doc/arm/notes.html

	notes.html revision d64eb56a2dd06653d45399d6b3efebd3c9d953e8
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<!--
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering -
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering - This Source Code Form is subject to the terms of the Mozilla Public
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering - License, v. 2.0. If a copy of the MPL was not distributed with this
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering - file, You can obtain one at http://mozilla.org/MPL/2.0/.
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering-->
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<!-- $Id$ -->
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<html>
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<head>
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<title></title>
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering</head>
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering  <div class="section">
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<div class="titlepage"><div><div><h2 class="title" style="clear: both">
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<a name="id-1.2"></a>Release Notes for BIND Version 9.11.1rc1</h2></div></div></div>
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering  <div class="section">
7c0436b94c52915f2c39fe4a29616313378c3b78Lennart Poettering<div class="titlepage"><div><div><h3 class="title">
f2b6878955b1f77ea1fa87b502b13d5dbefc57f6Lennart Poettering<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
f2b6878955b1f77ea1fa87b502b13d5dbefc57f6Lennart Poettering    <p>
f2b6878955b1f77ea1fa87b502b13d5dbefc57f6Lennart Poettering      This document summarizes changes since the last production
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      release on the BIND 9.11 branch.
718db96199eb307751264e4163555662c9a389faLennart Poettering      Please see the <code class="filename">CHANGES</code> file for a further
718db96199eb307751264e4163555662c9a389faLennart Poettering      list of bug fixes and other changes.
718db96199eb307751264e4163555662c9a389faLennart Poettering    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="relnotes_download"></a>Download</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      The latest versions of BIND 9 software can always be found at
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      There you will find additional information about each release,
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      source code, and pre-compiled versions for Microsoft Windows
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      operating systems.
d6a093d098054b6fe866441251ad9485c9e31584Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      ICANN is in the process of introducing a new Key Signing Key (KSK) for
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      the global root zone. BIND has multiple methods for managing DNSSEC
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      trust anchors, with somewhat different behaviors. If the root
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      key is configured using the <span class="command"><strong>managed-keys</strong></span>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      statement, or if the pre-configured root key is enabled by using
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      keys up to date automatically. Servers configured in this way
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      will roll seamlessly to the new key when it is published in
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      the root zone. However, keys configured using the
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      maintained. If your server is performing DNSSEC validation
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      and is configured using <span class="command"><strong>trusted-keys</strong></span>, you are
1b9cea0caa85dce6d9f117638a296b141c49a8fdMichal Schmidt      advised to change your configuration before the root zone begins
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      signing with the new KSK. This is currently scheduled for
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      October 11, 2017.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
0d9989aa68963037a18fb7ed4f309f6155927d70Michal Schmidt      This release includes an updated version of the
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <code class="filename">bind.keys</code> file containing the new root
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      key. This file can also be downloaded from
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <a class="link" href="https://www.isc.org/bind-keys" target="_top">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    https://www.isc.org/bind-keys
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </a>.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
0d9989aa68963037a18fb7ed4f309f6155927d70Michal Schmidt
0d9989aa68963037a18fb7ed4f309f6155927d70Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
0d9989aa68963037a18fb7ed4f309f6155927d70Michal Schmidt<a name="relnotes_license"></a>License Change</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      With the release of BIND 9.11.0, ISC changed to the open
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      source license for BIND from the ISC license to the Mozilla
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Public License (MPL 2.0).
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      The MPL-2.0 license requires that if you make changes to
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      licensed software (e.g. BIND) and distribute them outside
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      your organization, that you publish those changes under that
0d9989aa68963037a18fb7ed4f309f6155927d70Michal Schmidt      same license. It does not require that you publish or disclose
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      anything other than the changes you made to our software.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      This new requirement will not affect anyone who is using BIND
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      without redistributing it, nor anyone redistributing it without
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      changes, therefore this change will be without consequence
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      for most individuals and organizations who are using BIND.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Those unsure whether or not the license change affects their
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      use of BIND, or who wish to discuss how to comply with the
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      https://www.isc.org/mission/contact/</a>.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
23ade460e5a118daa575a961b405d089f95e0617Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      If a server is configured with a response policy zone (RPZ)
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      that rewrites an answer with local data, and is also configured
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      for DNS64 address mapping, a NULL pointer can be read
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      triggering a server crash.  This flaw is disclosed in
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      CVE-2017-3135. [RT #44434]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      A coding error in the <code class="option">nxdomain-redirect</code>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      feature could lead to an assertion failure if the redirection
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      namespace was served from a local authoritative data source
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      such as a local zone or a DLZ instead of via recursive
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>named</strong></span> could mishandle authority sections
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      with missing RRSIGs, triggering an assertion failure. This
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      flaw is disclosed in CVE-2016-9444. [RT #43632]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>named</strong></span> mishandled some responses where
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      covering RRSIG records were returned without the requested
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      data, resulting in an assertion failure. This flaw is
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      disclosed in CVE-2016-9147. [RT #43548]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      records which could trigger an assertion failure when there was
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      a class mismatch. This flaw is disclosed in CVE-2016-9131.
44a6b1b68029833893f6e9cee35aa27a974038f6Zbigniew Jędrzejewski-Szmek      [RT #43522]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      It was possible to trigger assertions when processing
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      responses containing answers of type DNAME. This flaw is
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      disclosed in CVE-2016-8864. [RT #43465]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Added the ability to specify the maximum number of records
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      permitted in a zone (<code class="option">max-records #;</code>).
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      This provides a mechanism to block overly large zone
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      transfers, which is a potential risk with slave zones from
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      other parties, as described in CVE-2016-6170.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      [RT #42143]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt</ul></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>dnstap</strong></span> now stores both the local and remote
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      addresses for all messages, instead of only the remote address.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      The default output format for <span class="command"><strong>dnstap-read</strong></span> has
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      been updated to include these addresses, with the initiating
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      address first and the responding address second, separated by
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      "-%gt;" or "%lt;-" to indicate in which direction the message
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      was sent. [RT #43595]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Expanded and improved the YAML output from
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>dnstap-read -y</strong></span>: it now includes packet
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      size and a detailed breakdown of message contents.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      [RT #43622] [RT #43642]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek      If an ACL is specified with an address prefix in which the
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek      prefix length is longer than the address portion (for example,
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek      192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek      In future releases this will be a fatal configuration error.
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek      [RT #43367]
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek    </p>
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek      </li>
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek</ul></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      A synthesized CNAME record appearing in a response before the
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      associated DNAME could be cached, when it should not have been.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      This was a regression introduced while addressing CVE-2016-8864.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      [RT #44318]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Named could deadlock there were multiple changes to
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      NSEC/NSEC3 parameters for a zone being processed at the
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      same time. [RT #42770]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Named could trigger a assertion when sending notify
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      messages. [RT #44019]
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek    </p>
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek      </li>
66870f90dec9b5bf4ad76f9757fafce703560a67Zbigniew Jędrzejewski-Szmek<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      statement could cause an assertion failure during configuration.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      [RT #43787]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
718db96199eb307751264e4163555662c9a389faLennart Poettering    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>rndc addzone</strong></span> could cause a crash
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      when attempting to add a zone with a type other than
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Such zones are now rejected. [RT #43665]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      <span class="command"><strong>named</strong></span> could hang when encountering log
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      file names with large apparent gaps in version number (for
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      example, when files exist called "logfile.0", "logfile.1",
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      and "logfile.1482954169").  This is now handled correctly.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      [RT #38688]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
e0209d83e7b30153f43b1a633c955f66eb2c2e4aMichal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<li class="listitem">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      If a zone was updated while <span class="command"><strong>named</strong></span> was
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      processing a query for nonexistent data, it could return
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      out-of-sync NSEC3 records causing potential DNSSEC validation
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      failure. [RT #43247]
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt</ul></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
718db96199eb307751264e4163555662c9a389faLennart Poettering    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
718db96199eb307751264e4163555662c9a389faLennart Poettering    <p>
718db96199eb307751264e4163555662c9a389faLennart Poettering      The built-in root hints have been updated to include an
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      IPv6 address (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li></ul></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="relnotes_misc"></a>Miscellaneous Notes</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
e0209d83e7b30153f43b1a633c955f66eb2c2e4aMichal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Authoritative server support for the EDNS Client Subnet option
e0209d83e7b30153f43b1a633c955f66eb2c2e4aMichal Schmidt      (ECS), introduced in BIND 9.11.0, was based on an early version
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      of the specification, and is now known to have incompatibilities
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      with other ECS implementations. It is also inefficient, requiring
656bbffc6c45bdd8d5c28a96ca948ba16c546547Michal Schmidt      a separate view for each answer, and is unable to correct for
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      overlapping subnets in the configuration.  It is intended for
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      testing purposes but is not recommended for for production use.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      This was not made sufficiently clear in the documentation at
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      the time of release.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      </li></ul></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  <div class="section">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<div class="titlepage"><div><div><h3 class="title">
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt<a name="end_of_life"></a>End of Life</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      The end of life for BIND 9.11 is yet to be determined but
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      will not be before BIND 9.13.0 has been released for 6 months.
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt      <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt    </p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt  </div>
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt  <div class="section">
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt<div class="titlepage"><div><div><h3 class="title">
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt    <p>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt      Thank you to everyone who assisted us in making this release possible.
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt      If you would like to contribute to ISC to assist us in continuing to
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt      make quality open source software, please visit our donations page at
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt      <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt    </p>
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt  </div>
75778e21dfeee51036d24501e39ea7398fabe502Michal Schmidt</div>
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt</div></body>
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt</html>
055163ad15a5ca1eb5626c63fa7163e152698e2bMichal Schmidt