Bv9ARM.ch09.html revision eb2a5f51bd5c100799d93d51c9e22666cbd64d90
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!--
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2000-2015 Internet Systems Consortium, Inc. ("ISC")
32098293b78922a5fbd10906afa28624820d3756Tinderbox User -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - This Source Code Form is subject to the terms of the Mozilla Public
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>Appendix�A.�Release Notes</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navheader">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation header">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<th width="60%" align="center">�</th>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="appendix">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h1 class="title">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="toc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><b>Table of Contents</b></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dl class="toc">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.0b2</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dd><dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</dl></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User</div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="section">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.0b2</h2></div></div></div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="section">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="titlepage"><div><div><h3 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<p>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User BIND 9.11.0 is a new feature release of BIND, still under development.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User This document summarizes new features and functional changes that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein have been introduced on this branch. With each development
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User release leading up to the final BIND 9.11.0 release, this document
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt will be updated with additional features added and bugs fixed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_download"></a>Download</h3></div></div></div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<p>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater The latest versions of BIND 9 software can always be found at
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User There you will find additional information about each release,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater source code, and pre-compiled versions for Microsoft Windows
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User operating systems.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="section">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="titlepage"><div><div><h3 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_license"></a>License Change</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User With the release of BIND 9.11.0, ISC is changing the open
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein source license for BIND from the ISC license to the Mozilla
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Public License (MPL 2.0). This change is effective from BIND
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 9.11.0b1 onwards.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The MPL-2.0 license requires that if you make changes to
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User licensed software (e.g. BIND) and distribute them outside
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User your organization, that you publish those changes under that
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User same license. It does not require that you publish or disclose
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt anything other than the changes you made to our software.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This new requirement will not affect anyone who is using BIND
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt without redistributing it, nor anyone redistributing it without
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt changes, therefore this change will be without consequence
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for most individuals and organizations who are using BIND.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Those unsure whether or not the license change affects their
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User use of BIND, or who wish to discuss how to comply with the
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews https://www.isc.org/mission/contact/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews</div>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein getrrsetbyname with a non absolute name could trigger an
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User infinite recursion bug in lwresd and named with lwres
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User configured if when combined with a search list entry the
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews resulting name is too long. This flaw is disclosed in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein CVE-2016-2775. [RT #42694]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li></ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="section">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_features"></a>New Features</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews A new method of provisioning secondary servers called
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "Catalog Zones" has been added. This is an implementation of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a class="link" href="https://datatracker.ietf.org/doc/draft-muks-dnsop-dns-catalog-zones/" target="_top">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User draft-muks-dnsop-dns-catalog-zones/
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A catalog zone is a regular DNS zone which contains a list
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of "member zones", along with the configuration options for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein each of those zones. When a server is configured to use a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein catalog zone, all the zones listed in the catalog zone are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein added to the local server as slave zones. When the catalog
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone is updated (e.g., by adding or removing zones, or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein changing configuration options for existing zones) those
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein changes will be put into effect. Since the catalog zone is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein itself a DNS zone, this means configuration changes can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein propagated to slaves using the standard AXFR/IXFR update
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mechanism.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This feature should be considered experimental. It currently
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein supports only basic features; more advanced features such as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ACLs and TSIG keys are not yet supported. Example catalog
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone configurations can be found in the Chapter 9 of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein BIND Administrator Reference Manual.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Support for master entries with TSIG keys has been added to catalog
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zones, as well as support for allow-query and allow-transfer.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Added an <span class="command"><strong>isc.rndc</strong></span> Python module, which allows
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>rndc</strong></span> commands to be sent from Python programs.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Added support for DynDB, a new interface for loading zone data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from an external database, developed by Red Hat for the FreeIPA
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein project. (Thanks in particular to Adam Tkac and Petr
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Spacek of Red Hat for the contribution.)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Unlike the existing DLZ and SDB interfaces, which provide a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews limited subset of database functionality within BIND &#8212;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews translating DNS queries into real-time database lookups with
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews relatively poor performance and with no ability to handle
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews DNSSEC-signed data &#8212; DynDB is able to fully implement
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews and extend the database API used natively by BIND.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews A DynDB module could pre-load data from an external data
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews source, then serve it with the same performance and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews functionality as conventional BIND zones, and with the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews ability to take advantage of database features not
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews available in BIND, such as multi-master replication.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein New quotas have been added to limit the queries that are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein sent by recursive resolvers to authoritative servers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein experiencing denial-of-service attacks. When configured,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein these options can both reduce the harm done to authoritative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein servers and also avoid the resource exhaustion that can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein experienced by recursive servers when they are being used as a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein vehicle for such an attack.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; ">
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater<li class="listitem"><p>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater <code class="option">fetches-per-server</code> limits the number of
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater simultaneous queries that can be sent to any single
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater authoritative server. The configured value is a starting
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater point; it is automatically adjusted downward if the server is
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater partially or completely non-responsive. The algorithm used to
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater adjust the quota can be configured via the
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater <code class="option">fetch-quota-params</code> option.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater </p></li>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater<li class="listitem"><p>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater <code class="option">fetches-per-zone</code> limits the number of
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater simultaneous queries that can be sent for names within a
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater single domain. (Note: Unlike "fetches-per-server", this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein value is not self-tuning.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Statistics counters have also been added to track the number
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of queries affected by these quotas.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Added support for <span class="command"><strong>dnstap</strong></span>, a fast,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein flexible method for capturing and logging DNS traffic,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein developed by Robert Edmonds at Farsight Security, Inc.,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein whose assistance is gratefully acknowledged.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein To enable <span class="command"><strong>dnstap</strong></span> at compile time,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <span class="command"><strong>fstrm</strong></span> and <span class="command"><strong>protobuf-c</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein libraries must be available, and BIND must be configured with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">--enable-dnstap</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A new utility <span class="command"><strong>dnstap-read</strong></span> has been added
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to allow <span class="command"><strong>dnstap</strong></span> data to be presented in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a human-readable format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>rndc dnstap -roll</strong></span> causes <span class="command"><strong>dnstap</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein output files to be rolled like log files -- the most recent output
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file is renamed with a <code class="filename">.0</code> suffix, the next
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein most recent with <code class="filename">.1</code>, etc. (Note that this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein only works when <span class="command"><strong>dnstap</strong></span> output is being written
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to a file, not to a UNIX domain socket.) An optional numerical
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein argument specifies how many backup log files to retain; if not
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt specified or set to 0, there is no limit.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews </p>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews<p>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <span class="command"><strong>rndc dnstap -reopen</strong></span> simply closes and reopens
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews the <span class="command"><strong>dnstap</strong></span> output channel without renaming
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews the output file.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews </p>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews<p>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews For more information on <span class="command"><strong>dnstap</strong></span>, see
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <a class="link" href="http://dnstap.info" target="_top">http://dnstap.info</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews</li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt New statistics counters have been added to track traffic
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews sizes, as specified in RSSAC002. Query and response
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews message sizes are broken up into ranges of histogram buckets:
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews TCP and UDP queries of size 0-15, 16-31, ..., 272-288, and 288+,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and TCP and UDP responses of size 0-15, 16-31, ..., 4080-4095,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and 4096+. These values can be accessed via the XML and JSON
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein statistics channels at, for example,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a class="link" href="http://localhost:8888/xml/v3/traffic" target="_top">http://localhost:8888/xml/v3/traffic</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a class="link" href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Statistics for RSSAC02v3 traffic-volume, traffic-sizes and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein rcode-volume reporting are now collected.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A new DNSSEC key management utility,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dnssec-keymgr</strong></span>, has been added. This tool
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User is meant to run unattended (e.g., under <span class="command"><strong>cron</strong></span>).
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User It reads a policy definition file
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User (default: <code class="filename">/etc/dnssec.policy</code>)
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User and creates or updates DNSSEC keys as necessary to ensure that a
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User zone's keys match the defined policy for that zone. New keys are
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User created whenever necessary to ensure rollovers occur correctly.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User Existing keys' timing metadata is adjusted as needed to set the
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User correct rollover period, prepublication interval, etc. If
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User the configured policy changes, keys are corrected automatically.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User See the <span class="command"><strong>dnssec-keymgr</strong></span> man page for full details.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User </p>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User<p>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User Note: <span class="command"><strong>dnssec-keymgr</strong></span> depends on Python and on
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User the Python lex/yacc module, PLY. The other Python-based tools,
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User <span class="command"><strong>dnssec-coverage</strong></span> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dnssec-checkds</strong></span>, have been
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein refactored and updated as part of this work.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dnssec-keymgr</strong></span> now takes a -r
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>randomfile</code></em> option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews (Many thanks to Sebasti�n
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Castro for his assistance in developing this tool at the IETF
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 95 Hackathon in Buenos Aires, April 2016.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews</li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The serial number of a dynamically updatable zone can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein now be set using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is particularly useful with <code class="option">inline-signing</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zones that have been reset. Setting the serial number to a value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein larger than that on the slaves will trigger an AXFR-style
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein transfer.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When answering recursive queries, SERVFAIL responses can now be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cached by the server for a limited time; subsequent queries for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the same query name and type will return another SERVFAIL until
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the cache times out. This reduces the frequency of retries
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein when a query is persistently failing, which can be a burden
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein on recursive servers. The SERVFAIL cache timeout is controlled
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by <code class="option">servfail-ttl</code>, which defaults to 1 second
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and has an upper limit of 30.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem"><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The new <span class="command"><strong>rndc nta</strong></span> command can now be used to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt set a "negative trust anchor" (NTA), disabling DNSSEC validation for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a specific domain; this can be used when responses from a domain
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews are known to be failing validation due to administrative error
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews rather than because of a spoofing attack. NTAs are strictly
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews temporary; by default they expire after one hour, but can be
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews configured to last up to one week. The default NTA lifetime
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews can be changed by setting the <code class="option">nta-lifetime</code> in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">named.conf</code>. When added, NTAs are stored in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file (<code class="filename"><em class="replaceable"><code>viewname</code></em>.nta</code>)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in order to persist across restarts of the <span class="command"><strong>named</strong></span> server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The EDNS Client Subnet (ECS) option is now supported for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein authoritative servers; if a query contains an ECS option then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein elements can match against the address encoded in the option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This can be used to select a view for a query, so that different
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein answers can be provided depending on the client network.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The EDNS EXPIRE option has been implemented on the client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein side, allowing a slave server to set the expiration timer
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein correctly when transferring zone data from another slave
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A new <code class="option">masterfile-style</code> zone option controls
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the formatting of text zone files: When set to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="literal">full</code>, the zone file will dumped in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein single-line-per-record format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +ednsopt</strong></span> can now be used to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein arbitrary EDNS options in DNS requests.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +ednsflags</strong></span> can now be used to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein yet-to-be-defined EDNS flags in DNS requests.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +[no]ednsnegotiation</strong></span> can now be used enable /
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein disable EDNS version negotiation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +header-only</strong></span> can now be used to send
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews queries without a question section.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +ttlunits</strong></span> causes <span class="command"><strong>dig</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to print TTL values with time-unit suffixes: w, d, h, m, s for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein weeks, days, hours, minutes, and seconds.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +zflag</strong></span> can be used to set the last
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein unassigned DNS header flag bit. This bit is normally zero.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can now be used to set the DSCP code point in outgoing query
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein packets.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig +mapped</strong></span> can now be used to determine
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if mapped IPv4 addresses can be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <span class="command"><strong>nslookup</strong></span> will now look up IPv6 as well
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater as IPv4 addresses by default. [RT #40420]
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater </p></li>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater<li class="listitem"><p>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <code class="option">serial-update-method</code> can now be set to
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <code class="literal">date</code>. On update, the serial number will
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater be set to the current date in YYYYMMDDNN format.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater </p></li>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater<li class="listitem"><p>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <span class="command"><strong>dnssec-signzone -N date</strong></span> also sets the serial
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater number to YYYYMMDDNN.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater </p></li>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater<li class="listitem"><p>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <span class="command"><strong>named -L <em class="replaceable"><code>filename</code></em></strong></span>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater causes <span class="command"><strong>named</strong></span> to send log messages to the
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater specified file by default instead of to the system log.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater </p></li>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater<li class="listitem"><p>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater The rate limiter configured by the
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <code class="option">serial-query-rate</code> option no longer covers
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater NOTIFY messages; those are now separately controlled by
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <code class="option">notify-rate</code> and
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater <code class="option">startup-notify-rate</code> (the latter of which
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater controls the rate of NOTIFY messages sent when the server
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater is first started up or reconfigured).
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater </p></li>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The default number of tasks and client objects available
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for serving lightweight resolver queries have been increased,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and are now configurable via the new <code class="option">lwres-tasks</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and <code class="option">lwres-clients</code> options in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">named.conf</code>. [RT #35857]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User Log output to files can now be buffered by specifying
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User <span class="command"><strong>buffered yes;</strong></span> when creating a channel.
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span class="command"><strong>delv +tcp</strong></span> will exclusively use TCP when
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User sending queries.
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User </p></li>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User<li class="listitem"><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>named</strong></span> will now check to see whether
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User other name server processes are running before starting up.
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User This is implemented in two ways: 1) by refusing to start
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User if the configured network interfaces all return "address
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User in use", and 2) by attempting to acquire a lock on a file
a24330c4805a224191ab687d0291963062fe3355Tinderbox User specified by the <code class="option">lock-file</code> option or
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User the <span class="command"><strong>-X</strong></span> command line option. The
5d564da348e890e42f63eebf2dced9a05b41f4fbTinderbox User default lock file is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">/var/run/named/named.lock</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifying <code class="literal">none</code> will disable the lock
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User file check.
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User </p></li>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<li class="listitem"><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span class="command"><strong>rndc delzone</strong></span> can now be applied to zones
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews which were configured in <code class="filename">named.conf</code>;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews it is no longer restricted to zones which were added by
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User <span class="command"><strong>rndc addzone</strong></span>. (Note, however, that
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User this does not edit <code class="filename">named.conf</code>; the zone
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User must be removed from the configuration or it will return
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein when <span class="command"><strong>named</strong></span> is restarted or reloaded.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User<li class="listitem"><p>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User <span class="command"><strong>rndc modzone</strong></span> can be used to reconfigure
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User a zone, using similar syntax to <span class="command"><strong>rndc addzone</strong></span>.
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User </p></li>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User<li class="listitem"><p>
5d564da348e890e42f63eebf2dced9a05b41f4fbTinderbox User <span class="command"><strong>rndc showzone</strong></span> displays the current
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User configuration for a specified zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When BIND is built with the <span class="command"><strong>lmdb</strong></span> library
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User (Lightning Memory-Mapped Database), <span class="command"><strong>named</strong></span>
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User will store the configuration information for zones
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User that are added via <span class="command"><strong>rndc addzone</strong></span>
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User in a database, rather than in a flat "NZF" file. This
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User dramatically improves performance for
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User <span class="command"><strong>rndc delzone</strong></span> and
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User <span class="command"><strong>rndc modzone</strong></span>: deleting or changing
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User the contents of a database is much faster than rewriting
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User a text file.
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User </p>
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User<p>
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User On startup, if <span class="command"><strong>named</strong></span> finds an existing
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User NZF file, it will automatically convert it to the new NZD
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User database format.
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User </p>
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User<p>
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User To view the contents of an NZD, or to convert an
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User NZD back to an NZF file (for example, to revert back
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User to an earlier version of BIND which did not support the
8f70b6b48364b58f2823e735c35bf77787de0860Tinderbox User NZD format), use the new command <span class="command"><strong>named-nzd2nzf</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [RT #39837]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Added server-side support for pipelined TCP queries. Clients
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein may continue sending queries via TCP while previous queries are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein processed in parallel. Responses are sent when they are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ready, not necessarily in the order in which the queries were
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein received.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein To revert to the former behavior for a particular
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein client address or range of addresses, specify the address prefix
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in the "keep-response-order" option. To revert to the former
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein behavior for all clients, use "keep-response-order { any; };".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The new <span class="command"><strong>mdig</strong></span> command is a version of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig</strong></span> that sends multiple pipelined
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein queries and then waits for responses, instead of sending one
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein query and waiting the response before sending the next. [RT #38261]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein To enable better monitoring and troubleshooting of RFC 5011
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein trust anchor management, the new <span class="command"><strong>rndc managed-keys</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can be used to check status of trust anchors or to force keys
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to be refreshed. Also, the managed-keys data file now has
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein easier-to-read comments. [RT #38458]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein An <span class="command"><strong>--enable-querytrace</strong></span> configure switch is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User now available to enable very verbose query tracelogging. This
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User option can only be set at compile time. This option has a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User negative performance impact and should be used only for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein debugging. [RT #37520]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User A new <span class="command"><strong>tcp-only</strong></span> option can be specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in <span class="command"><strong>server</strong></span> statements to force
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span class="command"><strong>named</strong></span> to connect to the specified
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User server via TCP. [RT #37800]
a9ba09c109ec7a7dd0523efb1bbd51e210fed8d6Tinderbox User </p></li>
a9ba09c109ec7a7dd0523efb1bbd51e210fed8d6Tinderbox User<li class="listitem"><p>
a9ba09c109ec7a7dd0523efb1bbd51e210fed8d6Tinderbox User The <span class="command"><strong>nxdomain-redirect</strong></span> option specifies
a9ba09c109ec7a7dd0523efb1bbd51e210fed8d6Tinderbox User a DNS namespace to use for NXDOMAIN redirection. When a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein recursive lookup returns NXDOMAIN, a second lookup is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User initiated with the specified name appended to the query
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User name. This allows NXDOMAIN redirection data to be supplied
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User by multiple zones configured on the server or by recursive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein queries to other servers. (The older method, using
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a single <span class="command"><strong>type redirect</strong></span> zone, has
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User better average performance but is less flexible.) [RT #37989]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The following types have been implemented: CSYNC, NINFO, RKEY,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt SINK, TA, TALINK.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews </p></li>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A new <span class="command"><strong>message-compression</strong></span> option can be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User used to specify whether or not to use name compression when
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User answering queries. Setting this to <strong class="userinput"><code>no</code></strong>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User results in larger responses, but reduces CPU consumption and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User may improve throughput. The default is <strong class="userinput"><code>yes</code></strong>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User A <span class="command"><strong>read-only</strong></span> option is now available in the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>controls</strong></span> statement to grant non-destructive
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User control channel access. In such cases, a restricted set of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>rndc</strong></span> commands are allowed, which can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein report information from <span class="command"><strong>named</strong></span>, but cannot
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User reconfigure or stop the server. By default, the control channel
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User access is <span class="emphasis"><em>not</em></span> restricted to these
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User read-only operations. [RT #40498]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User When loading a signed zone, <span class="command"><strong>named</strong></span> will
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User now check whether an RRSIG's inception time is in the future,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and if so, it will regenerate the RRSIG immediately. This helps
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User when a system's clock needs to be reset backwards.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The new <span class="command"><strong>minimal-any</strong></span> option reduces the size
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User of answers to UDP queries for type ANY by implementing one of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the strategies in "draft-ietf-dnsop-refuse-any": returning
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a single arbitrarily-selected RRset that matches the query
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews name rather than returning all of the matching RRsets.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews Thanks to Tony Finch for the contribution. [RT #41615]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</ul></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to be disabled in 2017. A warning is now logged when
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="command"><strong>named</strong></span> is configured to use this service,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein either explicitly or via <code class="option">dnssec-lookaside auto;</code>.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews [RT #42207]
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews </p></li>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews<li class="listitem"><p>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews The timers returned by the statistics channel (indicating current
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews time, server boot time, and most recent reconfiguration time) are
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User now reported with millisecond accuracy. [RT #40082]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Updated the compiled-in addresses for H.ROOT-SERVERS.NET
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and L.ROOT-SERVERS.NET.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User ACLs containing <span class="command"><strong>geoip asnum</strong></span> elements were
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews not correctly matched unless the full organization name was
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews specified in the ACL (as in
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews <span class="command"><strong>geoip asnum "AS1234 Example, Inc.";</strong></span>).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt They can now match against the AS number alone (as in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>geoip asnum "AS1234";</strong></span>).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem"><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt When using native PKCS#11 cryptography (i.e.,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>configure --enable-native-pkcs11</strong></span>) HSM PINs
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of up to 256 characters can now be used.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem"><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt NXDOMAIN responses to queries of type DS are now cached separately
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt from those for other types. This helps when using "grafted" zones
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt of type forward, for which the parent zone does not contain a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt delegation, such as local top-level domains. Previously a query
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews of type DS for such a zone could cause the zone apex to be cached
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews as NXDOMAIN, blocking all subsequent queries. (Note: This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein change is only helpful when DNSSEC validation is not enabled.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User "Grafted" zones without a delegation in the parent are not a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User recommended configuration.)
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater </p></li>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews<li class="listitem"><p>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews Update forwarding performance has been improved by allowing
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews a single TCP connection to be shared between multiple updates.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews </p></li>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews<li class="listitem"><p>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews By default, <span class="command"><strong>nsupdate</strong></span> will now check
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews the correctness of hostnames when adding records of type
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews disabled with <span class="command"><strong>check-names no</strong></span>.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem"><p>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews Added support for OPENPGPKEY type.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The names of the files used to store managed keys and added
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User zones for each view are no longer based on the SHA256 hash
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User of the view name, except when this is necessary because the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User view name contains characters that would be incompatible with use
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein as a file name. For views whose names do not contain forward
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User slashes ('/'), backslashes ('\'), or capital letters - which
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User could potentially cause namespace collision problems on
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User case-insensitive filesystems - files will now be named
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews after the view (for example, <code class="filename">internal.mkeys</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein or <code class="filename">external.nzf</code>). However, to ensure
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews consistent behavior when upgrading, if a file using the old
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein name format is found to exist, it will continue to be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User "rndc" can now return text output of arbitrary size to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the caller. (Prior to this, certain commands such as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "rndc tsig-list" and "rndc zonestatus" could return
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User truncated output.)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Errors reported when running <span class="command"><strong>rndc addzone</strong></span>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews (e.g., when a zone file cannot be loaded) have been clarified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to make it easier to diagnose problems.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When encountering an authoritative name server whose name is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein an alias pointing to another name, the resolver treats
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater this as an error and skips to the next server. Previously
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater this happened silently; now the error will be logged to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the newly-created "cname" log category.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User If <span class="command"><strong>named</strong></span> is not configured to validate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein answers, then allow fallback to plain DNS on timeout even when
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User we know the server supports EDNS. This will allow the server to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User potentially resolve signed queries when TCP is being
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User blocked.
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews </p></li>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Large inline-signing changes should be less disruptive.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Signature generation is now done incrementally; the number
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of signatures to be generated in each quantum is controlled
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [RT #37927]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The experimental SIT option (code point 65001) of BIND
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 9.10.0 through BIND 9.10.2 has been replaced with the COOKIE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein option (code point 10). It is no longer experimental, and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User is sent by default, by both <span class="command"><strong>named</strong></span> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The SIT-related named.conf options have been marked as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce obsolete, and are otherwise ignored.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When <span class="command"><strong>dig</strong></span> receives a truncated (TC=1)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein response or a BADCOOKIE response code from a server, it
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User will automatically retry the query using the server COOKIE
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User that was returned by the server in its initial response.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [RT #39047]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A alternative NXDOMAIN redirect method (nxdomain-redirect)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein which allows the redirect information to be looked up from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a namespace on the Internet rather than requiring a zone
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to be configured on the server is now available.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Retrieving the local port range from net.ipv4.ip_local_port_range
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce on Linux is now supported.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A new <code class="option">nsip-wait-recurse</code> directive has been
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein added to RPZ, specifying whether to look up unknown name server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein IP addresses and wait for a response before applying RPZ-NSIP rules.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The default is <strong class="userinput"><code>yes</code></strong>. If set to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <strong class="userinput"><code>no</code></strong>, <span class="command"><strong>named</strong></span> will only
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein apply RPZ-NSIP rules to servers whose addresses are already cached.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The addresses will be looked up in the background so the rule can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be applied on subsequent queries. This improves performance when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the cache is cold, at the cost of temporary imprecision in applying
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein policy directives. [RT #35009]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Within the <code class="option">response-policy</code> option, it is now
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein possible to configure RPZ rewrite logging on a per-zone basis
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein using the <code class="option">log</code> clause.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce </p></li>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The default preferred glue is now the address type of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein transport the query was received over.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User On machines with 2 or more processors (CPU), the default value
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User for the number of UDP listeners has been changed to the number
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of detected processors minus one.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Zone transfers now use smaller message sizes to improve
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein message compression. This results in reduced network usage.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Added support for the AVC resource record type (Application
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Visibility and Control).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Changed <span class="command"><strong>rndc reconfig</strong></span> behavior so that newly
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein added zones are loaded asynchronously and the loading does not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein block the server.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</li>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein None.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </p></li></ul></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Windows builds: some Visual Studio compilers generate code that
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt crashes when the "%z" printf() format specifier is used. [RT #42380]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Windows installs were failing due to triggering UAC without
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the installation binary being signed.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem"><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A change in the internal binary representation of the RBT database
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein node structure enabled a race condition to occur (especially when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein BIND was built with certain compilers or optimizer settings),
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein leading to inconsistent database state which caused random
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein assertion failures. [RT #42380]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="section">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="end_of_life"></a>End of Life</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The end of life for BIND 9.11 is yet to be determined but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will not be before BIND 9.13.0 has been released for 6 months.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Thank you to everyone who assisted us in making this release possible.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If you would like to contribute to ISC to assist us in continuing to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein make quality open source software, please visit our donations page at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navfooter">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation footer">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center">�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0b2</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</body>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein