1 .. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2 .. 3 .. SPDX-License-Identifier: MPL-2.0 4 .. 5 .. This Source Code Form is subject to the terms of the Mozilla Public 6 .. License, v. 2.0. If a copy of the MPL was not distributed with this 7 .. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8 .. 9 .. See the COPYRIGHT file distributed with this work for additional 10 .. information regarding copyright ownership. 11 12 BIND 9.20.17 13 ------------ 14 15 New Features 16 ~~~~~~~~~~~~ 17 18 - Add spatch to detect implicit bool/int/result cast. ``02be363d1f`` 19 20 Detection of implicit cast from a boolean into an int, or an 21 isc_result_t into a boolean (either in an assignement or return 22 position). 23 24 If such pattern is found, a warning comment is added into the code 25 (and the CI will fails) so the error can be spotted and manually 26 fixed. :gl:`!11237` 27 28 Feature Changes 29 ~~~~~~~~~~~~~~~ 30 31 - Use atomics for CMM_{LOAD,STORE}_SHARED with ThreadSanitizer. 32 ``94fa721705`` 33 34 Upstream has removed the atomics implementation of CMM_LOAD_SHARED and 35 CMM_STORE_SHARED as these can be used also with non-stdatomics types. 36 As we only use the CMM api with stdatomics types, we can restore the 37 previous behaviour to prevent ThreadSanitizer warnings. :gl:`#5660` 38 :gl:`!11290` 39 40 - Provide more information when the memory allocation fails. 41 ``6749725610`` 42 43 Provide more information about the failure when the memory allocation 44 fails. :gl:`!11304` 45 46 - Reduce the number of outgoing queries. ``457b470e96`` 47 48 Reduces the number of outgoing queries when resolving the nameservers 49 for delegation points. This helps the DNS resolver with cold cache 50 resolve client queries with complex delegation chains and 51 redirections. :gl:`!11258` 52 53 Bug Fixes 54 ~~~~~~~~~ 55 56 - Fix the spurious timeouts while resolving names. ``d96cf874fb`` 57 58 Sometimes the loops in the resolving (e.g. to resolve or validate 59 ns1.example.com we need to resolve ns1.example.com) were not properly 60 detected leading to spurious 10 seconds delay. This has been fixed 61 and such loops are properly detected. :gl:`#3033`, #5578 :gl:`!11298` 62 63 - Fix bug where zone switches from NSEC3 to NSEC after retransfer. 64 ``3b40ffbf83`` 65 66 When a zone is re-transferred, but the zone journal on an 67 inline-signing secondary is out of sync, the zone could fall back to 68 using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527` 69 :gl:`!11274` 70 71 - Attach socket before async streamdns_resume_processing. ``bb9451c73f`` 72 73 Call to `streamdns_resume_processing` is asynchronous but the socket 74 passed as argument is not attached when scheduling the call. 75 76 While there is no reproducible way (so far) to make the socket 77 reference number down to 0 before `streamdns_resume_processing` is 78 called, attach the socket before scheduling the call. This guard 79 against an hypothetic case where, for some reasons, the socket 80 refcount would reach 0, and be freed from memory when 81 `streamdns_resume_processing` is called. :gl:`#5620` :gl:`!11260` 82 83 - AMTRELAY type 0 presentation format handling was wrong. ``adf104a063`` 84 85 RFC 8777 specifies a placeholder value of "." for the gateway field 86 when the gateway type is 0 (no gateway). This was not being checked 87 for nor emitted when displaying the record. This has been corrected. 88 89 Instances of this record will need the placeholder period added to 90 them when upgrading. :gl:`#5639` :gl:`!11255` 91 92 - Fix parsing bug in remote-servers with key or tls. ``d9400c5967`` 93 94 The :any:`remote-servers` clause enable the following pattern using a 95 named ``server-list``: 96 97 remote-servers a { 1.2.3.4; ... }; remote-servers b { a key 98 foo; }; 99 100 However, such configuration was wrongly rejected, with an "unexpected 101 token 'foo'" error. Such configuration is now accepted. :gl:`#5646` 102 :gl:`!11300` 103 104 - Fix TLS contexts cache object usage bug in the resolver. 105 ``13adf94006`` 106 107 :iscman:`named` could terminate unexpectedly when reconfiguring or 108 reloading, and if client-side TLS transport was in use (for example, 109 when forwarding queries to a DoT server). This has been fixed. 110 :gl:`#5653` :gl:`!11299` 111 112 - Fix unitiailized pointer check on getipandkeylist. ``5ed0cf091b`` 113 114 Function `named_config_getipandkeylist` could, in case of error in the 115 early code attempting to get the `port` or `tls-port`, make a pointer 116 check on a non-initialized value. This is now fixed. :gl:`!11306` 117 118 - Standardize CHECK and RETERR macros. ``ef714e91ac`` 119 120 previously, there were over 40 separate definitions of CHECK macros, 121 of which most used "goto cleanup", and the rest "goto failure" or 122 "goto out". there were another 10 definitions of RETERR, of which most 123 were identical to CHECK, but some simply returned a result code 124 instead of jumping to a cleanup label. 125 126 this has now been standardized throughout the code base: RETERR is for 127 returning an error code in the case of an error, and CHECK is for 128 jumping to a cleanup tag, which is now always called "cleanup". both 129 macros are defined in isc/util.h. :gl:`!11069` 130 131 - Adding NSEC3 opt-out records could leave invalid records in 132 chain. ``1d83a8ad46`` 133 134 When creating an NSEC3 opt-out chain, a node in the chain could be 135 removed too soon, causing the previous NSEC3 being unable to be found, 136 resulting in invalid NSEC3 records to be left in the zone. This has 137 been fixed. 138 139 Closes [#5671](#5671) 140 141