Bug 1956777 - [RFE] rebase bind to latest 9.16.x
Summary: [RFE] rebase bind to latest 9.16.x
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: bind
Version: 9.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: ---
Assignee: Petr Menšík
QA Contact: rhel-cs-infra-services-qe
Depends On:
Blocks: 1945590 1953855 1953870
TreeView+ depends on / blocked
Reported: 2021-05-04 11:57 UTC by Petr Menšík
Modified: 2021-05-05 09:15 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed:
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Gitlab redhat/centos-stream/rpms/bind/-/merge_requests/1 0 None None None 2021-05-04 13:04:03 UTC

Description Petr Menšík 2021-05-04 11:57:26 UTC
Description of problem:

Current RHEL9 bind version is few versions behind, current version is 9.16.15. There are pending two CVEs with fix and other coverity detected issue, which would be fixed by rebase to latest version.

There are few bug fixes and small feature changes [1] in following releases, none introducing any backward compatibility problem. Only change in versioning used libraries is significant, but it would have to be solved sooner or later. bind-dyndb-ldap component would have to be rebuilt together with bind.

Few notable feature changes:

- New option stale-answer-client-timeout, able to customize time when stale cache records can be served. Used only when stale-answer-enable is enabled. Disabled by default.
- primaries, notify primary-only can be used instead of masters and notify master-only; rndc zonestatus now prints primary and secondary instead of master and slave types.
- SONAME of libraries would change every new release, previous versioning numbers are not incremented like before, but would contain BIND version instead.
- AXFR response is used instead IXFR if relative difference would big bigger than whole zone transfer. Could be adjusted by max-ixfr-ratio option.
- purge-keys option added to dnssec-policy.

Additional info:

1. https://downloads.isc.org/isc/bind9/9.16.15/doc/arm/html/notes.html#notes-for-bind-9-16-15

Comment 1 Petr Menšík 2021-05-04 13:17:25 UTC
Prepared bind rebase.

The change would modify displayed version in named -V and dig commands, because version is used also in library names. It would be just %{version}-RH now to keep it more compact.

I have also merged bind-libs-lite into bind-libs, because bind-dyndb-ldap, single component depending on it needs both bind-libs and bind packages anyway. In no situation bind-libs-lite would be used without other dependencies, therefore it only fragments enough subpackages already.

Note You need to log in before you can comment on or make changes to this bug.