Package "bind9-host"
Name: |
bind9-host
|
Description: |
DNS Lookup Utility
|
Latest version: |
1:9.18.39-0ubuntu0.24.04.1 |
Release: |
noble (24.04) |
Level: |
proposed |
Repository: |
main |
Head package: |
bind9 |
Homepage: |
https://www.isc.org/downloads/bind/ |
Links
Download "bind9-host"
Other versions of "bind9-host" in Noble
Changelog
bind9 (1:9.18.39-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream release 9.18.39 (LP: #2112520)
- Features:
+ Add support for parsing the DSYNC record.
+ Add support for the CO flag to dig.
+ Add a new option to configure the maximum number of outgoing queries
per client request.
+ Add WALLET type.
- Updates:
+ Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest type 1.
+ Make TLS data processing more reliable in various network conditions.
+ Print the expiration time of the stale records.
+ Remove âwith-tuning=small/large configuration option.
+ Update built-in bind.keys file with the new 2025 IANA root key.
+ Move contributed DLZ modules into a separate repository.
+ Emit more helpful log messages for exceeding max-records-per-type.
+ Harden key management when key files have become unavailable.
+ Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS.
- Bug Fixes:
+ Fix a possible crash when adding a zone while recursing.
+ Clean enough memory when adding new ADB names/entries under memory pressure.
+ Prevent spurious validation failures.
+ Rescan the interfaces again when reconfiguring the server.
+ Fix the default interface-interval from 60s to 60m.
+ Fix purge-keys bug when using views.
+ Set name for all the isc_mem contexts.
+ Stop caching lack of EDNS support.
+ Fix resolver statistics counters for timed-out responses.
+ Donât enforce NOAUTH/NOCONF flags in DNSKEYs.
+ Fix inconsistency in CNAME/DNAME handling during resolution.
+ Fix deferred validation of unsigned DS and DNSKEY records.
+ Fix RPZ race condition during a reconfiguration.
+ Fix âCNAME and other data checkâ not being applied to all types.
+ Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse().
+ Fix rndc flushname for longer name server names.
+ Fix recently expired records sending timestamps in the future.
+ Fix YAML string not terminated in negative response in delv.
+ Apply the memory limit only to ADB database items.
+ Avoid unnecessary locking in the zone/cache database.
+ Improve the resolver performance under attack.
+ Fix nsupdate hang when processing a large update.
+ Fix possible assertion failure when reloading server while processing
update policy rules.
+ Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys.
+ Fix improper handling of unknown directives in resolv.conf.
+ Fix dig parsing of {&dns}.
+ Fix NSEC3 closest encloser lookup for names with empty non-terminals.
+ Fix display of dig options with format form [+-]option=<value>.
+ Provide more visibility into TLS configuration errors by logging
+ Fix a statistics channel counter bug when âforward onlyâ zones are
used.
+ Fix wrong address queries in the static-stub implementation.
+ Limit the outgoing UDP send queue size.
+ Do not set SO_INCOMING_CPU.
- See https://bind9.readthedocs.io/en/v9.18.39/notes.html for additional
information.
* d/p/CVE-2024-11187.patch, d/p/CVE-2024-12705.patch - Remove - fixed
upstream in 9.18.33.
* d/p/0002-Add-support-for-reporting-status-via-sd_notify.patch: Refresh for
new version.
* d/bind9.postinst: Perform postinst config check. (LP: #1492212)
* Clean up terminal after SIGINT call in interactive tools. (LP: #2112278)
- d/p/add-sigint-on-interactive-cleanup.patch: Run rl_reset_terminal before
SIGINT exit.
- d/rules: Link with libedit to use readline command in base library.
-- Lena Voytek <email address hidden> Thu, 21 Aug 2025 10:46:13 -0400
|
2112520 |
Backport upstream microreleases for questing cycle |
1492212 |
postinst should validate config before restarting bind |
2112278 |
shell error typing after nslookup |
CVE-2024-11187 |
Many records in the additional section cause CPU exhaustion |
CVE-2024-12705 |
DNS-over-HTTPS implementation suffers from multiple issues under heavy query load |
|
No changelog for deleted or moved packages.
|
bind9 (1:9.18.30-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream release 9.18.30 (LP: #2073310)
- Features:
+ Print initial working directory during named startup, and changed
working directory when loading or reloading the configuration file
+ Add max-query-restarts configuration statement
- Updates:
+ Restrain named to specified number of cores when running via taskset,
cpuset, or numactl
+ Reduce default max-recursion-queries value from 100 to 32
+ Raise the log level of priming failures
- Bug Fixes:
+ Fix privacy verification of EDDSA keys
+ Fix algorithm rollover bug when there are two keys with the same keytag
+ Return SERVFAIL for a too long CNAME chain
+ Reconfigure catz member zones during named reconfiguration
+ Update key lifetime and metadata after dnssec-policy reconfiguration
+ Fix generation of 6to4-self name expansion from IPv4 address
+ Fix invalid dig +yaml output
+ Reject zero-length ALPN during SVBC ALPN text parsing
+ Fix false QNAME minimisation error being reported
+ Fix dig +timeout argument when using +http
- See https://bind9.readthedocs.io/en/v9.18.30/notes.html for additional
information.
* d/p/0002-Add-support-for-reporting-status-via-sd_notify.patch: Refresh for
new version
-- Lena Voytek <email address hidden> Mon, 23 Sep 2024 17:02:05 -0400
|
2073310 |
Backport of bind9 for focal, jammy and noble |
|
About
-
Send Feedback to @ubuntu_updates