head	1.1;
branch	1.1.1;
access;
symbols
	bind-9-20-24:1.1.1.1
	netbsd-11-0-RC5:1.1.1.1
	bind-9-20-23:1.1.1.1
	netbsd-11-0-RC4:1.1.1.1
	bind-9-20-22:1.1.1.1
	netbsd-11-0-RC3:1.1.1.1
	netbsd-11-0-RC2:1.1.1.1
	netbsd-11-0-RC1:1.1.1.1
	bind-9-20-18:1.1.1.1
	perseant-exfatfs-base-20250801:1.1.1.1
	netbsd-11:1.1.1.1.0.2
	netbsd-11-base:1.1.1.1
	bind-9-20-11:1.1.1.1
	ISC:1.1.1;
locks; strict;
comment	@# @;


1.1
date	2025.07.17.18.27.11;	author christos;	state Exp;
branches
	1.1.1.1;
next	;
commitid	gnYzoA8O0EXIW73G;

1.1.1.1
date	2025.07.17.18.27.11;	author christos;	state Exp;
branches;
next	;
commitid	gnYzoA8O0EXIW73G;


desc
@@


1.1
log
@Initial revision
@
text
@.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0.  If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.

BIND 9.20.10
------------

New Features
~~~~~~~~~~~~

- Implement a new 'notify-defer' configuration option. ``a24db6433e6``

  This new option sets a delay (in seconds) to wait before sending a set
  of NOTIFY messages for a zone. Whenever a NOTIFY message is ready to
  be sent, sending will be deferred for this duration. This option is
  not to be confused with the :any:`notify-delay` option. The default is
  0 seconds. :gl:`#5259` :gl:`!10465`

Removed Features
~~~~~~~~~~~~~~~~

- Implement the systemd notification protocol manually to remove
  dependency on libsystemd. ``4f7e806a12b``

  libsystemd, despite being useful, adds a huge surface area for just
  using the sd_notify API. libsystemd's surface has been exploited in
  the past [1].

  Implement the systemd notification protocol by hand since it is just
  sending newline-delimited datagrams to a UNIX socket. The code
  shouldn't need more attention in the future since the notification
  protocol is covered under systemd's stability promise [2].

  We don't need to support VSOCK-backed service notifications since they
  are only intended for virtual machine inits.

  [1]: https://www.openwall.com/lists/oss-security/2024/03/29/4 [2]:
  https://systemd.io/PORTABILITY_AND_STABILITY/ :gl:`!10454`

Bug Fixes
~~~~~~~~~

- Fix zone deletion issue. ``66fc4ee86e0``

  A secondary zone could initiate a new zone transfer from the primary
  server after it had been already deleted from the secondary server,
  and before the internal garbage collection was activated to clean it
  up completely. This has been fixed. :gl:`#5291` :gl:`!10496`

- Fix a zone refresh bug. ``f09bb8b88c6``

  A secondary zone could fail to further refresh with new versions of
  the zone from a primary server if named was reconfigured during the
  SOA request step of an ongoing zone transfer. This has been fixed.
  :gl:`#5307` :gl:`!10495`

- Allow keystore.c to compile on Solaris. ``108adab25a0``

  keystore.c failed to compile on Solaris because NAME_MAX was
  undefined.  Include 'isc/dir.h' which defines NAME_MAX for platforms
  that don't define it. :gl:`#5327` :gl:`!10523`

- Set name for all the isc_mem contexts. ``bdcd698edf7``

  :gl:`!10498`


@


1.1.1.1
log
@Import bind 9.20.11 (previous was 9.20.9)

Changes:

BIND 9.20.11

Security Fixes

[CVE-2025-40777] Fix a possible assertion failure when using the
'stale-answer-client-timeout 0' option. 055a592fd97

In specific circumstances the named resolver process could terminate
unexpectedly when stale answers were enabled and the
stale-answer-client-timeout 0 configuration option was used. This
has been fixed. [GL #5372]

New Features

Add support for the CO flag to dig. 47108af9f2e

Add support to display the CO (Compact Answers OK flag) when
displaying messages.

Add support to set the CO flag when making queries in dig (+coflag).
[GL #5319] [GL !10578]

Bug Fixes

Fix the default interface-interval from 60s to 60m. e8ffe3a15ca

When the interface-interval parser was changed from uint32 parser
to duration parser, the default value stayed at plain number 60
which now means 60 seconds instead of 60 minutes. The documentation
also incorrectly states that the value is in minutes. That has been
fixed. [GL #5246] [GL !10679]

Fix purge-keys bug when using views. 35efa742b03

Previously, when a DNSSEC key was purged by one zone view, other
zone views would return an error about missing key files. This has
been fixed. [GL #5315] [GL !10598]

Use IPv6 queries in delv +ns. 4916fe0c6bd

delv +ns invokes the same code to perform name resolution as named,
but it neglected to set up an IPv6 dispatch object first. Consequently,
it was behaving more like named -4. It now sets up dispatch objects
for both address families, and performs resolver queries to both
v4 and v6 addresses, except when one of the address families has
been suppressed by using delv -4 or delv -6. [GL #5352] [GL !10573]

BIND 9.20.10

New Features

Implement a new 'notify-defer' configuration option. a24db6433e6

This new option sets a delay (in seconds) to wait before sending
a set of NOTIFY messages for a zone. Whenever a NOTIFY message is
ready to be sent, sending will be deferred for this duration. This
option is not to be confused with the notify-delay option. The
default is 0 seconds. [GL #5259] [GL !10465]

Removed Features

Implement the systemd notification protocol manually to remove
dependency on libsystemd. 4f7e806a12b

libsystemd, despite being useful, adds a huge surface area for just
using the sd_notify API. libsystemd's surface has been exploited
in the past [1].

Implement the systemd notification protocol by hand since it is
just sending newline-delimited datagrams to a UNIX socket. The code
shouldn't need more attention in the future since the notification
protocol is covered under systemd's stability promise [2].

We don't need to support VSOCK-backed service notifications since
they are only intended for virtual machine inits.

[1]: https://www.openwall.com/lists/oss-security/2024/03/29/4 [2]:
https://systemd.io/PORTABILITY_AND_STABILITY/ [GL !10454]

Bug Fixes

Fix zone deletion issue. 66fc4ee86e0

A secondary zone could initiate a new zone transfer from the primary
server after it had been already deleted from the secondary server,
and before the internal garbage collection was activated to clean
it up completely. This has been fixed. [GL #5291] [GL !10496]

Fix a zone refresh bug. f09bb8b88c6

A secondary zone could fail to further refresh with new versions
of the zone from a primary server if named was reconfigured during
the SOA request step of an ongoing zone transfer. This has been
fixed. [GL #5307] [GL !10495]

Allow keystore.c to compile on Solaris. 108adab25a0

keystore.c failed to compile on Solaris because NAME_MAX was
undefined. Include <isc/dir.h> which defines NAME_MAX for platforms
that don't define it. [GL #5327] [GL !10523]

Set name for all the isc_mem contexts. bdcd698edf7

[GL !10498]
@
text
@@