5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<html>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<head>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<title></title>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</head>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <div class="section">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="id-1.2"></a>Release Notes for BIND Version 9.11.2</h2></div></div></div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <div class="section">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="relnotes_intro"></a>Introduction</h3></div></div></div>

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User <p>

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User This document summarizes changes since the last production

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews release on the BIND 9.11 branch.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Please see the <code class="filename">CHANGES</code> file for a further

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews list of bug fixes and other changes.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <div class="section">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<a name="relnotes_download"></a>Download</h3></div></div></div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The latest versions of BIND 9 software can always be found at

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews There you will find additional information about each release,

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews source code, and pre-compiled versions for Microsoft Windows

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews operating systems.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <div class="section">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User ICANN is in the process of introducing a new Key Signing Key (KSK) for

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the global root zone. BIND has multiple methods for managing DNSSEC

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User trust anchors, with somewhat different behaviors. If the root

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User key is configured using the <span class="command"><strong>managed-keys</strong></span>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User statement, or if the pre-configured root key is enabled by using

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep keys up

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User to date automatically. Servers configured in this way should have

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User begun the process of rolling to the new key when it was published in

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the root zone in July 2017. However, keys configured using the

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span class="command"><strong>trusted-keys</strong></span> statement are not automatically

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews maintained. If your server is performing DNSSEC validation and is

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews configured using <span class="command"><strong>trusted-keys</strong></span>, you are advised to

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt change your configuration before the root zone begins signing with

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the new KSK. This is currently scheduled for October 11, 2017.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This release includes an updated version of the

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <code class="filename">bind.keys</code> file containing the new root

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt key. This file can also be downloaded from

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <a class="link" href="https://www.isc.org/bind-keys" target="_top">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews https://www.isc.org/bind-keys

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </a>.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews </div>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <div class="section">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="relnotes_license"></a>License Change</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews With the release of BIND 9.11.0, ISC changed to the open

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt source license for BIND from the ISC license to the Mozilla

03c0efc6892ef2ed17338b2ecbb2c5f23fbad0c9Tinderbox User Public License (MPL 2.0).

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The MPL-2.0 license requires that if you make changes to

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User licensed software (e.g. BIND) and distribute them outside

b49958b502ee45022010a0b1bed3968f598895a4Automatic Updater your organization, that you publish those changes under that

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt same license. It does not require that you publish or disclose

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews anything other than the changes you made to our software.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This requirement will not affect anyone who is using BIND, with

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews or without modifications, without redistributing it, nor anyone

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews redistributing it without changes. Therefore, this change will be

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews without consequence for most individuals and organizations who are

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User using BIND.

b3cbb2f1ad021349e89807f3492df6e4e679cd56Mark Andrews </p>

665a24faf6b3711e4012ac02ae5f0981c093ac1eTinderbox User <p>

9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User Those unsure whether or not the license change affects their

b49958b502ee45022010a0b1bed3968f598895a4Automatic Updater use of BIND, or who wish to discuss how to comply with the

b3cbb2f1ad021349e89807f3492df6e4e679cd56Mark Andrews license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">

b3cbb2f1ad021349e89807f3492df6e4e679cd56Mark Andrews https://www.isc.org/mission/contact/</a>.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <div class="section">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="win_support"></a>Legacy Windows No Longer Supported</h3></div></div></div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews platforms for BIND; "XP" binaries are no longer available for download

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews from ISC.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews

d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User <div class="section">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h3 class="title">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User<li class="listitem">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt An error in TSIG handling could permit unauthorized zone

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User transfers or zone updates. These flaws are disclosed in

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User CVE-2017-3142 and CVE-2017-3143. [RT #45383]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User </li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <p>

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User The BIND installer on Windows used an unquoted service path,

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User which can enable privilege escalation. This flaw is disclosed

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User in CVE-2017-3141. [RT #45229]

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User </p>

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User </li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <p>

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User With certain RPZ configurations, a response with TTL 0

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User could cause <span class="command"><strong>named</strong></span> to go into an infinite

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User query loop. This flaw is disclosed in CVE-2017-3140.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [RT #45181]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User </li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</ul></div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <div class="section">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User<div class="titlepage"><div><div><h3 class="title">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The ISC DNSSEC Lookaside Validation (DLV) service has

6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User been shut down; all DLV records in the dlv.isc.org zone

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User have been removed. References to the service have been

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews removed from BIND documentation. Lookaside validation

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews is no longer used by default by <span class="command"><strong>delv</strong></span>.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The DLV key has been removed from <code class="filename">bind.keys</code>.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Setting <span class="command"><strong>dnssec-lookaside</strong></span> to

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span class="command"><strong>auto</strong></span> or to use dlv.isc.org as a trust

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User anchor results in a warning being issued.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li></ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </div>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <div class="section">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<div class="titlepage"><div><div><h3 class="title">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="proto_changes"></a>Protocol Changes</h3></div></div></div>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User BIND can now use the Ed25519 and Ed448 Edwards Curve DNSSEC

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User signing algorithms described in RFC 8080. Note, however, that

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User these algorithms must be supported in OpenSSL;

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User currently they are only available in the development branch

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User of OpenSSL at

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="https://github.com/openssl/openssl" target="_top">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User https://github.com/openssl/openssl</a>.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User [RT #44696]

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User When parsing DNS messages, EDNS KEY TAG options are checked

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User for correctness. When printing messages (for example, in

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="command"><strong>dig</strong></span>), EDNS KEY TAG options are printed

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User in readable format.

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User</ul></div>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <div class="section">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h3 class="title">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <span class="command"><strong>named</strong></span> will no longer start or accept

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User reconfiguration if <span class="command"><strong>managed-keys</strong></span> or

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <span class="command"><strong>dnssec-validation auto</strong></span> are in use and

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User the managed-keys directory (specified by

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span class="command"><strong>managed-keys-directory</strong></span>, and defaulting

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to the working directory if not specified),

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User is not writable by the effective user ID. [RT #46077]

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </li>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Previously, <span class="command"><strong>update-policy local;</strong></span> accepted

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User updates from any source so long as they were signed by the

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User locally-generated session key. This has been further restricted;

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User updates are now only accepted from locally configured addresses.

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User [RT #45492]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User <span class="command"><strong>dig +ednsopt</strong></span> now accepts the names

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User for EDNS options in addition to numeric values. For example,

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User an EDNS Client-Subnet option could be sent using

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span class="command"><strong>dig +ednsopt=ecs:...</strong></span>. Thanks to

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User John Worley of Secure64 for the contribution. [RT #44461]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User Threads in <span class="command"><strong>named</strong></span> are now set to human-readable

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User names to assist debugging on operating systems that support that.

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User Threads will have names such as "isc-timer", "isc-sockmgr",

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User "isc-worker0001", and so on. This will affect the reporting of

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User subsidiary thread names in <span class="command"><strong>ps</strong></span> and

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User DiG now warns about .local queries which are reserved for

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User Multicast DNS. [RT #44783]

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User</ul></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </div>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <div class="section">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<div class="titlepage"><div><div><h3 class="title">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User When <span class="command"><strong>named</strong></span> was reconfigured, failure of some

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User zones to load correctly could leave the system in an inconsistent

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User state; while generally harmless, this could lead to a crash later

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User when using <span class="command"><strong>rndc addzone</strong></span>. Reconfiguration changes

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt are now fully rolled back in the event of failure. [RT #45841]

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User Fixed a bug that was introduced in an earlier development

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User release which caused multi-packet AXFR and IXFR messages to fail

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User validation if not all packets contained TSIG records; this

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User caused interoperability problems with some other DNS

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User implementations. [RT #45509]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User Reloading or reconfiguring <span class="command"><strong>named</strong></span> could

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User fail on some platforms when LMDB was in use. [RT #45203]

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User Due to some incorrectly deleted code, when BIND was

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User built with LMDB, zones that were deleted via

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <span class="command"><strong>rndc delzone</strong></span> were removed from the

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User running server but were not removed from the new zone

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User database, so that deletion did not persist after a

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User server restart. This has been corrected. [RT #45185]

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </li>

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User<li class="listitem">

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User <p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Semicolons are no longer escaped when printing CAA and

0eea9763d88e3edf9b6de585f7cfbb08de977124Tinderbox User URI records. This may break applications that depend on the

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User presence of the backslash before the semicolon. [RT #45216]

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </li>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li class="listitem">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews AD could be set on truncated answer with no records present

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews in the answer and authority sections. [RT #45140]

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </li>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<li class="listitem">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Some header files included &lt;isc/util.h&gt; incorrectly as

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews it pollutes with namespace with non ISC_ macros and this should

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews only be done by explicitly including &lt;isc/util.h&gt;. This

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews has been corrected. Some code may depend on &lt;isc/util.h&gt;

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews being implicitly included via other header files. Such

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews code should explicitly include &lt;isc/util.h&gt;.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

335c82aebd0da12b401cfac28bd305da95a4d052Tinderbox User </li>

335c82aebd0da12b401cfac28bd305da95a4d052Tinderbox User</ul></div>

335c82aebd0da12b401cfac28bd305da95a4d052Tinderbox User </div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <div class="section">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="end_of_life"></a>End of Life</h3></div></div></div>

8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User <p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User The end of life for BIND 9.11 is yet to be determined but

8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User will not be before BIND 9.13.0 has been released for 6 months.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </div>

8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User <div class="section">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h3 class="title">

8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User <p>

8e16b3078757ba3010c24aef805e9e29ed19518bTinderbox User Thank you to everyone who assisted us in making this release possible.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User If you would like to contribute to ISC to assist us in continuing to

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews make quality open source software, please visit our donations page at

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.

370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater </p>

370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater </div>

370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater</div>

370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater</div></body>

370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater</html>

370c55dfcdc559b8761ef3eb4921498580caf14cAutomatic Updater