Log Message:
net/bind918: update to 9.18.28

9.18.28 (2024-07-23)

6404.	[security]	Remove SIG(0) support from named as a countermeasure
			for CVE-2024-1975. [GL #4480]

6403.	[security]	qctx-zversion was not being cleared when it should have
			been leading to an assertion failure if it needed to be
			reused. (CVE-2024-4076) [GL #4507]

6401.	[security]	An excessively large number of rrtypes per owner can
			slow down database query processing, so a limit has been
			placed on the number of rrtypes that can be stored per
			owner (node) in a cache or zone database. This is
			configured with the new "max-rrtypes-per-name" option,
			and defaults to 100. (CVE-2024-1737)
			[GL #3403] [GL #4548]

6400.	[security]	Excessively large rdatasets can slow down database
			query processing, so a limit has been placed on the
			number of records that can be stored per rdataset
			in a cache or zone database. This is configured
			with the new "max-records-per-type" option, and
			defaults to 100. (CVE-2024-1737)
			[GL #497] [GL #3405]

6399.	[security]	Malicious DNS client that sends many queries over
			TCP but never reads responses can cause server to
			respond slowly or not respond at all for other
			clients. (CVE-2024-0760) [GL #4481]

6398.	[bug]		Fix potential data races in our DoH implementation
			related to HTTP/2 session object management and
			endpoints set object management after reconfiguration.
			We would like to thank Dzintars and Ivo from nic.lv
			for bringing this to our attention. [GL #4473]

6397.	[bug]		Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for
			parent NS records needed to get the DS result.
			[GL #4661]

6395.	[bug]		Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c.
			[GL #4736]

6394.	[bug]		Named's -4 and -6 options now apply to zone primaries,
			also-notify and parental-agents.  Report when a zone
			has these options configured but does not have an IPv4
			or IPv6 address listed respectively. [GL #3472]

6393.	[func]		Deal with uv_tcp_close_reset() error return codes
			more gracefully. [GL #4708]

6392.	[bug]		Use a completely new memory context when flushing the
			cache. [GL #2744]

6391.	[bug]		TCP client statistics could sometimes fail to decrease
			when accepting client connection fails. [GL #4742]

6390.	[bug]		Fix a data race in isc_task_purgeevent(). [GL !8937]

6389.	[bug]		dnssec-verify and dnssec-signzone could fail if there
			was an obscured DNSKEY RRset at a delegatation.
			[GL #4517]

6388.	[bug]		Prevent an assertion failure caused by passing NULL to
			dns_dispatch_resume() when a dns_request times out close
			to view shutdown. [GL #4719]

6386.	[bug]		When shutting down catzs->view could point to freed
			memory. Obtain a reference to the view to prevent this.
			[GL #4502]

6385.	[func]		Relax SVCB alias mode checks to allow parameters.
			[GL #4704]

6384.	[bug]		Remove infinite loop when including a directory in a
			zone file. [GL #4357]

6383.	[bug]		Address an infinite loop in $GENERATE when a negative
			value was converted in nibble mode. [GL #4353]

6382.	[bug]		Fix RPZ response's SOA record TTL, which was incorrectly
			set to 1 if 'add-soa' is used. [GL #3323]