head 1.1; branch 1.1.1; access; symbols bind-9-20-23:1.1.1.2 netbsd-11-0-RC4:1.1.1.1 bind-9-20-22:1.1.1.1 netbsd-11-0-RC3:1.1.1.1 netbsd-11-0-RC2:1.1.1.1 netbsd-11-0-RC1:1.1.1.1 bind-9-20-18:1.1.1.1 perseant-exfatfs:1.1.1.1.0.4 perseant-exfatfs-base-20250801:1.1.1.1 netbsd-11:1.1.1.1.0.2 netbsd-11-base:1.1.1.1 bind-9-20-11:1.1.1.1 bind-9-20-9:1.1.1.1 bind-9-20-4:1.1.1.1 bind-9-18-30:1.1.1.1 ISC:1.1.1; locks; strict; comment @# @; 1.1 date 2024.09.22.00.06.06; author christos; state Exp; branches 1.1.1.1; next ; commitid GzpXVjbM5mruxJqF; 1.1.1.1 date 2024.09.22.00.06.06; author christos; state Exp; branches 1.1.1.1.4.1; next 1.1.1.2; commitid GzpXVjbM5mruxJqF; 1.1.1.2 date 2026.05.20.16.43.00; author christos; state Exp; branches; next ; commitid 8F4FGV2ey5ZbCzGG; 1.1.1.1.4.1 date 2024.09.22.00.06.06; author perseant; state dead; branches; next 1.1.1.1.4.2; commitid 23j6GFaDws3O875G; 1.1.1.1.4.2 date 2025.08.02.05.50.59; author perseant; state Exp; branches; next ; commitid 23j6GFaDws3O875G; desc @@ 1.1 log @Initial revision @ text @; Copyright (C) Internet Systems Consortium, Inc. ("ISC") ; ; SPDX-License-Identifier: MPL-2.0 ; ; This Source Code Form is subject to the terms of the Mozilla Public ; License, v. 2.0. If a copy of the MPL was not distributed with this ; file, you can obtain one at https://mozilla.org/MPL/2.0/. ; ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. $TTL 999999 . IN NS ns99.root-servers.nil. ns99.root-servers.nil. IN A 10.53.0.99 @ 1.1.1.1 log @Import bind-9.18.30 (previous was 9.18.24) Changes: BIND 9.18.30 ------------ New Features ~~~~~~~~~~~~ - Print the full path of the working directory in startup log messages. ``99ce0d6b838`` named now prints its initial working directory during startup and the changed working directory when loading or reloading its configuration file if it has a valid 'directory' option defined. :gl:`#4731` :gl:`!9373` Feature Changes ~~~~~~~~~~~~~~~ - Restore the ability to select individual unit tests. ``a59fe212a34`` This adds the command line arguments: `-d` (debug), `-l` (list tests) and `-t test` (run this test) to the unit tests. e.g. ``` % ./rdata_test -t zonemd [==========] selected: Running 1 test(s). [ RUN ] zonemd [ OK ] zonemd [==========] selected: 1 test(s) run. [ PASSED ] 1 test(s). % ``` :gl:`#4579` :gl:`!9386` - Process also the ISC_R_CANCELED result code in rpz_rewrite() ``26df9f6255b`` Log canceled resolver queries (e.g. when shutting down a hung fetch) in DEBUG3 level instead of DEBUG1 which is used for the "unrecognized" result codes. :gl:`#4797` :gl:`!9348` - Remove code to read and parse /proc/net/if_inet6 on Linux. ``887a61a4082`` The getifaddr() works fine for years, so we don't have to keep the callback to parse /proc/net/if_inet6 anymore. :gl:`#4852` :gl:`!9342` - Follow the number of CPU set by taskset/cpuset. ``17efe703cc2`` Administrators may wish to constrain the set of cores that BIND 9 runs on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on other O/S). If the admin has used taskset, the `named` will now follow to automatically use the given number of CPUs rather than the system wide count. :gl:`#4884` :gl:`!9443` Bug Fixes ~~~~~~~~~ - Change the NS_PER_SEC (and friends) from enum to #define. ``0da22fc138e`` New version of clang (19) has introduced a stricter checks when mixing integer (and float types) with enums. In this case, we used enum {} as C17 doesn't have constexpr yet. Change the time conversion constants to be #defined constants because of RHEL 8 compiler doesn't consider static const unsigned int to be constant. :gl:`#4845` :gl:`!9340` - Check the result of dirfd() before calling unlinkat() ``b9f0df60972`` Instead of directly using the result of dirfd() in the unlinkat() call, check whether the returned file descriptor is actually valid. That doesn't really change the logic as the unlinkat() would fail with invalid descriptor anyway, but this is cleaner and will report the right error returned directly by dirfd() instead of EBADF from unlinkat(). :gl:`#4853` :gl:`!9344` - Checking whether a EDDSA key was private or not was broken. ``e04839c08e8`` Checking whether a EDDSA key was private or not was broken could lead to attempting to sign records with a public key and this could cause a segmentation failure (read of a NULL pointer) within OpenSSL. :gl:`#4855` :gl:`!9329` - Fix algoritm rollover bug when there are two keys with the same keytag. ``43c8ed45e53`` If there is an algorithm rollover and two keys of different algorithm share the same keytags, then there is a possibility that if we check that a key matches a specific state, we are checking against the wrong key. This has been fixed by not only checking for matching key tag but also key algorithm. :gl:`#4878` :gl:`!9394` - Stop using malloc_usable_size and malloc_size. ``cccd26e942c`` The `malloc_usable_size()` can return size larger than originally allocated and when these sizes disagree the fortifier enabled by `_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution abruptly. Stop using these convenience functions as they are primary used for introspection-only. :gl:`#4880` :gl:`!9419` - Preserve statement tag order in documentation. ``b4d1988c280`` This supports bit-for-bit reproducibility of built documentation. :gl:`#4886` :gl:`!9409` - Fix clang-scan 19 warnings. ``01ee251d130`` Silence warnings generated by clang-scan. :gl:`!9388` BIND 9.18.29 ------------ New Features ~~~~~~~~~~~~ - Tighten 'max-recursion-queries' and add 'max-query-restarts' option. ``fe3ae71e90`` There were cases in resolver.c when the `max-recursion-queries` quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of `max-recursion-queries`, and by reducing the default value from 100 to 32. In addition, a new `max-query-restarts` option has been added which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16, and now defaults to 11. :gl:`#4741` :gl:`!9283` - Generate changelog from git log. ``21a0b6aef7`` Use a single source of truth, the git log, to generate the list of CHANGES. Use the .rst format and include it in the ARM for a quick reference with proper gitlab links to issues and merge requests. :gl:`#75` :gl:`!9181` Feature Changes ~~~~~~~~~~~~~~~ - Use _exit() in the fatal() function. ``e4c483f45f`` Since the fatal() isn't a correct but rather abrupt termination of the program, we want to skip the various atexit() calls because not all memory might be freed during fatal() call, etc. Using _exit() instead of exit() has this effect - the program will end, but no destructors or atexit routines will be called. :gl:`!9263` - Fix data race in clean_finds_at_name. ``541726871d`` Stop updating `find.result_v4` and `find.result_v4` in `clean_finds_at_name`. The values are supposed to be static. :gl:`#4118` :gl:`!9198` Bug Fixes ~~~~~~~~~ - Reconfigure catz member zones during named reconfiguration. ``944d0dc942`` During a reconfiguration named wasn't reconfiguring catalog zones' member zones. This has been fixed. :gl:`#4733` - Disassociate the SSL object from the cached SSL_SESSION. ``64fde41253`` When the SSL object was destroyed, it would invalidate all SSL_SESSION objects including the cached, but not yet used, TLS session objects. Properly disassociate the SSL object from the SSL_SESSION before we store it in the TLS session cache, so we can later destroy it without invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9279` - Attach/detach to the listening child socket when accepting TLS. ``3ead47daff`` When TLS connection (TLSstream) connection was accepted, the children listening socket was not attached to sock->server and thus it could have been freed before all the accepted connections were actually closed. In turn, this would cause us to call isc_tls_free() too soon - causing cascade errors in pending SSL_read_ex() in the accepted connections. Properly attach and detach the children listening socket when accepting and closing the server connections. :gl:`#4833` :gl:`!9278` - Make hypothesis optional for system tests. ``0d1953d7a8`` Ensure that system tests can be executed without Python hypothesis package. :gl:`#4831` :gl:`!9268` - Don't loop indefinitely when isc_task quantum is 'unlimited' ``674420df64`` Don't run more events than already scheduled. If the quantum is set to a high value, the task_run() would execute already scheduled, and all new events that result from running event->ev_action(). Setting quantum to a number of scheduled events will postpone events scheduled after we enter the loop here to the next task_run() invocation. :gl:`!9257` - Raise the log level of priming failures. ``c948babeeb`` When a priming query is complete, it's currently logged at level ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516` :gl:`!9251` - Add a compatibility shim for older libuv versions (< 1.19.0) ``61ff983f00`` The uv_stream_get_write_queue_size() is supported only in relatively newer versions of libuv (1.19.0 or higher). Provide a compatibility shim for this function , so BIND 9 can be built in environments with older libuv version. - Remove extra newline from yaml output. ``1222dbe9f9`` I split this into two commits, one for the actual newline removal, and one for issues I found, ruining the yaml output when some errors were outputted. - CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW. ``bbdd888b8e`` Add INSIST to fail if the multiplication would cause the variables to overflow. :gl:`#4798` :gl:`!9230` - Remove unnecessary operations. ``2374a1a2bd`` Decrementing optlen immediately before calling continue is unneccesary and inconsistent with the rest of dns_message_pseudosectiontoyaml and dns_message_pseudosectiontotext. Coverity was also reporting an impossible false positive overflow of optlen (CID 499061). :gl:`!9224` - Fix generation of 6to4-self name expansion from IPv4 address. ``df55c15ebb`` The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the wrong name being checked. Add system test for 6to4-self implementation. :gl:`#4766` :gl:`!9218` - Fix false QNAME minimisation error being reported. ``4984afc80c`` Remove the false positive "success resolving" log message when QNAME minimisation is in effect and the final result is NXDOMAIN. :gl:`#4784` :gl:`!9216` - Dig +yaml was producing unexpected and/or invalid YAML output. ``2db62a4dba`` :gl:`#4796` :gl:`!9214` - SVBC alpn text parsing failed to reject zero length alpn. ``8f7be89052`` :gl:`#4775` :gl:`!9210` - Return SERVFAIL for a too long CNAME chain. ``f7de909b98`` When cutting a long CNAME chain, named was returning NOERROR instead of SERVFAIL (alongside with a partial answer). This has been fixed. :gl:`#4449` :gl:`!9204` - Properly calculate the amount of system memory. ``9faf355a5c`` On 32 bit machines isc_meminfo_totalphys could return an incorrect value. :gl:`#4799` :gl:`!9200` - Update key lifetime and metadata after dnssec-policy reconfig. ``2107a64ee6`` Adjust key state and timing metadata if dnssec-policy key lifetime configuration is updated, so that it also affects existing keys. :gl:`#4677` :gl:`!9192` - Fix dig +timeout argument when using +https. ``381d6246d6`` The +timeout argument was not used on DoH connections. This has been fixed. :gl:`#4806` :gl:`!9161` Changes prior to 9.18.28 ------------------------ .. code-block:: none --- 9.18.28 released --- 6404. [security] Remove SIG(0) support from named as a countermeasure for CVE-2024-1975. [GL #4480] 6403. [security] qctx-zversion was not being cleared when it should have been leading to an assertion failure if it needed to be reused. (CVE-2024-4076) [GL #4507] 6401. [security] An excessively large number of rrtypes per owner can slow down database query processing, so a limit has been placed on the number of rrtypes that can be stored per owner (node) in a cache or zone database. This is configured with the new "max-rrtypes-per-name" option, and defaults to 100. (CVE-2024-1737) [GL #3403] [GL #4548] 6400. [security] Excessively large rdatasets can slow down database query processing, so a limit has been placed on the number of records that can be stored per rdataset in a cache or zone database. This is configured with the new "max-records-per-type" option, and defaults to 100. (CVE-2024-1737) [GL #497] [GL #3405] 6399. [security] Malicious DNS client that sends many queries over TCP but never reads responses can cause server to respond slowly or not respond at all for other clients. (CVE-2024-0760) [GL #4481] 6398. [bug] Fix potential data races in our DoH implementation related to HTTP/2 session object management and endpoints set object management after reconfiguration. We would like to thank Dzintars and Ivo from nic.lv for bringing this to our attention. [GL #4473] 6397. [bug] Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for parent NS records needed to get the DS result. [GL #4661] 6395. [bug] Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c. [GL #4736] 6394. [bug] Named's -4 and -6 options now apply to zone primaries, also-notify and parental-agents. Report when a zone has these options configured but does not have an IPv4 or IPv6 address listed respectively. [GL #3472] 6393. [func] Deal with uv_tcp_close_reset() error return codes more gracefully. [GL #4708] 6392. [bug] Use a completely new memory context when flushing the cache. [GL #2744] 6391. [bug] TCP client statistics could sometimes fail to decrease when accepting client connection fails. [GL #4742] 6390. [bug] Fix a data race in isc_task_purgeevent(). [GL !8937] 6389. [bug] dnssec-verify and dnssec-signzone could fail if there was an obscured DNSKEY RRset at a delegatation. [GL #4517] 6388. [bug] Prevent an assertion failure caused by passing NULL to dns_dispatch_resume() when a dns_request times out close to view shutdown. [GL #4719] 6386. [bug] When shutting down catzs->view could point to freed memory. Obtain a reference to the view to prevent this. [GL #4502] 6385. [func] Relax SVCB alias mode checks to allow parameters. [GL #4704] 6384. [bug] Remove infinite loop when including a directory in a zone file. [GL #4357] 6383. [bug] Address an infinite loop in $GENERATE when a negative value was converted in nibble mode. [GL #4353] 6382. [bug] Fix RPZ response's SOA record TTL, which was incorrectly set to 1 if 'add-soa' is used. [GL #3323] .. code-block:: none --- 9.18.27 released --- 6374. [bug] Skip to next RRSIG if signature has expired or is in the future rather than failing immediately. [GL #4586] 6372. [func] Implement signature jitter for dnssec-policy. [GL #4554] .. code-block:: none --- 9.18.26 released --- 6364. [protocol] Add RESOLVER.ARPA to the built in empty zones. [GL #4580] 6363. [bug] dig/mdig +ednsflags= did not re-enable EDNS if it had been disabled. [GL #4641] 6361. [bug] Some invalid ISO 8601 durations were accepted erroneously. [GL #4624] 6360. [bug] Don't return static-stub synthesised NS RRset. [GL #4608] 6359. [bug] Fix bug in Depends (keymgr_dep) function. [GL #4552] 6351. [protocol] Support for the RESINFO record type has been added. [GL #4413] 6346. [bug] Cleaned up several minor bugs in the RBTDB dbiterator implementation. [GL !8741] 6345. [bug] Added missing dns_rdataset_disassociate calls in validator.c:findnsec3proofs. [GL #4571] 6340. [test] Fix incorrectly reported errors when running tests with `make test` on platforms with older pytest. [GL #4560] 6338. [func] Optimize slabheader placement, so the infrastructure records are put in the beginning of the slabheader linked list. [GL !8675] 6334. [doc] Improve ARM parental-agents definition. [GL #4531] 6333. [bug] Fix the DNS_GETDB_STALEFIRST flag, which was defined incorrectly in lib/ns/query.c. [GL !8683] 6330. [doc] Update ZSK minimum lifetime documentation in ARM, also depends on signing delay. [GL #4510] 6328. [func] Add workaround to enforce dynamic linker to pull jemalloc earlier than libc to ensure all memory allocations are done via jemalloc. [GL #4404] 6326. [bug] Changes to "listen-on" statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. Thanks to Thomas Amgarten. [GL #4518] [GL #4528] 6325. [func] Expose the TCP client count in statistics channel. [GL #4425] 6324. [bug] Fix a possible crash in 'dig +nssearch +nofail' and 'host -C' commands when one of the name servers returns SERVFAIL. [GL #4508] 6313. [bug] When dnssec-policy is in effect the DNSKEY's TTLs in the zone where not being updated to match the policy. This lead to failures when DNSKEYs where updated as the TTLs mismatched. [GL #4466] .. code-block:: none --- 9.18.25 released --- 6356. [bug] Create the pruning task in the dns_cache_flush(), so the cache pruning still works after the flush. [GL #4621] 6353. [bug] Improve the TTL-based cleaning by removing the expired headers from the heap, so they don't block the next cleaning round and clean more than a single item for each new addition to the RBTDB. [GL #4591] 6352. [bug] Revert change 6319 and decrease lock contention during RBTDB tree pruning by not cleaning up nodes recursively within a single prune_tree() call. [GL #4596] 6350. [bug] Address use after free in expire_lru_headers. [GL #4495] .. code-block:: none @ text @@ 1.1.1.2 log @ Import bind 9.20.23 (previous was 9.20.22) Security Fixes Limit resolver server list size. (CVE-2026-3592) When resolving a domain with many nameservers that shared overlapping IP addresses (e.g., 10 NS records all pointing at the same set of addresses), BIND could previously waste time querying duplicate addresses and build up excessively large server lists. Addresses in the resolver's server list are now deduplicated so that each unique IP is only queried once per resolution attempt, regardless of how many NS records point to it. The number of addresses stored per nameserver name is also now capped at six (combined A and AAAA), preventing memory and CPU overhead from domains with unusually large NS/glue sets. ISC would like to thank Shuhan Zhang from Tsinghua University for reporting this issue. [GL #5641] Fix GSS-API resource leak. (CVE-2026-3039) A memory leak was fixed where each GSS-API TKEY negotiation leaked a security context inside the GSS library. An unauthenticated attacker could exhaust server memory by sending repeated TKEY queries to a server with tkey-gssapi-keytab configured. The leaked memory was allocated by the GSS library, bypassing BIND's memory accounting. Multi-round GSS-API negotiation (GSS_S_CONTINUE_NEEDED) is now rejected, as BIND never supported it correctly and Kerberos/SPNEGO completes in a single round. ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention. [GL #5752] Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946) Recursion, dynamic updates (UPDATE), and zone change notifications (NOTIFY) are now disabled for views with a class other than IN (such as CHAOS or HESIOD); authoritative service for non-IN zones (e.g. version.bind in class CHAOS) continues to work as before. Servers configured with recursion yes; in a non-IN view log a warning at startup, and named-checkconf flags the same condition. UPDATE and NOTIFY messages that specify the meta-classes ANY or NONE in the question section are now rejected with FORMERR. This addresses a set of closely related security issues collectively identified as CVE-2026-5946. ISC would like to thank Mcsky23 for bringing these issues to our attention. [GL #5784] Avoid unbounded recursion loop. (CVE-2026-5950) A bug during bad server handling could cause the resolver to enter an infinite loop, continuously sending queries to an upstream server with no exit condition, until the resolver query timeout was hit. This has been fixed. ISC would like to thank Billy Baraja (BielraX) for bringing this issue to our attention. [GL #5804] dfmt: Command not found. A resolver could crash when handling a SIG(0)-signed response if the matching client query was cancelled while signature verification was still in progress for example, when the recursive-clients quota was exhausted. This has been fixed. ISC would like to thank Naoki Wakamatsu for bringing this vulnerability to our attention. [GL #5819] Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS frames. (CVE-2026-3593) Previously, a use-after-free vulnerability in the DNS-over-HTTPS implementation could cause named to crash when a client sent a flood of HTTP/2 SETTINGS frames while a DoH response was being written. This affected servers with DoH (DNS-over-HTTPS) enabled and has been fixed. ISC would like to thank Naresh Kandula Parmar (Nottiboy) for reporting this. [GL #5755] Fix outgoing zone transfers' quota issue. Unauthorized clients could consume the entire outgoing zone-transfer quota and block authorized zone transfer clients. This has been fixed. [GL #3589] Feature Changes Fix CPU spikes and slow queries when cache approaches memory limit. Cache cleanup is now spread probabilistically to avoid CPU usage spikes and a drop in query throughput. [GL #5891] Bug Fixes Use the zone file's basename as origin in DNSSEC tools. In dnssec-signzone and dnssec-verify, when the zone origin is not specified using the -o parameter, the default behavior is to try to sign using the zone's file name as the origin. So, for example, dnssec-signzone -S example.com will work, so long as the file name matches the zone name. This now also works if the zone is in a different directory. For example, dnssec-signzone -S zones/example.com will set the origin value to example.com. [GL #5678] Fix a possible race condition during zone transfers. The named process could terminate unexpectedly when processing an IXFR message during a zone transfer. This has been fixed. [GL #5767] Fix named crash when processing SIG records in dynamic updates. Previously, named could abort if a client sent a dynamic update containing a SIG record (the legacy signature type) to a zone configured with an update-policy. The function dns_db_findrdataset had an incorrect requirements prerequisite that prevented SIG records from being looked up, which was triggered as part of processing an UPDATE request and could be triggered remotely by any client permitted to send updates. This has been fixed by ensuring that SIG records are handled consistently with RRSIG records during update processing. [GL #5818] Fix rndc modzone behavior for a zone in named.conf. If a zone was present in the configuration file and not originally added by rndc addzone, rndc modzone for that zone would succeed once but subsequent rndc modzone attempts would fail. This has been fixed. [GL #5826] Fix zone verification of NSEC3 signed zones. Previously, when computing the compressed bitmap during verification of an NSEC3-signed zone, an undersized buffer was used that resulted in an out-of-bounds write if there were too many active windows in the bitmap. This impacted the mirror zones which are NSEC3-signed, dnssec-signzone and dnssec-verify. This has been fixed. [GL #5834] Prevent a crash when using both dns64 and filter-aaaa. An assertion failure could be triggered if both dns64 and the filter-aaaa plugin were in use simultaneously. This happened if the plugin triggered a second recursion process, which then attempted to store DNS64 state information in a pointer that had already been set by the original recursion process. This has been fixed. [GL #5854] Fixed an assertion failure when processing catalog zones. If a TXT record containing an invalid name TSIG key name was found when processing a catalog zone member's primaries definition, dns_name_free was incorrectly called, triggering an assertion. This has been fixed. [GL #5858] Prevent malicious DNSSEC zones from exhausting validator CPU. A DNSSEC-signed zone could publish a DNSKEY with an unusually large RSA public exponent and force any validator resolving names in that zone to spend disproportionate CPU verifying signatures. The validator now rejects such DNSKEYs, matching the limit already applied to keys read from files or HSMs. [GL #5881] Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits. rndc-confgen (with either -A hmac-sha384 or -A hmac-sha512) previously documented a -b range of 1..1024, but any value above 512 aborted on hardened builds instead of producing a key. The full advertised range now works. [GL #5903] Prevent crafted queries from degrading RRL performance. With response rate limiting enabled, an attacker sending queries from many spoofed source addresses could steer entries into the same slot of the internal rate-limit table and slow down query processing on the affected server. The table now uses a per-process keyed hash so the placement of entries cannot be predicted or influenced from the network. [GL #5906] Prevent rare named crash when notifies are cancelled. Under heavy load, named could occasionally crash when a queued outbound notify or zone refresh was cancelled at the moment it was being sent for example, while a zone was being reloaded or removed. The race that caused the crash is now prevented. [GL #5915] Stop delv from aborting on a malformed query name. delv previously aborted with SIGABRT instead of exiting cleanly when given a query name that failed wire-format conversion (e.g. a label longer than 63 octets). After this change delv prints the parse error and exits with a normal failure code. [GL #5916] Fix a crash when reconfiguring while an NTA is being rechecked. Previously, if named was reconfigured or shut down while a negative trust anchor was being rechecked against authoritative servers, the in-flight recheck could outlive the view that owned it and cause named to crash. This has been fixed. [GL #5938] Fix a bug in allow-query/allow-transfer catalog zone custom properties. The named process could terminate unexpectedly when processing a catalog zone with an invalid allow-query or allow-transfer custom property (i.e. having a non-APL type) coexisting with the valid property. This has been fixed. [GL #5941] Fix a memory leak issue in catalog zones. The named process could leak small amounts of memory when processing a catalog zone entry which had defined custom primary servers with TSIG keys, if both the regular primaries custom property syntax and the legacy alternative syntax (masters) were used at the same time. This has been fixed. [GL #5943] Fix suppressed missing-glue check in named-checkzone. named-checkzone and named-checkconf -z silently skipped the missing-glue check for any NS name that had already triggered an extra-AAAA-glue warning, so zones missing required A glue could pass validation and be deployed with broken delegations. [GL !11899] Implement seamless outgoing TCP connection reuse. The resolver can and will reuse outgoing TCP connections to the same host, as recommended by RFC 7766. This prevents a whole class of attacks that abuse the fact that establishing a TCP connection is expensive and it is fairly easy to deplete the outgoing TCP ports by putting them into TIME_WAIT state. The number of pipelined queries per connection is capped at 256 to limit the impact of a connection drop. [GL !11845] Reject record sets too large to serve in DNS. When BIND was asked to store a record set whose total size exceeded what fit in a DNS message, it would allocate memory and build the structure, then fail later at response time. Such oversized record sets are now rejected at the time of storage with an error, avoiding wasted work on data that can never be served. [GL !11963] @ text @d1 11 @ 1.1.1.1.4.1 log @file root.hint.blackhole was added on branch perseant-exfatfs on 2025-08-02 05:50:59 +0000 @ text @d1 14 @ 1.1.1.1.4.2 log @Sync with HEAD @ text @a0 14 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC") ; ; SPDX-License-Identifier: MPL-2.0 ; ; This Source Code Form is subject to the terms of the Mozilla Public ; License, v. 2.0. If a copy of the MPL was not distributed with this ; file, you can obtain one at https://mozilla.org/MPL/2.0/. ; ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. $TTL 999999 . IN NS ns99.root-servers.nil. ns99.root-servers.nil. IN A 10.53.0.99 @