Bv9ARM.ch09.html revision d605cf32834fd19b7d16848655cdb5e458f34aa5
cd348e325366620fe047edcc849e3c9424828599Peter Bray<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
0ca9a2c194523c517c3aafe5758e217ac88d6baaLubos Kosco - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray - This Source Code Form is subject to the terms of the Mozilla Public
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray - License, v. 2.0. If a copy of the MPL was not distributed with this
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal - file, You can obtain one at http://mozilla.org/MPL/2.0/.
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c577d2f6c082eaff9af5bc997d12f3d3bcef537cPeter Bray<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c577d2f6c082eaff9af5bc997d12f3d3bcef537cPeter Bray<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>
d961aa46ea0d50fed47802497e45226b1965b12dVladimir Kotal<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<div class="titlepage"><div><div><h1 class="title">
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.3b1</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
b17cb0705d90907337b3528aa7b8ed1700806f26Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#proto_changes">Protocol Changes</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<div class="titlepage"><div><div><h2 class="title" style="clear: both">
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.3b1</h2></div></div></div>
c577d2f6c082eaff9af5bc997d12f3d3bcef537cPeter Bray<div class="titlepage"><div><div><h3 class="title">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal This document summarizes changes since the last production
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal release on the BIND 9.11 branch.
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal Please see the <code class="filename">CHANGES</code> file for a further
cd348e325366620fe047edcc849e3c9424828599Peter Bray list of bug fixes and other changes.
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<div class="titlepage"><div><div><h3 class="title">
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal<a name="relnotes_download"></a>Download</h3></div></div></div>
fbf97ea1786d1e25add88bbfb91810170473bc9fLubos Kosco The latest versions of BIND 9 software can always be found at
fbf97ea1786d1e25add88bbfb91810170473bc9fLubos Kosco <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
fbf97ea1786d1e25add88bbfb91810170473bc9fLubos Kosco There you will find additional information about each release,
fbf97ea1786d1e25add88bbfb91810170473bc9fLubos Kosco source code, and pre-compiled versions for Microsoft Windows
fbf97ea1786d1e25add88bbfb91810170473bc9fLubos Kosco operating systems.
f21b682cd9b414738a4f5a38b56f6682e537e1d2Trond Norbye<div class="titlepage"><div><div><h3 class="title">
f21b682cd9b414738a4f5a38b56f6682e537e1d2Trond Norbye<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
cd348e325366620fe047edcc849e3c9424828599Peter Bray ICANN is in the process of introducing a new Key Signing Key (KSK) for
cd348e325366620fe047edcc849e3c9424828599Peter Bray the global root zone. BIND has multiple methods for managing DNSSEC
cd348e325366620fe047edcc849e3c9424828599Peter Bray trust anchors, with somewhat different behaviors. If the root
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray key is configured using the <span class="command"><strong>managed-keys</strong></span>
cd348e325366620fe047edcc849e3c9424828599Peter Bray statement, or if the pre-configured root key is enabled by using
2cf31ec93bd5d8a2efeab511ce051da51e69aedaLubos Kosco <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep keys up
2cf31ec93bd5d8a2efeab511ce051da51e69aedaLubos Kosco to date automatically. Servers configured in this way should have
43dac746513591adbd09bc4f417feb385f4fd87eVladimir Kotal begun the process of rolling to the new key when it was published in
43dac746513591adbd09bc4f417feb385f4fd87eVladimir Kotal the root zone in July 2017. However, keys configured using the
2cf31ec93bd5d8a2efeab511ce051da51e69aedaLubos Kosco <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
43dac746513591adbd09bc4f417feb385f4fd87eVladimir Kotal maintained. If your server is performing DNSSEC validation and is
43dac746513591adbd09bc4f417feb385f4fd87eVladimir Kotal configured using <span class="command"><strong>trusted-keys</strong></span>, you are advised to
2cf31ec93bd5d8a2efeab511ce051da51e69aedaLubos Kosco change your configuration before the root zone begins signing with
0ca9a2c194523c517c3aafe5758e217ac88d6baaLubos Kosco the new KSK. This is currently scheduled for October 11, 2017.
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray This release includes an updated version of the
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray <code class="filename">bind.keys</code> file containing the new root
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray key. This file can also be downloaded from
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray <a class="link" href="https://www.isc.org/bind-keys" target="_top">
cd348e325366620fe047edcc849e3c9424828599Peter Bray<div class="titlepage"><div><div><h3 class="title">
cd348e325366620fe047edcc849e3c9424828599Peter Bray<a name="relnotes_license"></a>License Change</h3></div></div></div>
cd348e325366620fe047edcc849e3c9424828599Peter Bray With the release of BIND 9.11.0, ISC changed to the open
cd348e325366620fe047edcc849e3c9424828599Peter Bray source license for BIND from the ISC license to the Mozilla
cd348e325366620fe047edcc849e3c9424828599Peter Bray Public License (MPL 2.0).
cd348e325366620fe047edcc849e3c9424828599Peter Bray The MPL-2.0 license requires that if you make changes to
cd348e325366620fe047edcc849e3c9424828599Peter Bray licensed software (e.g. BIND) and distribute them outside
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray your organization, that you publish those changes under that
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray same license. It does not require that you publish or disclose
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray anything other than the changes you made to our software.
0ca9a2c194523c517c3aafe5758e217ac88d6baaLubos Kosco This requirement will not affect anyone who is using BIND, with
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray or without modifications, without redistributing it, nor anyone
5762c9f28c2246777be0e9d49cb29d9c0f49146dLubos Kosco redistributing it without changes. Therefore, this change will be
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray without consequence for most individuals and organizations who are
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray Those unsure whether or not the license change affects their
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray use of BIND, or who wish to discuss how to comply with the
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
5e6c91d7e77062129cd0b6ac8aaa546dff216419Lubos Kosco<div class="titlepage"><div><div><h3 class="title">
c83dfde6b364917fa8ed28142d509a7c29a4da68Vladimir Kotal<a name="win_support"></a>Legacy Windows No Longer Supported</h3></div></div></div>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
cd348e325366620fe047edcc849e3c9424828599Peter Bray platforms for BIND; "XP" binaries are no longer available for download
cd348e325366620fe047edcc849e3c9424828599Peter Bray<div class="titlepage"><div><div><h3 class="title">
cd348e325366620fe047edcc849e3c9424828599Peter Bray<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
cd348e325366620fe047edcc849e3c9424828599Peter Bray <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
0b2998be561e7bf5e3479d686a5af36f712b0d9aVladimir Kotal An error in TSIG handling could permit unauthorized zone
0b2998be561e7bf5e3479d686a5af36f712b0d9aVladimir Kotal transfers or zone updates. These flaws are disclosed in
cd348e325366620fe047edcc849e3c9424828599Peter Bray CVE-2017-3142 and CVE-2017-3143. [RT #45383]
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray The BIND installer on Windows used an unquoted service path,
cd348e325366620fe047edcc849e3c9424828599Peter Bray which can enable privilege escalation. This flaw is disclosed
c842732324ee4c74ede17887ad1f0dcdc4364a2cLubos Kosco in CVE-2017-3141. [RT #45229]
c842732324ee4c74ede17887ad1f0dcdc4364a2cLubos Kosco With certain RPZ configurations, a response with TTL 0
c842732324ee4c74ede17887ad1f0dcdc4364a2cLubos Kosco could cause <span class="command"><strong>named</strong></span> to go into an infinite
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray query loop. This flaw is disclosed in CVE-2017-3140.
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray Addresses could be referenced after being freed during resolver
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray processing, causing an assertion failure. The chances of this
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray happening were remote, but the introduction of a delay in
cd348e325366620fe047edcc849e3c9424828599Peter Bray resolution increased them. This bug is disclosed in
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray CVE-2017-3145. [RT #46839]
d961aa46ea0d50fed47802497e45226b1965b12dVladimir Kotal update-policy rules that otherwise ignore the name field now
e9dbb478e3339d96ce4f0af5c6ab7e1d35ebb86dVladimir Kotal require that it be set to "." to ensure that any type list
d961aa46ea0d50fed47802497e45226b1965b12dVladimir Kotal present is properly interpreted. If the name field was omitted
d961aa46ea0d50fed47802497e45226b1965b12dVladimir Kotal from the rule declaration and a type list was present it wouldn't
d961aa46ea0d50fed47802497e45226b1965b12dVladimir Kotal be interpreted as expected.
cd348e325366620fe047edcc849e3c9424828599Peter Bray<div class="titlepage"><div><div><h3 class="title">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
cd348e325366620fe047edcc849e3c9424828599Peter Bray <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
56d93b0c761868f813ac0bc0b5bc21a7a9fefd89Vladimir Kotal The ISC DNSSEC Lookaside Validation (DLV) service has
4f3c0816485669143aa54f1c6461fcb47cf5bc5cVladimir Kotal been shut down; all DLV records in the dlv.isc.org zone
4f3c0816485669143aa54f1c6461fcb47cf5bc5cVladimir Kotal have been removed. References to the service have been
2b024356b830395446c55f50f9f724a63612e578Lubos Kosco removed from BIND documentation. Lookaside validation
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray is no longer used by default by <span class="command"><strong>delv</strong></span>.
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray The DLV key has been removed from <code class="filename">bind.keys</code>.
5762c9f28c2246777be0e9d49cb29d9c0f49146dLubos Kosco Setting <span class="command"><strong>dnssec-lookaside</strong></span> to
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray <span class="command"><strong>auto</strong></span> or to use dlv.isc.org as a trust
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray anchor results in a warning being issued.
c842732324ee4c74ede17887ad1f0dcdc4364a2cLubos Kosco<div class="titlepage"><div><div><h3 class="title">
d6ee3934a24d8ccc0e4bb478405d8e5f6a35825dLubos Kosco<a name="proto_changes"></a>Protocol Changes</h3></div></div></div>
c842732324ee4c74ede17887ad1f0dcdc4364a2cLubos Kosco <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
d6ee3934a24d8ccc0e4bb478405d8e5f6a35825dLubos Kosco BIND can now use the Ed25519 and Ed448 Edwards Curve DNSSEC
b17cb0705d90907337b3528aa7b8ed1700806f26Vladimir Kotal signing algorithms described in RFC 8080. Note, however, that
8f8c3f4555e5aa3160f03f2e9c55ddbd3381357bLubos Kosco these algorithms must be supported in OpenSSL;
d6ee3934a24d8ccc0e4bb478405d8e5f6a35825dLubos Kosco currently they are only available in the development branch
8f8c3f4555e5aa3160f03f2e9c55ddbd3381357bLubos Kosco of OpenSSL at
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray <a class="link" href="https://github.com/openssl/openssl" target="_top">
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray When parsing DNS messages, EDNS KEY TAG options are checked
2cf31ec93bd5d8a2efeab511ce051da51e69aedaLubos Kosco for correctness. When printing messages (for example, in
2cf31ec93bd5d8a2efeab511ce051da51e69aedaLubos Kosco <span class="command"><strong>dig</strong></span>), EDNS KEY TAG options are printed
2cf31ec93bd5d8a2efeab511ce051da51e69aedaLubos Kosco in readable format.
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray<div class="titlepage"><div><div><h3 class="title">
1a5c2ab40bd94d2b2c63afda767ce7bbf29ecc4bJan Friedel<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
5762c9f28c2246777be0e9d49cb29d9c0f49146dLubos Kosco <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
e87f836e908f8279021f79c8f7bcef98e99d126eLubos Kosco <span class="command"><strong>named</strong></span> will no longer start or accept
e87f836e908f8279021f79c8f7bcef98e99d126eLubos Kosco reconfiguration if <span class="command"><strong>managed-keys</strong></span> or
e87f836e908f8279021f79c8f7bcef98e99d126eLubos Kosco <span class="command"><strong>dnssec-validation auto</strong></span> are in use and
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray the managed-keys directory (specified by
5762c9f28c2246777be0e9d49cb29d9c0f49146dLubos Kosco <span class="command"><strong>managed-keys-directory</strong></span>, and defaulting
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray to the working directory if not specified),
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray is not writable by the effective user ID. [RT #46077]
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal Previously, <span class="command"><strong>update-policy local;</strong></span> accepted
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal updates from any source so long as they were signed by the
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal locally-generated session key. This has been further restricted;
6c8465e3b4611cb632cba9b0572e3e3737c8c341Vladimir Kotal updates are now only accepted from locally configured addresses.
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray <span class="command"><strong>dig +ednsopt</strong></span> now accepts the names
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray for EDNS options in addition to numeric values. For example,
cd71fb134e037849c77364b50940b1870c4684ceVladimir Kotal an EDNS Client-Subnet option could be sent using
5762c9f28c2246777be0e9d49cb29d9c0f49146dLubos Kosco <span class="command"><strong>dig +ednsopt=ecs:...</strong></span>. Thanks to
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray John Worley of Secure64 for the contribution. [RT #44461]
2b024356b830395446c55f50f9f724a63612e578Lubos Kosco Threads in <span class="command"><strong>named</strong></span> are now set to human-readable
2b024356b830395446c55f50f9f724a63612e578Lubos Kosco names to assist debugging on operating systems that support that.
2b024356b830395446c55f50f9f724a63612e578Lubos Kosco Threads will have names such as "isc-timer", "isc-sockmgr",
2b024356b830395446c55f50f9f724a63612e578Lubos Kosco "isc-worker0001", and so on. This will affect the reporting of
2b024356b830395446c55f50f9f724a63612e578Lubos Kosco subsidiary thread names in <span class="command"><strong>ps</strong></span> and
0ca9a2c194523c517c3aafe5758e217ac88d6baaLubos Kosco <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray DiG now warns about .local queries which are reserved for
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray Multicast DNS. [RT #44783]
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<div class="titlepage"><div><div><h3 class="title">
cd348e325366620fe047edcc849e3c9424828599Peter Bray<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray Attempting to validate improperly unsigned CNAME responses
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray from secure zones could cause a validator loop. This caused
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray a delay in returning SERVFAIL and also increased the chances
d280c5e286f5b98be13237f52281ae5afdcf51b9Peter Bray of encountering the crash bug described in CVE-2017-3145.
3ba66fbb56ef22f183da783a1b2718280c357a4eStanislav Kozina When <span class="command"><strong>named</strong></span> was reconfigured, failure of some
3ba66fbb56ef22f183da783a1b2718280c357a4eStanislav Kozina zones to load correctly could leave the system in an inconsistent
3ba66fbb56ef22f183da783a1b2718280c357a4eStanislav Kozina state; while generally harmless, this could lead to a crash later
3ba66fbb56ef22f183da783a1b2718280c357a4eStanislav Kozina when using <span class="command"><strong>rndc addzone</strong></span>. Reconfiguration changes
3ba66fbb56ef22f183da783a1b2718280c357a4eStanislav Kozina are now fully rolled back in the event of failure. [RT #45841]
cd348e325366620fe047edcc849e3c9424828599Peter Bray Fixed a bug that was introduced in an earlier development
cd348e325366620fe047edcc849e3c9424828599Peter Bray release which caused multi-packet AXFR and IXFR messages to fail
cd348e325366620fe047edcc849e3c9424828599Peter Bray validation if not all packets contained TSIG records; this
cd348e325366620fe047edcc849e3c9424828599Peter Bray caused interoperability problems with some other DNS
cd348e325366620fe047edcc849e3c9424828599Peter Bray implementations. [RT #45509]
cd348e325366620fe047edcc849e3c9424828599Peter Bray Reloading or reconfiguring <span class="command"><strong>named</strong></span> could
cd348e325366620fe047edcc849e3c9424828599Peter Bray fail on some platforms when LMDB was in use. [RT #45203]
c577d2f6c082eaff9af5bc997d12f3d3bcef537cPeter Bray Due to some incorrectly deleted code, when BIND was
c577d2f6c082eaff9af5bc997d12f3d3bcef537cPeter Bray built with LMDB, zones that were deleted via
8f8c3f4555e5aa3160f03f2e9c55ddbd3381357bLubos Kosco <span class="command"><strong>rndc delzone</strong></span> were removed from the
d0767114e1a949e4a42358f5aeaa08590b87cd80Trond Norbye running server but were not removed from the new zone
3a5046f0538ba9fb3a9429199544a9f4b93d9a4dLubos Kosco database, so that deletion did not persist after a
3a5046f0538ba9fb3a9429199544a9f4b93d9a4dLubos Kosco server restart. This has been corrected. [RT #45185]
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray Semicolons are no longer escaped when printing CAA and
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray URI records. This may break applications that depend on the
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray presence of the backslash before the semicolon. [RT #45216]
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray AD could be set on truncated answer with no records present
0ca9a2c194523c517c3aafe5758e217ac88d6baaLubos Kosco in the answer and authority sections. [RT #45140]
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray Some header files included <isc/util.h> incorrectly as
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray it pollutes with namespace with non ISC_ macros and this should
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray only be done by explicitly including <isc/util.h>. This
0ca9a2c194523c517c3aafe5758e217ac88d6baaLubos Kosco has been corrected. Some code may depend on <isc/util.h>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray being implicitly included via other header files. Such
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray code should explicitly include <isc/util.h>.
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray Zones created with <span class="command"><strong>rndc addzone</strong></span> could
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray temporarily fail to inherit the <span class="command"><strong>allow-transfer</strong></span>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray ACL set in the <span class="command"><strong>options</strong></span> section of
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray <code class="filename">named.conf</code>. [RT #46603]
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray <span class="command"><strong>named</strong></span> failed to properly determine whether
c83dfde6b364917fa8ed28142d509a7c29a4da68Vladimir Kotal there were active KSK and ZSK keys for an algorithm when
c83dfde6b364917fa8ed28142d509a7c29a4da68Vladimir Kotal <span class="command"><strong>update-check-ksk</strong></span> was true (which is the
c83dfde6b364917fa8ed28142d509a7c29a4da68Vladimir Kotal default setting). This could leave records unsigned
c83dfde6b364917fa8ed28142d509a7c29a4da68Vladimir Kotal when rolling keys. [RT #46743] [RT #46754] [RT #46774]
cd348e325366620fe047edcc849e3c9424828599Peter Bray<div class="titlepage"><div><div><h3 class="title">
cd348e325366620fe047edcc849e3c9424828599Peter Bray<a name="end_of_life"></a>End of Life</h3></div></div></div>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray The end of life for BIND 9.11 is yet to be determined but
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray will not be before BIND 9.13.0 has been released for 6 months.
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<div class="titlepage"><div><div><h3 class="title">
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
d0767114e1a949e4a42358f5aeaa08590b87cd80Trond Norbye Thank you to everyone who assisted us in making this release possible.
d0767114e1a949e4a42358f5aeaa08590b87cd80Trond Norbye If you would like to contribute to ISC to assist us in continuing to
56d93b0c761868f813ac0bc0b5bc21a7a9fefd89Vladimir Kotal make quality open source software, please visit our donations page at
d0767114e1a949e4a42358f5aeaa08590b87cd80Trond Norbye <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
d0767114e1a949e4a42358f5aeaa08590b87cd80Trond Norbye<table width="100%" summary="Navigation footer">
d0767114e1a949e4a42358f5aeaa08590b87cd80Trond Norbye<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
d2a02e104622a26dd90fa88f4f17188f2039809fPeter Bray<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
d0767114e1a949e4a42358f5aeaa08590b87cd80Trond Norbye<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3b1 (Extended Support Version)</p>