Home | History | Annotate | Line # | Download | only in changelog
changelog-9.20.12.rst revision 1.1
      1  1.1  christos .. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
      2  1.1  christos ..
      3  1.1  christos .. SPDX-License-Identifier: MPL-2.0
      4  1.1  christos ..
      5  1.1  christos .. This Source Code Form is subject to the terms of the Mozilla Public
      6  1.1  christos .. License, v. 2.0.  If a copy of the MPL was not distributed with this
      7  1.1  christos .. file, you can obtain one at https://mozilla.org/MPL/2.0/.
      8  1.1  christos ..
      9  1.1  christos .. See the COPYRIGHT file distributed with this work for additional
     10  1.1  christos .. information regarding copyright ownership.
     11  1.1  christos 
     12  1.1  christos BIND 9.20.12
     13  1.1  christos ------------
     14  1.1  christos 
     15  1.1  christos New Features
     16  1.1  christos ~~~~~~~~~~~~
     17  1.1  christos 
     18  1.1  christos - Support for parsing the DSYNC record has been added. ``f440fe712d``
     19  1.1  christos 
     20  1.1  christos   :gl:`#5440` :gl:`!10820`
     21  1.1  christos 
     22  1.1  christos Feature Changes
     23  1.1  christos ~~~~~~~~~~~~~~~
     24  1.1  christos 
     25  1.1  christos - Adaptive memory allocation strategy for qp-tries. ``9a046cbed5``
     26  1.1  christos 
     27  1.1  christos   qp-tries allocate their nodes (twigs) in chunks to reduce allocator
     28  1.1  christos   pressure and improve memory locality. The choice of chunk size
     29  1.1  christos   presents a tradeoff: larger chunks benefit qp-tries with many values
     30  1.1  christos   (as seen in large zones and resolvers) but waste memory in smaller use
     31  1.1  christos   cases.
     32  1.1  christos 
     33  1.1  christos   Previously, our fixed chunk size of 2^10 twigs meant that even an
     34  1.1  christos   empty qp-trie would consume 12KB of memory, while reducing this size
     35  1.1  christos   would negatively impact resolver performance.
     36  1.1  christos 
     37  1.1  christos   This MR implements an adaptive chunking strategy that tracks the size
     38  1.1  christos   of the most recently allocated chunk and doubles the chunk size for
     39  1.1  christos   each new allocation until reaching a predefined maximum.
     40  1.1  christos 
     41  1.1  christos   This approach effectively balances memory efficiency for small tries
     42  1.1  christos   while maintaining the performance benefits of larger chunk sizes for
     43  1.1  christos   bigger data structures. :gl:`#5445` :gl:`!10804`
     44  1.1  christos 
     45  1.1  christos - Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest
     46  1.1  christos   type 1. ``5aefaa4b97``
     47  1.1  christos 
     48  1.1  christos   RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated
     49  1.1  christos   by the IETF and should no longer be used for DNSSEC. DS digest type 1
     50  1.1  christos   (SHA1) has also been deprecated. Validators are now expected to treat
     51  1.1  christos   these algorithms and digest as unknown, resulting in some zones being
     52  1.1  christos   treated as insecure when they were previously treated as secure.
     53  1.1  christos   Warnings have been added to named and tools when these algorithms and
     54  1.1  christos   this digest are being used for signing.
     55  1.1  christos 
     56  1.1  christos   Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated to a
     57  1.1  christos   different DNSKEY algorithm.
     58  1.1  christos 
     59  1.1  christos   Zones with DS or CDS records with digest type 1 (SHA1) should be
     60  1.1  christos   updated to use a different digest type (e.g. SHA256) and the digest
     61  1.1  christos   type 1 records should be removed.
     62  1.1  christos 
     63  1.1  christos   Related to #5358 :gl:`!10738`
     64  1.1  christos 
     65  1.1  christos Bug Fixes
     66  1.1  christos ~~~~~~~~~
     67  1.1  christos 
     68  1.1  christos - Stale RRsets in a CNAME chain were not always refreshed.
     69  1.1  christos   ``ed37c7825e``
     70  1.1  christos 
     71  1.1  christos   With serve-stale enabled, a CNAME chain that contains a stale RRset,
     72  1.1  christos   the refresh query doesn't always properly refresh the stale RRsets.
     73  1.1  christos   This has been fixed. :gl:`#5243` :gl:`!10767`
     74  1.1  christos 
     75  1.1  christos - Add RPZ extended DNS error for zones with a CNAME override policy
     76  1.1  christos   configured. ``39ad2016c1``
     77  1.1  christos 
     78  1.1  christos   When the zone is configured with a CNAME override policy, or the
     79  1.1  christos   response policy zone contains a wildcard CNAME, the extended DNS error
     80  1.1  christos   code was not added. This has been fixed. :gl:`#5342` :gl:`!10819`
     81  1.1  christos 
     82  1.1  christos - Fix a possible crash when adding a zone while recursing.
     83  1.1  christos   ``7a3ec8dd94``
     84  1.1  christos 
     85  1.1  christos   A query for a zone that was not yet loaded may yield an unexpected
     86  1.1  christos   result such as a CNAME or DNAME, triggering an assertion failure. This
     87  1.1  christos   has been fixed. :gl:`#5357` :gl:`!10718`
     88  1.1  christos 
     89  1.1  christos - Fix dig issues. ``8c50819aa8``
     90  1.1  christos 
     91  1.1  christos   When used with the ``+keepopen`` option with a TCP connection,
     92  1.1  christos   iscman:`dig` could terminate unexpectedly in rare situations.
     93  1.1  christos   Additionally, iscman:`dig` could hang and fail to shutdown properly
     94  1.1  christos   when interrupted during a query. These have been fixed. :gl:`#5381`
     95  1.1  christos   :gl:`!10727`
     96  1.1  christos 
     97  1.1  christos - Log dropped or slipped responses in the query-errors category.
     98  1.1  christos   ``47470b586d``
     99  1.1  christos 
    100  1.1  christos   Responses which were dropped or slipped because of RRL (Response Rate
    101  1.1  christos   Limiting) were logged in the ``rate-limit`` category instead of the
    102  1.1  christos   ``query-errors`` category, as documented in ARM. This has been fixed.
    103  1.1  christos   :gl:`#5388` :gl:`!10725`
    104  1.1  christos 
    105  1.1  christos - Separate out adbname type flags. ``fc689c6525``
    106  1.1  christos 
    107  1.1  christos   There are three adbname flags that are used to identify different
    108  1.1  christos   types of adbname lookups when hashing rather than using multiple hash
    109  1.1  christos   tables.  Separate these to their own structure element as these need
    110  1.1  christos   to be able to be read without locking the adbname structure.
    111  1.1  christos   :gl:`#5404` :gl:`!10695`
    112  1.1  christos 
    113  1.1  christos - Synth-from-dnssec was not working in some scenarios. ``bc54f059e0``
    114  1.1  christos 
    115  1.1  christos   Aggressive use of DNSSEC-Validated cache with NSEC was not working in
    116  1.1  christos   scenarios when no parent NSEC was not in cache.  This has been fixed.
    117  1.1  christos   :gl:`#5422` :gl:`!10754`
    118  1.1  christos 
    119  1.1  christos - Clean enough memory when adding new ADB names/entries under memory
    120  1.1  christos   pressure. ``b7e7923daa``
    121  1.1  christos 
    122  1.1  christos   The ADB memory cleaning is opportunistic even when we are under memory
    123  1.1  christos   pressure (in the overmem condition).  Split the opportunistic LRU
    124  1.1  christos   cleaning and overmem cleaning and make the overmem cleaning always
    125  1.1  christos   cleanup double of the newly allocated adbname/adbentry to ensure we
    126  1.1  christos   never allocate more memory than the assigned limit. :gl:`!10707`
    127  1.1  christos 
    128  1.1  christos - Prevent spurious validation failures. ``3b98c7cc9d``
    129  1.1  christos 
    130  1.1  christos   Under rare circumstances, validation could fail if multiple clients
    131  1.1  christos   simultaneously iterated the same set of signatures.
    132  1.1  christos 
    133  1.1  christos   References #3014 :gl:`!10815`
    134  1.1  christos 
    135  1.1  christos - Rename variable called 'free' to prevent the clash with free()
    136  1.1  christos   ``7f25d92c5d``
    137  1.1  christos 
    138  1.1  christos   :gl:`!10757`
    139  1.1  christos 
    140  1.1  christos 
    141