doc/arm/notes.html

	notes.html revision adabefa84c3dcf048566cc23fd457c577f208eea
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater -
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - This Source Code Form is subject to the terms of the Mozilla Public
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - License, v. 2.0. If a copy of the MPL was not distributed with this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - file, You can obtain one at http://mozilla.org/MPL/2.0/.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title></title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id-1.2"></a>Release Notes for BIND Version 9.11.1b1</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This document summarizes changes since the last production
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      release on the BIND 9.11 branch.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Please see the <code class="filename">CHANGES</code> file for a further
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      list of bug fixes and other changes.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_download"></a>Download</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The latest versions of BIND 9 software can always be found at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      There you will find additional information about each release,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      source code, and pre-compiled versions for Microsoft Windows
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      operating systems.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
ab8729140b1ad688ab03e1e9ce438fb1cbb49222Automatic Updater  <div class="section">
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews<a name="relnotes_license"></a>License Change</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      With the release of BIND 9.11.0, ISC changed to the open
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      source license for BIND from the ISC license to the Mozilla
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Public License (MPL 2.0).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The MPL-2.0 license requires that if you make changes to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      licensed software (e.g. BIND) and distribute them outside
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      your organization, that you publish those changes under that
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      same license. It does not require that you publish or disclose
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      anything other than the changes you made to our software.
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      This new requirement will not affect anyone who is using BIND
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      without redistributing it, nor anyone redistributing it without
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      changes, therefore this change will be without consequence
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      for most individuals and organizations who are using BIND.
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater    </p>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Those unsure whether or not the license change affects their
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      use of BIND, or who wish to discuss how to comply with the
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      https://www.isc.org/mission/contact/</a>.
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater    </p>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater  </div>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater  <div class="section">
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If a server is configured with a response policy zone (RPZ)
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      that rewrites an answer with local data, and is also configured
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      for DNS64 address mapping, a NULL pointer can be read
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      triggering a server crash.  This flaw is disclosed in
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater      CVE-2017-3135. [RT #44434]
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater<li class="listitem">
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      A coding error in the <code class="option">nxdomain-redirect</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      feature could lead to an assertion failure if the redirection
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      namespace was served from a local authoritative data source
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      such as a local zone or a DLZ instead of via recursive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    <p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      <span class="command"><strong>named</strong></span> could mishandle authority sections
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      with missing RRSIGs, triggering an assertion failure. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      flaw is disclosed in CVE-2016-9444. [RT #43632]
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    </p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      </li>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<li class="listitem">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    <p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      <span class="command"><strong>named</strong></span> mishandled some responses where
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      covering RRSIG records were returned without the requested
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      data, resulting in an assertion failure. This flaw is
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      disclosed in CVE-2016-9147. [RT #43548]
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    <p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      records which could trigger an assertion failure when there was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      a class mismatch. This flaw is disclosed in CVE-2016-9131.
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      [RT #43522]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      </li>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      It was possible to trigger assertions when processing
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      responses containing answers of type DNAME. This flaw is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      disclosed in CVE-2016-8864. [RT #43465]
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Added the ability to specify the maximum number of records
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      permitted in a zone (<code class="option">max-records #;</code>).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This provides a mechanism to block overly large zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      transfers, which is a potential risk with slave zones from
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      other parties, as described in CVE-2016-6170.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #42143]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater  <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      Expanded and improved the YAML output from
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      <span class="command"><strong>dnstap-read -y</strong></span>: it now includes packet
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      size and a detailed breakdown of message contents.
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      [RT #43622] [RT #43642]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      </li>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<li class="listitem">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    <p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      If an ACL is specified with an address prefix in which the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      prefix length is longer than the address portion (for example,
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      In future releases this will be a fatal configuration error.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      [RT #43367]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater  </div>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater  <div class="section">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Named could deadlock there were multiple changes to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      NSEC/NSEC3 parameters for a zone being processed at the
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      same time. [RT #42770]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      Named could trigger a assertion when sending notify
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      messages. [RT #44019]
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    </p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      </li>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<li class="listitem">
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater      statement could cause an assertion failure during configuration.
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater      [RT #43787]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      <span class="command"><strong>rndc addzone</strong></span> could cause a crash
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      when attempting to add a zone with a type other than
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      Such zones are now rejected. [RT #43665]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="command"><strong>named</strong></span> could hang when encountering log
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      file names with large apparent gaps in version number (for
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      example, when files exist called "logfile.0", "logfile.1",
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      and "logfile.1482954169").  This is now handled correctly.
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      [RT #38688]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li class="listitem">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater    <p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      If a zone was updated while <span class="command"><strong>named</strong></span> was
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater      processing a query for nonexistent data, it could return
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      out-of-sync NSEC3 records causing potential DNSSEC validation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      failure. [RT #43247]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <div class="section">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      The built-in root hints have been updated to include an
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      IPv6 address (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </li></ul></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  </div>
922312472e2e05ebc64993d465999c5351b83036Automatic Updater
922312472e2e05ebc64993d465999c5351b83036Automatic Updater  <div class="section">
922312472e2e05ebc64993d465999c5351b83036Automatic Updater<div class="titlepage"><div><div><h3 class="title">
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater<a name="relnotes_misc"></a>Miscellaneous Notes</h3></div></div></div>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater    <p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      Authoritative server support for the EDNS Client Subnet option
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      (ECS), introduced in BIND 9.11.0, was based on an early version
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      of the specification, and is now known to have incompatibilities
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      with other ECS implementations. It is also inefficient, requiring
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      a separate view for each answer, and is unable to correct for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      overlapping subnets in the configuration.  It is intended for
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      testing purposes but is not recommended for for production use.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      This was not made sufficiently clear in the documentation at
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      the time of release.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </li></ul></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  </div>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <div class="section">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater<a name="end_of_life"></a>End of Life</h3></div></div></div>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater    <p>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater      The end of life for BIND 9.11 is yet to be determined but
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      will not be before BIND 9.13.0 has been released for 6 months.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews  </div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <div class="section">
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater    <p>
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater      Thank you to everyone who assisted us in making this release possible.
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater      If you would like to contribute to ISC to assist us in continuing to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      make quality open source software, please visit our donations page at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div></body>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein