d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<html>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<head>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<title></title>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith</head>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><hr></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="toc">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<p><b>Table of Contents</b></p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dl>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="preface"><a href="#id2542024">�</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dd><dl>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<dt><span class="sect1"><a href="#id2542008">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dd><dl>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_intro">Introduction</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_download">Download</a></span></dt>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<dt><span class="sect2"><a href="#relnotes_security">Security Fixes</a></span></dt>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<dt><span class="sect2"><a href="#relnotes_features">New Features</a></span></dt>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<dt><span class="sect2"><a href="#relnotes_changes">Feature Changes</a></span></dt>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<dt><span class="sect2"><a href="#relnotes_bugs">Bug Fixes</a></span></dt>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<dt><span class="sect2"><a href="#end_of_life">End of Life</a></span></dt>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<dt><span class="sect2"><a href="#relnotes_thanks">Thank You</a></span></dt>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai</dl></dd>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith</dl></dd>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</dl>

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="preface" lang="en">

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<div class="titlepage"><div><div><h2 class="title">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<a name="id2542024"></a>�</h2></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="toc">

98c1ab155c0e2148f69291b1abe1007c9d5a08e8Satyen Desai<p><b>Table of Contents</b></p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dl>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect1"><a href="#id2542008">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dd><dl>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_intro">Introduction</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_download">Download</a></span></dt>

98c1ab155c0e2148f69291b1abe1007c9d5a08e8Satyen Desai<dt><span class="sect2"><a href="#relnotes_security">Security Fixes</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_features">New Features</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_changes">Feature Changes</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_bugs">Bug Fixes</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#end_of_life">End of Life</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<dt><span class="sect2"><a href="#relnotes_thanks">Thank You</a></span></dt>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</dl></dd>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</dl>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect1" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h2 class="title" style="clear: both">

98c1ab155c0e2148f69291b1abe1007c9d5a08e8Satyen Desai<a name="id2542008"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect2" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h3 class="title">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<a name="relnotes_intro"></a>Introduction</h3></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai This document summarizes changes since the last production release

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai of BIND on the corresponding major release branch.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect2" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h3 class="title">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<a name="relnotes_download"></a>Download</h3></div></div></div>

98c1ab155c0e2148f69291b1abe1007c9d5a08e8Satyen Desai<p>

98c1ab155c0e2148f69291b1abe1007c9d5a08e8Satyen Desai The latest versions of BIND 9 software can always be found at

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai There you will find additional information about each release,

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai source code, and pre-compiled versions for Microsoft Windows

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai operating systems.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect2" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h3 class="title">

00cf03a1ca1624dac1fecc85f43fc34f8806aff9Luke Smith<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="itemizedlist"><ul type="disc">

4a5f24116202d9475862e022628fa2919d990842Satyen Desai<li><p>None</p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai Errors reported when running <span><strong class="command">rndc addzone</strong></span>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai (e.g., when a zone file cannot be loaded) have been clarified

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai to make it easier to diagnose problems.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</ul></div>

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect2" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h3 class="title">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<a name="relnotes_features"></a>New Features</h3></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="itemizedlist"><ul type="disc">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai The serial number of a dynamically updatable zone can

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai now be set using

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai This is particularly useful with <code class="option">inline-signing</code>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai zones that have been reset. Setting the serial number to a value

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai larger than that on the slaves will trigger an AXFR-style

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai transfer.

98c1ab155c0e2148f69291b1abe1007c9d5a08e8Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai When answering recursive queries, SERVFAIL responses can now be

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai cached by the server for a limited time; subsequent queries for

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai the same query name and type will return another SERVFAIL until

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai the cache times out. This reduces the frequency of retries

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai when a query is persistently failing, which can be a burden

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai on recursive serviers. The SERVFAIL cache timeout is controlled

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai by <code class="option">servfail-ttl</code>, which defaults to 10 seconds

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai and has an upper limit of 30.

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai </p></li>

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai<li><p>

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai The new <span><strong class="command">rndc nta</strong></span> command can now be used to

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai set a "negative trust anchor" (NTA), disabling DNSSEC validation for

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai a specific domain; this can be used when responses from a domain

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai are known to be failing validation due to administrative error

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai rather than because of a spoofing attack. NTAs are strictly

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai temporary; by default they expire after one hour, but can be

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai configured to last up to one week. The default NTA lifetime

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai can be changed by setting the <code class="option">nta-lifetime</code> in

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai <code class="filename">named.conf</code>.

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai </p></li>

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai The EDNS Client Subnet (ECS) option is now supported for

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai authoritative servers; if a query contains an ECS option then

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai elements can match against the the address encoded in the option.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai This can be used to select a view for a query, so that different

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai answers can be provided depending on the client network.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai The EDNS EXPIRE option has been implemented on the client

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai side, allowing a slave server to set the expiration timer

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai correctly when transferring zone data from another slave

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai server.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai A new <code class="option">masterfile-style</code> zone option controls

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai the formatting of text zone files: When set to

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <code class="literal">full</code>, the zone file will dumped in

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai single-line-per-record format.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">dig +ednsopt</strong></span> can now be used to set

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai arbitrary EDNS options in DNS requests.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">dig +ednsflags</strong></span> can now be used to set

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai yet-to-be-defined EDNS flags in DNS requests.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai <span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai disable EDNS version negotiation.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">dig +header-only</strong></span> can now be used to send

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai queries without a question section.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai to print TTL values with time-unit suffixes: w, d, h, m, s for

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai weeks, days, hours, minutes, and seconds.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">dig +zflag</strong></span> can be used to set the last

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai unassigned DNS header flag bit. This bit in normally zero.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai can now be used to set the DSCP code point in outgoing query

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai packets.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <code class="option">serial-update-method</code> can now be set to

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <code class="literal">date</code>. On update, the serial number will

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai be set to the current date in YYYYMMDDNN format.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai number to YYYYMMDDNN.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai causes named to send log messages to the specified file by

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai default instead of to the system log.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai The rate limiter configured by the

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <code class="option">serial-query-rate</code> option no longer covers

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai NOTIFY messages; those are now separately controlled by

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <code class="option">notify-rate</code> and

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <code class="option">startup-notify-rate</code> (the latter of which

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai controls the rate of NOTIFY messages sent when the server

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai is first started up or reconfigured).

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai The default number of tasks and client objects available

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai for serving lightweight resolver queries have been increased,

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai and are now configurable via the new <code class="option">lwres-tasks</code>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai and <code class="option">lwres-clients</code> options in

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <code class="filename">named.conf</code>. [RT #35857]

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai Log output to files can now be buffered by specifying

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">buffered yes;</strong></span> when creating a channel.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai</ul></div>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai</div>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<div class="sect2" lang="en">

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<div class="titlepage"><div><div><h3 class="title">

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<div class="itemizedlist"><ul type="disc">

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai not correctly matched unless the full organization name was

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai specified in the ACL (as in

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai They can now match against the AS number alone (as in

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">geoip asnum "AS1234";</strong></span>).

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai When using native PKCS#11 cryptography (i.e.,

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai <span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai of up to 256 characters can now be used.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai NXDOMAIN responses to queries of type DS are now cached separately

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai from those for other types. This helps when using "grafted" zones

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai of type forward, for which the parent zone does not contain a

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai delegation, such as local top-level domains. Previously a query

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai of type DS for such a zone could cause the zone apex to be cached

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai as NXDOMAIN, blocking all subsequent queries. (Note: This

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai change is only helpful when DNSSEC validation is not enabled.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai "Grafted" zones without a delegation in the parent are not a

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai recommended configuration.)

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai Update forwarding performance has been improved by allowing

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai a single TCP connection to be shared between multiple updates.

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai </p></li>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai<li><p>

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai By default, <span><strong class="command">nsupdate</strong></span> will now check

81ed0aaa8456bd5c6a54e7797258b1f182eb1f5bSatyen Desai the correctness of hostnames when adding records of type

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai disabled with <span><strong class="command">check-names no</strong></span>.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</ul></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect2" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h3 class="title">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="itemizedlist"><ul type="disc">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <span><strong class="command">nslookup</strong></span> aborted when encountering

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai a name which, after appending search list elements,

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai exceeded 255 bytes. Such names are now skipped, but

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai processing of other names will continue. [RT #36892]

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai The error message generated when

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <span><strong class="command">named-checkzone</strong></span> or

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <span><strong class="command">named-checkconf -z</strong></span> encounters a

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <code class="option">$TTL</code> directive without a value has

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai been clarified. [RT #37138]

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai Semicolon characters (;) included in TXT records were

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai incorrectly escaped with a backslash when the record was

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai displayed as text. This is actually only necessary when there

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai are no quotation marks. [RT #37159]

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai When files opened for writing by <span><strong class="command">named</strong></span>,

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai such as zone journal files, were referenced more than once

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai in <code class="filename">named.conf</code>, it could lead to file

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai corruption as multiple threads wrote to the same file. This

12bdc27e9ac1ba89d9657200cfb22aadad54e7fbSatyen Desai is now detected when loading <code class="filename">named.conf</code>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai and reported as an error. [RT #37172]

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai When checking for updates to trust anchors listed in

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai now revalidates keys based on the current set of

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai active trust anchors, without relying on any cached

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai record of previous validation. [RT #37506]

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<li><p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai Large-system tuning

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai (<span><strong class="command">configure --with-tuning=large</strong></span>) caused

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai problems on some platforms by setting a socket receive

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai buffer size that was too large. This is now detected and

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai corrected at run time. [RT #37187]

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p></li>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</ul></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect2" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h3 class="title">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<a name="end_of_life"></a>End of Life</h3></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai The end of life for BIND 9.11 is yet to be determined but

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai will not be before BIND 9.13.0 has been released for 6 months.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="sect2" lang="en">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<div class="titlepage"><div><div><h3 class="title">

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai<p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai Thank you to everyone who assisted us in making this release possible.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai If you would like to contribute to ISC to assist us in continuing to

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai make quality open source software, please visit our donations page at

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai <a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai </p>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</div></body>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai</html>

d3c5729464159cab52ada7ff4b6c26b91bd4dcb4Satyen Desai