SUSE-FU-2023:0142-1: moderate: Feature update for bind

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Jan 26 11:19:23 UTC 2023 

   SUSE Feature Update: Feature update for bind
______________________________________________________________________________

Announcement ID:    SUSE-FU-2023:0142-1
Rating:             moderate
References:         SLE-24600 SLE-24801 
Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP4
                    SUSE Linux Enterprise High Performance Computing 15-SP4
                    SUSE Linux Enterprise Module for Basesystem 15-SP4
                    SUSE Linux Enterprise Module for Server Applications 15-SP4
                    SUSE Linux Enterprise Server 15-SP4
                    SUSE Linux Enterprise Server for SAP Applications 15-SP4
                    SUSE Manager Proxy 4.3
                    SUSE Manager Retail Branch Server 4.3
                    SUSE Manager Server 4.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that has 0 feature fixes and contains two
   features can now be installed.

Description:

   This update for bind fixes the following issues:

   Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600)

   - New Features:
     * Support for parsing and validating the dohpath service parameter in
       SVCB records was added.
     * named now logs the supported cryptographic algorithms during startup
       and in the output of named -V

   - Bug Fixes:
     * A crash was fixed that happened when a dnssec-policy zone that used
       NSEC3 was reconfigured to enable inline-signing.
     * In certain resolution scenarios, quotas could be erroneously reached
       for servers, including any configured forwarders, resulting in
       SERVFAIL answers being sent to clients.
     * rpz-ip rules in response-policy zones could be ineffective in some
       cases if a query had the CD (Checking Disabled) bit set to 1.
     * Previously, if Internet connectivity issues were experienced during
       the initial startup of named, a BIND resolver with dnssec-validation
       set to auto could enter into a state where it would not recover
       without stopping named, manually deleting the managed-keys.bind and
       managed-keys.bind.jnl files, and starting named again.
     * The statistics counter representing the current number of clients
       awaiting recursive resolution results (RecursClients) could overflow
       in certain resolution scenarios.
     * Previously, BIND failed to start on Solaris-based systems with
       hundreds of CPUs.
     * When a DNS resource records TTL value was equal to the resolver
       configured prefetch eligibility value, the record was erroneously not
       treated as eligible for prefetching.
     * Changing just the TSIG key names for primaries in catalog zones member
       zones was not effective. This has been fixed.

   - Known Issues:
     * Upgrading from BIND 9.16.32 or any older version may require a manual
       configuration change. The following configurations are affected:
       + type primary zones configured with dnssec-policy but without either
         allow-update or update-policy
       + type secondary zones configured with dnssec-policy In these cases
         please add inline-signing yes; to the individual zone
         configuration(s). Without applying this change, named will fail to
         start. For more details, see
   https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signin
         g


Patch Instructions:

   To install this SUSE Feature Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2023-142=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-142=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-142=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      bind-9.16.35-150400.5.14.1
      bind-debuginfo-9.16.35-150400.5.14.1
      bind-debugsource-9.16.35-150400.5.14.1
      bind-utils-9.16.35-150400.5.14.1
      bind-utils-debuginfo-9.16.35-150400.5.14.1

   - openSUSE Leap 15.4 (noarch):

      bind-doc-9.16.35-150400.5.14.1
      python3-bind-9.16.35-150400.5.14.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):

      bind-9.16.35-150400.5.14.1
      bind-debuginfo-9.16.35-150400.5.14.1
      bind-debugsource-9.16.35-150400.5.14.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):

      bind-doc-9.16.35-150400.5.14.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):

      bind-debuginfo-9.16.35-150400.5.14.1
      bind-debugsource-9.16.35-150400.5.14.1
      bind-utils-9.16.35-150400.5.14.1
      bind-utils-debuginfo-9.16.35-150400.5.14.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):

      python3-bind-9.16.35-150400.5.14.1


References:

More information about the sle-updates mailing list