2010年9月24日

[installer 2518] BIND 9.6-ESV-R2, 9.4-ESV-R3

BIND 9.6-ESV-R2, 9.4-ESV-R3 出ています。

☆ BIND 9.6-ESV-R2
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R2/bind-9.6-ESV-R2.tar.gz

--- 9.6-ESV-R2 released ---

2939. [func] Check that named successfully skips NSEC3 records
that fail to match the NSEC3PARAM record currently
in use. [RT# 21868]

2937. [bug] Worked around an apparent race condition in over
memory conditions. Without this fix a DNS cache DB or
ADB could incorrectly stay in an over memory state,
effectively refusing further caching, which
subsequently made a BIND 9 caching server unworkable.
This fix prevents this problem from happening by
polling the state of the memory context, rather than
making a copy of the state, which appeared to cause
a race. This is a "workaround" in that it doesn't
solve the possible race per se, but several experiments
proved this change solves the symptom. Also, the
polling overhead hasn't been reported to be an issue.
This bug should only affect a caching server that
specifies a finite max-cache-size. It's also quite
likely that the bug happens only when enabling threads,
but it's not confirmed yet. [RT #21818]

2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]

2921. [bug] The resolver could attempt to destroy a fetch context
too soon. [RT #19878]

2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]

2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]

2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]


☆ BIND 9.4-ESV-R3
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz

--- 9.4-ESV-R3 released ---

2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]

2921. [bug] The resolver could attempt to destroy a fetch context
too soon. [RT #19878]

2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]

2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]

2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]

2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]

2678. [func] Treat DS queries as if "minimal-response yes;"
was set. [RT #20258]

2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
was set. [RT #18528]

----
こがよういちろう


投稿者 xml-rpc : 2010年9月24日 10:06
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/98590
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。