doc/arm/notes.html

	notes.html revision 2acf9aa8ffa476bee7003fd788539ed714733464
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews -
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - This Source Code Form is subject to the terms of the Mozilla Public
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - License, v. 2.0. If a copy of the MPL was not distributed with this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - file, You can obtain one at http://mozilla.org/MPL/2.0/.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title></title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id-1.2"></a>Release Notes for BIND Version 9.11.1b1</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This document summarizes changes since the last production
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      release on the BIND 9.11 branch.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Please see the <code class="filename">CHANGES</code> file for a further
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      list of bug fixes and other changes.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_download"></a>Download</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The latest versions of BIND 9 software can always be found at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      There you will find additional information about each release,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      source code, and pre-compiled versions for Microsoft Windows
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      operating systems.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_license"></a>License Change</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      With the release of BIND 9.11.0, ISC changed to the open
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      source license for BIND from the ISC license to the Mozilla
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Public License (MPL 2.0).
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews    </p>
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The MPL-2.0 license requires that if you make changes to
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews      licensed software (e.g. BIND) and distribute them outside
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews      your organization, that you publish those changes under that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      same license. It does not require that you publish or disclose
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews      anything other than the changes you made to our software.
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This new requirement will not affect anyone who is using BIND
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      without redistributing it, nor anyone redistributing it without
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      changes, therefore this change will be without consequence
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      for most individuals and organizations who are using BIND.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Those unsure whether or not the license change affects their
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      use of BIND, or who wish to discuss how to comply with the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      https://www.isc.org/mission/contact/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If a server is configured with a response policy zone (RPZ)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      that rewrites an answer with local data, and is also configured
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      for DNS64 address mapping, a NULL pointer can be read
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      triggering a server crash.  This flaw is disclosed in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      CVE-2017-3135. [RT #44434]
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson    </p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      </li>
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson<li class="listitem">
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson    <p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      A coding error in the <code class="option">nxdomain-redirect</code>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      feature could lead to an assertion failure if the redirection
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      namespace was served from a local authoritative data source
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      such as a local zone or a DLZ instead of via recursive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    </p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>named</strong></span> could mishandle authority sections
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      with missing RRSIGs, triggering an assertion failure. This
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews      flaw is disclosed in CVE-2016-9444. [RT #43632]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>named</strong></span> mishandled some responses where
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      covering RRSIG records were returned without the requested
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      data, resulting in an assertion failure. This flaw is
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson      disclosed in CVE-2016-9147. [RT #43548]
575e532437cf7f203707765e21767db92fa1e480Mark Andrews    </p>
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson      </li>
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson<li class="listitem">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    <p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      records which could trigger an assertion failure when there was
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      a class mismatch. This flaw is disclosed in CVE-2016-9131.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      [RT #43522]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    </p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      </li>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<li class="listitem">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    <p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      It was possible to trigger assertions when processing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      responses containing answers of type DNAME. This flaw is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      disclosed in CVE-2016-8864. [RT #43465]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    </p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      </li>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<li class="listitem">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    <p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      Added the ability to specify the maximum number of records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      permitted in a zone (<code class="option">max-records #;</code>).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      This provides a mechanism to block overly large zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      transfers, which is a potential risk with slave zones from
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      other parties, as described in CVE-2016-6170.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      [RT #42143]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    </p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      </li>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      Expanded and improved the YAML output from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>dnstap-read -y</strong></span>: it now includes packet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      size and a detailed breakdown of message contents.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #43622] [RT #43642]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If an ACL is specified with an address prefix in which the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      prefix length is longer than the address portion (for example,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      In future releases this will be a fatal configuration error.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #43367]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      A synthesized CNAME record appearing in a response before the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      associated DNAME could be cached, when it should not have been.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This was a regression introduced while addressing CVE-2016-8864.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #44318]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Named could deadlock there were multiple changes to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      NSEC/NSEC3 parameters for a zone being processed at the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      same time. [RT #42770]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Named could trigger a assertion when sending notify
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      messages. [RT #44019]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      statement could cause an assertion failure during configuration.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #43787]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>rndc addzone</strong></span> could cause a crash
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      when attempting to add a zone with a type other than
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Such zones are now rejected. [RT #43665]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>named</strong></span> could hang when encountering log
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      file names with large apparent gaps in version number (for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      example, when files exist called "logfile.0", "logfile.1",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      and "logfile.1482954169").  This is now handled correctly.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #38688]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If a zone was updated while <span class="command"><strong>named</strong></span> was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      processing a query for nonexistent data, it could return
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      out-of-sync NSEC3 records causing potential DNSSEC validation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      failure. [RT #43247]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The built-in root hints have been updated to include an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      IPv6 address (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li></ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_misc"></a>Miscellaneous Notes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Authoritative server support for the EDNS Client Subnet option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      (ECS), introduced in BIND 9.11.0, was based on an early version
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      of the specification, and is now known to have incompatibilities
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      with other ECS implementations. It is also inefficient, requiring
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      a separate view for each answer, and is unable to correct for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      overlapping subnets in the configuration.  It is intended for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      testing purposes but is not recommended for for production use.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This was not made sufficiently clear in the documentation at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the time of release.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li></ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="end_of_life"></a>End of Life</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The end of life for BIND 9.11 is yet to be determined but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      will not be before BIND 9.13.0 has been released for 6 months.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Thank you to everyone who assisted us in making this release possible.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If you would like to contribute to ISC to assist us in continuing to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      make quality open source software, please visit our donations page at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div></body>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein