60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<title>Appendix�A.�Release Notes</title>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navheader">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation header">

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<th width="60%" align="center">�</th>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</td>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="appendix">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h1 class="title">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="toc">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><b>Table of Contents</b></p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dl class="toc">

9b3ef7211c28f97f5ecb507d2e2d474397238b44Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.0a2</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dd><dl>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</dl></dd>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</dl>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">

9b3ef7211c28f97f5ecb507d2e2d474397238b44Tinderbox User<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.0a2</h2></div></div></div>

f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_intro"></a>Introduction</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User BIND 9.11.0 is a new feature release of BIND, still under development.

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User This document summarizes new features and functional changes that

e285c11870c6263cd79b418e104c7eb3e2d96952Tinderbox User have been introduced on this branch. With each development

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User release leading up to the final BIND 9.11.0 release, this document

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User will be updated with additional features added and bugs fixed.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_download"></a>Download</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The latest versions of BIND 9 software can always be found at

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt There you will find additional information about each release,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt source code, and pre-compiled versions for Microsoft Windows

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt operating systems.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User None.

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User </p></li></ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_features"></a>New Features</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Added support for DynDB, a new interface for loading zone data

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt from an external database, developed by Red Hat for the FreeIPA

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt project. (Thanks in particular to Adam Tkac and Petr

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Spacek of Red Hat for the contribution.)

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Unlike the existing DLZ and SDB interfaces, which provide a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt limited subset of database functionality within BIND &#8212;

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt translating DNS queries into real-time database lookups with

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt relatively poor performance and with no ability to handle

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt DNSSEC-signed data &#8212; DynDB is able to fully implement

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and extend the database API used natively by BIND.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A DynDB module could pre-load data from an external data

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt source, then serve it with the same performance and

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt functionality as conventional BIND zones, and with the

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt ability to take advantage of database features not

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt available in BIND, such as multi-master replication.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt New quotas have been added to limit the queries that are

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt sent by recursive resolvers to authoritative servers

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt experiencing denial-of-service attacks. When configured,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt these options can both reduce the harm done to authoritative

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt servers and also avoid the resource exhaustion that can be

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt experienced by recursives when they are being used as a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt vehicle for such an attack.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; ">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">fetches-per-server</code> limits the number of

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt simultaneous queries that can be sent to any single

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt authoritative server. The configured value is a starting

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt point; it is automatically adjusted downward if the server is

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt partially or completely non-responsive. The algorithm used to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt adjust the quota can be configured via the

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">fetch-quota-params</code> option.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">fetches-per-zone</code> limits the number of

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt simultaneous queries that can be sent for names within a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt single domain. (Note: Unlike "fetches-per-server", this

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt value is not self-tuning.)

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Statistics counters have also been added to track the number

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of queries affected by these quotas.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Added support for <span class="command"><strong>dnstap</strong></span>, a fast,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt flexible method for capturing and logging DNS traffic,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt developed by Robert Edmonds at Farsight Security, Inc.,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt whose assistance is gratefully acknowledged.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User To enable <span class="command"><strong>dnstap</strong></span> at compile time,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the <span class="command"><strong>fstrm</strong></span> and <span class="command"><strong>protobuf-c</strong></span>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt libraries must be available, and BIND must be configured with

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">--enable-dnstap</code>.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A new utility <span class="command"><strong>dnstap-read</strong></span> has been added

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to allow <span class="command"><strong>dnstap</strong></span> data to be presented in

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a human-readable format.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt For more information on <span class="command"><strong>dnstap</strong></span>, see

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://dnstap.info" target="_top">http://dnstap.info</a>.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt New statistics counters have been added to track traffic

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt sizes, as specified in RSSAC002. Query and response

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt message sizes are broken up into ranges of histogram buckets:

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt TCP and UDP queries of size 0-15, 16-31, ..., 272-288, and 288+,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and TCP and UDP responses of size 0-15, 16-31, ..., 4080-4095,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and 4096+. These values can be accessed via the XML and JSON

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt statistics channels at, for example,

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://localhost:8888/xml/v3/traffic" target="_top">http://localhost:8888/xml/v3/traffic</a>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt or

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<li class="listitem">

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p>

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User A new DNSSEC key management utility,

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User <span class="command"><strong>dnssec-keymgr</strong></span>, has been added. This tool

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User is meant to run unattended (e.g., under <span class="command"><strong>cron</strong></span>).

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User It reads a policy definition file

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User (default: <code class="filename">/etc/dnssec.policy</code>)

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User and creates or updates DNSSEC keys as necessary to ensure that a

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User zone's keys match the defined policy for that zone. New keys are

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User created whenever necessary to ensure rollovers occur correctly.

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Existing keys' timing metadata is adjusted as needed to set the

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User correct rollover period, prepublication interval, etc. If

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User the configured policy changes, keys are corrected automatically.

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User See the <span class="command"><strong>dnssec-keymgr</strong></span> man page for full details.

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User </p>

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p>

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Note: <span class="command"><strong>dnssec-keymgr</strong></span> depends on Python and on

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User the Python lex/yacc module, PLY. The other Python-based tools,

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User <span class="command"><strong>dnssec-coverage</strong></span> and

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User <span class="command"><strong>dnssec-checkds</strong></span>, have been

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User refactored and updated as part of this work.

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User </p>

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p>

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User (Many thanks to Sebasti�n

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Castro for his assistance in developing this tool at the IETF

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User 95 Hackathon in Buenos Aires, April 2016.)

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User </p>

3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The serial number of a dynamically updatable zone can

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt now be set using

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This is particularly useful with <code class="option">inline-signing</code>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt zones that have been reset. Setting the serial number to a value

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt larger than that on the slaves will trigger an AXFR-style

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt transfer.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt When answering recursive queries, SERVFAIL responses can now be

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt cached by the server for a limited time; subsequent queries for

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the same query name and type will return another SERVFAIL until

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the cache times out. This reduces the frequency of retries

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt when a query is persistently failing, which can be a burden

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt on recursive serviers. The SERVFAIL cache timeout is controlled

e2b184f84e846bbcb764b6f0aef5dcd583d3d7a1Tinderbox User by <code class="option">servfail-ttl</code>, which defaults to 1 second

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and has an upper limit of 30.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The new <span class="command"><strong>rndc nta</strong></span> command can now be used to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt set a "negative trust anchor" (NTA), disabling DNSSEC validation for

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a specific domain; this can be used when responses from a domain

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt are known to be failing validation due to administrative error

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt rather than because of a spoofing attack. NTAs are strictly

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt temporary; by default they expire after one hour, but can be

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt configured to last up to one week. The default NTA lifetime

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt can be changed by setting the <code class="option">nta-lifetime</code> in

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="filename">named.conf</code>. When added, NTAs are stored in a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt file (<code class="filename"><em class="replaceable"><code>viewname</code></em>.nta</code>)

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in order to persist across restarts of the <span class="command"><strong>named</strong></span> server.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The EDNS Client Subnet (ECS) option is now supported for

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt authoritative servers; if a query contains an ECS option then

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User elements can match against the address encoded in the option.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This can be used to select a view for a query, so that different

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt answers can be provided depending on the client network.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The EDNS EXPIRE option has been implemented on the client

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt side, allowing a slave server to set the expiration timer

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt correctly when transferring zone data from another slave

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt server.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A new <code class="option">masterfile-style</code> zone option controls

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the formatting of text zone files: When set to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="literal">full</code>, the zone file will dumped in

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt single-line-per-record format.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig +ednsopt</strong></span> can now be used to set

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt arbitrary EDNS options in DNS requests.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig +ednsflags</strong></span> can now be used to set

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt yet-to-be-defined EDNS flags in DNS requests.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig +[no]ednsnegotiation</strong></span> can now be used enable /

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt disable EDNS version negotiation.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig +header-only</strong></span> can now be used to send

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt queries without a question section.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig +ttlunits</strong></span> causes <span class="command"><strong>dig</strong></span>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to print TTL values with time-unit suffixes: w, d, h, m, s for

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt weeks, days, hours, minutes, and seconds.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig +zflag</strong></span> can be used to set the last

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User unassigned DNS header flag bit. This bit is normally zero.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt can now be used to set the DSCP code point in outgoing query

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt packets.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

0226754d9e537fd56b690d5890cfe215a6c59f89Tinderbox User<li class="listitem"><p>

0226754d9e537fd56b690d5890cfe215a6c59f89Tinderbox User <span class="command"><strong>dig +mapped</strong></span> can now be used to determine

0226754d9e537fd56b690d5890cfe215a6c59f89Tinderbox User if mapped IPv4 addresses can be used.

0226754d9e537fd56b690d5890cfe215a6c59f89Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">serial-update-method</code> can now be set to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="literal">date</code>. On update, the serial number will

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt be set to the current date in YYYYMMDDNN format.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dnssec-signzone -N date</strong></span> also sets the serial

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt number to YYYYMMDDNN.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>named -L <em class="replaceable"><code>filename</code></em></strong></span>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User causes <span class="command"><strong>named</strong></span> to send log messages to the

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User specified file by default instead of to the system log.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The rate limiter configured by the

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">serial-query-rate</code> option no longer covers

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt NOTIFY messages; those are now separately controlled by

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">notify-rate</code> and

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">startup-notify-rate</code> (the latter of which

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt controls the rate of NOTIFY messages sent when the server

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt is first started up or reconfigured).

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default number of tasks and client objects available

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for serving lightweight resolver queries have been increased,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and are now configurable via the new <code class="option">lwres-tasks</code>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and <code class="option">lwres-clients</code> options in

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="filename">named.conf</code>. [RT #35857]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Log output to files can now be buffered by specifying

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>buffered yes;</strong></span> when creating a channel.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>delv +tcp</strong></span> will exclusively use TCP when

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt sending queries.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>named</strong></span> will now check to see whether

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt other name server processes are running before starting up.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This is implemented in two ways: 1) by refusing to start

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt if the configured network interfaces all return "address

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in use", and 2) by attempting to acquire a lock on a file

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt specified by the <code class="option">lock-file</code> option or

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the <span class="command"><strong>-X</strong></span> command line option. The

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt default lock file is

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="filename">/var/run/named/named.lock</code>.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Specifying <code class="literal">none</code> will disable the lock

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt file check.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>rndc delzone</strong></span> can now be applied to zones

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt which were configured in <code class="filename">named.conf</code>;

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt it is no longer restricted to zones which were added by

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>rndc addzone</strong></span>. (Note, however, that

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt this does not edit <code class="filename">named.conf</code>; the zone

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt must be removed from the configuration or it will return

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt when <span class="command"><strong>named</strong></span> is restarted or reloaded.)

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>rndc modzone</strong></span> can be used to reconfigure

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a zone, using similar syntax to <span class="command"><strong>rndc addzone</strong></span>.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>rndc showzone</strong></span> displays the current

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt configuration for a specified zone.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Added server-side support for pipelined TCP queries. Clients

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt may continue sending queries via TCP while previous queries are

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt processed in parallel. Responses are sent when they are

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt ready, not necessarily in the order in which the queries were

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt received.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt To revert to the former behavior for a particular

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt client address or range of addresses, specify the address prefix

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in the "keep-response-order" option. To revert to the former

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt behavior for all clients, use "keep-response-order { any; };".

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The new <span class="command"><strong>mdig</strong></span> command is a version of

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig</strong></span> that sends multiple pipelined

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt queries and then waits for responses, instead of sending one

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt query and waiting the response before sending the next. [RT #38261]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt To enable better monitoring and troubleshooting of RFC 5011

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt trust anchor management, the new <span class="command"><strong>rndc managed-keys</strong></span>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt can be used to check status of trust anchors or to force keys

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to be refreshed. Also, the managed-keys data file now has

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt easier-to-read comments. [RT #38458]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt An <span class="command"><strong>--enable-querytrace</strong></span> configure switch is

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt now available to enable very verbose query tracelogging. This

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt option can only be set at compile time. This option has a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt negative performance impact and should be used only for

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt debugging. [RT #37520]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A new <span class="command"><strong>tcp-only</strong></span> option can be specified

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in <span class="command"><strong>server</strong></span> statements to force

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>named</strong></span> to connect to the specified

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt server via TCP. [RT #37800]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The <span class="command"><strong>nxdomain-redirect</strong></span> option specifies

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a DNS namespace to use for NXDOMAIN redirection. When a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt recursive lookup returns NXDOMAIN, a second lookup is

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt initiated with the specified name appended to the query

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt name. This allows NXDOMAIN redirection data to be supplied

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt by multiple zones configured on the server or by recursive

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt queries to other servers. (The older method, using

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a single <span class="command"><strong>type redirect</strong></span> zone, has

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt better average performance but is less flexible.) [RT #37989]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The following types have been implemented: CSYNC, NINFO, RKEY,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt SINK, TA, TALINK.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<li class="listitem"><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User A new <span class="command"><strong>message-compression</strong></span> option can be

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User used to specify whether or not to use name compression when

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User answering queries. Setting this to <strong class="userinput"><code>no</code></strong>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User results in larger responses, but reduces CPU consumption and

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User may improve throughput. The default is <strong class="userinput"><code>yes</code></strong>.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></li>

d7a61cfbe56ebfa1682e949e48b4d08840234d8fTinderbox User<li class="listitem"><p>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User A <span class="command"><strong>read-only</strong></span> option is now available in the

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User <span class="command"><strong>controls</strong></span> statement to grant non-destructive

d7a61cfbe56ebfa1682e949e48b4d08840234d8fTinderbox User control channel access. In such cases, a restricted set of

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User <span class="command"><strong>rndc</strong></span> commands are allowed, which can

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User report information from <span class="command"><strong>named</strong></span>, but cannot

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User reconfigure or stop the server. By default, the control channel

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User access is <span class="emphasis"><em>not</em></span> restricted to these

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User read-only operations. [RT #40498]

d7a61cfbe56ebfa1682e949e48b4d08840234d8fTinderbox User </p></li>

832fa787d4a13fa89d64f868e51016ff4adb0d89Tinderbox User<li class="listitem"><p>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User When loading a signed zone, <span class="command"><strong>named</strong></span> will

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User now check whether an RRSIG's inception time is in the future,

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User and if so, it will regenerate the RRSIG immediately. This helps

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User when a system's clock needs to be reset backwards.

832fa787d4a13fa89d64f868e51016ff4adb0d89Tinderbox User </p></li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

006283c42350464bc285c4481bce0a3b5a3dd8d0Tinderbox User<li class="listitem"><p>

006283c42350464bc285c4481bce0a3b5a3dd8d0Tinderbox User The ISC DNSSEC Lookaside Validation (DLV) service is scheduled

006283c42350464bc285c4481bce0a3b5a3dd8d0Tinderbox User to be disabled in 2017. A warning is now logged when

006283c42350464bc285c4481bce0a3b5a3dd8d0Tinderbox User <span class="command"><strong>named</strong></span> is configured to use this service,

006283c42350464bc285c4481bce0a3b5a3dd8d0Tinderbox User either explicitly or via <code class="option">dnssec-lookaside auto;</code>.

006283c42350464bc285c4481bce0a3b5a3dd8d0Tinderbox User [RT #42207]

006283c42350464bc285c4481bce0a3b5a3dd8d0Tinderbox User </p></li>

6758b59e57af88bdf466e63c0856043df44f8dd0Tinderbox User<li class="listitem"><p>

6758b59e57af88bdf466e63c0856043df44f8dd0Tinderbox User The timers returned by the statistics channel (indicating current

6758b59e57af88bdf466e63c0856043df44f8dd0Tinderbox User time, server boot time, and most recent reconfiguration time) are

6758b59e57af88bdf466e63c0856043df44f8dd0Tinderbox User now reported with millisecond accuracy. [RT #40082]

6758b59e57af88bdf466e63c0856043df44f8dd0Tinderbox User </p></li>

dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User<li class="listitem"><p>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User Updated the compiled-in addresses for H.ROOT-SERVERS.NET

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User and L.ROOT-SERVERS.NET.

dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt ACLs containing <span class="command"><strong>geoip asnum</strong></span> elements were

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt not correctly matched unless the full organization name was

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt specified in the ACL (as in

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>geoip asnum "AS1234 Example, Inc.";</strong></span>).

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt They can now match against the AS number alone (as in

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>geoip asnum "AS1234";</strong></span>).

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt When using native PKCS#11 cryptography (i.e.,

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>configure --enable-native-pkcs11</strong></span>) HSM PINs

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of up to 256 characters can now be used.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt NXDOMAIN responses to queries of type DS are now cached separately

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt from those for other types. This helps when using "grafted" zones

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of type forward, for which the parent zone does not contain a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt delegation, such as local top-level domains. Previously a query

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of type DS for such a zone could cause the zone apex to be cached

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt as NXDOMAIN, blocking all subsequent queries. (Note: This

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt change is only helpful when DNSSEC validation is not enabled.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt "Grafted" zones without a delegation in the parent are not a

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt recommended configuration.)

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Update forwarding performance has been improved by allowing

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a single TCP connection to be shared between multiple updates.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt By default, <span class="command"><strong>nsupdate</strong></span> will now check

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the correctness of hostnames when adding records of type

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt disabled with <span class="command"><strong>check-names no</strong></span>.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Added support for OPENPGPKEY type.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The names of the files used to store managed keys and added

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt zones for each view are no longer based on the SHA256 hash

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of the view name, except when this is necessary because the

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt view name contains characters that would be incompatible with use

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt as a file name. For views whose names do not contain forward

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt slashes ('/'), backslashes ('\'), or capital letters - which

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt could potentially cause namespace collision problems on

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt case-insensitive filesystems - files will now be named

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt after the view (for example, <code class="filename">internal.mkeys</code>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt or <code class="filename">external.nzf</code>). However, to ensure

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt consistent behavior when upgrading, if a file using the old

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt name format is found to exist, it will continue to be used.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt "rndc" can now return text output of arbitrary size to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the caller. (Prior to this, certain commands such as

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt "rndc tsig-list" and "rndc zonestatus" could return

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt truncated output.)

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Errors reported when running <span class="command"><strong>rndc addzone</strong></span>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (e.g., when a zone file cannot be loaded) have been clarified

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to make it easier to diagnose problems.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt When encountering an authoritative name server whose name is

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt an alias pointing to another name, the resolver treats

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt this as an error and skips to the next server. Previously

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt this happened silently; now the error will be logged to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the newly-created "cname" log category.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

e285c11870c6263cd79b418e104c7eb3e2d96952Tinderbox User If <span class="command"><strong>named</strong></span> is not configured to validate

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User answers, then allow fallback to plain DNS on timeout even when

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User we know the server supports EDNS. This will allow the server to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt potentially resolve signed queries when TCP is being

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt blocked.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Large inline-signing changes should be less disruptive.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Signature generation is now done incrementally; the number

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of signatures to be generated in each quantum is controlled

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt [RT #37927]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The experimental SIT option (code point 65001) of BIND

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt 9.10.0 through BIND 9.10.2 has been replaced with the COOKIE

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt option (code point 10). It is no longer experimental, and

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt is sent by default, by both <span class="command"><strong>named</strong></span> and

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig</strong></span>.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The SIT-related named.conf options have been marked as

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt obsolete, and are otherwise ignored.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt When <span class="command"><strong>dig</strong></span> receives a truncated (TC=1)

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt response or a BADCOOKIE response code from a server, it

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt will automatically retry the query using the server COOKIE

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt that was returned by the server in its initial response.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt [RT #39047]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A alternative NXDOMAIN redirect method (nxdomain-redirect)

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt which allows the redirect information to be looked up from

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a namespace on the Internet rather than requiring a zone

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to be configured on the server is now available.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Retrieving the local port range from net.ipv4.ip_local_port_range

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt on Linux is now supported.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User<li class="listitem"><p>

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User A new <code class="option">nsip-wait-recurse</code> directive has been

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User added to RPZ, specifying whether to look up unknown name server

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User IP addresses and wait for a response before applying RPZ-NSIP rules.

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User The default is <strong class="userinput"><code>yes</code></strong>. If set to

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User <strong class="userinput"><code>no</code></strong>, <span class="command"><strong>named</strong></span> will only

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User apply RPZ-NSIP rules to servers whose addresses are already cached.

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User The addresses will be looked up in the background so the rule can

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User be applied on subsequent queries. This improves performance when

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User the cache is cold, at the cost of temporary imprecision in applying

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User policy directives. [RT #35009]

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Within the <code class="option">response-policy</code> option, it is now

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt possible to configure RPZ rewrite logging on a per-zone basis

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt using the <code class="option">log</code> clause.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default preferred glue is now the address type of the

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt transport the query was received over.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem"><p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt On machines with 2 or more processors (CPU), the default value

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for the number of UDP listeners has been changed to the number

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of detected processors minus one.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li>

a179cbdf652095d00e7774320592f25eab0210d8Tinderbox User<li class="listitem"><p>

a179cbdf652095d00e7774320592f25eab0210d8Tinderbox User Zone transfers now use smaller message sizes to improve

a179cbdf652095d00e7774320592f25eab0210d8Tinderbox User message compression. This results in reduced network usage.

a179cbdf652095d00e7774320592f25eab0210d8Tinderbox User </p></li>

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User<li class="listitem">

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User<p>

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User Added support for the AVC resource record type (Application

6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User Visibility and Control).

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User </p>

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User<p>

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User Changed <span class="command"><strong>rndc reconfig</strong></span> behaviour so that newly

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User added zones are loaded asynchronously and the loading does not

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User block the server.

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User </p>

f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User</li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User None.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></li></ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User None.

46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User </p></li></ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="end_of_life"></a>End of Life</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The end of life for BIND 9.11 is yet to be determined but

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt will not be before BIND 9.13.0 has been released for 6 months.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Thank you to everyone who assisted us in making this release possible.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt If you would like to contribute to ISC to assist us in continuing to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt make quality open source software, please visit our donations page at

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navfooter">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation footer">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left">

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center">�</td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</td>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User</td>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>

9b3ef7211c28f97f5ecb507d2e2d474397238b44Tinderbox User<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0a2</p>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</body>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>