0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<html>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<head>

b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<title>Appendix�A.�Release Notes</title>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

b91d11bfcc30b96f2c80f3a76d12e3dcc8597a68Mark Andrews<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<link rel="next" href="Bv9ARM.ch10.html" title="Appendix�B.�A Brief History of the DNS and BIND">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</head>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="navheader">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<table width="100%" summary="Navigation header">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<tr><th colspan="3" align="center">Appendix�A.�Release Notes</th></tr>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<tr>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<td width="20%" align="left">

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<th width="60%" align="center">�</th>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</td>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews</tr>

efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews</table>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<hr>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User</div>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="appendix">

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<div class="titlepage"><div><div><h1 class="title">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<div class="toc">

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p><b>Table of Contents</b></p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dl class="toc">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.0a1</a></span></dt>

015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<dd><dl>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</dl></dd>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</dl>

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt</div>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="section">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.0a1</h2></div></div></div>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="section">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="titlepage"><div><div><h3 class="title">

cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<a name="relnotes_intro"></a>Introduction</h3></div></div></div>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User BIND 9.11.0 is a new feature release of BIND, still under development.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews This document summarizes new features and functional changes that

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews have been introduced on this branch. With each development

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater release leading up to the final BIND 9.11.0 release, this document

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews will be updated with additional features added and bugs fixed.

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews </p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User</div>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="section">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="titlepage"><div><div><h3 class="title">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="relnotes_download"></a>Download</h3></div></div></div>

eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews The latest versions of BIND 9 software can always be found at

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User There you will find additional information about each release,

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews source code, and pre-compiled versions for Microsoft Windows

015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User operating systems.

3ccf87473f7cf6d9faac156df38a935a238f96fdTinderbox User </p>

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews</div>

b91d11bfcc30b96f2c80f3a76d12e3dcc8597a68Mark Andrews<div class="section">

ebe53509ca55a141131c104b6d722236b606e0efTinderbox User<div class="titlepage"><div><div><h3 class="title">

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt None.

415d630b6309922caee8469384a6fab75cf05032Mark Andrews </p></li></ul></div>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews</div>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<div class="section">

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<div class="titlepage"><div><div><h3 class="title">

7cc0a5d21ef046bfd630c4769943d896a7d7472cTinderbox User<a name="relnotes_features"></a>New Features</h3></div></div></div>

3ccf87473f7cf6d9faac156df38a935a238f96fdTinderbox User<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<li class="listitem">

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<p>

551e6d2414c4f47d58a9bb0b37f206f915a4f5acTinderbox User Added support for DynDB, a new interface for loading zone data

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews from an external database, developed by Red Hat for the FreeIPA

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User project. (Thanks in particular to Adam Tkac and Petr

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Spacek of Red Hat for the contribution.)

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User </p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Unlike the existing DLZ and SDB interfaces, which provide a

51aeb0ae19596e99b029cfa933e73b76ebec480aTinderbox User limited subset of database functionality within BIND &#8212;

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews translating DNS queries into real-time database lookups with

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User relatively poor performance and with no ability to handle

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User DNSSEC-signed data &#8212; DynDB is able to fully implement

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and extend the database API used natively by BIND.

415d630b6309922caee8469384a6fab75cf05032Mark Andrews </p>

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<p>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews A DynDB module could pre-load data from an external data

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews source, then serve it with the same performance and

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User functionality as conventional BIND zones, and with the

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews ability to take advantage of database features not

415d630b6309922caee8469384a6fab75cf05032Mark Andrews available in BIND, such as multi-master replication.

efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews </p>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews</li>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<li class="listitem">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews New quotas have been added to limit the queries that are

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson sent by recursive resolvers to authoritative servers

415d630b6309922caee8469384a6fab75cf05032Mark Andrews experiencing denial-of-service attacks. When configured,

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews these options can both reduce the harm done to authoritative

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User servers and also avoid the resource exhaustion that can be

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews experienced by recursives when they are being used as a

415d630b6309922caee8469384a6fab75cf05032Mark Andrews vehicle for such an attack.

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson </p>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; ">

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<li class="listitem"><p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User <code class="option">fetches-per-server</code> limits the number of

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews simultaneous queries that can be sent to any single

28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews authoritative server. The configured value is a starting

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews point; it is automatically adjusted downward if the server is

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews partially or completely non-responsive. The algorithm used to

ebe53509ca55a141131c104b6d722236b606e0efTinderbox User adjust the quota can be configured via the

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <code class="option">fetch-quota-params</code> option.

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews </p></li>

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <code class="option">fetches-per-zone</code> limits the number of

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews simultaneous queries that can be sent for names within a

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews single domain. (Note: Unlike "fetches-per-server", this

2a31bd531072824ef252c18303859d6af7451b00Francis Dupont value is not self-tuning.)

51aeb0ae19596e99b029cfa933e73b76ebec480aTinderbox User </p></li>

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews</ul></div>

2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Statistics counters have also been added to track the number

51aeb0ae19596e99b029cfa933e73b76ebec480aTinderbox User of queries affected by these quotas.

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews </p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</li>

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<li class="listitem">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Added support for <span class="command"><strong>dnstap</strong></span>, a fast,

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews flexible method for capturing and logging DNS traffic,

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews developed by Robert Edmonds at Farsight Security, Inc.,

7f9e2fff07b9c17e0d7a0ea7abc9304ce9d01b61Tinderbox User whose assistance is gratefully acknowledged.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p>

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews To enable <span class="command"><strong>dnstap</strong></span> at compile time,

549c517e2ecad52bb1d32f08920e29d4e8cda71eTinderbox User the <span class="command"><strong>fstrm</strong></span> and <span class="command"><strong>protobuf-c</strong></span>

66317da170ed35b08f5847db2d48b225826327cbTinderbox User libraries must be available, and BIND must be configured with

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <code class="option">--enable-dnstap</code>.

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews </p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews A new utility <span class="command"><strong>dnstap-read</strong></span> has been added

01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews to allow <span class="command"><strong>dnstap</strong></span> data to be presented in

361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User a human-readable format.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<p>

cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater For more information on <span class="command"><strong>dnstap</strong></span>, see

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews <a class="link" href="http://dnstap.info" target="_top">http://dnstap.info</a>.

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User </p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</li>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<li class="listitem"><p>

fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater New statistics counters have been added to track traffic

415d630b6309922caee8469384a6fab75cf05032Mark Andrews sizes, as specified in RSSAC002. Query and response

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews message sizes are broken up into ranges of histogram buckets:

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User TCP and UDP queries of size 0-15, 16-31, ..., 272-288, and 288+,

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews and TCP and UDP responses of size 0-15, 16-31, ..., 4080-4095,

415d630b6309922caee8469384a6fab75cf05032Mark Andrews and 4096+. These values can be accessed via the XML and JSON

fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User statistics channels at, for example,

415d630b6309922caee8469384a6fab75cf05032Mark Andrews <a class="link" href="http://localhost:8888/xml/v3/traffic" target="_top">http://localhost:8888/xml/v3/traffic</a>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews or

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User <a class="link" href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p></li>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<li class="listitem">

fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater<p>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews A new DNSSEC key management utility,

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews <span class="command"><strong>dnssec-keymgr</strong></span>, has been added. This tool

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User is meant to run unattended (e.g., under <span class="command"><strong>cron</strong></span>).

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews It reads a policy definition file

415d630b6309922caee8469384a6fab75cf05032Mark Andrews (default: <code class="filename">/etc/dnssec.policy</code>)

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson and creates or updates DNSSEC keys as necessary to ensure that a

415d630b6309922caee8469384a6fab75cf05032Mark Andrews zone's keys match the defined policy for that zone. New keys are

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews created whenever necessary to ensure rollovers occur correctly.

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User Existing keys' timing metadata is adjusted as needed to set the

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews correct rollover period, prepublication interval, etc. If

415d630b6309922caee8469384a6fab75cf05032Mark Andrews the configured policy changes, keys are corrected automatically.

dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater See the <span class="command"><strong>dnssec-keymgr</strong></span> man page for full details.

415d630b6309922caee8469384a6fab75cf05032Mark Andrews </p>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User Note: <span class="command"><strong>dnssec-keymgr</strong></span> depends on Python and on

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews the Python lex/yacc module, PLY. The other Python-based tools,

415d630b6309922caee8469384a6fab75cf05032Mark Andrews <span class="command"><strong>dnssec-coverage</strong></span> and

133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater <span class="command"><strong>dnssec-checkds</strong></span>, have been

415d630b6309922caee8469384a6fab75cf05032Mark Andrews refactored and updated as part of this work.

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews </p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews (Many thanks to Sebasti�n

415d630b6309922caee8469384a6fab75cf05032Mark Andrews Castro for his assistance in developing this tool at the IETF

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson 95 Hackathon in Buenos Aires, April 2016.)

415d630b6309922caee8469384a6fab75cf05032Mark Andrews </p>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews</li>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<li class="listitem"><p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews The serial number of a dynamically updatable zone can

415d630b6309922caee8469384a6fab75cf05032Mark Andrews now be set using

5f7586ddbd3edd11272cdd30ed613d936129328bTinderbox User <span class="command"><strong>rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.

415d630b6309922caee8469384a6fab75cf05032Mark Andrews This is particularly useful with <code class="option">inline-signing</code>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews zones that have been reset. Setting the serial number to a value

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User larger than that on the slaves will trigger an AXFR-style

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews transfer.

015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User </p></li>

361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User<li class="listitem"><p>

5affecff6e148a8e124d03f5dbac0da11e30dcc5Tinderbox User When answering recursive queries, SERVFAIL responses can now be

5affecff6e148a8e124d03f5dbac0da11e30dcc5Tinderbox User cached by the server for a limited time; subsequent queries for

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews the same query name and type will return another SERVFAIL until

dc7e5458bbcb59ea310ed64ac7e77016e62e9c15Tinderbox User the cache times out. This reduces the frequency of retries

5b3dd19d815f0389d566d20c2fee57cb37d1dd47Tinderbox User when a query is persistently failing, which can be a burden

1fce11b1d3f2d461d261156b8cdc64ab864f06a9Tinderbox User on recursive serviers. The SERVFAIL cache timeout is controlled

fab54780409846f7c71f6026d665f18c77c649efTinderbox User by <code class="option">servfail-ttl</code>, which defaults to 1 second

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews and has an upper limit of 30.

361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User The new <span class="command"><strong>rndc nta</strong></span> command can now be used to

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews set a "negative trust anchor" (NTA), disabling DNSSEC validation for

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews a specific domain; this can be used when responses from a domain

689fb19ba11ed40363cbc031d0396befdb409b89Tinderbox User are known to be failing validation due to administrative error

6c2a76b3e2ccd32c35814b6e0f54da00190749d7Evan Hunt rather than because of a spoofing attack. NTAs are strictly

8927a982bde7e4b665966b55f0fa57c5cf21b9d8Mark Andrews temporary; by default they expire after one hour, but can be

361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User configured to last up to one week. The default NTA lifetime

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews can be changed by setting the <code class="option">nta-lifetime</code> in

361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User <code class="filename">named.conf</code>. When added, NTAs are stored in a

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews file (<code class="filename"><em class="replaceable"><code>viewname</code></em>.nta</code>)

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews in order to persist across restarts of the <span class="command"><strong>named</strong></span> server.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews The EDNS Client Subnet (ECS) option is now supported for

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews authoritative servers; if a query contains an ECS option then

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews elements can match against the address encoded in the option.

361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User This can be used to select a view for a query, so that different

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews answers can be provided depending on the client network.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

c317b09bf112121245fafe61f38b95dc6e96acabTinderbox User The EDNS EXPIRE option has been implemented on the client

cdf1c3d486ec082ef6c92297d22d54a67cca0c90Tinderbox User side, allowing a slave server to set the expiration timer

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews correctly when transferring zone data from another slave

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews server.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews A new <code class="option">masterfile-style</code> zone option controls

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews the formatting of text zone files: When set to

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <code class="literal">full</code>, the zone file will dumped in

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews single-line-per-record format.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <span class="command"><strong>dig +ednsopt</strong></span> can now be used to set

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews arbitrary EDNS options in DNS requests.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <span class="command"><strong>dig +ednsflags</strong></span> can now be used to set

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews yet-to-be-defined EDNS flags in DNS requests.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <span class="command"><strong>dig +[no]ednsnegotiation</strong></span> can now be used enable /

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews disable EDNS version negotiation.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="command"><strong>dig +header-only</strong></span> can now be used to send

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews queries without a question section.

a2c370ca12bb0360ff7e969474ead3f788c65fffTinderbox User </p></li>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<li class="listitem"><p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="command"><strong>dig +ttlunits</strong></span> causes <span class="command"><strong>dig</strong></span>

1f9754245cbd5eec2d2a667bb292f62f72386d4bMark Andrews to print TTL values with time-unit suffixes: w, d, h, m, s for

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews weeks, days, hours, minutes, and seconds.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <span class="command"><strong>dig +zflag</strong></span> can be used to set the last

2ca9cf1582ae972f8edc2b03bd846973b05dee6bTinderbox User unassigned DNS header flag bit. This bit is normally zero.

e1ebc476b08b4a498fcf3477e42c986eb1991360Tinderbox User </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

5affecff6e148a8e124d03f5dbac0da11e30dcc5Tinderbox User <span class="command"><strong>dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews can now be used to set the DSCP code point in outgoing query

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews packets.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

076e51f1ff9497ae61a99994189ed8bf5a0d3472Tinderbox User <span class="command"><strong>dig +mapped</strong></span> can now be used to determine

076e51f1ff9497ae61a99994189ed8bf5a0d3472Tinderbox User if mapped IPv4 addresses can be used.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <code class="option">serial-update-method</code> can now be set to

076e51f1ff9497ae61a99994189ed8bf5a0d3472Tinderbox User <code class="literal">date</code>. On update, the serial number will

5affecff6e148a8e124d03f5dbac0da11e30dcc5Tinderbox User be set to the current date in YYYYMMDDNN format.

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson </p></li>

a2c370ca12bb0360ff7e969474ead3f788c65fffTinderbox User<li class="listitem"><p>

5affecff6e148a8e124d03f5dbac0da11e30dcc5Tinderbox User <span class="command"><strong>dnssec-signzone -N date</strong></span> also sets the serial

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User number to YYYYMMDDNN.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

076e51f1ff9497ae61a99994189ed8bf5a0d3472Tinderbox User <span class="command"><strong>named -L <em class="replaceable"><code>filename</code></em></strong></span>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews causes <span class="command"><strong>named</strong></span> to send log messages to the

6c2a76b3e2ccd32c35814b6e0f54da00190749d7Evan Hunt specified file by default instead of to the system log.

b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User </p></li>

3ccf87473f7cf6d9faac156df38a935a238f96fdTinderbox User<li class="listitem"><p>

3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews The rate limiter configured by the

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User <code class="option">serial-query-rate</code> option no longer covers

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews NOTIFY messages; those are now separately controlled by

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <code class="option">notify-rate</code> and

415d630b6309922caee8469384a6fab75cf05032Mark Andrews <code class="option">startup-notify-rate</code> (the latter of which

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson controls the rate of NOTIFY messages sent when the server

415d630b6309922caee8469384a6fab75cf05032Mark Andrews is first started up or reconfigured).

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews </p></li>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<li class="listitem"><p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews The default number of tasks and client objects available

015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User for serving lightweight resolver queries have been increased,

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews and are now configurable via the new <code class="option">lwres-tasks</code>

8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews and <code class="option">lwres-clients</code> options in

c1e2310a3725eeed45e5e7c86750c64c5a02e993Francis Dupont <code class="filename">named.conf</code>. [RT #35857]

c1e2310a3725eeed45e5e7c86750c64c5a02e993Francis Dupont </p></li>

4b61b671f5de767ec1d1b8e6cf7b849bddf08e98Tinderbox User<li class="listitem"><p>

4b61b671f5de767ec1d1b8e6cf7b849bddf08e98Tinderbox User Log output to files can now be buffered by specifying

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <span class="command"><strong>buffered yes;</strong></span> when creating a channel.

3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <span class="command"><strong>delv +tcp</strong></span> will exclusively use TCP when

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews sending queries.

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews </p></li>

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews<li class="listitem"><p>

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <span class="command"><strong>named</strong></span> will now check to see whether

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews other name server processes are running before starting up.

f1a2709aad7baa4161fdb6f63edf99b0150af252Evan Hunt This is implemented in two ways: 1) by refusing to start

f1a2709aad7baa4161fdb6f63edf99b0150af252Evan Hunt if the configured network interfaces all return "address

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews in use", and 2) by attempting to acquire a lock on a file

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews specified by the <code class="option">lock-file</code> option or

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews the <span class="command"><strong>-X</strong></span> command line option. The

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews default lock file is

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews <code class="filename">/var/run/named/named.lock</code>.

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews Specifying <code class="literal">none</code> will disable the lock

e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater file check.

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews </p></li>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<li class="listitem"><p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User <span class="command"><strong>rndc delzone</strong></span> can now be applied to zones

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews which were configured in <code class="filename">named.conf</code>;

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews it is no longer restricted to zones which were added by

e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater <span class="command"><strong>rndc addzone</strong></span>. (Note, however, that

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews this does not edit <code class="filename">named.conf</code>; the zone

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews must be removed from the configuration or it will return

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User when <span class="command"><strong>named</strong></span> is restarted or reloaded.)

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p></li>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<li class="listitem"><p>

e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater <span class="command"><strong>rndc modzone</strong></span> can be used to reconfigure

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews a zone, using similar syntax to <span class="command"><strong>rndc addzone</strong></span>.

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews </p></li>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<li class="listitem"><p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews <span class="command"><strong>rndc showzone</strong></span> displays the current

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews configuration for a specified zone.

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews </p></li>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<li class="listitem">

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User Added server-side support for pipelined TCP queries. Clients

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews may continue sending queries via TCP while previous queries are

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews processed in parallel. Responses are sent when they are

ebe53509ca55a141131c104b6d722236b606e0efTinderbox User ready, not necessarily in the order in which the queries were

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews received.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p>

01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews<p>

168cf0ede1cf13a095e48af6749d88fbc432f096Evan Hunt To revert to the former behavior for a particular

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews client address or range of addresses, specify the address prefix

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews in the "keep-response-order" option. To revert to the former

fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews behavior for all clients, use "keep-response-order { any; };".

168cf0ede1cf13a095e48af6749d88fbc432f096Evan Hunt </p>

3bd8b5a8fb126e45c67ff53b68183c889cc27918Tinderbox User</li>

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews<li class="listitem"><p>

3bd8b5a8fb126e45c67ff53b68183c889cc27918Tinderbox User The new <span class="command"><strong>mdig</strong></span> command is a version of

168cf0ede1cf13a095e48af6749d88fbc432f096Evan Hunt <span class="command"><strong>dig</strong></span> that sends multiple pipelined

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews queries and then waits for responses, instead of sending one

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews query and waiting the response before sending the next. [RT #38261]

4840ef4581a577a29a18d180b6bc2e7355378ed7Mark Andrews </p></li>

4840ef4581a577a29a18d180b6bc2e7355378ed7Mark Andrews<li class="listitem"><p>

1f9754245cbd5eec2d2a667bb292f62f72386d4bMark Andrews To enable better monitoring and troubleshooting of RFC 5011

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews trust anchor management, the new <span class="command"><strong>rndc managed-keys</strong></span>

8927a982bde7e4b665966b55f0fa57c5cf21b9d8Mark Andrews can be used to check status of trust anchors or to force keys

4840ef4581a577a29a18d180b6bc2e7355378ed7Mark Andrews to be refreshed. Also, the managed-keys data file now has

4840ef4581a577a29a18d180b6bc2e7355378ed7Mark Andrews easier-to-read comments. [RT #38458]

4840ef4581a577a29a18d180b6bc2e7355378ed7Mark Andrews </p></li>

8927a982bde7e4b665966b55f0fa57c5cf21b9d8Mark Andrews<li class="listitem"><p>

4840ef4581a577a29a18d180b6bc2e7355378ed7Mark Andrews An <span class="command"><strong>--enable-querytrace</strong></span> configure switch is

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews now available to enable very verbose query tracelogging. This

4840ef4581a577a29a18d180b6bc2e7355378ed7Mark Andrews option can only be set at compile time. This option has a

bcfc5188be220e1334218dfe638dffce4744e792Tinderbox User negative performance impact and should be used only for

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews debugging. [RT #37520]

8927a982bde7e4b665966b55f0fa57c5cf21b9d8Mark Andrews </p></li>

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews<li class="listitem"><p>

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews A new <span class="command"><strong>tcp-only</strong></span> option can be specified

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews in <span class="command"><strong>server</strong></span> statements to force

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews <span class="command"><strong>named</strong></span> to connect to the specified

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews server via TCP. [RT #37800]

baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews </p></li>

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews<li class="listitem"><p>

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews The <span class="command"><strong>nxdomain-redirect</strong></span> option specifies

ab833877278ad5535eef57e4f62291becaea5bc5Mark Andrews a DNS namespace to use for NXDOMAIN redirection. When a

3bd8b5a8fb126e45c67ff53b68183c889cc27918Tinderbox User recursive lookup returns NXDOMAIN, a second lookup is

015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User initiated with the specified name appended to the query

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews name. This allows NXDOMAIN redirection data to be supplied

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews by multiple zones configured on the server or by recursive

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews queries to other servers. (The older method, using

fab54780409846f7c71f6026d665f18c77c649efTinderbox User a single <span class="command"><strong>type redirect</strong></span> zone, has

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews better average performance but is less flexible.) [RT #37989]

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The following types have been implemented: CSYNC, NINFO, RKEY,

1f9754245cbd5eec2d2a667bb292f62f72386d4bMark Andrews SINK, TA, TALINK.

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews A new <span class="command"><strong>message-compression</strong></span> option can be

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews used to specify whether or not to use name compression when

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson answering queries. Setting this to <strong class="userinput"><code>no</code></strong>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews results in larger responses, but reduces CPU consumption and

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews may improve throughput. The default is <strong class="userinput"><code>yes</code></strong>.

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User </p></li>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<li class="listitem"><p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews A <span class="command"><strong>read-only</strong></span> option is now available in the

efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews <span class="command"><strong>controls</strong></span> statement to grant non-destructive

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews control channel access. In such cases, a restricted set of

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User <span class="command"><strong>rndc</strong></span> commands are allowed, which can

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews report information from <span class="command"><strong>named</strong></span>, but cannot

3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User reconfigure or stop the server. By default, the control channel

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington access is <span class="emphasis"><em>not</em></span> restricted to these

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington read-only operations. [RT #40498]

e1ebc476b08b4a498fcf3477e42c986eb1991360Tinderbox User </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews When loading a signed zone, <span class="command"><strong>named</strong></span> will

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews now check whether an RRSIG's inception time is in the future,

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews and if so, it will regenerate the RRSIG immediately. This helps

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews when a system's clock needs to be reset backwards.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p></li>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews</ul></div>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User</div>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="section">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="titlepage"><div><div><h3 class="title">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews The ISC DNSSEC Lookaside Validation (DLV) service is scheduled

a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews to be disabled in 2017. A warning is now logged when

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <span class="command"><strong>named</strong></span> is configured to use this service,

a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews either explicitly or via <code class="option">dnssec-lookaside auto;</code>.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews [RT #42207]

e1ebc476b08b4a498fcf3477e42c986eb1991360Tinderbox User </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews The timers returned by the statistics channel (indicating current

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington time, server boot time, and most recent reconfiguration time) are

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington now reported with millisecond accuracy. [RT #40082]

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Updated the compiled-in addresses for H.ROOT-SERVERS.NET

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and L.ROOT-SERVERS.NET.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ACLs containing <span class="command"><strong>geoip asnum</strong></span> elements were

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington not correctly matched unless the full organization name was

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington specified in the ACL (as in

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="command"><strong>geoip asnum "AS1234 Example, Inc.";</strong></span>).

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington They can now match against the AS number alone (as in

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="command"><strong>geoip asnum "AS1234";</strong></span>).

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When using native PKCS#11 cryptography (i.e.,

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="command"><strong>configure --enable-native-pkcs11</strong></span>) HSM PINs

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of up to 256 characters can now be used.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington NXDOMAIN responses to queries of type DS are now cached separately

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington from those for other types. This helps when using "grafted" zones

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of type forward, for which the parent zone does not contain a

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington delegation, such as local top-level domains. Previously a query

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of type DS for such a zone could cause the zone apex to be cached

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington as NXDOMAIN, blocking all subsequent queries. (Note: This

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington change is only helpful when DNSSEC validation is not enabled.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "Grafted" zones without a delegation in the parent are not a

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington recommended configuration.)

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Update forwarding performance has been improved by allowing

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a single TCP connection to be shared between multiple updates.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington By default, <span class="command"><strong>nsupdate</strong></span> will now check

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the correctness of hostnames when adding records of type

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disabled with <span class="command"><strong>check-names no</strong></span>.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Added support for OPENPGPKEY type.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The names of the files used to store managed keys and added

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zones for each view are no longer based on the SHA256 hash

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of the view name, except when this is necessary because the

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington view name contains characters that would be incompatible with use

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington as a file name. For views whose names do not contain forward

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews slashes ('/'), backslashes ('\'), or capital letters - which

415d630b6309922caee8469384a6fab75cf05032Mark Andrews could potentially cause namespace collision problems on

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews case-insensitive filesystems - files will now be named

415d630b6309922caee8469384a6fab75cf05032Mark Andrews after the view (for example, <code class="filename">internal.mkeys</code>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews or <code class="filename">external.nzf</code>). However, to ensure

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User consistent behavior when upgrading, if a file using the old

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews name format is found to exist, it will continue to be used.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<li class="listitem"><p>

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater "rndc" can now return text output of arbitrary size to

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the caller. (Prior to this, certain commands such as

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater "rndc tsig-list" and "rndc zonestatus" could return

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater truncated output.)

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Errors reported when running <span class="command"><strong>rndc addzone</strong></span>

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater (e.g., when a zone file cannot be loaded) have been clarified

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater to make it easier to diagnose problems.

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater </p></li>

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<li class="listitem"><p>

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater When encountering an authoritative name server whose name is

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater an alias pointing to another name, the resolver treats

ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater this as an error and skips to the next server. Previously

b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews this happened silently; now the error will be logged to

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User the newly-created "cname" log category.

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User </p></li>

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<li class="listitem"><p>

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User If <span class="command"><strong>named</strong></span> is not configured to validate

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User answers, then allow fallback to plain DNS on timeout even when

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User we know the server supports EDNS. This will allow the server to

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User potentially resolve signed queries when TCP is being

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User blocked.

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User </p></li>

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Large inline-signing changes should be less disruptive.

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User Signature generation is now done incrementally; the number

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews of signatures to be generated in each quantum is controlled

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User [RT #37927]

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User </p></li>

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<li class="listitem">

c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews The experimental SIT option (code point 65001) of BIND

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews 9.10.0 through BIND 9.10.2 has been replaced with the COOKIE

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews option (code point 10). It is no longer experimental, and

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews is sent by default, by both <span class="command"><strong>named</strong></span> and

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews <span class="command"><strong>dig</strong></span>.

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews </p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews The SIT-related named.conf options have been marked as

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews obsolete, and are otherwise ignored.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews When <span class="command"><strong>dig</strong></span> receives a truncated (TC=1)

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews response or a BADCOOKIE response code from a server, it

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews will automatically retry the query using the server COOKIE

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews that was returned by the server in its initial response.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews [RT #39047]

415d630b6309922caee8469384a6fab75cf05032Mark Andrews </p></li>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<li class="listitem"><p>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews A alternative NXDOMAIN redirect method (nxdomain-redirect)

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews which allows the redirect information to be looked up from

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User a namespace on the Internet rather than requiring a zone

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews to be configured on the server is now available.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Retrieving the local port range from net.ipv4.ip_local_port_range

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews on Linux is now supported.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></li>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews A new <code class="option">nsip-wait-recurse</code> directive has been

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews added to RPZ, specifying whether to look up unknown name server

51aeb0ae19596e99b029cfa933e73b76ebec480aTinderbox User IP addresses and wait for a response before applying RPZ-NSIP rules.

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews The default is <strong class="userinput"><code>yes</code></strong>. If set to

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>no</code></strong>, <span class="command"><strong>named</strong></span> will only

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington apply RPZ-NSIP rules to servers whose addresses are already cached.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The addresses will be looked up in the background so the rule can

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be applied on subsequent queries. This improves performance when

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the cache is cold, at the cost of temporary imprecision in applying

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington policy directives. [RT #35009]

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Within the <code class="option">response-policy</code> option, it is now

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington possible to configure RPZ rewrite logging on a per-zone basis

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington using the <code class="option">log</code> clause.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The default preferred glue is now the address type of the

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington transport the query was received over.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington On machines with 2 or more processors (CPU), the default value

7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews for the number of UDP listeners has been changed to the number

7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews of detected processors minus one.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<li class="listitem"><p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Zone transfers now use smaller message sizes to improve

415d630b6309922caee8469384a6fab75cf05032Mark Andrews message compression. This results in reduced network usage.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p></li>

415d630b6309922caee8469384a6fab75cf05032Mark Andrews<li class="listitem">

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User Added support for the AVC resource record type (Application

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews Visibility and Control).

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Changed <span class="command"><strong>rndc reconfig</strong></span> behaviour so that newly

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews added zones are loaded asynchronously and the loading does not

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews block the server.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p>

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews</li>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User</ul></div>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="section">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="titlepage"><div><div><h3 class="title">

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington None.

7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews </p></li></ul></div>

7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews</div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="section">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington None.

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p></li></ul></div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="section">

b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews<div class="titlepage"><div><div><h3 class="title">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="end_of_life"></a>End of Life</h3></div></div></div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The end of life for BIND 9.11 is yet to be determined but

409ba95e573b40cf36acf97dd62ee7e9c7775851Tinderbox User will not be before BIND 9.13.0 has been released for 6 months.

7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>

7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<div class="section">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Thank you to everyone who assisted us in making this release possible.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews If you would like to contribute to ISC to assist us in continuing to

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews make quality open source software, please visit our donations page at

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.

e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews </p>

9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User</div>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="navfooter">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<hr>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<table width="100%" summary="Navigation footer">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<tr>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="left">

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="20%" align="center">�</td>

9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</td>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</tr>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<tr>

5835beb229e17d583fb4b6fd4246bd014a68ddf6Tinderbox User<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<td width="40%" align="right" valign="top">�Appendix�B.�A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</td>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</tr>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</table>

015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User</div>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0a1</p>

77997fab4b6b2d2c36ec66ace387447e8bc5c18eMark Andrews</body>

0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</html>

872e1437295dce8162ac7374317d593320ac2dd6Tinderbox User