Do not depend hard on initscript just to provide fancy colored status.
When started from systemd, it does not really matter.
Return exactly the same return code as returned by the original tool.
From Upstream Release notes:
Security Fixes
DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]
Known Issues
We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]
Unlike other build dependencies, no public headers include from
libmaxminddb any symbols. That means no build would ever fail
if libmaxminddb-devel package is not installed. Do not require it when
installing bind-lite-devel but keep the requirement when building from
sources.
Has to be enabled in build by --with TSAN.
Would make build fail unit tests and print many warnings about possible
race conditions. Not useful for production build, but useful for
debugging thread related problems in system tests.
It might not fix all issues, but was detected by upstream using
automated tool. Should not break anything new, but might fix issue
triggered usually on ppc64le platform.
Previous fix included just part inside named. However, checking part
would check algorithm support also in check library. The code is almost
the same. Permit already disabled algoritms also in libbind9.
Use the same change as RHEL.
Return failed status code to command. Not only report error message to
the log, but also report reload success. Must not terminate running
service on failed reload.
Use parallel execution on test run. Support already configured
interfaces without special permissions on build. It can either use
already present addresses or configure it on build time. If it has no
rights to configure it, just skip the test and continue.
Few configuration and zone files were moved into tarball by commit
55b04de09a. It makes tracking of changes difficult, hardens rebases,
makes difficult building without proper lookaside cache. Those files are
tiny, no need to hold them inside compressed binary archive. Move them
out.
Replaces also few places with proper directory macros.
- Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
cause unexpected results; this has been fixed. [GL #1106]
- named-checkconf now checks DNS64 prefixes
to ensure bits 64-71 are zero. [GL #1159]
- named-checkconf could crash during configuration
if configured to use "geoip continent" ACLs with
legacy GeoIP. [GL #1163]
- named-checkconf now correctly reports missing
dnstap-output option when
dnstap is set. [GL #1136
- Handle ETIMEDOUT error on connect() with a non-blocking
socket. [GL #1133]
Testing takes quite long. For now, use by default only normal variant.
SDB variant is not much used and pkcs11 variant is failing now. Keep
ability to enable variants by parameter:
TEST_VARIANTS="normal sdb pkcs11"