d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h1 class="title">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.3</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#proto_changes">Protocol Changes</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.3</h2></div></div></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User This document summarizes changes since the last production
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User release on the BIND 9.11 branch.
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User Please see the <code class="filename">CHANGES</code> file for a further
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User list of bug fixes and other changes.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_download"></a>Download</h3></div></div></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The latest versions of BIND 9 software can always be found at
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt There you will find additional information about each release,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt source code, and pre-compiled versions for Microsoft Windows
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt operating systems.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User ICANN is in the process of introducing a new Key Signing Key (KSK) for
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User the global root zone. BIND has multiple methods for managing DNSSEC
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User trust anchors, with somewhat different behaviors. If the root
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User key is configured using the <span class="command"><strong>managed-keys</strong></span>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User statement, or if the pre-configured root key is enabled by using
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep keys up
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User to date automatically. Servers configured in this way should have
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User begun the process of rolling to the new key when it was published in
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User the root zone in July 2017. However, keys configured using the
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User maintained. If your server is performing DNSSEC validation and is
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User configured using <span class="command"><strong>trusted-keys</strong></span>, you are advised to
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User change your configuration before the root zone begins signing with
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User the new KSK. This is currently scheduled for October 11, 2017.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User This release includes an updated version of the
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User <code class="filename">bind.keys</code> file containing the new root
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User key. This file can also be downloaded from
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User <a class="link" href="https://www.isc.org/bind-keys" target="_top">
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<div class="titlepage"><div><div><h3 class="title">
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<a name="relnotes_license"></a>License Change</h3></div></div></div>
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User With the release of BIND 9.11.0, ISC changed to the open
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User source license for BIND from the ISC license to the Mozilla
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User Public License (MPL 2.0).
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User The MPL-2.0 license requires that if you make changes to
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User licensed software (e.g. BIND) and distribute them outside
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User your organization, that you publish those changes under that
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User same license. It does not require that you publish or disclose
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User anything other than the changes you made to our software.
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User This requirement will not affect anyone who is using BIND, with
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User or without modifications, without redistributing it, nor anyone
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User redistributing it without changes. Therefore, this change will be
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User without consequence for most individuals and organizations who are
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User Those unsure whether or not the license change affects their
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User use of BIND, or who wish to discuss how to comply with the
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<div class="titlepage"><div><div><h3 class="title">
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User<a name="win_support"></a>Legacy Windows No Longer Supported</h3></div></div></div>
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User platforms for BIND; "XP" binaries are no longer available for download
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User An error in TSIG handling could permit unauthorized zone
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User transfers or zone updates. These flaws are disclosed in
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User CVE-2017-3142 and CVE-2017-3143. [RT #45383]
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User The BIND installer on Windows used an unquoted service path,
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User which can enable privilege escalation. This flaw is disclosed
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User in CVE-2017-3141. [RT #45229]
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User With certain RPZ configurations, a response with TTL 0
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User could cause <span class="command"><strong>named</strong></span> to go into an infinite
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User query loop. This flaw is disclosed in CVE-2017-3140.
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User Addresses could be referenced after being freed during resolver
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User processing, causing an assertion failure. The chances of this
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User happening were remote, but the introduction of a delay in
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User resolution increased them. This bug is disclosed in
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User CVE-2017-3145. [RT #46839]
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User update-policy rules that otherwise ignore the name field now
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User require that it be set to "." to ensure that any type list
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User present is properly interpreted. If the name field was omitted
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User from the rule declaration and a type list was present it wouldn't
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User be interpreted as expected.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User The ISC DNSSEC Lookaside Validation (DLV) service has
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User been shut down; all DLV records in the dlv.isc.org zone
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User have been removed. References to the service have been
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User removed from BIND documentation. Lookaside validation
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User is no longer used by default by <span class="command"><strong>delv</strong></span>.
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User The DLV key has been removed from <code class="filename">bind.keys</code>.
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User Setting <span class="command"><strong>dnssec-lookaside</strong></span> to
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User <span class="command"><strong>auto</strong></span> or to use dlv.isc.org as a trust
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User anchor results in a warning being issued.
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User <span class="command"><strong>named</strong></span> will now log a warning if the old
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User root DNSSEC key is explicitly configured and has not been updated.
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User<div class="titlepage"><div><div><h3 class="title">
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User<a name="proto_changes"></a>Protocol Changes</h3></div></div></div>
dfae459e8c4f794f8a239e74aa9d5e11cce6ea5bTinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User BIND can now use the Ed25519 and Ed448 Edwards Curve DNSSEC
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User signing algorithms described in RFC 8080. Note, however, that
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User these algorithms must be supported in OpenSSL;
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User currently they are only available in the development branch
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User of OpenSSL at
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User <a class="link" href="https://github.com/openssl/openssl" target="_top">
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User When parsing DNS messages, EDNS KEY TAG options are checked
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User for correctness. When printing messages (for example, in
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User <span class="command"><strong>dig</strong></span>), EDNS KEY TAG options are printed
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User in readable format.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User <span class="command"><strong>named</strong></span> will no longer start or accept
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User reconfiguration if <span class="command"><strong>managed-keys</strong></span> or
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User <span class="command"><strong>dnssec-validation auto</strong></span> are in use and
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User the managed-keys directory (specified by
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User <span class="command"><strong>managed-keys-directory</strong></span>, and defaulting
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User to the working directory if not specified),
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User is not writable by the effective user ID. [RT #46077]
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User Previously, <span class="command"><strong>update-policy local;</strong></span> accepted
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User updates from any source so long as they were signed by the
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User locally-generated session key. This has been further restricted;
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User updates are now only accepted from locally configured addresses.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User <span class="command"><strong>dig +ednsopt</strong></span> now accepts the names
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User for EDNS options in addition to numeric values. For example,
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User an EDNS Client-Subnet option could be sent using
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User <span class="command"><strong>dig +ednsopt=ecs:...</strong></span>. Thanks to
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User John Worley of Secure64 for the contribution. [RT #44461]
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User Threads in <span class="command"><strong>named</strong></span> are now set to human-readable
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User names to assist debugging on operating systems that support that.
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User Threads will have names such as "isc-timer", "isc-sockmgr",
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User "isc-worker0001", and so on. This will affect the reporting of
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User subsidiary thread names in <span class="command"><strong>ps</strong></span> and
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User DiG now warns about .local queries which are reserved for
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User Multicast DNS. [RT #44783]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User Attempting to validate improperly unsigned CNAME responses
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User from secure zones could cause a validator loop. This caused
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User a delay in returning SERVFAIL and also increased the chances
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User of encountering the crash bug described in CVE-2017-3145.
a0fb6a0980359165a4459723f52d5d7b5725f9c6Tinderbox User When <span class="command"><strong>named</strong></span> was reconfigured, failure of some
a0fb6a0980359165a4459723f52d5d7b5725f9c6Tinderbox User zones to load correctly could leave the system in an inconsistent
a0fb6a0980359165a4459723f52d5d7b5725f9c6Tinderbox User state; while generally harmless, this could lead to a crash later
a0fb6a0980359165a4459723f52d5d7b5725f9c6Tinderbox User when using <span class="command"><strong>rndc addzone</strong></span>. Reconfiguration changes
a0fb6a0980359165a4459723f52d5d7b5725f9c6Tinderbox User are now fully rolled back in the event of failure. [RT #45841]
8c7245514646663b25d8b186186ebede41903fa3Tinderbox User Fixed a bug that was introduced in an earlier development
8c7245514646663b25d8b186186ebede41903fa3Tinderbox User release which caused multi-packet AXFR and IXFR messages to fail
8c7245514646663b25d8b186186ebede41903fa3Tinderbox User validation if not all packets contained TSIG records; this
8c7245514646663b25d8b186186ebede41903fa3Tinderbox User caused interoperability problems with some other DNS
8c7245514646663b25d8b186186ebede41903fa3Tinderbox User implementations. [RT #45509]
421ba11f3f07cbcb12c288ef7f4e7bad13fcc28fTinderbox User Reloading or reconfiguring <span class="command"><strong>named</strong></span> could
421ba11f3f07cbcb12c288ef7f4e7bad13fcc28fTinderbox User fail on some platforms when LMDB was in use. [RT #45203]
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User Due to some incorrectly deleted code, when BIND was
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User built with LMDB, zones that were deleted via
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User <span class="command"><strong>rndc delzone</strong></span> were removed from the
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User running server but were not removed from the new zone
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User database, so that deletion did not persist after a
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User server restart. This has been corrected. [RT #45185]
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User Semicolons are no longer escaped when printing CAA and
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User URI records. This may break applications that depend on the
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User presence of the backslash before the semicolon. [RT #45216]
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User AD could be set on truncated answer with no records present
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User in the answer and authority sections. [RT #45140]
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User Some header files included <isc/util.h> incorrectly as
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User it pollutes with namespace with non ISC_ macros and this should
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User only be done by explicitly including <isc/util.h>. This
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User has been corrected. Some code may depend on <isc/util.h>
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User being implicitly included via other header files. Such
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User code should explicitly include <isc/util.h>.
666b453b37f9ccfe3c7984fb0b31b70a3ceb918fTinderbox User Zones created with <span class="command"><strong>rndc addzone</strong></span> could
666b453b37f9ccfe3c7984fb0b31b70a3ceb918fTinderbox User temporarily fail to inherit the <span class="command"><strong>allow-transfer</strong></span>
666b453b37f9ccfe3c7984fb0b31b70a3ceb918fTinderbox User ACL set in the <span class="command"><strong>options</strong></span> section of
666b453b37f9ccfe3c7984fb0b31b70a3ceb918fTinderbox User <code class="filename">named.conf</code>. [RT #46603]
bea02a4cc08d57b9f36979906f291ac78a99060aTinderbox User <span class="command"><strong>named</strong></span> failed to properly determine whether
bea02a4cc08d57b9f36979906f291ac78a99060aTinderbox User there were active KSK and ZSK keys for an algorithm when
bea02a4cc08d57b9f36979906f291ac78a99060aTinderbox User <span class="command"><strong>update-check-ksk</strong></span> was true (which is the
bea02a4cc08d57b9f36979906f291ac78a99060aTinderbox User default setting). This could leave records unsigned
266afc085a8a74f4b13cb150234a4db21f65278bTinderbox User when rolling keys. [RT #46743] [RT #46754] [RT #46774]
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="end_of_life"></a>End of Life</h3></div></div></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The end of life for BIND 9.11 is yet to be determined but
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt will not be before BIND 9.13.0 has been released for 6 months.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Thank you to everyone who assisted us in making this release possible.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt If you would like to contribute to ISC to assist us in continuing to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt make quality open source software, please visit our donations page at
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>