mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
ba036c14cb
For details see: https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html "Security Fixes It was possible to trigger an INSIST failure when a zone with an interior wildcard label was queried in a certain pattern. This was disclosed in CVE-2020-8619. [GL #1111] [GL #1718] New Features dig and other tools can now print the Extended DNS Error (EDE) option when it appears in a request or a response. [GL #1835] Bug Fixes When fully updating the NSEC3 chain for a large zone via IXFR, a temporary loss of performance could be experienced on the secondary server when answering queries for nonexistent data that required DNSSEC proof of non-existence (in other words, queries that required the server to find and to return NSEC3 data). The unnecessary processing step that was causing this delay has now been removed. [GL #1834] A data race in lib/dns/resolver.c:log_formerr() that could lead to an assertion failure was fixed. [GL #1808] Previously, provide-ixfr no; failed to return up-to-date responses when the serial number was greater than or equal to the current serial number. [GL #1714] named-checkconf -p could include spurious text in server-addresses statements due to an uninitialized DSCP value. This has been fixed. [GL #1812] The ARM has been updated to indicate that the TSIG session key is generated when named starts, regardless of whether it is needed. [GL #1842]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>