notes.html revision 6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - Permission to use, copy, modify, and/or distribute this software for any
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - purpose with or without fee is hereby granted, provided that the above
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - copyright notice and this permission notice appear in all copies.
027e89d47af308db4b41761ca9f847c026b63ec8Andreas Gustafsson - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - PERFORMANCE OF THIS SOFTWARE.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<!-- $Id$ -->
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article"><div class="section">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h2 class="title" style="clear: both">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="id-1.2"></a>Release Notes for BIND Version 9.11.0a1</h2></div></div></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h3 class="title">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce BIND 9.11.0 is a new feature release of BIND, still under development.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This document summarizes new features and functional changes that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce have been introduced on this branch. With each development
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce release leading up to the final BIND 9.11.0 release, this document
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce will be updated with additional features added and bugs fixed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h3 class="title">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="relnotes_download"></a>Download</h3></div></div></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The latest versions of BIND 9 software can always be found at
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce There you will find additional information about each release,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce source code, and pre-compiled versions for Microsoft Windows
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce operating systems.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h3 class="title">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h3 class="title">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="relnotes_features"></a>New Features</h3></div></div></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Added support for DynDB, a new interface for loading zone data
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce from an external database, developed by Red Hat for the FreeIPA
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce project. (Thanks in particular to Adam Tkac and Petr
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Spacek of Red Hat for the contribution.)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Unlike the existing DLZ and SDB interfaces, which provide a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce limited subset of database functionality within BIND —
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce translating DNS queries into real-time database lookups with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce relatively poor performance and with no ability to handle
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce DNSSEC-signed data — DynDB is able to fully implement
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and extend the database API used natively by BIND.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A DynDB module could pre-load data from an external data
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce source, then serve it with the same performance and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce functionality as conventional BIND zones, and with the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce ability to take advantage of database features not
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce available in BIND, such as multi-master replication.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce New quotas have been added to limit the queries that are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce sent by recursive resolvers to authoritative servers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce experiencing denial-of-service attacks. When configured,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce these options can both reduce the harm done to authoritative
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson servers and also avoid the resource exhaustion that can be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce experienced by recursives when they are being used as a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce vehicle for such an attack.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; ">
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson <code class="option">fetches-per-server</code> limits the number of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce simultaneous queries that can be sent to any single
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce authoritative server. The configured value is a starting
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson point; it is automatically adjusted downward if the server is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce partially or completely non-responsive. The algorithm used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce adjust the quota can be configured via the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="option">fetch-quota-params</code> option.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="option">fetches-per-zone</code> limits the number of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce simultaneous queries that can be sent for names within a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce single domain. (Note: Unlike "fetches-per-server", this
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce value is not self-tuning.)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Statistics counters have also been added to track the number
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce of queries affected by these quotas.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Added support for <span class="command"><strong>dnstap</strong></span>, a fast,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce flexible method for capturing and logging DNS traffic,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce developed by Robert Edmonds at Farsight Security, Inc.,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce whose assistance is gratefully acknowledged.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce To enable <span class="command"><strong>dnstap</strong></span> at compile time,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the <span class="command"><strong>fstrm</strong></span> and <span class="command"><strong>protobuf-c</strong></span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce libraries must be available, and BIND must be configured with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A new utility <span class="command"><strong>dnstap-read</strong></span> has been added
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce to allow <span class="command"><strong>dnstap</strong></span> data to be presented in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a human-readable format.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson For more information on <span class="command"><strong>dnstap</strong></span>, see
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <a class="link" href="http://dnstap.info" target="_top">http://dnstap.info</a>.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson New statistics counters have been added to track traffic
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson sizes, as specified in RSSAC002. Query and response
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce message sizes are broken up into ranges of histogram buckets:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce TCP and UDP queries of size 0-15, 16-31, ..., 272-288, and 288+,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and TCP and UDP responses of size 0-15, 16-31, ..., 4080-4095,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and 4096+. These values can be accessed via the XML and JSON
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce statistics channels at, for example,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <a class="link" href="http://localhost:8888/xml/v3/traffic" target="_top">http://localhost:8888/xml/v3/traffic</a>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <a class="link" href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The serial number of a dynamically updatable zone can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce now be set using
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This is particularly useful with <code class="option">inline-signing</code>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce zones that have been reset. Setting the serial number to a value
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce larger than that on the slaves will trigger an AXFR-style
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce When answering recursive queries, SERVFAIL responses can now be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce cached by the server for a limited time; subsequent queries for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the same query name and type will return another SERVFAIL until
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the cache times out. This reduces the frequency of retries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce when a query is persistently failing, which can be a burden
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce on recursive serviers. The SERVFAIL cache timeout is controlled
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce by <code class="option">servfail-ttl</code>, which defaults to 1 second
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and has an upper limit of 30.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The new <span class="command"><strong>rndc nta</strong></span> command can now be used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce set a "negative trust anchor" (NTA), disabling DNSSEC validation for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a specific domain; this can be used when responses from a domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce are known to be failing validation due to administrative error
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce rather than because of a spoofing attack. NTAs are strictly
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce temporary; by default they expire after one hour, but can be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce configured to last up to one week. The default NTA lifetime
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce can be changed by setting the <code class="option">nta-lifetime</code> in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="filename">named.conf</code>. When added, NTAs are stored in a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce file (<code class="filename"><em class="replaceable"><code>viewname</code></em>.nta</code>)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce in order to persist across restarts of the <span class="command"><strong>named</strong></span> server.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The EDNS Client Subnet (ECS) option is now supported for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce authoritative servers; if a query contains an ECS option then
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce elements can match against the address encoded in the option.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson This can be used to select a view for a query, so that different
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson answers can be provided depending on the client network.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson The EDNS EXPIRE option has been implemented on the client
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce side, allowing a slave server to set the expiration timer
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce correctly when transferring zone data from another slave
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A new <code class="option">masterfile-style</code> zone option controls
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the formatting of text zone files: When set to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="literal">full</code>, the zone file will dumped in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce single-line-per-record format.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +ednsopt</strong></span> can now be used to set
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce arbitrary EDNS options in DNS requests.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +ednsflags</strong></span> can now be used to set
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce yet-to-be-defined EDNS flags in DNS requests.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +[no]ednsnegotiation</strong></span> can now be used enable /
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce disable EDNS version negotiation.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +header-only</strong></span> can now be used to send
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce queries without a question section.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +ttlunits</strong></span> causes <span class="command"><strong>dig</strong></span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce to print TTL values with time-unit suffixes: w, d, h, m, s for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce weeks, days, hours, minutes, and seconds.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +zflag</strong></span> can be used to set the last
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce unassigned DNS header flag bit. This bit is normally zero.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson can now be used to set the DSCP code point in outgoing query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig +mapped</strong></span> can now be used to determine
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce if mapped IPv4 addresses can be used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="option">serial-update-method</code> can now be set to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="literal">date</code>. On update, the serial number will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce be set to the current date in YYYYMMDDNN format.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dnssec-signzone -N date</strong></span> also sets the serial
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce number to YYYYMMDDNN.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>named -L <em class="replaceable"><code>filename</code></em></strong></span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce causes <span class="command"><strong>named</strong></span> to send log messages to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce specified file by default instead of to the system log.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The rate limiter configured by the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="option">serial-query-rate</code> option no longer covers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce NOTIFY messages; those are now separately controlled by
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="option">startup-notify-rate</code> (the latter of which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce controls the rate of NOTIFY messages sent when the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce is first started up or reconfigured).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The default number of tasks and client objects available
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce for serving lightweight resolver queries have been increased,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and are now configurable via the new <code class="option">lwres-tasks</code>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and <code class="option">lwres-clients</code> options in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="filename">named.conf</code>. [RT #35857]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Log output to files can now be buffered by specifying
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>buffered yes;</strong></span> when creating a channel.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>delv +tcp</strong></span> will exclusively use TCP when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce sending queries.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>named</strong></span> will now check to see whether
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce other name server processes are running before starting up.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This is implemented in two ways: 1) by refusing to start
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce if the configured network interfaces all return "address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce in use", and 2) by attempting to acquire a lock on a file
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce specified by the <code class="option">lock-file</code> option or
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the <span class="command"><strong>-X</strong></span> command line option. The
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson default lock file is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="filename">/var/run/named/named.lock</code>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Specifying <code class="literal">none</code> will disable the lock
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>rndc delzone</strong></span> can now be applied to zones
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce which were configured in <code class="filename">named.conf</code>;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce it is no longer restricted to zones which were added by
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>rndc addzone</strong></span>. (Note, however, that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce this does not edit <code class="filename">named.conf</code>; the zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce must be removed from the configuration or it will return
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce when <span class="command"><strong>named</strong></span> is restarted or reloaded.)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>rndc modzone</strong></span> can be used to reconfigure
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a zone, using similar syntax to <span class="command"><strong>rndc addzone</strong></span>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>rndc showzone</strong></span> displays the current
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce configuration for a specified zone.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Added server-side support for pipelined TCP queries. Clients
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce may continue sending queries via TCP while previous queries are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce processed in parallel. Responses are sent when they are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce ready, not necessarily in the order in which the queries were
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce To revert to the former behavior for a particular
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce client address or range of addresses, specify the address prefix
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce in the "keep-response-order" option. To revert to the former
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce behavior for all clients, use "keep-response-order { any; };".
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The new <span class="command"><strong>mdig</strong></span> command is a version of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig</strong></span> that sends multiple pipelined
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce queries and then waits for responses, instead of sending one
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson query and waiting the response before sending the next. [RT #38261]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce To enable better monitoring and troubleshooting of RFC 5011
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce trust anchor management, the new <span class="command"><strong>rndc managed-keys</strong></span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce can be used to check status of trust anchors or to force keys
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce to be refreshed. Also, the managed-keys data file now has
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce easier-to-read comments. [RT #38458]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce An <span class="command"><strong>--enable-querytrace</strong></span> configure switch is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce now available to enable very verbose query tracelogging. This
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce option can only be set at compile time. This option has a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce negative performance impact and should be used only for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce debugging. [RT #37520]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A new <span class="command"><strong>tcp-only</strong></span> option can be specified
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson in <span class="command"><strong>server</strong></span> statements to force
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>named</strong></span> to connect to the specified
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce server via TCP. [RT #37800]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The <span class="command"><strong>nxdomain-redirect</strong></span> option specifies
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a DNS namespace to use for NXDOMAIN redirection. When a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce recursive lookup returns NXDOMAIN, a second lookup is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce initiated with the specified name appended to the query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce name. This allows NXDOMAIN redirection data to be supplied
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce by multiple zones configured on the server or by recursive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce queries to other servers. (The older method, using
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a single <span class="command"><strong>type redirect</strong></span> zone, has
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce better average performance but is less flexible.) [RT #37989]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The following types have been implemented: CSYNC, NINFO, RKEY,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce SINK, TA, TALINK.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A new <span class="command"><strong>message-compression</strong></span> option can be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce used to specify whether or not to use name compression when
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce answering queries. Setting this to <strong class="userinput"><code>no</code></strong>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce results in larger responses, but reduces CPU consumption and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce may improve throughput. The default is <strong class="userinput"><code>yes</code></strong>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A <span class="command"><strong>read-only</strong></span> option is now available in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>controls</strong></span> statement to grant non-destructive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce control channel access. In such cases, a restricted set of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>rndc</strong></span> commands are allowed, which can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce report information from <span class="command"><strong>named</strong></span>, but cannot
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce reconfigure or stop the server. By default, the control channel
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce access is <span class="emphasis"><em>not</em></span> restricted to these
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce read-only operations. [RT #40498]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce When loading a signed zone, <span class="command"><strong>named</strong></span> will
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce now check whether an RRSIG's inception time is in the future,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce and if so, it will regenerate the RRSIG immediately. This helps
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce when a system's clock needs to be reset backwards.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h3 class="title">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce The timers returned by the statistics channel (indicating current
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce time, server boot time, and most recent reconfiguration time) are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce now reported with millisecond accuracy. [RT #40082]
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Updated the compiled-in addresses for H.ROOT-SERVERS.NET
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce ACLs containing <span class="command"><strong>geoip asnum</strong></span> elements were
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce not correctly matched unless the full organization name was
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce specified in the ACL (as in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>geoip asnum "AS1234 Example, Inc.";</strong></span>).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce They can now match against the AS number alone (as in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>geoip asnum "AS1234";</strong></span>).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce When using native PKCS#11 cryptography (i.e.,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>configure --enable-native-pkcs11</strong></span>) HSM PINs
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce of up to 256 characters can now be used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce NXDOMAIN responses to queries of type DS are now cached separately
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce from those for other types. This helps when using "grafted" zones
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce of type forward, for which the parent zone does not contain a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce delegation, such as local top-level domains. Previously a query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce of type DS for such a zone could cause the zone apex to be cached
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce as NXDOMAIN, blocking all subsequent queries. (Note: This
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce change is only helpful when DNSSEC validation is not enabled.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "Grafted" zones without a delegation in the parent are not a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce recommended configuration.)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Update forwarding performance has been improved by allowing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce a single TCP connection to be shared between multiple updates.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce By default, <span class="command"><strong>nsupdate</strong></span> will now check
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the correctness of hostnames when adding records of type
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce disabled with <span class="command"><strong>check-names no</strong></span>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Added support for OPENPGPKEY type.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson The names of the files used to store managed keys and added
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce zones for each view are no longer based on the SHA256 hash
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce of the view name, except when this is necessary because the
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson view name contains characters that would be incompatible with use
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce as a file name. For views whose names do not contain forward
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce slashes ('/'), backslashes ('\'), or capital letters - which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce could potentially cause namespace collision problems on
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson case-insensitive filesystems - files will now be named
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce after the view (for example, <code class="filename">internal.mkeys</code>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce or <code class="filename">external.nzf</code>). However, to ensure
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson consistent behavior when upgrading, if a file using the old
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson name format is found to exist, it will continue to be used.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson "rndc" can now return text output of arbitrary size to
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson the caller. (Prior to this, certain commands such as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce "rndc tsig-list" and "rndc zonestatus" could return
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce truncated output.)
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Errors reported when running <span class="command"><strong>rndc addzone</strong></span>
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson (e.g., when a zone file cannot be loaded) have been clarified
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson to make it easier to diagnose problems.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson When encountering an authoritative name server whose name is
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson an alias pointing to another name, the resolver treats
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson this as an error and skips to the next server. Previously
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson this happened silently; now the error will be logged to
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson the newly-created "cname" log category.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson If <span class="command"><strong>named</strong></span> is not configured to validate
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson answers, then allow fallback to plain DNS on timeout even when
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson we know the server supports EDNS. This will allow the server to
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson potentially resolve signed queries when TCP is being
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Large inline-signing changes should be less disruptive.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Signature generation is now done incrementally; the number
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson of signatures to be generated in each quantum is controlled
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson The experimental SIT option (code point 65001) of BIND
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson 9.10.0 through BIND 9.10.2 has been replaced with the COOKIE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce option (code point 10). It is no longer experimental, and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce is sent by default, by both <span class="command"><strong>named</strong></span> and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="command"><strong>dig</strong></span>.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson The SIT-related named.conf options have been marked as
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson obsolete, and are otherwise ignored.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce When <span class="command"><strong>dig</strong></span> receives a truncated (TC=1)
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson response or a BADCOOKIE response code from a server, it
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson will automatically retry the query using the server COOKIE
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson that was returned by the server in its initial response.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson A alternative NXDOMAIN redirect method (nxdomain-redirect)
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson which allows the redirect information to be looked up from
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson a namespace on the Internet rather than requiring a zone
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson to be configured on the server is now available.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Retrieving the local port range from net.ipv4.ip_local_port_range
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson on Linux is now supported.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Within the <code class="option">response-policy</code> option, it is now
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson possible to configure RPZ rewrite logging on a per-zone basis
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson using the <code class="option">log</code> clause.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson The default preferred glue is now the address type of the
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson transport the query was received over.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson On machines with 2 or more processors (CPU), the default value
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson for the number of UDP listeners has been changed to the number
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson of detected processors minus one.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Zone transfers now use smaller message sizes to improve
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson message compression. This results in reduced network usage.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Added support for the AVC resource record type (Application
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Visibility and Control).
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson<div class="titlepage"><div><div><h3 class="title">
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyer<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h3 class="title">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson<div class="titlepage"><div><div><h3 class="title">
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson<a name="end_of_life"></a>End of Life</h3></div></div></div>
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson The end of life for BIND 9.11 is yet to be determined but
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson will not be before BIND 9.13.0 has been released for 6 months.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="titlepage"><div><div><h3 class="title">
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson Thank you to everyone who assisted us in making this release possible.
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson If you would like to contribute to ISC to assist us in continuing to
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson make quality open source software, please visit our donations page at
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.