mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-05 17:15:31 +00:00
Code Issues Releases Wiki Activity
Files
daf4204f82af39a71de8be039c2070aa605145a9
bind/doc/arm/notes.html
Tinderbox User daf4204f82 regen master
2014-11-05 01:04:56 +00:00

330 lines
15 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!--
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en">
<div class="titlepage"><hr></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="preface"><a href="#id2542024"> </a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="#id2542008">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_download">Download</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_features">New Features</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="sect2"><a href="#end_of_life">End of Life</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl></dd>
</dl>
</div>
<div class="preface" lang="en">
<div class="titlepage"><div><div><h2 class="title">
<a name="id2542024"></a> </h2></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="#id2542008">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_download">Download</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_features">New Features</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="sect2"><a href="#end_of_life">End of Life</a></span></dt>
<dt><span class="sect2"><a href="#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2542008"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes changes since the last production release
of BIND on the corresponding major release branch.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
<a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>None</p></li>
<li><p>
Errors reported when running <span><strong class="command">rndc addzone</strong></span>
(e.g., when a zone file cannot be loaded) have been clarified
to make it easier to diagnose problems.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
The serial number of a dynamically updatable zone can
now be set using
<span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
This is particularly useful with <code class="option">inline-signing</code>
zones that have been reset. Setting the serial number to a value
larger than that on the slaves will trigger an AXFR-style
transfer.
</p></li>
<li><p>
When answering recursive queries, SERVFAIL responses can now be
cached by the server for a limited time; subsequent queries for
the same query name and type will return another SERVFAIL until
the cache times out. This reduces the frequency of retries
when a query is persistently failing, which can be a burden
on recursive serviers. The SERVFAIL cache timeout is controlled
by <code class="option">servfail-ttl</code>, which defaults to 10 seconds
and has an upper limit of 30.
</p></li>
<li><p>
The new <span><strong class="command">rndc nta</strong></span> command can now be used to
set a "negative trust anchor" (NTA), disabling DNSSEC validation for
a specific domain; this can be used when responses from a domain
are known to be failing validation due to administrative error
rather than because of a spoofing attack. NTAs are strictly
temporary; by default they expire after one hour, but can be
configured to last up to one week. The default NTA lifetime
can be changed by setting the <code class="option">nta-lifetime</code> in
<code class="filename">named.conf</code>.
</p></li>
<li><p>
The EDNS Client Subnet (ECS) option is now supported for
authoritative servers; if a query contains an ECS option then
ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
elements can match against the the address encoded in the option.
This can be used to select a view for a query, so that different
answers can be provided depending on the client network.
</p></li>
<li><p>
The EDNS EXPIRE option has been implemented on the client
side, allowing a slave server to set the expiration timer
correctly when transferring zone data from another slave
server.
</p></li>
<li><p>
A new <code class="option">masterfile-style</code> zone option controls
the formatting of text zone files: When set to
<code class="literal">full</code>, the zone file will dumped in
single-line-per-record format.
</p></li>
<li><p>
<span><strong class="command">dig +ednsopt</strong></span> can now be used to set
arbitrary EDNS options in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +ednsflags</strong></span> can now be used to set
yet-to-be-defined EDNS flags in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
disable EDNS version negotiation.
</p></li>
<li><p>
<span><strong class="command">dig +header-only</strong></span> can now be used to send
queries without a question section.
</p></li>
<li><p>
<span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>
to print TTL values with time-unit suffixes: w, d, h, m, s for
weeks, days, hours, minutes, and seconds.
</p></li>
<li><p>
<span><strong class="command">dig +zflag</strong></span> can be used to set the last
unassigned DNS header flag bit. This bit in normally zero.
</p></li>
<li><p>
<span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
can now be used to set the DSCP code point in outgoing query
packets.
</p></li>
<li><p>
<code class="option">serial-update-method</code> can now be set to
<code class="literal">date</code>. On update, the serial number will
be set to the current date in YYYYMMDDNN format.
</p></li>
<li><p>
<span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial
number to YYYYMMDDNN.
</p></li>
<li><p>
<span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>
causes named to send log messages to the specified file by
default instead of to the system log.
</p></li>
<li><p>
The rate limiter configured by the
<code class="option">serial-query-rate</code> option no longer covers
NOTIFY messages; those are now separately controlled by
<code class="option">notify-rate</code> and
<code class="option">startup-notify-rate</code> (the latter of which
controls the rate of NOTIFY messages sent when the server
is first started up or reconfigured).
</p></li>
<li><p>
The default number of tasks and client objects available
for serving lightweight resolver queries have been increased,
and are now configurable via the new <code class="option">lwres-tasks</code>
and <code class="option">lwres-clients</code> options in
<code class="filename">named.conf</code>. [RT #35857]
</p></li>
<li><p>
Log output to files can now be buffered by specifying
<span><strong class="command">buffered yes;</strong></span> when creating a channel.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were
not correctly matched unless the full organization name was
specified in the ACL (as in
<span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).
They can now match against the AS number alone (as in
<span><strong class="command">geoip asnum "AS1234";</strong></span>).
</p></li>
<li><p>
When using native PKCS#11 cryptography (i.e.,
<span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs
of up to 256 characters can now be used.
</p></li>
<li><p>
NXDOMAIN responses to queries of type DS are now cached separately
from those for other types. This helps when using "grafted" zones
of type forward, for which the parent zone does not contain a
delegation, such as local top-level domains. Previously a query
of type DS for such a zone could cause the zone apex to be cached
as NXDOMAIN, blocking all subsequent queries. (Note: This
change is only helpful when DNSSEC validation is not enabled.
"Grafted" zones without a delegation in the parent are not a
recommended configuration.)
</p></li>
<li><p>
Update forwarding performance has been improved by allowing
a single TCP connection to be shared between multiple updates.
</p></li>
<li><p>
By default, <span><strong class="command">nsupdate</strong></span> will now check
the correctness of hostnames when adding records of type
A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
disabled with <span><strong class="command">check-names no</strong></span>.
</p></li>
<li><p>
Added support for OPENPGPKEY type.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
<span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and
<span><strong class="command">nslookup</strong></span> aborted when encountering
a name which, after appending search list elements,
exceeded 255 bytes. Such names are now skipped, but
processing of other names will continue. [RT #36892]
</p></li>
<li><p>
The error message generated when
<span><strong class="command">named-checkzone</strong></span> or
<span><strong class="command">named-checkconf -z</strong></span> encounters a
<code class="option">$TTL</code> directive without a value has
been clarified. [RT #37138]
</p></li>
<li><p>
Semicolon characters (;) included in TXT records were
incorrectly escaped with a backslash when the record was
displayed as text. This is actually only necessary when there
are no quotation marks. [RT #37159]
</p></li>
<li><p>
When files opened for writing by <span><strong class="command">named</strong></span>,
such as zone journal files, were referenced more than once
in <code class="filename">named.conf</code>, it could lead to file
corruption as multiple threads wrote to the same file. This
is now detected when loading <code class="filename">named.conf</code>
and reported as an error. [RT #37172]
</p></li>
<li><p>
When checking for updates to trust anchors listed in
<code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>
now revalidates keys based on the current set of
active trust anchors, without relying on any cached
record of previous validation. [RT #37506]
</p></li>
<li><p>
Large-system tuning
(<span><strong class="command">configure --with-tuning=large</strong></span>) caused
problems on some platforms by setting a socket receive
buffer size that was too large. This is now detected and
corrected at run time. [RT #37187]
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.11 is yet to be determined but
will not be before BIND 9.13.0 has been released for 6 months.
<a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div>
</div>
</div></body>
</html>
Reference in New Issue View Git Blame Copy Permalink