diff --git a/bind-9.20.1.tar.xz b/bind-9.20.1.tar.xz deleted file mode 100644 index 44b278e..0000000 --- a/bind-9.20.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fe6ddff74921410d33b62b5723ac23912e8d50138ef66d7a30dc2c421129aeb0 -size 5789604 diff --git a/bind-9.20.1.tar.xz.asc b/bind-9.20.1.tar.xz.asc deleted file mode 100644 index 08b79b5..0000000 --- a/bind-9.20.1.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAma987IACgkQGC4jV5Ri -76r2Rg/9FnbrOwZrN4HWUeQ7ewyPq+ZaaHFZXXucXSwIXAkAAouW7lzhkMnUSSXV -SjUTOyLJAsFtVPrizR1yR9OrrnBIUniQfE/oB9WEiKTsVfA2FuoHyKWRiOrUQ2XP -8BjJD/hSbdQ7ByHENMcrjVpwK3r/QO+rroUgCIcV375hVfmcsYJI0pbxu2wEj5En -0nqTjObLv3AdnGj65+/I4xwkC/GhIGFhhW2SHQGpTldeajag/ODouu4KuZA5BrLi -whYkyTgC+rIQicF6EIyg8nGFDR28jUSPSGpSfYn/nMvtfU9Wl3Z4ug9TiMh5kdV3 -3b8MFJqvm0FYcCXgON1twLlO05XKlYLLU9+Y6CpWHTELTZRV01NPiUOEtLytMJTx -DDY7C8bgR7iTv2gwgdxQlOI4Kkee9uB4nqZ468hy9flC29SYW8YKX46i8W+vV6wj -BcoJBhKnJ/tSgF39gY2rCRU2jpRjw8oDMYpzBK6e0Ks4dtZYXvLto+aHQj8IS1Q4 -3Z2NhGowtqqeKfL6HGzmQHO8QLUgwgXUVELjO9ySiwxY7fMqbAK6CuP28dNlR0dU -HhU0cnd383YoeEX0ph5zGRyCOifPPOzBXT8y70OkcqEPbyD4y16pvg41db73NX3V -IOqEK7Bm5iPl4ygcFnGTfbG/VxVKnYiQBaBBuo33AeWLwtl6ugs= -=wNju ------END PGP SIGNATURE----- diff --git a/bind-9.20.2.tar.xz b/bind-9.20.2.tar.xz new file mode 100644 index 0000000..8256b6b --- /dev/null +++ b/bind-9.20.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a31dba2aaa1b371902dd0474eb3963f47b7ffed2bd9ece7da4834e23210d6067 +size 5865060 diff --git a/bind-9.20.2.tar.xz.asc b/bind-9.20.2.tar.xz.asc new file mode 100644 index 0000000..9b7f05d --- /dev/null +++ b/bind-9.20.2.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAmbgCJsACgkQGC4jV5Ri +76qSZxAAk5KO9HWrXNVyJyzlCm2Menw76TH1l1UlG+lb7FuCON7kQQxk08z+UwfK +VCKBcErL0Fw8bIgcL6J8Z18cu0GBigPFIeUz8o+AlebbqRA/Jww2ww8/MnqhGuEJ +arFZbjX3tJl9CnCwSYiKxJE0BM0mUuiqYMYbdSZf5ETQ7s+7fkzZcsb3gCnLJLLz +SHtzavzxPGT3+DhXAnJFY8i8Lu9CsOcy6+MCYjQpXcOPG3IU73B9yj9ttBZuoErF +gyH8MCfAWxmkKBv2fK2CB71qhoVyl8lulK1U+223Nmp8DQ/CCMvC6sGPcn/TIZlL +ah8KKjW7p9AuVXFYWrXvNFG5nBs4HfZ1pyo22c3nAnG4Y99alPozq5SYJmQpVsRG +/LOJNsjdLO9XKDq/lvyLs1d6wZjIZenPrzeAmLcN+Dtu1+KWT3inbXCrFKR9hffa +bvG12KK4jVaO7nUHybOo/RXL5x0T1YYIL9JkMwVEnARC0K7txkR5ukRTKnM0dOqq +i99JZdqpJEP+3Ormgvn+Z4WW+WT6+xhMG/F7B5TH1cIJKrz8O7rFyg+nZzLd4C8l +8UivpXFwzl6MHots8aAcBrKZxOqBq6ncJXKsLqasWJLUYvmH8dQ3kgj6VenzMCVH +yQJg+UMxCcbrekVE8zhIe61FAYpOJfWhk0kWEiq7H0smWnfe86Y= +=p5Z3 +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index 36e7866..77ca5d3 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,83 @@ +------------------------------------------------------------------- +Thu Sep 19 08:57:57 UTC 2024 - Jorik Cronenberg + +- Update to release 9.20.2 + New Features: + * Support for Offline KSK implemented. + * Add a new configuration option offline-ksk to enable Offline + KSK key management. Signed Key Response (SKR) files created + with dnssec-ksr (or other programs) can now be imported into + named with the new rndc skr -import command. Rather than + creating new DNSKEY, CDS, and CDNSKEY records and generating + signatures covering these types, these records are loaded from + the currently active bundle from the imported SKR. + * The implementation is loosely based on + draft-icann-dnssec-keymgmt-01.txt. + * Print the full path of the working directory in startup log + messages. + * named now prints its initial working directory during startup, + and the changed working directory when loading or reloading its + configuration file, if it has a valid directory option defined. + * Support a restricted key tag range when generating new keys. + * When multiple signers are being used to sign a zone, it is + useful to be able to specify a restricted range of key tags to + be used by an operator to sign the zone. The range can be + specified with tag-range in dnssec-policy’s keys (for named and + dnssec-ksr) and with the new options dnssec-keyfromlabel -M and + dnssec-keygen -M. + + Feature Changes: + * Exempt prefetches from the fetches-per-zone and + fetches-per-server quotas. + * Fetches generated automatically as a result of prefetch are now + exempt from the fetches-per-zone and fetches-per-server quotas. + This should help in maintaining the cache from which query + responses can be given. + * Follow the number of CPUs set by taskset/cpuset. + * Administrators may wish to constrain the set of cores that + named runs on via the taskset, cpuset, or numactl programs (or + equivalents on other OSes). + * If the admin has used taskset, named now automatically uses the + given number of CPUs rather than the system-wide count. + + Bug Fixes: + * Delay the release of root privileges until after configuring + controls. + * Delay relinquishing root privileges until the control channel + has been configured, for the benefit of systems that require + root to use privileged port numbers. This mostly affects + systems without fine- grained privilege systems (i.e., other + than Linux). + * Fix a rare assertion failure when shutting down incoming + transfer. + * A very rare assertion failure could be triggered when the + incoming transfer was either forcefully shut down, or it + finished during the printing of the details about the + statistics channel. This has been fixed. + * Fix algorithm rollover bug when there are two keys with the + same keytag. + * If there was an algorithm rollover and two keys of different + algorithms shared the same keytags, there was the possibility + that the check of whether the key matched a specific state + could be performed against the wrong key. This has been fixed + by not only checking for the matching key tag but also the key + algorithm. + * Fix an assertion failure in validate_dnskey_dsset_done(). + * Under rare circumstances, named could terminate unexpectedly + when validating a DNSKEY resource record if the validation had + been canceled in the meantime. This has been fixed. + + Known Issues: + * Long-running tasks in offloaded threads (e.g. the loading of + RPZ zones or processing zone transfers) may block the + resolution of queries during these operations and cause the + queries to time out. To work around the issue, the + UV_THREADPOOL_SIZE environment variable can be set to a larger + value before starting named. The recommended value is the + number of RPZ zones (or number of transfers) plus the number of + threads BIND should use, which is typically the number of CPUs. + + ------------------------------------------------------------------- Fri Aug 23 09:26:22 UTC 2024 - Jorik Cronenberg diff --git a/bind.spec b/bind.spec index 553c59a..e607953 100644 --- a/bind.spec +++ b/bind.spec @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.20.1 +Version: 9.20.2 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0