- Limit the amount of recursion possible in control channel (CVE-2023-3341)

- Prevent the cache going over the configured limit (CVE-2023-2828)

- Tighten cache protection against record from forwarders (CVE-2021-25220)

- Fix possible assertion failure isc_refcount_current == 0 in free_rbtdb
  (#1935152)

- Prevent a race after zone load (#2011220)

- security issues
  . CVE-2021-25214 Insufficient IXFR checks could lead to assertion failure

- Possible assertion failure on DNAME processing (CVE-2021-25215)

- Fix off-by-one bug in ISC SPNEGO implementation (CVE-2020-8625)

- Fix inline re-signing (#rh1889902)

- Fix unsupported algorithms validation (#rh1769876)
- Fix tsig-request verify (CVE-2020-8622)
- Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623)
- Correct update-policy type subdomain to match documentation (CVE-2020-8624)

- update 9.11.4.16.6 of RHEL 7.8
- security issues
  . CVE-2020-8616 Limit number of queries triggered by a request
  . CVE-2020-8617 Fix invalid tsig request

- update 9.11.4-16 of RHEL 7.8
- security issues
  . CVE-2018-5745
  . CVE-2019-6465

- update 9.11.4 of RHEL 7.7
- security issues
  . CVE-2019-6471
  . CVE-2018-5743
- GeoDNS functionality changed from google to isc.
  . see also https://kb.isc.org/docs/aa-01149

- Fix unstable zone transfers (#1724071)
- Understand keep-response-order for backward compatibility

- security issues
  . CVE-2018-5743
  . CVE-2018-5743

- Fixes debug level comments (#1647539)

- Fix automatic selinux boolean named_write_master_zones (#1569466)
- Allow starting named with readonly home again

- Fix CVE-2018-5740

- Fix CVE-2017-3145

- Fix CVE-2017-3145

- fixed wrong log rotate
- compress rotated log

- Bump again above RHEL-7.4
- Fix CVE-2017-3142 and CVE-2017-3143

- Fix CVE-2017-3136 (ISC change 4575)
- Fix CVE-2017-3137 (ISC change 4578)

- Fix CVE-2017-3135 (ISC change 4557)
- Fix and test caching CNAME before DNAME (ISC change 4558)

- Fix CVE-2016-9131 (ISC change 4508)
- Fix CVE-2016-9147 (ISC change 4510)
- Fix regression introduced by CVE-2016-8864 (ISC change 4530)
- Fix CVE-2016-9444 (ISC change 4517)

- Added automatic interface scan functionality (#1294506)
- Removed NetworkManager dispatcher script since it is not needed any more (#1294506)
- Added support for CAA records (#1306610)
- Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1291185)
- replace geoip patch to
- for AnNyung's changes
  Do not use RHEL's geoip patch for backwards compatibility, but keep the old geodns patch
  set GEOIP_DATA_COPY="yes" in /etc/sysconfig/named
  Usage: https://code.google.com/p/bind-geoip/wiki/UsageGuide

- Fix CVE-2016-8864

- Fix CVE-2016-2776

- Fix CVE-2016-1285 and CVE-2016-1286

- Fix CVE-2015-8704

- fixed security isseus
  . CVE-2015-8000
    A denial of service flaw was found in the way BIND processed certain
    records with malformed class attributes. A remote attacker could use this
    flaw to send a query to request a cached record with a malformed class
    attribute that would cause named functioning as an authoritative or
    recursive server to crash.

- remove chroot package (default chroot mode)
- add geodns patch
  set GEOIP_DATA_COPY="yes" in /etc/sysconfig/named
  https://code.google.com/p/bind-geoip/wiki/UsageGuide

- security issues
  . CVE-2015-5722

    A denial of service flaw was found in the way BIND parsed certain malformed
    DNSSEC keys. A remote attacker could use this flaw to send a specially
    crafted DNS query (for example, a query requiring a response from a zone
    containing a deliberately malformed key) that would cause named functioning
    as a validating resolver to crash.

- remove chroot package (default chroot mode)
- add geodns patch
  set GEOIP_DATA_COPY="yes" in /etc/sysconfig/named
  https://code.google.com/p/bind-geoip/wiki/UsageGuide

- remove chroot package (default chroot mode)
- add geodns patch
  set GEOIP_DATA_COPY="yes" in /etc/sysconfig/named
  https://code.google.com/p/bind-geoip/wiki/UsageGuide