Overview

File _patchinfo of Package patchinfo.27244

<patchinfo incident="27244">
  <issue tracker="jsc" id="SLE-24600"/>
  <issue tracker="jsc" id="SLE-24801"/>
  <packager>jcronenberg</packager>
  <rating>moderate</rating>
  <category>feature</category>
  <summary>Feature update for bind</summary>
  <description>This update for bind fixes the following issues:

Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600)

- New Features:
  * Support for parsing and validating the dohpath service
    parameter in SVCB records was added.
  * named now logs the supported cryptographic algorithms during
    startup and in the output of named -V

- Bug Fixes:
  * A crash was fixed that happened when a dnssec-policy zone that
    used NSEC3 was reconfigured to enable inline-signing.
  * In certain resolution scenarios, quotas could be erroneously
    reached for servers, including any configured forwarders,
    resulting in SERVFAIL answers being sent to clients.
  * rpz-ip rules in response-policy zones could be ineffective in
    some cases if a query had the CD (Checking Disabled) bit set to
    1.
  * Previously, if Internet connectivity issues were experienced
    during the initial startup of named, a BIND resolver with
    dnssec-validation set to auto could enter into a state where it
    would not recover without stopping named, manually deleting the
    managed-keys.bind and managed-keys.bind.jnl files, and starting
    named again.
  * The statistics counter representing the current number of
    clients awaiting recursive resolution results (RecursClients)
    could overflow in certain resolution scenarios.
  * Previously, BIND failed to start on Solaris-based systems with
    hundreds of CPUs.
  * When a DNS resource records TTL value was equal to the
    resolver configured prefetch eligibility value, the record
    was erroneously not treated as eligible for prefetching.
  * Changing just the TSIG key names for primaries in catalog
    zones member zones was not effective. This has been fixed.

- Known Issues:
  * Upgrading from BIND 9.16.32 or any older version may require a
    manual configuration change. The following configurations are
    affected:
    + type primary zones configured with dnssec-policy but without
      either allow-update or update-policy
    + type secondary zones configured with dnssec-policy
    In these cases please add inline-signing yes; to the individual
    zone configuration(s). Without applying this change, named will
    fail to start. For more details, see
    https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places