doc/arm/Bv9ARM.ch09.html

	Bv9ARM.ch09.html revision bfb7b680bf88c1fdd9949197b71c512c532280a4
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater<!--
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2017 Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - This Source Code Form is subject to the terms of the Mozilla Public
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - License, v. 2.0. If a copy of the MPL was not distributed with this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - file, You can obtain one at http://mozilla.org/MPL/2.0/.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>Appendix�A.�Release Notes</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navheader">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation header">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<th width="60%" align="center">�</th>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="appendix">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h1 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="toc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><b>Table of Contents</b></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dl class="toc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.2</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Windows XP No Longer Supported</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#proto_changes">Protocol Changes</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater</dl></dd>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater</dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <div class="section">
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.2</h2></div></div></div>
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater  <div class="section">
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater<div class="titlepage"><div><div><h3 class="title">
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater      This document summarizes changes since the last production
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater      release on the BIND 9.11 branch.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Please see the <code class="filename">CHANGES</code> file for a further
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      list of bug fixes and other changes.
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater    </p>
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater  </div>
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_download"></a>Download</h3></div></div></div>
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater    <p>
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater      The latest versions of BIND 9 software can always be found at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      There you will find additional information about each release,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      source code, and pre-compiled versions for Microsoft Windows
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      operating systems.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      ICANN is in the process of introducing a new Key Signing Key (KSK) for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the global root zone. BIND has multiple methods for managing DNSSEC
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      trust anchors, with somewhat different behaviors. If the root
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      key is configured using the <span class="command"><strong>managed-keys</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      statement, or if the pre-configured root key is enabled by using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep keys up
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      to date automatically. Servers configured in this way should have
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      begun the process of rolling to the new key when it was published in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the root zone in July 2017. However, keys configured using the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      maintained. If your server is performing DNSSEC validation and is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      configured using <span class="command"><strong>trusted-keys</strong></span>, you are advised to
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews      change your configuration before the root zone begins signing with
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      the new KSK. This is currently scheduled for October 11, 2017.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      This release includes an updated version of the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <code class="filename">bind.keys</code> file containing the new root
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      key. This file can also be downloaded from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="https://www.isc.org/bind-keys" target="_top">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    https://www.isc.org/bind-keys
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_license"></a>License Change</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews      With the release of BIND 9.11.0, ISC changed to the open
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews      source license for BIND from the ISC license to the Mozilla
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews      Public License (MPL 2.0).
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews    </p>
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews    <p>
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews      The MPL-2.0 license requires that if you make changes to
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews      licensed software (e.g. BIND) and distribute them outside
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews      your organization, that you publish those changes under that
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews      same license. It does not require that you publish or disclose
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      anything other than the changes you made to our software.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater    <p>
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater      This new requirement will not affect anyone who is using BIND
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater      without redistributing it, nor anyone redistributing it without
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater      changes, therefore this change will be without consequence
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater      for most individuals and organizations who are using BIND.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Those unsure whether or not the license change affects their
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      use of BIND, or who wish to discuss how to comply with the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      https://www.isc.org/mission/contact/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="win_support"></a>Windows XP No Longer Supported</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      As of BIND 9.11.2, Windows XP is no longer a supported platform for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      BIND, and Windows XP binaries are no longer available for download
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      from ISC.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      An error in TSIG handling could permit unauthorized zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      transfers or zone updates. These flaws are disclosed in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      CVE-2017-3142 and CVE-2017-3143. [RT #45383]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The BIND installer on Windows used an unquoted service path,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      which can enable privilege escalation. This flaw is disclosed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      in CVE-2017-3141. [RT #45229]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      With certain RPZ configurations, a response with TTL 0
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      could cause <span class="command"><strong>named</strong></span> to go into an infinite
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      query loop. This flaw is disclosed in CVE-2017-3140.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #45181]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="proto_changes"></a>Protocol Changes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      BIND can now use the Ed25519 and Ed448 Edwards Curve DNSSEC
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      signing algorithms described in RFC 8080. Note, however, that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      these algorithms must be supported in OpenSSL;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      currently they are only available in the development branch
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      of OpenSSL at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="https://github.com/openssl/openssl" target="_top">https://github.com/openssl/openssl</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #44696]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li></ul></div>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>dig +ednsopt</strong></span> now accepts the names
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      for EDNS options in addition to numeric values. For example,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      an EDNS Client-Subnet option could be sent using
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      <span class="command"><strong>dig +ednsopt=ecs:...</strong></span>. Thanks to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      John Worley of Secure64 for the contribution. [RT #44461]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Threads in <span class="command"><strong>named</strong></span> are now set to human-readable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      names to assist debugging on operating systems that support that.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Threads will have names such as "isc-timer", "isc-sockmgr",
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      "isc-worker0001", and so on. This will affect the reporting of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      subsidiary thread names in <span class="command"><strong>ps</strong></span> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </li>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      DiG now warns about .local queries which are reserved for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Multicast DNS. [RT #44783]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews<li class="listitem">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Fixed a bug that was introduced in an earlier development
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      release which caused multi-packet AXFR and IXFR messages to fail
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      validation if not all packets contained TSIG records; this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      caused interoperability problems with some other DNS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      implementations. [RT #45509]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews    <p>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews      Reloading or reconfiguring <span class="command"><strong>named</strong></span> could
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      fail on some platforms when LMDB was in use. [RT #45203]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Due to some incorrectly deleted code, when BIND was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      built with LMDB, zones that were deleted via
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>rndc delzone</strong></span> were removed from the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      running server but were not removed from the new zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      database, so that deletion did not persist after a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      server restart. This has been corrected. [RT #45185]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Semicolons are no longer escaped when printing CAA and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      URI records.  This may break applications that depend on the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      presence of the backslash before the semicolon. [RT #45216]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      AD could be set on truncated answer with no records present
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      in the answer and authority sections. [RT #45140]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
2cc6eb92f9443695bc32fa6eed372d983d261a35Automatic Updater<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="end_of_life"></a>End of Life</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The end of life for BIND 9.11 is yet to be determined but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      will not be before BIND 9.13.0 has been released for 6 months.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Thank you to everyone who assisted us in making this release possible.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If you would like to contribute to ISC to assist us in continuing to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      make quality open source software, please visit our donations page at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navfooter">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation footer">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center">�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.2</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</body>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein