New BIND releases are available: 9.18.28, 9.20.0
James Stegemeyer
james at stegemeyer.net
Wed Jul 24 11:18:24 UTC 2024
Thanks for the new release, and the hard work you do.
I recently upgraded from 9.18.24 to 9.18.28 per prompting by Ubuntu
USN-6909-1 to preform a security update. I deployed this into
production after passing some tests when installed in a lab. After the
upgrade, Internal Zones that were hosted by Windows Active Directory
were rejected and caused a production impact. Under Windows Active
Directory, the DC's create a round robin DNS record at the apex of the
zone and the number of entries approximately match the number of DC's in
the domain. It is not uncommon to have hundreds of DC's in a domain, so
setting a limit of 100 will likely cause a series of unexpected outages
for IT administrators. Because this change restricts existing
functionality, This is a breaking change and as such should be reserved
to a minor release. If this feature was critical to resolve an issue a
provider was having, it should be shipped with default values of 0
causing it to be effectively disabled allowing the provider to opt in.
I was able to resolve this issue by adding the following directive to
the affected views:
max-types-per-name 1000;
--James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240724/f963b00c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HmgILl6x1HGckq4d.png
Type: image/png
Size: 26 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240724/f963b00c/attachment.png>
More information about the bind-users
mailing list