ECO kit NAMED-I64-030_A056
NAMED-I64-030_A056 - NAMED ECO kit Rev 3.0 for MultiNet V5.6A 13-Feb-2023
Copyright © 2010-2023 Process Software, LLC
This kit updates MultiNet for ia64 version 5.6 Rev A
and version 5.5 Rev A with version 9.16.37 of the
Bind 9 Nameserver images.
This kit is only for OpenVMS V8 for ia64 processors.
The ranking for this ECO is 3. The overall ranking for it is 3.
When this patch is installed on a cluster which shares a single Multinet
directory tree it is necessary to do
$ INSTALL REPLACE MULTINET:MULTINET_LIBCRYPTO
$ INSTALL REPLACE MULTINET:MULTINET_LIBSSL
on each of the cluster members before using any of the new images.
Systems with busy name servers should consider raising the
max-recursion-queries from the default 110 and increasing the
rate-limit responses-per-second options from the default 3.
The following changes have been made in this kit:
NAMED-I64-030_A056 -- ECO Rank 3 13-FEB-2023
-------------------------------------------------------------------------
- Update to BIND 9.16.37 from ISC to address CVEs 2022-3094, 2022-3736 and
2022-3924.
- Correct a problem that can lead to occaisional "invalid argument" status
to I/O requests.
- The release notes for Bind 9.16.36 included the following feature change:
The auto-dnssec option has been deprecated and will be removed in a
future BIND 9.19.x release. Please migrate to dnssec-policy.
In preparation for this we have modified the method of doing DNSSEC when
SET CLUSTER-SERVICE-DNSSEC has been specified in NET-CONFIG to use this
method. This has a few changes that pertain to the use:
- It is no longer necessary to generate keys ahead of time. New keys
will be generated and maintained by NAMED.
- It may be desireable to delete any existing cluster keys before
starting this version as old keys may be incompatible.
- Prior to this version cluster names that did not have keys generated
would not get DNSSEC information, now they do.
NAMED-I64-029_A056 -- ECO Rank 3 23-Jan-2023
-------------------------------------------------------------------------
- More work on thread usage and incoming request detection.
NAMED-I64-028_A056 -- ECO Rank 3 10-Jan-2023
-------------------------------------------------------------------------
- More work on making sure that there is no attempt to obtain a mutex
while at AST level.
NAMED-I64-027_A056 -- ECO Rank 3 1-Dec-2022
-------------------------------------------------------------------------
- Change to only using mutexes for code that detects that input is available.
- Update to BIND 9.16.35
NAMED-I64-026_A056 -- ECO Rank 3 1-Nov-2022
-------------------------------------------------------------------------
- Add mutexes to control threaded access to critical data structures in
support code.
- Update to BIND 9.16.34
NAMED-I64-025_A056 -- ECO Rank 3 17-Oct-2022
-------------------------------------------------------------------------
- Correct an error in DNS cluster code that could leave ASTs disabled.
- Improve file name handling.
NAMED-I64-024_A056 -- ECO Rank 3 13-Oct-2022
-------------------------------------------------------------------------
- Modifications to the default location for the session key so that it comes
from the local root instead of the common root.
- Update to BIND 9.16.33 from ISC to address CVE-2022-2795, CVE-2022-3080,
CVE-2022-38177, CVE-2022-38178
NAMED-I64-023_A056 -- ECO Rank 3 6-Jul-2022
-------------------------------------------------------------------------
- Modifications to cluster alias start up code to better control the order
and eliminate some errors.
NAMED-I64-022_A056 -- ECO Rank 3 23-May-2022
-------------------------------------------------------------------------
- Remove a call to log information from an AST routine as it can cause
the process to detect a conflict. Other modifications to DNS cluster
management to address various problems with maintaining the proper name
to address translation.
- Minor modifications to packet processing to allow images to work with
MultiNet V5.5 on ia64.
NAMED-I64-021_A056 -- ECO Rank 3 6-Apr-2022
-------------------------------------------------------------------------
- Update to BIND 9.16.27 to provided the latest Extended Support Version
(ESV) code as the 9.11 ESV will no longer be supported by ISC as of
March 2022. This patch includes fixes for CVE-2021-25220 and
CVE-2022-0396.
- Remove attempt to batch DNS Cluster updates as it has been determined
that changes are sometimes not updated when there are multiple names
in use.
This version limits the number of outstanding recursive queries
(max-recursion-queries) to 100. If your server is busy and you
find that queries sometimes do not resolve it is suggested that you
increase this value in the options section of the configuration. (see
the notes for BIND 9.16.3, 9.16.7 and 9.16.10)
These images have been tested on OpenVMS V8.4-2L1 on ia64. The NAMED
image may accumulate a lot o I/O due to the way that some of the
threads communicate.
Refer to the ISC documentation set for more information.
For further information on using RNDC and other BIND tools,
we recommend referring to the latest edition of O'Reilly's DNS
and BIND.
To run any of the support tools, define symbols, i.e.:
$ nsupdate :== $multinet:nsupdate.exe
$ rndc :== $multinet:rndc.exe
You need to restart the Nameserver for these changes to take effect.
The following command will do it:
$ multinet netcontrol domain restart