Bv9ARM.ch09.html revision cd32f419a8a5432fbb139f56ee73cbf68b9350cc
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<a name="Bv9ARM.ch09"></a>Appendix�A.�Release Notes</h2></div></div></div>
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2573688">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
6469eef791ebc5c7a38850c96db219f9a000c554Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<a name="id2573688"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<div class="titlepage"><div><div><h3 class="title">
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User This document summarizes changes since the last production release
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User of BIND on the corresponding major release branch.
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<div class="titlepage"><div><div><h3 class="title">
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<a name="relnotes_download"></a>Download</h3></div></div></div>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User The latest versions of BIND 9 software can always be found at
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User <a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User There you will find additional information about each release,
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User source code, and pre-compiled versions for Microsoft Windows
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User operating systems.
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<div class="titlepage"><div><div><h3 class="title">
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
a17033f2c453688fde9719bced70b44553431759Tinderbox User A flaw in delegation handling could be exploited to put
a17033f2c453688fde9719bced70b44553431759Tinderbox User <span><strong class="command">named</strong></span> into an infinite loop, in which
a17033f2c453688fde9719bced70b44553431759Tinderbox User each lookup of a name server triggered additional lookups
a17033f2c453688fde9719bced70b44553431759Tinderbox User of more name servers. This has been addressed by placing
a17033f2c453688fde9719bced70b44553431759Tinderbox User limits on the number of levels of recursion
a17033f2c453688fde9719bced70b44553431759Tinderbox User <span><strong class="command">named</strong></span> will allow (default 7), and
a17033f2c453688fde9719bced70b44553431759Tinderbox User on the number of queries that it will send before
a17033f2c453688fde9719bced70b44553431759Tinderbox User terminating a recursive query (default 50).
a17033f2c453688fde9719bced70b44553431759Tinderbox User The recursion depth limit is configured via the
a17033f2c453688fde9719bced70b44553431759Tinderbox User <code class="option">max-recursion-depth</code> option, and the query limit
a17033f2c453688fde9719bced70b44553431759Tinderbox User via the <code class="option">max-recursion-queries</code> option.
a17033f2c453688fde9719bced70b44553431759Tinderbox User The flaw was discovered by Florian Maury of ANSSI, and is
a17033f2c453688fde9719bced70b44553431759Tinderbox User disclosed in CVE-2014-8500. [RT #37580]
a17033f2c453688fde9719bced70b44553431759Tinderbox User Two separate problems were identified in BIND's GeoIP code that
a17033f2c453688fde9719bced70b44553431759Tinderbox User could lead to an assertion failure. One was triggered by use of
a17033f2c453688fde9719bced70b44553431759Tinderbox User both IPv4 and IPv6 address families, the other by referencing
a17033f2c453688fde9719bced70b44553431759Tinderbox User a GeoIP database in <code class="filename">named.conf</code> which was
a17033f2c453688fde9719bced70b44553431759Tinderbox User not installed. Both are covered by CVE-2014-8680. [RT #37672]
a17033f2c453688fde9719bced70b44553431759Tinderbox User A less serious security flaw was also found in GeoIP: changes
a17033f2c453688fde9719bced70b44553431759Tinderbox User to the <span><strong class="command">geoip-directory</strong></span> option in
a17033f2c453688fde9719bced70b44553431759Tinderbox User <code class="filename">named.conf</code> were ignored when running
a17033f2c453688fde9719bced70b44553431759Tinderbox User <span><strong class="command">rndc reconfig</strong></span>. In theory, this could allow
a17033f2c453688fde9719bced70b44553431759Tinderbox User <span><strong class="command">named</strong></span> to allow access to unintended clients.
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<div class="titlepage"><div><div><h3 class="title">
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<a name="relnotes_features"></a>New Features</h3></div></div></div>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User The serial number of a dynamically updatable zone can
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User now be set using
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User This is particularly useful with <code class="option">inline-signing</code>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User zones that have been reset. Setting the serial number to a value
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User larger than that on the slaves will trigger an AXFR-style
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User When answering recursive queries, SERVFAIL responses can now be
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User cached by the server for a limited time; subsequent queries for
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User the same query name and type will return another SERVFAIL until
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User the cache times out. This reduces the frequency of retries
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User when a query is persistently failing, which can be a burden
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User on recursive serviers. The SERVFAIL cache timeout is controlled
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User by <code class="option">servfail-ttl</code>, which defaults to 10 seconds
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User and has an upper limit of 30.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User The new <span><strong class="command">rndc nta</strong></span> command can now be used to
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User set a "negative trust anchor" (NTA), disabling DNSSEC validation for
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User a specific domain; this can be used when responses from a domain
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User are known to be failing validation due to administrative error
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User rather than because of a spoofing attack. NTAs are strictly
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User temporary; by default they expire after one hour, but can be
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User configured to last up to one week. The default NTA lifetime
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User can be changed by setting the <code class="option">nta-lifetime</code> in
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User The EDNS Client Subnet (ECS) option is now supported for
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User authoritative servers; if a query contains an ECS option then
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User elements can match against the the address encoded in the option.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User This can be used to select a view for a query, so that different
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User answers can be provided depending on the client network.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User The EDNS EXPIRE option has been implemented on the client
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User side, allowing a slave server to set the expiration timer
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User correctly when transferring zone data from another slave
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User A new <code class="option">masterfile-style</code> zone option controls
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User the formatting of text zone files: When set to
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="literal">full</code>, the zone file will dumped in
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User single-line-per-record format.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">dig +ednsopt</strong></span> can now be used to set
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User arbitrary EDNS options in DNS requests.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">dig +ednsflags</strong></span> can now be used to set
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User yet-to-be-defined EDNS flags in DNS requests.
def82e8de9ff45e29ab21e5aba9a39539138c1f4Tinderbox User <span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
def82e8de9ff45e29ab21e5aba9a39539138c1f4Tinderbox User disable EDNS version negotiation.
a3ff24aaa545c45b8c581b2127d02d735aff8881Tinderbox User <span><strong class="command">dig +header-only</strong></span> can now be used to send
a3ff24aaa545c45b8c581b2127d02d735aff8881Tinderbox User queries without a question section.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User to print TTL values with time-unit suffixes: w, d, h, m, s for
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User weeks, days, hours, minutes, and seconds.
def82e8de9ff45e29ab21e5aba9a39539138c1f4Tinderbox User <span><strong class="command">dig +zflag</strong></span> can be used to set the last
def82e8de9ff45e29ab21e5aba9a39539138c1f4Tinderbox User unassigned DNS header flag bit. This bit in normally zero.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User can now be used to set the DSCP code point in outgoing query
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="option">serial-update-method</code> can now be set to
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="literal">date</code>. On update, the serial number will
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User be set to the current date in YYYYMMDDNN format.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User number to YYYYMMDDNN.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User causes named to send log messages to the specified file by
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User default instead of to the system log.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User The rate limiter configured by the
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="option">serial-query-rate</code> option no longer covers
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User NOTIFY messages; those are now separately controlled by
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="option">startup-notify-rate</code> (the latter of which
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User controls the rate of NOTIFY messages sent when the server
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User is first started up or reconfigured).
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User The default number of tasks and client objects available
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User for serving lightweight resolver queries have been increased,
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User and are now configurable via the new <code class="option">lwres-tasks</code>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User and <code class="option">lwres-clients</code> options in
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="filename">named.conf</code>. [RT #35857]
a3ff24aaa545c45b8c581b2127d02d735aff8881Tinderbox User Log output to files can now be buffered by specifying
a3ff24aaa545c45b8c581b2127d02d735aff8881Tinderbox User <span><strong class="command">buffered yes;</strong></span> when creating a channel.
ddbd14ec13b6dc0130a94b46b6a3156549cb9911Tinderbox User <span><strong class="command">delv +tcp</strong></span> will exclusively use TCP when
ddbd14ec13b6dc0130a94b46b6a3156549cb9911Tinderbox User sending queries.
d5ece58e3bb75eb2dff7802f5ce9904dc4dce05fTinderbox User <span><strong class="command">named</strong></span> will now check to see whether
d5ece58e3bb75eb2dff7802f5ce9904dc4dce05fTinderbox User other name server processes are running before starting up.
d5ece58e3bb75eb2dff7802f5ce9904dc4dce05fTinderbox User This is implemented in two ways: 1) by refusing to start
d5ece58e3bb75eb2dff7802f5ce9904dc4dce05fTinderbox User if the configured network interfaces all return "address
d5ece58e3bb75eb2dff7802f5ce9904dc4dce05fTinderbox User in use", and 2) by acquiring a file lock on
d5ece58e3bb75eb2dff7802f5ce9904dc4dce05fTinderbox User <code class="filename">/var/run/named/named.lock</code>, or on a different
d5ece58e3bb75eb2dff7802f5ce9904dc4dce05fTinderbox User file specified via the <span><strong class="command">named -X</strong></span> command
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User <span><strong class="command">rndc delzone</strong></span> can now be applied to zones
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User which were configured in <code class="filename">named.conf</code>;
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User it is no longer restricted to zones which were added by
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User <span><strong class="command">rndc addzone</strong></span>. (Note, however, that
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User this does not edit <code class="filename">named.conf</code>; the zone
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User must be removed from the configuration or it will return
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User when <span><strong class="command">named</strong></span> is restarted or reloaded.)
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User <span><strong class="command">rndc showzone</strong></span> displays the current
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User configuration for a specified zone.
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<div class="titlepage"><div><div><h3 class="title">
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User not correctly matched unless the full organization name was
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User specified in the ACL (as in
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User They can now match against the AS number alone (as in
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">geoip asnum "AS1234";</strong></span>).
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User When using native PKCS#11 cryptography (i.e.,
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User of up to 256 characters can now be used.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User NXDOMAIN responses to queries of type DS are now cached separately
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User from those for other types. This helps when using "grafted" zones
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User of type forward, for which the parent zone does not contain a
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User delegation, such as local top-level domains. Previously a query
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User of type DS for such a zone could cause the zone apex to be cached
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User as NXDOMAIN, blocking all subsequent queries. (Note: This
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User change is only helpful when DNSSEC validation is not enabled.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User "Grafted" zones without a delegation in the parent are not a
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User recommended configuration.)
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User Update forwarding performance has been improved by allowing
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User a single TCP connection to be shared between multiple updates.
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User By default, <span><strong class="command">nsupdate</strong></span> will now check
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User the correctness of hostnames when adding records of type
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User disabled with <span><strong class="command">check-names no</strong></span>.
daf4204f82af39a71de8be039c2070aa605145a9Tinderbox User Added support for OPENPGPKEY type.
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User The names of the files used to store managed keys and added
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User zones for each view are no longer based on the SHA256 hash
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User of the view name, except when this is necessary because the
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User view name contains characters that would be incompatible with use
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User as a file name. For views whose names do not contain forward
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User slashes ('/'), backslashes ('\'), or capital letters - which
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User could potentially cause namespace collision problems on
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User case-insensitive filesystems - files will now be named
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User after the view (for example, <code class="filename">internal.mkeys</code>
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User or <code class="filename">external.nzf</code>). However, to ensure
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User consistent behavior when upgrading, if a file using the old
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User name format is found to exist, it will continue to be used.
ebca35d493a0f74b0fb3371b7f19ef80f99f156cTinderbox User "rndc" can now return text output of arbitrary size to
ebca35d493a0f74b0fb3371b7f19ef80f99f156cTinderbox User the caller. (Prior to this, certain commands such as
ebca35d493a0f74b0fb3371b7f19ef80f99f156cTinderbox User "rndc tsig-list" and "rndc zonestatus" could return
ebca35d493a0f74b0fb3371b7f19ef80f99f156cTinderbox User truncated output.)
a17033f2c453688fde9719bced70b44553431759Tinderbox User Errors reported when running <span><strong class="command">rndc addzone</strong></span>
a17033f2c453688fde9719bced70b44553431759Tinderbox User (e.g., when a zone file cannot be loaded) have been clarified
a17033f2c453688fde9719bced70b44553431759Tinderbox User to make it easier to diagnose problems.
88a2182a1ad4fc7af07272af6b05b74db7f28e52Tinderbox User When encountering an authoritative name server whose name is
88a2182a1ad4fc7af07272af6b05b74db7f28e52Tinderbox User an alias pointing to another name, the resolver treats
88a2182a1ad4fc7af07272af6b05b74db7f28e52Tinderbox User this as an error and skips to the next server. Previously
88a2182a1ad4fc7af07272af6b05b74db7f28e52Tinderbox User this happened silently; now the error will be logged to
88a2182a1ad4fc7af07272af6b05b74db7f28e52Tinderbox User the newly-created "cname" log category.
25ae0fd27c7f65d235511e9b20f97f6ba92a14cfTinderbox User If named is not configured to validate the answer then
25ae0fd27c7f65d235511e9b20f97f6ba92a14cfTinderbox User allow fallback to plain DNS on timeout even when we know
25ae0fd27c7f65d235511e9b20f97f6ba92a14cfTinderbox User the server supports EDNS. This will allow the server to
25ae0fd27c7f65d235511e9b20f97f6ba92a14cfTinderbox User potentially resolve signed queries when TCP is being
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<div class="titlepage"><div><div><h3 class="title">
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">nslookup</strong></span> aborted when encountering
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User a name which, after appending search list elements,
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User exceeded 255 bytes. Such names are now skipped, but
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User processing of other names will continue. [RT #36892]
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User The error message generated when
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">named-checkzone</strong></span> or
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <span><strong class="command">named-checkconf -z</strong></span> encounters a
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="option">$TTL</code> directive without a value has
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User been clarified. [RT #37138]
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User Semicolon characters (;) included in TXT records were
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User incorrectly escaped with a backslash when the record was
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User displayed as text. This is actually only necessary when there
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User are no quotation marks. [RT #37159]
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User When files opened for writing by <span><strong class="command">named</strong></span>,
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User such as zone journal files, were referenced more than once
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User in <code class="filename">named.conf</code>, it could lead to file
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User corruption as multiple threads wrote to the same file. This
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User is now detected when loading <code class="filename">named.conf</code>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User and reported as an error. [RT #37172]
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User When checking for updates to trust anchors listed in
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User <code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User now revalidates keys based on the current set of
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User active trust anchors, without relying on any cached
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User record of previous validation. [RT #37506]
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User Large-system tuning
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User (<span><strong class="command">configure --with-tuning=large</strong></span>) caused
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User problems on some platforms by setting a socket receive
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User buffer size that was too large. This is now detected and
eaaf00efc02fdd4965f747afb51f881ac5a389d2Tinderbox User corrected at run time. [RT #37187]
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User When NXDOMAIN redirection is in use, queries for a name
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User that is present in the redirection zone but a type that
369963ad26cef09c3839d76c74c2d856f91be27aTinderbox User is not present will now return NOERROR instead of NXDOMAIN.
ab3bdbd2ee61b06fa1dc4d3adbcff46cd808185aTinderbox User Due to an inadvertent removal of code in the previous
ab3bdbd2ee61b06fa1dc4d3adbcff46cd808185aTinderbox User release, when <span><strong class="command">named</strong></span> encountered an
ab3bdbd2ee61b06fa1dc4d3adbcff46cd808185aTinderbox User authoritative name server which dropped all EDNS queries,
ab3bdbd2ee61b06fa1dc4d3adbcff46cd808185aTinderbox User it did not always try plain DNS. This has been corrected.
25ae0fd27c7f65d235511e9b20f97f6ba92a14cfTinderbox User A regression caused nsupdate to use the default recursive servers
25ae0fd27c7f65d235511e9b20f97f6ba92a14cfTinderbox User rather than the SOA MNAME server when sending the UPDATE.
c60ee6edf129596fa04db86c6865d75b5a412598Tinderbox User Adjusted max-recursion-queries to accommodate the smaller
c60ee6edf129596fa04db86c6865d75b5a412598Tinderbox User initial packet sizes used in BIND 9.10 and higher when
c60ee6edf129596fa04db86c6865d75b5a412598Tinderbox User contacting authoritative servers for the first time.
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<div class="titlepage"><div><div><h3 class="title">
6469eef791ebc5c7a38850c96db219f9a000c554Tinderbox User<a name="end_of_life"></a>End of Life</h3></div></div></div>
6469eef791ebc5c7a38850c96db219f9a000c554Tinderbox User The end of life for BIND 9.11 is yet to be determined but
6469eef791ebc5c7a38850c96db219f9a000c554Tinderbox User will not be before BIND 9.13.0 has been released for 6 months.
6469eef791ebc5c7a38850c96db219f9a000c554Tinderbox User <a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
6469eef791ebc5c7a38850c96db219f9a000c554Tinderbox User<div class="titlepage"><div><div><h3 class="title">
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User Thank you to everyone who assisted us in making this release possible.
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User If you would like to contribute to ISC to assist us in continuing to
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User make quality open source software, please visit our donations page at
2fa992d017c027173a47c834db88bef10df453c0Tinderbox User <a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
30c0c7470d5bfabd8f43c563f4eca636d06cc484Tinderbox User<p style="text-align: center;">BIND 9.11.0pre-alpha</p>