ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<html>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<head>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<title>Appendix�A.�Release Notes</title>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</head>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="navheader">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<table width="100%" summary="Navigation header">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<tr>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<td width="20%" align="left">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<th width="60%" align="center">�</th>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</td>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</tr>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</table>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<hr>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<div class="appendix" lang="en">

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<div class="titlepage"><div><div><h2 class="title">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="Bv9ARM.ch09"></a>Appendix�A.�Release Notes</h2></div></div></div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="toc">

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<p><b>Table of Contents</b></p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dl>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2585697">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><dl>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</dl></dd>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</dl>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="sect1" lang="en">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<a name="id2585697"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="sect2" lang="en">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="titlepage"><div><div><h3 class="title">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<a name="relnotes_intro"></a>Introduction</h3></div></div></div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews This document summarizes changes since the last production release

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews of BIND on the corresponding major release branch.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="sect2" lang="en">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="titlepage"><div><div><h3 class="title">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<a name="relnotes_download"></a>Download</h3></div></div></div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews The latest versions of BIND 9 software can always be found at

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews There you will find additional information about each release,

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews source code, and pre-compiled versions for Microsoft Windows

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews operating systems.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="sect2" lang="en">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="titlepage"><div><div><h3 class="title">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="itemizedlist"><ul type="disc">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews A flaw in delegation handling could be exploited to put

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">named</strong></span> into an infinite loop, in which

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews each lookup of a name server triggered additional lookups

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews of more name servers. This has been addressed by placing

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews limits on the number of levels of recursion

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">named</strong></span> will allow (default 7), and

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews on the number of queries that it will send before

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews terminating a recursive query (default 50).

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews The recursion depth limit is configured via the

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <code class="option">max-recursion-depth</code> option, and the query limit

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews via the <code class="option">max-recursion-queries</code> option.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews The flaw was discovered by Florian Maury of ANSSI, and is

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews disclosed in CVE-2014-8500. [RT #37580]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt</li>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<li>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt Two separate problems were identified in BIND's GeoIP code that

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt could lead to an assertion failure. One was triggered by use of

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews both IPv4 and IPv6 address families, the other by referencing

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews a GeoIP database in <code class="filename">named.conf</code> which was

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews not installed. Both are covered by CVE-2014-8680. [RT #37672]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews [RT #37679]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt A less serious security flaw was also found in GeoIP: changes

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt to the <span><strong class="command">geoip-directory</strong></span> option in

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="filename">named.conf</code> were ignored when running

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">rndc reconfig</strong></span>. In theory, this could allow

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">named</strong></span> to allow access to unintended clients.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</ul></div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="sect2" lang="en">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="titlepage"><div><div><h3 class="title">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="relnotes_features"></a>New Features</h3></div></div></div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="itemizedlist"><ul type="disc">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews The serial number of a dynamically updatable zone can

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews now be set using

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt This is particularly useful with <code class="option">inline-signing</code>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt zones that have been reset. Setting the serial number to a value

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt larger than that on the slaves will trigger an AXFR-style

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt transfer.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt When answering recursive queries, SERVFAIL responses can now be

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt cached by the server for a limited time; subsequent queries for

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the same query name and type will return another SERVFAIL until

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the cache times out. This reduces the frequency of retries

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews when a query is persistently failing, which can be a burden

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews on recursive serviers. The SERVFAIL cache timeout is controlled

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews by <code class="option">servfail-ttl</code>, which defaults to 10 seconds

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt and has an upper limit of 30.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The new <span><strong class="command">rndc nta</strong></span> command can now be used to

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews set a "negative trust anchor" (NTA), disabling DNSSEC validation for

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews a specific domain; this can be used when responses from a domain

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews are known to be failing validation due to administrative error

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews rather than because of a spoofing attack. NTAs are strictly

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews temporary; by default they expire after one hour, but can be

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt configured to last up to one week. The default NTA lifetime

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt can be changed by setting the <code class="option">nta-lifetime</code> in

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt <code class="filename">named.conf</code>. When added, NTAs are stored in a

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews file (<code class="filename"><em class="replaceable"><code>viewname</code></em>.nta</code>)

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews in order to persist across restarts of the named server.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews The EDNS Client Subnet (ECS) option is now supported for

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt authoritative servers; if a query contains an ECS option then

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt elements can match against the the address encoded in the option.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews This can be used to select a view for a query, so that different

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews answers can be provided depending on the client network.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<li><p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt The EDNS EXPIRE option has been implemented on the client

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt side, allowing a slave server to set the expiration timer

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt correctly when transferring zone data from another slave

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt server.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt A new <code class="option">masterfile-style</code> zone option controls

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the formatting of text zone files: When set to

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="literal">full</code>, the zone file will dumped in

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt single-line-per-record format.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">dig +ednsopt</strong></span> can now be used to set

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt arbitrary EDNS options in DNS requests.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">dig +ednsflags</strong></span> can now be used to set

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt yet-to-be-defined EDNS flags in DNS requests.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews disable EDNS version negotiation.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">dig +header-only</strong></span> can now be used to send

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt queries without a question section.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews to print TTL values with time-unit suffixes: w, d, h, m, s for

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews weeks, days, hours, minutes, and seconds.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">dig +zflag</strong></span> can be used to set the last

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt unassigned DNS header flag bit. This bit in normally zero.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews can now be used to set the DSCP code point in outgoing query

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews packets.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="option">serial-update-method</code> can now be set to

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="literal">date</code>. On update, the serial number will

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt be set to the current date in YYYYMMDDNN format.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt number to YYYYMMDDNN.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt causes named to send log messages to the specified file by

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews default instead of to the system log.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The rate limiter configured by the

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt <code class="option">serial-query-rate</code> option no longer covers

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt NOTIFY messages; those are now separately controlled by

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="option">notify-rate</code> and

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="option">startup-notify-rate</code> (the latter of which

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt controls the rate of NOTIFY messages sent when the server

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt is first started up or reconfigured).

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt The default number of tasks and client objects available

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt for serving lightweight resolver queries have been increased,

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt and are now configurable via the new <code class="option">lwres-tasks</code>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt and <code class="option">lwres-clients</code> options in

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <code class="filename">named.conf</code>. [RT #35857]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Log output to files can now be buffered by specifying

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">buffered yes;</strong></span> when creating a channel.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">delv +tcp</strong></span> will exclusively use TCP when

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt sending queries.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">named</strong></span> will now check to see whether

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt other name server processes are running before starting up.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt This is implemented in two ways: 1) by refusing to start

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt if the configured network interfaces all return "address

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt in use", and 2) by acquiring a file lock on

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="filename">/var/run/named/named.lock</code>, or on a different

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt file specified via the <span><strong class="command">named -X</strong></span> command

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt line option.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">rndc delzone</strong></span> can now be applied to zones

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt which were configured in <code class="filename">named.conf</code>;

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt it is no longer restricted to zones which were added by

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">rndc addzone</strong></span>. (Note, however, that

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt this does not edit <code class="filename">named.conf</code>; the zone

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt must be removed from the configuration or it will return

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt when <span><strong class="command">named</strong></span> is restarted or reloaded.)

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">rndc modzone</strong></span> can be used to reconfigure

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt a zone, using similar syntax to <span><strong class="command">rndc addzone</strong></span>.

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt <span><strong class="command">rndc showzone</strong></span> displays the current

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews configuration for a specified zone.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt Added server-side support for pipelined TCP queries. Clients

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews may continue sending queries via TCP while previous queries are

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews processed in parallel. Responses are sent when they are

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt ready, not necessarily in the order in which the queries were

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews received.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt To revert to the former behavior for a particular

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt client address or range of addresses, specify the address prefix

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt in the "keep-response-order" option. To revert to the former

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt behavior for all clients, use "keep-response-order { any; };".

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt </p>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt</li>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt</ul></div>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt</div>

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<div class="sect2" lang="en">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="titlepage"><div><div><h3 class="title">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="itemizedlist"><ul type="disc">

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt not correctly matched unless the full organization name was

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews specified in the ACL (as in

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt They can now match against the AS number alone (as in

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">geoip asnum "AS1234";</strong></span>).

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt When using native PKCS#11 cryptography (i.e.,

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt of up to 256 characters can now be used.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt NXDOMAIN responses to queries of type DS are now cached separately

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt from those for other types. This helps when using "grafted" zones

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt of type forward, for which the parent zone does not contain a

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews delegation, such as local top-level domains. Previously a query

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt of type DS for such a zone could cause the zone apex to be cached

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt as NXDOMAIN, blocking all subsequent queries. (Note: This

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt change is only helpful when DNSSEC validation is not enabled.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt "Grafted" zones without a delegation in the parent are not a

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt recommended configuration.)

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Update forwarding performance has been improved by allowing

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews a single TCP connection to be shared between multiple updates.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews By default, <span><strong class="command">nsupdate</strong></span> will now check

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews the correctness of hostnames when adding records of type

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews disabled with <span><strong class="command">check-names no</strong></span>.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews Added support for OPENPGPKEY type.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews The names of the files used to store managed keys and added

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews zones for each view are no longer based on the SHA256 hash

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews of the view name, except when this is necessary because the

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews view name contains characters that would be incompatible with use

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews as a file name. For views whose names do not contain forward

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews slashes ('/'), backslashes ('\'), or capital letters - which

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews could potentially cause namespace collision problems on

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews case-insensitive filesystems - files will now be named

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews after the view (for example, <code class="filename">internal.mkeys</code>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews or <code class="filename">external.nzf</code>). However, to ensure

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews consistent behavior when upgrading, if a file using the old

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt name format is found to exist, it will continue to be used.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews "rndc" can now return text output of arbitrary size to

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews the caller. (Prior to this, certain commands such as

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews "rndc tsig-list" and "rndc zonestatus" could return

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews truncated output.)

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Errors reported when running <span><strong class="command">rndc addzone</strong></span>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt (e.g., when a zone file cannot be loaded) have been clarified

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews to make it easier to diagnose problems.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews When encountering an authoritative name server whose name is

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews an alias pointing to another name, the resolver treats

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews this as an error and skips to the next server. Previously

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews this happened silently; now the error will be logged to

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews the newly-created "cname" log category.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt If named is not configured to validate the answer then

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews allow fallback to plain DNS on timeout even when we know

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the server supports EDNS. This will allow the server to

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt potentially resolve signed queries when TCP is being

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt blocked.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</ul></div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="sect2" lang="en">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="titlepage"><div><div><h3 class="title">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="itemizedlist"><ul type="disc">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">nslookup</strong></span> aborted when encountering

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews a name which, after appending search list elements,

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews exceeded 255 bytes. Such names are now skipped, but

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews processing of other names will continue. [RT #36892]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews The error message generated when

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">named-checkzone</strong></span> or

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <span><strong class="command">named-checkconf -z</strong></span> encounters a

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <code class="option">$TTL</code> directive without a value has

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews been clarified. [RT #37138]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews Semicolon characters (;) included in TXT records were

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews incorrectly escaped with a backslash when the record was

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews displayed as text. This is actually only necessary when there

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews are no quotation marks. [RT #37159]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews When files opened for writing by <span><strong class="command">named</strong></span>,

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews such as zone journal files, were referenced more than once

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews in <code class="filename">named.conf</code>, it could lead to file

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews corruption as multiple threads wrote to the same file. This

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews is now detected when loading <code class="filename">named.conf</code>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews and reported as an error. [RT #37172]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews When checking for updates to trust anchors listed in

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews now revalidates keys based on the current set of

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews active trust anchors, without relying on any cached

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews record of previous validation. [RT #37506]

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews Large-system tuning

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews (<span><strong class="command">configure --with-tuning=large</strong></span>) caused

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt problems on some platforms by setting a socket receive

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt buffer size that was too large. This is now detected and

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt corrected at run time. [RT #37187]

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews When NXDOMAIN redirection is in use, queries for a name

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt that is present in the redirection zone but a type that

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews is not present will now return NOERROR instead of NXDOMAIN.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<li><p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews Due to an inadvertent removal of code in the previous

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews release, when <span><strong class="command">named</strong></span> encountered an

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews authoritative name server which dropped all EDNS queries,

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt it did not always try plain DNS. This has been corrected.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt [RT #37965]

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt A regression caused nsupdate to use the default recursive servers

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt rather than the SOA MNAME server when sending the UPDATE.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Adjusted max-recursion-queries to accommodate the smaller

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt initial packet sizes used in BIND 9.10 and higher when

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews contacting authoritative servers for the first time.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Built-in "empty" zones did not correctly inherit the

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt "allow-transfer" ACL from the options or view. [RT #38310]

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<li><p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Two leaks were fixed that could cause <span><strong class="command">named</strong></span>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt processes to grow to very large sizes. [RT #38454]

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p></li>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</ul></div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="sect2" lang="en">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="titlepage"><div><div><h3 class="title">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="end_of_life"></a>End of Life</h3></div></div></div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The end of life for BIND 9.11 is yet to be determined but

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt will not be before BIND 9.13.0 has been released for 6 months.

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="sect2" lang="en">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<div class="titlepage"><div><div><h3 class="title">

a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews Thank you to everyone who assisted us in making this release possible.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews If you would like to contribute to ISC to assist us in continuing to

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews make quality open source software, please visit our donations page at

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews <a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews </p>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="navfooter">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<hr>

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<table width="100%" summary="Navigation footer">

ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<tr>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<td width="40%" align="left">

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<td width="20%" align="center">�</td>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</td>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</tr>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<tr>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</td>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</tr>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</table>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</div>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews<p style="text-align: center;">BIND 9.11.0pre-alpha</p>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</body>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews</html>

4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews