bind9-next-9.21.20-1.fc43
FEDORA-2026-a6efefa854
Packages in this update:
- bind9-next-9.21.20-1.fc43
- Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
- Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
- Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
- Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
- Provide response round-trip time (RTT) counters via statistics channel.
- Introduce max-delegation-servers configuration option.
- Fix parsing key inactivation time in KASP code.
- Fix the handling of key statements defined inside views.
- Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response.
- Fix a NULL pointer dereference in qp-trie cache code.
- Immediately remove purged ADB names and entries from the SIEVE list.
- Record query time for all dnstap responses.
- Optimize TCP source port selection on Linux.
and multiple bug fixes.
Update to 9.21.18 Feature Changes:- Enable minimal ANY answers by default.
- Lowercase the NSEC Next Domain Name field.
- Update requirements for system test suite.
- Make catalog zone names and member zones' entry names case-insensitive. [GL #5693]
- Fix implementation of BRID and HHIT record types. [GL #5710]
- Fix implementation of DSYNC record type. [GL #5711]
- Fix response policy and catalog zones to work with $INCLUDE directive.
Source: https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-bind-9-21-20