[PATCH] bind: Update ot 9.20.13

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Cc: Matthias Fischer <matthias.fischer@ipfire.org>
Subject: [PATCH] bind: Update ot 9.20.13
Date: Sat, 13 Sep 2025 14:53:48 +0200	[thread overview]
Message-ID: <20250913125405.2642510-1-matthias.fischer@ipfire.org> (raw)

For details see:

https://downloads.isc.org/isc/bind9/9.20.13/doc/arm/html/notes.html#notes-for-bind-9-20-13

"Notes for BIND 9.20.13
New Features

    Add a new option manual-mode to dnssec-policy.

    When enabled, named will not modify DNSSEC keys or key states
    automatically. The proposed change will be logged and only after manual
    confirmation with rndc dnssec -step will the modification be made. [GL
    #4606]

    Add a new option servfail-until-ready to response-policy zones.

    By default, when named is started, it starts answering queries before
    all response policy zones are completely loaded and processed. This new
    option instructs named to respond with SERVFAIL until all the response
    policy zones are processed and ready. Note that if one or more response
    policy zones fail to load, named starts responding to queries according
    to those zones that did load.

    Note, that enabling this option has no effect when a DNS Response
    Policy Service (DNSRPS) interface is used. [GL #5222]

    Support for parsing HHIT and BRID records has been added.

    [GL #5444]

Removed Features

    Deprecate the tkey-gssapi-credential statement.

    The tkey-gssapi-keytab statement allows GSS-TSIG to be set up in a
    simpler and more reliable way than using the tkey-gssapi-credential
    statement and setting environment variables (e.g. KRB5_KTNAME).
    Therefore, the tkey-gssapi-credential statement has been deprecated;
    tkey-gssapi-keytab should be used instead.

    For configurations currently using a combination of both
    tkey-gssapi-keytab and tkey-gssapi-credential, the latter should be
    dropped and the keytab pointed to by tkey-gssapi-keytab should now only
    contain the credential previously specified by tkey-gssapi-credential.
    [GL #4204]

    Obsolete the “tkey-domain” statement.

    Mark the tkey-domain statement as obsolete because it has not had any
    effect on server behavior since support for TKEY Mode 2
    (Diffie-Hellman) was removed (in BIND 9.20.0). [GL #4204]

Bug Fixes

    Prevent spurious SERVFAILs for certain 0-TTL resource records.

    Under certain circumstances, BIND 9 can return SERVFAIL when updating
    existing entries in the cache with new NS, A, AAAA, or DS records that
    have a TTL of zero. [GL #5294]

    Fix unexpected termination if catalog-zones had undefined
    default-primaries.

    The issue manifested only if the server was reloaded or reconfigured
    twice. [GL #5494]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 config/rootfiles/common/bind | 10 +++++-----
 lfs/bind                     |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index 538f4a6dd..db57a9d40 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -241,18 +241,18 @@ usr/bin/nsupdate
 #usr/include/ns/types.h
 #usr/include/ns/update.h
 #usr/include/ns/xfrout.h
-usr/lib/libdns-9.20.12.so
+usr/lib/libdns-9.20.13.so
 #usr/lib/libdns.la
 #usr/lib/libdns.so
-usr/lib/libisc-9.20.12.so
+usr/lib/libisc-9.20.13.so
 #usr/lib/libisc.la
 #usr/lib/libisc.so
-usr/lib/libisccc-9.20.12.so
+usr/lib/libisccc-9.20.13.so
 #usr/lib/libisccc.la
 #usr/lib/libisccc.so
-usr/lib/libisccfg-9.20.12.so
+usr/lib/libisccfg-9.20.13.so
 #usr/lib/libisccfg.la
 #usr/lib/libisccfg.so
-usr/lib/libns-9.20.12.so
+usr/lib/libns-9.20.13.so
 #usr/lib/libns.la
 #usr/lib/libns.so
diff --git a/lfs/bind b/lfs/bind
index d62846f58..9befe9bfc 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 9.20.12
+VER        = 9.20.13
 
 THISAPP    = bind-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = f2135301ab04121c1ae82fc9283f0f03b0d11b634aaee49c072bb9a2a0f7e643a8f6c1f3890648e5d008a7d2c84953617b330241e3f856e33b56e64fb0312f0a
+$(DL_FILE)_BLAKE2 = c3738ebe468849293bec3d89499d7607b76fb636c7d21833dd56414fb569c1edfaa84d152ff9febfe0ebd5c65fa351423fbfbeaaee294d57949eb45631fd5623
 
 install : $(TARGET)
 
-- 
2.43.0

                 reply	other threads:[~2025-09-13 12:54 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250913125405.2642510-1-matthias.fischer@ipfire.org \
    --to=matthias.fischer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox