This package provides the externally loadable SQLitee DLZ module, without
update support.
Provides
Requires
License
MPL-2.0
Changelog
* Wed Jan 28 2026 Jorik Cronenberg <jorik.cronenberg@suse.com>
- Move default config files 127.0.0.zone, localhost.zone and
root.hint in /var/lib/named to /usr/share/named with a symlink to
/var/lib/named via systemd-tmpfiles to improve immutable os
compatibility.
* Wed Jan 21 2026 Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.18
Security Fixes:
* Fix incorrect length checks for BRID and HHIT records.
(CVE-2025-13878)
[bsc#1256997]
Feature Changes:
* Add more information to the rndc recursing output about
fetches.
* Reduce the number of outgoing queries.
* Provide more information when memory allocation fails.
Bug Fixes:
* Make DNSSEC key rollovers more robust.
* Fix a catalog zone issue, where member zones could fail to
load.
* Allow glue in delegations with QTYPE=ANY.
* Fix slow speed when signing a large delegation zone with NSEC3
opt-out.
* Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
be invalid.
* Fix a possible catalog zone issue during reconfiguration.
* Fix the charts in the statistics channel.
* Adding NSEC3 opt-out records could leave invalid records in
chain.
* Fix spurious timeouts while resolving names.
* Fix bug where zone switches from NSEC3 to NSEC after
retransfer.
* AMTRELAY type 0 presentation format handling was wrong.
* Fix parsing bug in remote-servers with key or TLS.
* Fix DoT reconfigure/reload bug in the resolver.
* Skip unsupported algorithms when looking for a signing key.
* Fix dnssec-keygen key collision checking for KEY RRtype keys.
* dnssec-verify now uses exit code 1 when failing due to illegal
options.
* Prevent assertion failures of dig when a server is specified
before the -b option.
* Skip buffer allocations if not logging.
* Wed Dec 17 2025 Jeff Mahoney <jeffm@suse.com>
- Remove packaging support for releases prior to SLES 15 SP4/Leap 15.4.
- The builds have dependencies that are no longer met by these older
releases.
- Fix Sphinx processing of documentation on SLES/Leap 15.
* Wed Oct 22 2025 Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.15
Security Fixes:
* DNSSEC validation fails if matching but invalid DNSKEY is found.
[CVE-2025-8677, bsc#1252378]
* Address various spoofing attacks.
[CVE-2025-40778, bsc#1252379]
* Cache-poisoning due to weak pseudo-random number generator.
[CVE-2025-40780, bsc#1252380]
New Features:
* Add dnssec-policy keys configuration check to named-checkconf.
Bug Fixes:
* Missing DNSSEC information when CD bit is set in query.
* rndc sign during ZSK rollover will now replace signatures.
* Use signer name when disabling DNSSEC algorithms.
* Preserve cache when reload fails and reload the server again.
* Thu Sep 11 2025 Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.13
New Features:
* Add a new option `manual-mode` to dnssec-policy.
* Add a new option `servfail-until-ready` to response-policy
zones.
* Support for parsing HHIT and BRID records has been added.
Removed Features:
* Deprecate the `tkey-gssapi-credential` statement.
* Obsolete the `tkey-domain` statement.
Bug Fixes:
* Prevent spurious SERVFAILs for certain 0-TTL resource records.
* Fix unexpected termination if catalog-zones had undefined
`default-primaries`.
* Thu Aug 21 2025 Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.12
New Features:
* Support for parsing DSYNC records has been added.
Feature Changes:
* Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS
digest type 1.
Bug Fixes:
* Stale RRsets in a CNAME chain were not always refreshed.
* Add RPZ extended DNS error for zones with a CNAME override
policy configured.
* Fix dig +keepopen option.
* Log dropped or slipped responses in the query-errors category.
* Fix synth-from-dnssec not working in some scenarios.
* Clean enough memory when adding new ADB names/entries under
memory pressure.
* Pr