notes.html revision a4240242cd6514aa04fae0d53fea7c983b4134d9
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - License, v. 2.0. If a copy of the MPL was not distributed with this
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<a name="id-1.2"></a>Release Notes for BIND Version 9.11.1rc1</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User This document summarizes changes since the last production
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews release on the BIND 9.11 branch.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Please see the <code class="filename">CHANGES</code> file for a further
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews list of bug fixes and other changes.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="relnotes_download"></a>Download</h3></div></div></div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User The latest versions of BIND 9 software can always be found at
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User There you will find additional information about each release,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User source code, and pre-compiled versions for Microsoft Windows
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User operating systems.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="titlepage"><div><div><h3 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="relnotes_license"></a>License Change</h3></div></div></div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User With the release of BIND 9.11.0, ISC changed to the open
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User source license for BIND from the ISC license to the Mozilla
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Public License (MPL 2.0).
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User The MPL-2.0 license requires that if you make changes to
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User licensed software (e.g. BIND) and distribute them outside
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User your organization, that you publish those changes under that
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User same license. It does not require that you publish or disclose
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User anything other than the changes you made to our software.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User This new requirement will not affect anyone who is using BIND
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User without redistributing it, nor anyone redistributing it without
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User changes, therefore this change will be without consequence
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User for most individuals and organizations who are using BIND.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Those unsure whether or not the license change affects their
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User use of BIND, or who wish to discuss how to comply with the
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="titlepage"><div><div><h3 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User If a server is configured with a response policy zone (RPZ)
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User that rewrites an answer with local data, and is also configured
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User for DNS64 address mapping, a NULL pointer can be read
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User triggering a server crash. This flaw is disclosed in
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User CVE-2017-3135. [RT #44434]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User A coding error in the <code class="option">nxdomain-redirect</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User feature could lead to an assertion failure if the redirection
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User namespace was served from a local authoritative data source
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User such as a local zone or a DLZ instead of via recursive
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <span class="command"><strong>named</strong></span> could mishandle authority sections
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User with missing RRSIGs, triggering an assertion failure. This
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User flaw is disclosed in CVE-2016-9444. [RT #43632]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <span class="command"><strong>named</strong></span> mishandled some responses where
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User covering RRSIG records were returned without the requested
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User data, resulting in an assertion failure. This flaw is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User disclosed in CVE-2016-9147. [RT #43548]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User records which could trigger an assertion failure when there was
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User a class mismatch. This flaw is disclosed in CVE-2016-9131.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User It was possible to trigger assertions when processing
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User responses containing answers of type DNAME. This flaw is
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User disclosed in CVE-2016-8864. [RT #43465]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Added the ability to specify the maximum number of records
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User permitted in a zone (<code class="option">max-records #;</code>).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This provides a mechanism to block overly large zone
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User transfers, which is a potential risk with slave zones from
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User other parties, as described in CVE-2016-6170.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The built in mangaged keys for the global root zone have been
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews updated to include the upcoming key signing key (keyid 20326).
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Expanded and improved the YAML output from
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span class="command"><strong>dnstap-read -y</strong></span>: it now includes packet
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews size and a detailed breakdown of message contents.
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User [RT #43622] [RT #43642]
<span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
IPv6 address (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>