2025-07: Internal logic flaw in cache management can lead to
a denial of service in Recursor
When using views, queries sent using TCP Proxy Protocol will select
the view according to the address of the proxy, rather than the address
of the initial query. This can lead to wrong data being returned.
Missing escaping of special characters (such as $ or @) in DNS names
received during an AXFR operation can lead to an incorrect
(non-parseable) Bind backend configuration to be written, causing this
backend to fail until manual operation is performed to fix the
configuration.
Missing sanity checks of the answer to the initial SOA query, when
running in auto-secondary mode and receiving a notification for an
not-yet-known domain may cause the server to crash.
Multiple concurrency and locking defects in the GSS-TSIG code can
lead to memory corruption due to accidental data structure sharing,
which can in turn lead to a program crash.
Missing proper escaping of double-quote characters when computing
labels will cause AXFR of a catalog zone with a member whose producer
group option contains such a character to fail.