doc/arm/notes.html

	notes.html revision 0ce865f8b2e652d6fe0c029e3538f4cc7e009fe1
7cb128dc4cae2a03a742f63ba7afee23c78e3af0Phil Carmody<!--
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen -
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen - This Source Code Form is subject to the terms of the Mozilla Public
b9f564d00b7a115f465ffd6840341c7b8f9bfc8aTimo Sirainen - License, v. 2.0. If a copy of the MPL was not distributed with this
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen - file, You can obtain one at http://mozilla.org/MPL/2.0/.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen-->
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<!-- $Id$ -->
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<html>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<head>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen<title></title>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen</head>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen  <div class="section">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen<div class="titlepage"><div><div><h2 class="title" style="clear: both">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen<a name="id-1.2"></a>Release Notes for BIND Version 9.11.1rc1</h2></div></div></div>
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen  <div class="section">
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen    <p>
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen      This document summarizes changes since the last production
19b9d763d1728ef5a1937087ee7220a1c94b7db0Timo Sirainen      release on the BIND 9.11 branch.
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      Please see the <code class="filename">CHANGES</code> file for a further
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      list of bug fixes and other changes.
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen    </p>
4ca83616715c3bd417e34ced2c1d61852513e427Timo Sirainen  </div>
c2d2161296e2361f97ee48b70b168602157069e6Timo Sirainen
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen  <div class="section">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<a name="relnotes_download"></a>Download</h3></div></div></div>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen    <p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      The latest versions of BIND 9 software can always be found at
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      There you will find additional information about each release,
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      source code, and pre-compiled versions for Microsoft Windows
6f0ce13784826b803cfcda771f07dc4813dc94b2Timo Sirainen      operating systems.
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen    </p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen  </div>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen  <div class="section">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<div class="titlepage"><div><div><h3 class="title">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<a name="relnotes_license"></a>License Change</h3></div></div></div>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    <p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      With the release of BIND 9.11.0, ISC changed to the open
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      source license for BIND from the ISC license to the Mozilla
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      Public License (MPL 2.0).
6f0ce13784826b803cfcda771f07dc4813dc94b2Timo Sirainen    </p>
6f0ce13784826b803cfcda771f07dc4813dc94b2Timo Sirainen    <p>
6f0ce13784826b803cfcda771f07dc4813dc94b2Timo Sirainen      The MPL-2.0 license requires that if you make changes to
6f0ce13784826b803cfcda771f07dc4813dc94b2Timo Sirainen      licensed software (e.g. BIND) and distribute them outside
6f0ce13784826b803cfcda771f07dc4813dc94b2Timo Sirainen      your organization, that you publish those changes under that
6f0ce13784826b803cfcda771f07dc4813dc94b2Timo Sirainen      same license. It does not require that you publish or disclose
aa01480188ab99f2b37abea08898d5bacd4e0848Timo Sirainen      anything other than the changes you made to our software.
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    </p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen    <p>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      This new requirement will not affect anyone who is using BIND
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      without redistributing it, nor anyone redistributing it without
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      changes, therefore this change will be without consequence
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      for most individuals and organizations who are using BIND.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen    <p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      Those unsure whether or not the license change affects their
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      use of BIND, or who wish to discuss how to comply with the
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      https://www.isc.org/mission/contact/</a>.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  </div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  <div class="section">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen<li class="listitem">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen    <p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      If a server is configured with a response policy zone (RPZ)
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      that rewrites an answer with local data, and is also configured
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      for DNS64 address mapping, a NULL pointer can be read
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      triggering a server crash.  This flaw is disclosed in
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      CVE-2017-3135. [RT #44434]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      A coding error in the <code class="option">nxdomain-redirect</code>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      feature could lead to an assertion failure if the redirection
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      namespace was served from a local authoritative data source
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      such as a local zone or a DLZ instead of via recursive
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen    <p>
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      <span class="command"><strong>named</strong></span> could mishandle authority sections
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      with missing RRSIGs, triggering an assertion failure. This
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      flaw is disclosed in CVE-2016-9444. [RT #43632]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
d22301419109ed4a38351715e6760011421dadecTimo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      <span class="command"><strong>named</strong></span> mishandled some responses where
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      covering RRSIG records were returned without the requested
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      data, resulting in an assertion failure. This flaw is
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      disclosed in CVE-2016-9147. [RT #43548]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen    <p>
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen      <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen      records which could trigger an assertion failure when there was
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen      a class mismatch. This flaw is disclosed in CVE-2016-9131.
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen      [RT #43522]
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen    </p>
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen      </li>
f605df8a4c15cc7a11e16fdde994d51473700890Timo Sirainen<li class="listitem">
513c37060144cacc3d7ff3080412f573894c376fTimo Sirainen    <p>
513c37060144cacc3d7ff3080412f573894c376fTimo Sirainen      It was possible to trigger assertions when processing
3df398a463e931b63586726adb3309c9692208c1Timo Sirainen      responses containing answers of type DNAME. This flaw is
badb675af0ee245ffff36e5809ecc4e9526403d5Timo Sirainen      disclosed in CVE-2016-8864. [RT #43465]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      Added the ability to specify the maximum number of records
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      permitted in a zone (<code class="option">max-records #;</code>).
817d027593510c3ba70ad542ce0011f5f6916d1eTimo Sirainen      This provides a mechanism to block overly large zone
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      transfers, which is a potential risk with slave zones from
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      other parties, as described in CVE-2016-6170.
213a25b3a96d49c09df50248fd8d71d6faa6c9b8Timo Sirainen      [RT #42143]
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen</ul></div>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen  </div>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen  <div class="section">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<div class="titlepage"><div><div><h3 class="title">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<li class="listitem">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    <p>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      The built in mangaged keys for the global root zone have been
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      updated to include the upcoming key signing key (keyid 20326).
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    </p>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      </li>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<li class="listitem">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    <p>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      Expanded and improved the YAML output from
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      <span class="command"><strong>dnstap-read -y</strong></span>: it now includes packet
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      size and a detailed breakdown of message contents.
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      [RT #43622] [RT #43642]
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    </p>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      </li>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<li class="listitem">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    <p>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      If an ACL is specified with an address prefix in which the
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      prefix length is longer than the address portion (for example,
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      In future releases this will be a fatal configuration error.
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen      [RT #43367]
6ae329de09afb7214c906d762320847e05469d53Timo Sirainen    </p>
52de839a8249bff5eace53dc1401b28baa0c124bTimo Sirainen      </li>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen</ul></div>
52de839a8249bff5eace53dc1401b28baa0c124bTimo Sirainen  </div>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen  <div class="section">
6ae329de09afb7214c906d762320847e05469d53Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
4b2a4c8c762e3eaddf7fd2abfe7d4cca6e5e3fd8Timo Sirainen<li class="listitem">
4b2a4c8c762e3eaddf7fd2abfe7d4cca6e5e3fd8Timo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      A synthesized CNAME record appearing in a response before the
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      associated DNAME could be cached, when it should not have been.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      This was a regression introduced while addressing CVE-2016-8864.
9865d9e7c5713e41db939222ed9c0225a11fb99eTimo Sirainen      [RT #44318]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
d22301419109ed4a38351715e6760011421dadecTimo Sirainen<li class="listitem">
9865d9e7c5713e41db939222ed9c0225a11fb99eTimo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      Named could deadlock there were multiple changes to
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      NSEC/NSEC3 parameters for a zone being processed at the
8b7f41ed4e3091d9a53c1db1d0b202cf332c4c15Timo Sirainen      same time. [RT #42770]
b66d803de86bfb411165b3465b0d9ef64ecfe2a1Timo Sirainen    </p>
4b2a4c8c762e3eaddf7fd2abfe7d4cca6e5e3fd8Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      Named could trigger a assertion when sending notify
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      messages. [RT #44019]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
d22301419109ed4a38351715e6760011421dadecTimo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
3f91e60401495a4046c73992fabaa5e77200a451Timo Sirainen      statement could cause an assertion failure during configuration.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      [RT #43787]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen    <p>
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen      <span class="command"><strong>rndc addzone</strong></span> could cause a crash
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen      when attempting to add a zone with a type other than
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen      <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      Such zones are now rejected. [RT #43665]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      <span class="command"><strong>named</strong></span> could hang when encountering log
3f91e60401495a4046c73992fabaa5e77200a451Timo Sirainen      file names with large apparent gaps in version number (for
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      example, when files exist called "logfile.0", "logfile.1",
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      and "logfile.1482954169").  This is now handled correctly.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      [RT #38688]
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<li class="listitem">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      If a zone was updated while <span class="command"><strong>named</strong></span> was
9963bef626fd9ea227fb606e8b1694cdb1ab39aaTimo Sirainen      processing a query for nonexistent data, it could return
9963bef626fd9ea227fb606e8b1694cdb1ab39aaTimo Sirainen      out-of-sync NSEC3 records causing potential DNSSEC validation
9963bef626fd9ea227fb606e8b1694cdb1ab39aaTimo Sirainen      failure. [RT #43247]
d0b2bd9e2246eb68ed952c7f2e13d1969d657c8fTimo Sirainen    </p>
d0b2bd9e2246eb68ed952c7f2e13d1969d657c8fTimo Sirainen      </li>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen</ul></div>
ae1636c09e096904119db3410ba911625246f892Timo Sirainen  </div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  <div class="section">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      The built-in root hints have been updated to include an
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      IPv6 address (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li></ul></div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  </div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  <div class="section">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<a name="relnotes_misc"></a>Miscellaneous Notes</h3></div></div></div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <p>
2b9e49e4e65e3e2dca38f56971029a3051ccdb99Timo Sirainen      Authoritative server support for the EDNS Client Subnet option
ca98892a6b8a30ffc1fe26fcf02c7d59e3204e7eTimo Sirainen      (ECS), introduced in BIND 9.11.0, was based on an early version
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      of the specification, and is now known to have incompatibilities
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      with other ECS implementations. It is also inefficient, requiring
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      a separate view for each answer, and is unable to correct for
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen      overlapping subnets in the configuration.  It is intended for
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen      testing purposes but is not recommended for for production use.
e5fb952c6d49d3b6bff1746551566202e92947daTimo Sirainen      This was not made sufficiently clear in the documentation at
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      the time of release.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      </li></ul></div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  </div>
9963bef626fd9ea227fb606e8b1694cdb1ab39aaTimo Sirainen
ae1636c09e096904119db3410ba911625246f892Timo Sirainen  <div class="section">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<a name="end_of_life"></a>End of Life</h3></div></div></div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      The end of life for BIND 9.11 is yet to be determined but
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      will not be before BIND 9.13.0 has been released for 6 months.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    </p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  </div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen  <div class="section">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen    <p>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      Thank you to everyone who assisted us in making this release possible.
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      If you would like to contribute to ISC to assist us in continuing to
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      make quality open source software, please visit our donations page at
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen      <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
6ae329de09afb7214c906d762320847e05469d53Timo Sirainen    </p>
9963bef626fd9ea227fb606e8b1694cdb1ab39aaTimo Sirainen  </div>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen</div>
1f1ee8db68d9ae1604350801cd8dc33ebe29fe8aTimo Sirainen</div></body>
1ac7c8e9040e0d0b7e9f849e45b94bfe919595a9Timo Sirainen</html>
44fb32493e2a989358283426a6054662cafcc56bTimo Sirainen