~~~~~~~~~~~ 17 1.1 christos 18 1.1 christos - Support for parsing the DSYNC record has been added. ``f440fe712d`` 19 1.1 christos 20 1.1 christos :gl:`#5440` :gl:`!10820` 21 1.1 christos 22 1.1 christos Feature Changes 23 1.1 christos ~~~~~~~~~~~~~~~ 24 1.1 christos 25 1.1 christos - Adaptive memory allocation strategy for qp-tries. ``9a046cbed5`` 26 1.1 christos 27 1.1 christos qp-tries allocate their nodes (twigs) in chunks to reduce allocator 28 1.1 christos pressure and improve memory locality. The choice of chunk size 29 1.1 christos presents a tradeoff: larger chunks benefit qp-tries with many values 30 1.1 christos (as seen in large zones and resolvers) but waste memory in smaller use 31 1.1 christos cases. 32 1.1 christos 33 1.1 christos Previously, our fixed chunk size of 2^10 twigs meant that even an 34 1.1 christos empty qp-trie would consume 12KB of memory, while reducing this size 35 1.1 christos would negatively impact resolver performance. 36 1.1 christos 37 1.1 christos This MR implements an adaptive chunking strategy that tracks the size 38 1.1 christos of the most recently allocated chunk and doubles the chunk size for 39 1.1 christos each new allocation until reaching a predefined maximum. 40 1.1 christos 41 1.1 christos This approach effectively balances memory efficiency for small tries 42 1.1 christos while maintaining the performance benefits of larger chunk sizes for 43 1.1 christos bigger data structures. :gl:`#5445` :gl:`!10804` 44 1.1 christos 45 1.1 christos - Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest 46 1.1 christos type 1. ``5aefaa4b97`` 47 1.1 christos 48 1.1 christos RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated 49 1.1 christos by the IETF and should no longer be used for DNSSEC. DS digest type 1 50 1.1 christos (SHA1) has also been deprecated. Validators are now expected to treat 51 1.1 christos these algorithms and digest as unknown, resulting in some zones being 52 1.1 christos treated as insecure when they were previously treated as secure. 53 1.1 christos Warnings have been added to named and tools when these algorithms and 54 1.1 christos this digest are being used for signing. 55 1.1 christos 56 1.1 christos Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated to a 57 1.1 christos different DNSKEY algorithm. 58 1.1 christos 59 1.1 christos Zones with DS or CDS records with digest type 1 (SHA1) should be 60 1.1 christos updated to use a different digest type (e.g. SHA256) and the digest 61 1.1 christos type 1 records should be removed. 62 1.1 christos 63 1.1 christos Related to #5358 :gl:`!10738` 64 1.1 christos 65 1.1 christos Bug Fixes 66 1.1 christos ~~~~~~~~~ 67 1.1 christos 68 1.1 christos - Stale RRsets in a CNAME chain were not always refreshed. 69 1.1 christos ``ed37c7825e`` 70 1.1 christos 71 1.1 christos With serve-stale enabled, a CNAME chain that contains a stale RRset, 72 1.1 christos the refresh query doesn't always properly refresh the stale RRsets. 73 1.1 christos This has been fixed. :gl:`#5243` :gl:`!10767` 74 1.1 christos 75 1.1 christos - Add RPZ extended DNS error for zones with a CNAME override policy 76 1.1 christos configured. ``39ad2016c1`` 77 1.1 christos 78 1.1 christos When the zone is configured with a CNAME override policy, or the 79 1.1 christos response policy zone contains a wildcard CNAME, the extended DNS error 80 1.1 christos code was not added. This has been fixed. :gl:`#5342` :gl:`!10819` 81 1.1 christos 82 1.1 christos - Fix a possible crash when adding a zone while recursing. 83 1.1 christos ``7a3ec8dd94`` 84 1.1 christos 85 1.1 christos A query for a zone that was not yet loaded may yield an unexpected 86 1.1 christos result such as a CNAME or DNAME, triggering an assertion failure. This 87 1.1 christos has been fixed. :gl:`#5357` :gl:`!10718` 88 1.1 christos 89 1.1 christos - Fix dig issues. ``8c50819aa8`` 90 1.1 christos 91 1.1 christos When used with the ``+keepopen`` option with a TCP connection, 92 1.1 christos iscman:`dig` could terminate unexpectedly in rare situations. 93 1.1 christos Additionally, iscman:`dig` could hang and fail to shutdown properly 94 1.1 christos when interrupted during a query. These have been fixed. :gl:`#5381` 95 1.1 christos :gl:`!10727` 96 1.1 christos 97 1.1 christos - Log dropped or slipped responses in the query-errors category. 98 1.1 christos ``47470b586d`` 99 1.1 christos 100 1.1 christos Responses which were dropped or slipped because of RRL (Response Rate 101 1.1 christos Limiting) were logged in the ``rate-limit`` category instead of the 102 1.1 christos ``query-errors`` category, as documented in ARM. This has been fixed. 103 1.1 christos :gl:`#5388` :gl:`!10725` 104 1.1 christos 105 1.1 christos - Separate out adbname type flags. ``fc689c6525`` 106 1.1 christos 107 1.1 christos There are three adbname flags that are used to identify different 108 1.1 christos types of adbname lookups when hashing rather than using multiple hash 109 1.1 christos tables. Separate these to their own structure element as these need 110 1.1 christos to be able to be read without locking the adbname structure. 111 1.1 christos :gl:`#5404` :gl:`!10695` 112 1.1 christos 113 1.1 christos - Synth-from-dnssec was not working in some scenarios. ``bc54f059e0`` 114 1.1 christos 115 1.1 christos Aggressive use of DNSSEC-Validated cache with NSEC was not working in 116 1.1 christos scenarios when no parent NSEC was not in cache. This has been fixed. 117 1.1 christos :gl:`#5422` :gl:`!10754` 118 1.1 christos 119 1.1 christos - Clean enough memory when adding new ADB names/entries under memory 120 1.1 christos pressure. ``b7e7923daa`` 121 1.1 christos 122 1.1 christos The ADB memory cleaning is opportunistic even when we are under memory 123 1.1 christos pressure (in the overmem condition). Split the opportunistic LRU 124 1.1 christos cleaning and overmem cleaning and make the overmem cleaning always 125 1.1 christos cleanup double of the newly allocated adbname/adbentry to ensure we 126 1.1 christos never allocate more memory than the assigned limit. :gl:`!10707` 127 1.1 christos 128 1.1 christos - Prevent spurious validation failures. ``3b98c7cc9d`` 129 1.1 christos 130 1.1 christos Under rare circumstances, validation could fail if multiple clients 131 1.1 christos simultaneously iterated the same set of signatures. 132 1.1 christos 133 1.1 christos References #3014 :gl:`!10815` 134 1.1 christos 135 1.1 christos - Rename variable called 'free' to prevent the clash with free() 136 1.1 christos ``7f25d92c5d`` 137 1.1 christos 138 1.1 christos :gl:`!10757` 139 1.1 christos 140 1.1 christos 141
Indexes created Thu Apr 23 00:23:13 UTC 2026