notes.xml revision 44c86318ed432af96848269250930297eea2bba3
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews<!ENTITY Scaron "Š">
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - purpose with or without fee is hereby granted, provided that the above
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - copyright notice and this permission notice appear in all copies.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
866d106459313499d0ca7bfccb4b2d23d5e4377cDavid Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
866d106459313499d0ca7bfccb4b2d23d5e4377cDavid Lawrence - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
866d106459313499d0ca7bfccb4b2d23d5e4377cDavid Lawrence - PERFORMANCE OF THIS SOFTWARE.
ea31416b4fcdf23732355a8002f93f29e3b3d2dbAndreas Gustafsson<!-- Converted by db4-upgrade version 1.0 -->
866d106459313499d0ca7bfccb4b2d23d5e4377cDavid Lawrence<section xmlns="http://docbook.org/ns/docbook" version="5.0"><info/>
03e200df5dc283f24a6a349f0b31d3eab26da893Mark Andrews <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley <section xml:id="relnotes_intro"><info><title>Introduction</title></info>
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley This document summarizes changes since the last production release
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley of BIND on the corresponding major release branch.
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff <section xml:id="relnotes_download"><info><title>Download</title></info>
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff The latest versions of BIND 9 software can always be found at
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff There you will find additional information about each release,
ccdac53c027e8964753b36c4d8c7b0e98af501c2Michael Graff source code, and pre-compiled versions for Microsoft Windows
3d776d762914d1b675b4fd49728ce353ccf6f77eBrian Wellington operating systems.
03e200df5dc283f24a6a349f0b31d3eab26da893Mark Andrews <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
03e200df5dc283f24a6a349f0b31d3eab26da893Mark Andrews <itemizedlist>
03e200df5dc283f24a6a349f0b31d3eab26da893Mark Andrews Duplicate EDNS COOKIE options in a response could trigger
75a4dd0d377dca2f85cea44e28bf110314c1fe8cDavid Lawrence an assertion failure. This flaw is disclosed in CVE-2016-2088.
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson Insufficient testing when parsing a message allowed
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson records with an incorrect class to be be accepted,
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson triggering a REQUIRE failure when those records
91306d962f9d147d94b82fb14edb28f8d907cae7Andreas Gustafsson were subsequently cached. This flaw is disclosed
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence in CVE-2015-8000. [RT #40987]
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence Incorrect reference counting could result in an INSIST
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence failure if a socket error occurred while performing a
e893dce91279d7313a579f72caae3941f6dc5a27David Lawrence lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley An incorrect boundary check in the OPENPGPKEY rdatatype
8e06cea14c857429ab7e7299af2dce5eeeaa5ff0Michael Graff could trigger an assertion failure. This flaw is disclosed
ce8c568e0d6106bb87069453505e09bc66754b40Andreas Gustafsson in CVE-2015-5986. [RT #40286]
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley A buffer accounting error could trigger an assertion failure
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley when parsing certain malformed DNSSEC keys.
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley This flaw was discovered by Hanno Böck of the Fuzzing
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley Project, and is disclosed in CVE-2015-5722. [RT #40212]
8e06cea14c857429ab7e7299af2dce5eeeaa5ff0Michael Graff A specially crafted query could trigger an assertion failure
3ecf3394e37dc2848a09ffc643565d454e9e6974Andreas Gustafsson This flaw was discovered by Jonathan Foote, and is disclosed
3ecf3394e37dc2848a09ffc643565d454e9e6974Andreas Gustafsson in CVE-2015-5477. [RT #40046]
b587e1d83f007ce68a9ae93097c461d8eb7aa373Mark Andrews On servers configured to perform DNSSEC validation, an
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence assertion failure could be triggered on answers from
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence a specially configured server.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence This flaw was discovered by Breno Silveira Soares, and is
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence disclosed in CVE-2015-4620. [RT #39795]
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence On servers configured to perform DNSSEC validation using
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence managed trust anchors (i.e., keys configured explicitly
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence via <command>managed-keys</command>, or implicitly
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence via <command>dnssec-validation auto;</command> or
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <command>dnssec-lookaside auto;</command>), revoking
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence a trust anchor and sending a new untrusted replacement
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence could cause <command>named</command> to crash with an
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews assertion failure. This could occur in the event of a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews botched key rollover, or potentially as a result of a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews deliberate attack if the attacker was in position to
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews monitor the victim's DNS traffic.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This flaw was discovered by Jan-Piet Mens, and is
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews disclosed in CVE-2015-1349. [RT #38344]
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence A flaw in delegation handling could be exploited to put
ae4cbb69eef32ced103fe4561e8d2031ee4c3497David Lawrence <command>named</command> into an infinite loop, in which
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence each lookup of a name server triggered additional lookups
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence of more name servers. This has been addressed by placing
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence limits on the number of levels of recursion
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <command>named</command> will allow (default 7), and
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence on the number of queries that it will send before
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence terminating a recursive query (default 50).
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence The recursion depth limit is configured via the
0293ad13207aa29bd5844cdc87d085ffc009d749David Lawrence <option>max-recursion-depth</option> option, and the query limit
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews via the <option>max-recursion-queries</option> option.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The flaw was discovered by Florian Maury of ANSSI, and is
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews disclosed in CVE-2014-8500. [RT #37580]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Two separate problems were identified in BIND's GeoIP code that
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews could lead to an assertion failure. One was triggered by use of
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews both IPv4 and IPv6 address families, the other by referencing
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews a GeoIP database in <filename>named.conf</filename> which was
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews not installed. Both are covered by CVE-2014-8680. [RT #37672]
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence A less serious security flaw was also found in GeoIP: changes
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence to the <command>geoip-directory</command> option in
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <filename>named.conf</filename> were ignored when running
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <command>rndc reconfig</command>. In theory, this could allow
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <command>named</command> to allow access to unintended clients.
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff Specific APL data could trigger an INSIST. This flaw
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff is disclosed in CVE-2015-8704. [RT #41396]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Certain errors that could be encountered when printing out
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews or logging an OPT record containing a CLIENT-SUBNET option
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews could be mishandled, resulting in an assertion failure.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This flaw is disclosed in CVE-2015-8705. [RT #41397]
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence Malformed control messages can trigger assertions in named
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence and rndc. This flaw is disclosed in CVE-2016-1285. [RT
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence The resolver could abort with an assertion failure due to
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence improper DNAME handling when parsing fetch reply
4bcaefbcd3ced942139fdc830e007c6ea2b8d2feDavid Lawrence messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff </itemizedlist>
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff <section xml:id="relnotes_features"><info><title>New Features</title></info>
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff <itemizedlist>
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff Added support for DynDB, a new interface for loading zone data
657ce0b9d84fbd66514df53d61a087e8f1161187Michael Graff from an external database, developed by Red Hat for the FreeIPA
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson project. (Thanks in particular to Adam Tkac and Petr
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson Spacek of Red Hat for the contribution.)
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews Unlike the existing DLZ and SDB interfaces, which provide a
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews limited subset of database functionality within BIND —
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews translating DNS queries into real-time database lookups with
80badf38c74c326a694e24281ee258aa26984171Mark Andrews relatively poor performance and with no ability to handle
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews DNSSEC-signed data — DynDB is able to fully implement
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews and extend the database API used natively by BIND.
641da3ca1184d9951d5cf91538524a345bf5f271Mark Andrews A DynDB module could pre-load data from an external data
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews source, then serve it with the same performance and
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews functionality as conventional BIND zones, and with the
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews ability to take advantage of database features not
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews available in BIND, such as multi-master replication.
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews New quotas have been added to limit the queries that are
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews sent by recursive resolvers to authoritative servers
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews experiencing denial-of-service attacks. When configured,
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews these options can both reduce the harm done to authoritative
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews servers and also avoid the resource exhaustion that can be
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews experienced by recursives when they are being used as a
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews vehicle for such an attack.
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews <itemizedlist>
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews <option>fetches-per-server</option> limits the number of
774c3a62d9adca187b44fe90919bb409a43a2f2aMark Andrews simultaneous queries that can be sent to any single
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews authoritative server. The configured value is a starting
9fe28a624c659e380d47dbf45527637dab03b998Mark Andrews point; it is automatically adjusted downward if the server is
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson partially or completely non-responsive. The algorithm used to
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson adjust the quota can be configured via the
6342df69b05f2f62d060fd4affdf536e51504084Mark Andrews <option>fetches-per-zone</option> limits the number of
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson simultaneous queries that can be sent for names within a
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson single domain. (Note: Unlike "fetches-per-server", this
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson value is not self-tuning.)
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson </itemizedlist>
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson Statistics counters have also been added to track the number
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson of queries affected by these quotas.
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington Added support for <command>dnstap</command>, a fast,
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington flexible method for capturing and logging DNS traffic,
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington developed by Robert Edmonds at Farsight Security, Inc.,
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington whose assistance is gratefully acknowledged.
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington To enable <command>dnstap</command> at compile time,
47fd46791da765e3dbedd987e9b263b3bee25986Brian Wellington the <command>fstrm</command> and <command>protobuf-c</command>
6fcb2f0faad67a6d2cb2e30ec57157d75fbfe58fAndreas Gustafsson libraries must be available, and BIND must be configured with
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson A new utility <command>dnstap-read</command> has been added
8f3dd8f8e73e4465221a5297819db70e6b383138Mark Andrews to allow <command>dnstap</command> data to be presented in
6e9efadbea9febb0494e713e54dfea6f7ef70383Mark Andrews a human-readable format.
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews For more information on <command>dnstap</command>, see
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://dnstap.info">http://dnstap.info</link>.
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews New statistics counters have been added to track traffic
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews sizes, as specified in RSSAC002. Query and response
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews message sizes are broken up into ranges of histogram buckets:
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews TCP and UDP queries of size 0-15, 16-31, ..., 272-288, and 288+,
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews and TCP and UDP responses of size 0-15, 16-31, ..., 4080-4095,
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews and 4096+. These values can be accessed via the XML and JSON
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews statistics channels at, for example,
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://localhost:8888/xml/v3/traffic">http://localhost:8888/xml/v3/traffic</link>
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://localhost:8888/json/v1/traffic">http://localhost:8888/json/v1/traffic</link>.
754cca729dd82ae8363917dc00ad44f9d900635bMark Andrews The serial number of a dynamically updatable zone can
754cca729dd82ae8363917dc00ad44f9d900635bMark Andrews now be set using
754cca729dd82ae8363917dc00ad44f9d900635bMark Andrews <command>rndc signing -serial <replaceable>number</replaceable> <replaceable>zonename</replaceable></command>.
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson This is particularly useful with <option>inline-signing</option>
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews zones that have been reset. Setting the serial number to a value
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews larger than that on the slaves will trigger an AXFR-style
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews When answering recursive queries, SERVFAIL responses can now be
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews cached by the server for a limited time; subsequent queries for
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews the same query name and type will return another SERVFAIL until
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews the cache times out. This reduces the frequency of retries
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews when a query is persistently failing, which can be a burden
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews on recursive serviers. The SERVFAIL cache timeout is controlled
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews by <option>servfail-ttl</option>, which defaults to 1 second
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews and has an upper limit of 30.
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews The new <command>rndc nta</command> command can now be used to
40dd9cb8cc240c33d820fe79f176ed51e4c06a1aMark Andrews set a "negative trust anchor" (NTA), disabling DNSSEC validation for
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson a specific domain; this can be used when responses from a domain
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson are known to be failing validation due to administrative error
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson rather than because of a spoofing attack. NTAs are strictly
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson temporary; by default they expire after one hour, but can be
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson configured to last up to one week. The default NTA lifetime
963c48ba4d06a112c70d50328e827749e95f58dbMark Andrews can be changed by setting the <option>nta-lifetime</option> in
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson <filename>named.conf</filename>. When added, NTAs are stored in a
963c48ba4d06a112c70d50328e827749e95f58dbMark Andrews file (<filename><replaceable>viewname</replaceable>.nta</filename>)
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson in order to persist across restarts of the <command>named</command> server.
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson The EDNS Client Subnet (ECS) option is now supported for
a1898260ad19d02e88ab76c1855d33c67add9defMark Andrews authoritative servers; if a query contains an ECS option then
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson ACLs containing <option>geoip</option> or <option>ecs</option>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews elements can match against the the address encoded in the option.
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson This can be used to select a view for a query, so that different
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson answers can be provided depending on the client network.
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson The EDNS EXPIRE option has been implemented on the client
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson side, allowing a slave server to set the expiration timer
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson correctly when transferring zone data from another slave
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson A new <option>masterfile-style</option> zone option controls
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson the formatting of text zone files: When set to
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson <literal>full</literal>, the zone file will dumped in
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson single-line-per-record format.
5ff133b82082d82f0ba89b7c999c6b62b6298e46Andreas Gustafsson <command>dig +ednsopt</command> can now be used to set
90407942d3afe50f04ccea361de3b164a5a1702dMichael Graff arbitrary EDNS options in DNS requests.
03e200df5dc283f24a6a349f0b31d3eab26da893Mark Andrews <command>dig +ednsflags</command> can now be used to set
13faa8b6a2d0d45e0659049983928366252ab3faMichael Graff yet-to-be-defined EDNS flags in DNS requests.
13faa8b6a2d0d45e0659049983928366252ab3faMichael Graff <command>dig +[no]ednsnegotiation</command> can now be used enable /
61d5bfc06be978ea962b1c64309894ac80351771Mark Andrews disable EDNS version negotiation.
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews <command>dig +header-only</command> can now be used to send
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews queries without a question section.
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews <command>dig +ttlunits</command> causes <command>dig</command>
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews to print TTL values with time-unit suffixes: w, d, h, m, s for
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews weeks, days, hours, minutes, and seconds.
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington <command>dig +zflag</command> can be used to set the last
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington unassigned DNS header flag bit. This bit in normally zero.
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews <command>dig +dscp=<replaceable>value</replaceable></command>
a53259c4cc558f86dd008eccc60cc89b6734a03cMark Andrews can now be used to set the DSCP code point in outgoing query
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas Gustafsson <command>dig +mapped</command> can now be used to determine
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas Gustafsson if mapped IPv4 addresses can be used.
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas Gustafsson <option>serial-update-method</option> can now be set to
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas Gustafsson <literal>date</literal>. On update, the serial number will
68f72235f8f41fa949823551d8e6476057ec5bd6Andreas Gustafsson be set to the current date in YYYYMMDDNN format.
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson <command>dnssec-signzone -N date</command> also sets the serial
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson number to YYYYMMDDNN.
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews <command>named -L <replaceable>filename</replaceable></command>
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews causes <command>named</command> to send log messages to the specified file by
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews default instead of to the system log.
f8f65e2de40b1e9874b88f392f3abeb057ce6172Mark Andrews The rate limiter configured by the
f8f65e2de40b1e9874b88f392f3abeb057ce6172Mark Andrews <option>serial-query-rate</option> option no longer covers
f8f65e2de40b1e9874b88f392f3abeb057ce6172Mark Andrews NOTIFY messages; those are now separately controlled by
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews <option>startup-notify-rate</option> (the latter of which
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews controls the rate of NOTIFY messages sent when the server
c5826852e6c789f59b301f8197e65a1dd4e09a44Mark Andrews is first started up or reconfigured).
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson The default number of tasks and client objects available
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson for serving lightweight resolver queries have been increased,
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson and are now configurable via the new <option>lwres-tasks</option>
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson and <option>lwres-clients</option> options in
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson <filename>named.conf</filename>. [RT #35857]
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson Log output to files can now be buffered by specifying
bc53aacc6e9302b1f8d01467fc39585584652782Andreas Gustafsson <command>buffered yes;</command> when creating a channel.
2995f8205eaa0d4bc3a57900a413b5cfdb83564fAndreas Gustafsson <command>delv +tcp</command> will exclusively use TCP when
2995f8205eaa0d4bc3a57900a413b5cfdb83564fAndreas Gustafsson sending queries.
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews <command>named</command> will now check to see whether
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews other name server processes are running before starting up.
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews This is implemented in two ways: 1) by refusing to start
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews if the configured network interfaces all return "address
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews in use", and 2) by attempting to acquire a lock on a file
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews specified by the <option>lock-file</option> option or
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews the <command>-X</command> command line option. The
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews default lock file is
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews <filename>/var/run/named/named.lock</filename>.
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews Specifying <literal>none</literal> will disable the lock
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews <command>rndc delzone</command> can now be applied to zones
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews which were configured in <filename>named.conf</filename>;
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews it is no longer restricted to zones which were added by
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews <command>rndc addzone</command>. (Note, however, that
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews this does not edit <filename>named.conf</filename>; the zone
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews must be removed from the configuration or it will return
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews when <command>named</command> is restarted or reloaded.)
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson <command>rndc modzone</command> can be used to reconfigure
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews a zone, using similar syntax to <command>rndc addzone</command>.
bd1db480f30e025bba719799f910b34848a9a997Mark Andrews <command>rndc showzone</command> displays the current
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews configuration for a specified zone.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Added server-side support for pipelined TCP queries. Clients
5989aea4bbe79e09290792f04aeb557e2b2da02eAndreas Gustafsson may continue sending queries via TCP while previous queries are
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews processed in parallel. Responses are sent when they are
3ca0e71a863fe3fbb4f439e5d0bebfd7bd38fb16Mark Andrews ready, not necessarily in the order in which the queries were
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews To revert to the former behavior for a particular
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews client address or range of addresses, specify the address prefix
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews in the "keep-response-order" option. To revert to the former
fda0a038810529d6e45b17822ddcc61d82964e83Mark Andrews behavior for all clients, use "keep-response-order { any; };".
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews The new <command>mdig</command> command is a version of
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews <command>dig</command> that sends multiple pipelined
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews queries and then waits for responses, instead of sending one
c0707105f60934d59321c2fccbc254f9e31ff28aMark Andrews query and waiting the response before sending the next. [RT #38261]
08a768e82ad64ede97f640c88e02984b59122753Michael Graff To enable better monitoring and troubleshooting of RFC 5011
08a768e82ad64ede97f640c88e02984b59122753Michael Graff trust anchor management, the new <command>rndc managed-keys</command>
08a768e82ad64ede97f640c88e02984b59122753Michael Graff can be used to check status of trust anchors or to force keys
08a768e82ad64ede97f640c88e02984b59122753Michael Graff to be refreshed. Also, the managed-keys data file now has
08a768e82ad64ede97f640c88e02984b59122753Michael Graff easier-to-read comments. [RT #38458]
08a768e82ad64ede97f640c88e02984b59122753Michael Graff An <command>--enable-querytrace</command> configure switch is
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews now available to enable very verbose query tracelogging. This
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews option can only be set at compile time. This option has a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews negative performance impact and should be used only for
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews debugging. [RT #37520]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews A new <command>tcp-only</command> option can be specified
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews in <command>server</command> statements to force
65cfc4e0e3e24a7410d6fe8505455fc85f62215cMark Andrews <command>named</command> to connect to the specified
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews server via TCP. [RT #37800]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The <command>nxdomain-redirect</command> option specifies
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews a DNS namespace to use for NXDOMAIN redirection. When a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews recursive lookup returns NXDOMAIN, a second lookup is
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews initiated with the specified name appended to the query
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews name. This allows NXDOMAIN redirection data to be supplied
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews by multiple zones configured on the server or by recursive
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews queries to other servers. (The older method, using
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews a single <command>type redirect</command> zone, has
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews better average performance but is less flexible.) [RT #37989]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The following types have been implemented: CSYNC, NINFO, RKEY,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews SINK, TA, TALINK.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews A new <command>message-compression</command> option can be
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews used to specify whether or not to use name compression when
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews answering queries. Setting this to <userinput>no</userinput>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews results in larger responses, but reduces CPU consumption and
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews may improve throughput. The default is <userinput>yes</userinput>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews A "read-only" clause is now available for non-destructive
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews control channel access. In such cases, a restricted set of
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews rndc commands are allowed for querying information from named.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews By default, control channel access is read-write.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews </itemizedlist>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <itemizedlist>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The timers returned by the statistics channel (indicating current
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews time, server boot time, and most recent reconfiguration time) are
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews now reported with millisecond accuracy. [RT #40082]
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Updated the compiled in addresses for H.ROOT-SERVERS.NET.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews ACLs containing <command>geoip asnum</command> elements were
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews not correctly matched unless the full organization name was
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews specified in the ACL (as in
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <command>geoip asnum "AS1234 Example, Inc.";</command>).
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews They can now match against the AS number alone (as in
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews When using native PKCS#11 cryptography (i.e.,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <command>configure --enable-native-pkcs11</command>) HSM PINs
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews of up to 256 characters can now be used.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews NXDOMAIN responses to queries of type DS are now cached separately
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews from those for other types. This helps when using "grafted" zones
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews of type forward, for which the parent zone does not contain a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews delegation, such as local top-level domains. Previously a query
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews of type DS for such a zone could cause the zone apex to be cached
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews as NXDOMAIN, blocking all subsequent queries. (Note: This
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews change is only helpful when DNSSEC validation is not enabled.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews "Grafted" zones without a delegation in the parent are not a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews recommended configuration.)
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Update forwarding performance has been improved by allowing
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews a single TCP connection to be shared between multiple updates.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews By default, <command>nsupdate</command> will now check
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews the correctness of hostnames when adding records of type
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews disabled with <command>check-names no</command>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Added support for OPENPGPKEY type.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The names of the files used to store managed keys and added
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews zones for each view are no longer based on the SHA256 hash
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews of the view name, except when this is necessary because the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews view name contains characters that would be incompatible with use
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews as a file name. For views whose names do not contain forward
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews slashes ('/'), backslashes ('\'), or capital letters - which
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews could potentially cause namespace collision problems on
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews case-insensitive filesystems - files will now be named
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews after the view (for example, <filename>internal.mkeys</filename>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews or <filename>external.nzf</filename>). However, to ensure
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews consistent behavior when upgrading, if a file using the old
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews name format is found to exist, it will continue to be used.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews "rndc" can now return text output of arbitrary size to
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews the caller. (Prior to this, certain commands such as
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews "rndc tsig-list" and "rndc zonestatus" could return
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews truncated output.)
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Errors reported when running <command>rndc addzone</command>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews (e.g., when a zone file cannot be loaded) have been clarified
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian Wellington to make it easier to diagnose problems.
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian Wellington When encountering an authoritative name server whose name is
3ec6b563d7b6cb11a047f23faa2a0f206ccd93e7Brian Wellington an alias pointing to another name, the resolver treats
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington this as an error and skips to the next server. Previously
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington this happened silently; now the error will be logged to
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington the newly-created "cname" log category.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington If <command>named</command> is not configured to validate the answer then
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington allow fallback to plain DNS on timeout even when we know
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington the server supports EDNS. This will allow the server to
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington potentially resolve signed queries when TCP is being
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington Large inline-signing changes should be less disruptive.
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington Signature generation is now done incrementally; the number
b495fd2992c63472b3ad2d9517ffe9b50118840aAndreas Gustafsson of signatures to be generated in each quantum is controlled
af5ad488cbf17988fbd36a25c908737412ccd382Brian Wellington by "sig-signing-signatures <replaceable>number</replaceable>;".
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington The experimental SIT option (code point 65001) of BIND
dee520f1be8c59e10a55b6995844395e811c310fBrian Wellington 9.10.0 through BIND 9.10.2 has been replaced with the COOKIE
dee520f1be8c59e10a55b6995844395e811c310fBrian Wellington option (code point 10). It is no longer experimental, and
dee520f1be8c59e10a55b6995844395e811c310fBrian Wellington is sent by default, by both <command>named</command> and
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington The SIT-related named.conf options have been marked as
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington obsolete, and are otherwise ignored.
5b76a09697bfc76f5acefd65d5b37b1214d271a8Mark Andrews When <command>dig</command> receives a truncated (TC=1)
5b76a09697bfc76f5acefd65d5b37b1214d271a8Mark Andrews response or a BADCOOKIE response code from a server, it
9738408dcbd4c1f7eb2b105c83388608fafd7808Mark Andrews will automatically retry the query using the server COOKIE
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson that was returned by the server in its initial response.
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews A alternative NXDOMAIN redirect method (nxdomain-redirect)
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews which allows the redirect information to be looked up from
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews a namespace on the Internet rather than requiring a zone
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews to be configured on the server is now available.
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews Retrieving the local port range from net.ipv4.ip_local_port_range
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews on Linux is now supported.
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews Within the <option>response-policy</option> option, it is now
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews possible to configure RPZ rewrite logging on a per-zone basis
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews The default preferred glue is now the address type of the
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews transport the query was received over.
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews On machines with 2 or more processors (CPU), the default value
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews for the number of UDP listeners has been changed to the number
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews of detected processors minus one.
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews Zone transfers now use smaller message sizes to improve
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews message compression. This results in reduced network usage.
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews </itemizedlist>
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews <section xml:id="relnotes_port"><info><title>Porting Changes</title></info>
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson <itemizedlist>
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews The Microsoft Windows install tool
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews <command>BINDInstall.exe</command> which requires a
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews non-free version of Visual Studio to be built, now uses two
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews files (lists of flags and files) created by the Configure
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews perl script with all the needed information which were
be515937febf025ec2a4c381bee58131ab0f32f4Mark Andrews previously compiled in the binary. Read
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <filename>win32utils/build.txt</filename> for more details.
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellington </itemizedlist>
3184ff5e45c8f821e5165ea60d674bfb87faf5b8Mark Andrews <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
3184ff5e45c8f821e5165ea60d674bfb87faf5b8Mark Andrews <itemizedlist>
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson When deleting records from a zone database, interior nodes
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson could be left empty but not deleted, damaging search
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson performance afterward. [RT #40997]
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews A flag could be set in the wrong field when setting up
16ee4fe11bad616a76c79e9f626a7e04a88ef4abMark Andrews nonrecursive queries; this could cause the SERVFAIL cache to
16ee4fe11bad616a76c79e9f626a7e04a88ef4abMark Andrews cache responses it shouldn't. New querytrace logging has been
16ee4fe11bad616a76c79e9f626a7e04a88ef4abMark Andrews added which identified this error. [RT #41155]
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews The server could crash due to a use-after-free if a
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson zone transfer timed out. [RT #41297]
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson Authoritative servers that were marked as bogus (e.g. blackholed
fa280ff02ad0c29616a0c3a22ef02cbb3f6db7efDavid Lawrence in configuration or with invalid addresses) were being queried
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson anyway. [RT #41321]
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson Some of the options for GeoIP ACLs, including "areacode",
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson "metrocode", and "timezone", were incorrectly documented
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson as "area", "metro" and "tz". Both the long and abbreviated
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson versions are now accepted.
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson <command>dig</command>, <command>host</command> and
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson <command>nslookup</command> aborted when encountering
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson a name which, after appending search list elements,
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson exceeded 255 bytes. Such names are now skipped, but
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson processing of other names will continue. [RT #36892]
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews The error message generated when
9ceaa92a8ca8a0270ba296d44599e94d95033759Andreas Gustafsson <command>named-checkconf -z</command> encounters a
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson <option>$TTL</option> directive without a value has
a1884b96ef53efc8b4e14be173aaee552ca0213aAndreas Gustafsson been clarified. [RT #37138]
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington Semicolon characters (;) included in TXT records were
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence incorrectly escaped with a backslash when the record was
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington displayed as text. This is actually only necessary when there
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley are no quotation marks. [RT #37159]
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington When files opened for writing by <command>named</command>,
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington such as zone journal files, were referenced more than once
fafb62400d2f1b1da4f3908447e1f3935fc5155bBrian Wellington in <filename>named.conf</filename>, it could lead to file
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews corruption as multiple threads wrote to the same file. This
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews is now detected when loading <filename>named.conf</filename>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews and reported as an error. [RT #37172]
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews When checking for updates to trust anchors listed in
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews <option>managed-keys</option>, <command>named</command>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews now revalidates keys based on the current set of
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews active trust anchors, without relying on any cached
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews record of previous validation. [RT #37506]
b7945d73bc42499d50d5c4af6a525fe56e4dfacaMark Andrews Large-system tuning
b7945d73bc42499d50d5c4af6a525fe56e4dfacaMark Andrews (<command>configure --with-tuning=large</command>) caused
b7945d73bc42499d50d5c4af6a525fe56e4dfacaMark Andrews problems on some platforms by setting a socket receive
b7945d73bc42499d50d5c4af6a525fe56e4dfacaMark Andrews buffer size that was too large. This is now detected and
b7945d73bc42499d50d5c4af6a525fe56e4dfacaMark Andrews corrected at run time. [RT #37187]
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews When NXDOMAIN redirection is in use, queries for a name
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews that is present in the redirection zone but a type that
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews is not present will now return NOERROR instead of NXDOMAIN.
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews Due to an inadvertent removal of code in the previous
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews release, when <command>named</command> encountered an
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews authoritative name server which dropped all EDNS queries,
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews it did not always try plain DNS. This has been corrected.
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews A regression caused nsupdate to use the default recursive servers
23ac30603a7639bea1d331537634b079b046b122Mark Andrews rather than the SOA MNAME server when sending the UPDATE.
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington Adjusted max-recursion-queries to accommodate the smaller
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington initial packet sizes used in BIND 9.10 and higher when
64b92523f9333ba053f4b2860335583be455b0b3Brian Wellington contacting authoritative servers for the first time.
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington Built-in "empty" zones did not correctly inherit the
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence "allow-transfer" ACL from the options or view. [RT #38310]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Two leaks were fixed that could cause <command>named</command>
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence processes to grow to very large sizes. [RT #38454]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Fixed some bugs in RFC 5011 trust anchor management,
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence including a memory leak and a possible loss of state
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence information. [RT #38458]
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley Asynchronous zone loads were not handled correctly when the
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley zone load was already in progress; this could trigger a crash
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley in zt.c. [RT #37573]
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley A race during shutdown or reconfiguration could
03f4c76f95f75e2b0d1206e784e35bed6041305cBob Halley cause an assertion failure in mem.c. [RT #38979]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Some answer formatting options didn't work correctly with
728156dfbdced7bc18b1f88227cced9d426a70e7Mark Andrews Several bugs have been fixed in the RPZ implementation:
728156dfbdced7bc18b1f88227cced9d426a70e7Mark Andrews <itemizedlist>
15bda409010cbf2d3e43baf10f28bae5f7b1abefMark Andrews Policy zones that did not specifically require recursion
728156dfbdced7bc18b1f88227cced9d426a70e7Mark Andrews could be treated as if they did; consequently, setting
728156dfbdced7bc18b1f88227cced9d426a70e7Mark Andrews sometimes ineffective. This has been corrected.
728156dfbdced7bc18b1f88227cced9d426a70e7Mark Andrews In most configurations, behavioral changes due to this
3ea6d4dc33482a752553c59ed94bcecd23d254b0Mark Andrews fix will not be noticeable. [RT #39229]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence The server could crash if policy zones were updated (e.g.
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence via <command>rndc reload</command> or an incoming zone
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence transfer) while RPZ processing was still ongoing for an
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence active query. [RT #39415]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence On servers with one or more policy zones configured as
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence slaves, if a policy zone updated during regular operation
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews (rather than at startup) using a full zone reload, such as
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews via AXFR, a bug could allow the RPZ summary data to fall out
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews of sync, potentially leading to an assertion failure in
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence rpz.c when further incremental updates were made to the
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence zone, such as via IXFR. [RT #39567]
16ee4fe11bad616a76c79e9f626a7e04a88ef4abMark Andrews The server could match a shorter prefix than what was
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence available in CLIENT-IP policy triggers, and so, an
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence unexpected action could be taken. This has been
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence corrected. [RT #39481]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence The server could crash if a reload of an RPZ zone was
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence initiated while another reload of the same zone was
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence already in progress. [RT #39649]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence Negative trust anchors (NTAs) were incorrectly deleted
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence when the server was reloaded or reconfigured. [RT #41058]
3fafd7c0c42134ff2964b74a31500465a96dee90Andreas Gustafsson Zones configured to use <command>map</command> format
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews master files can't be used as policy zones because RPZ
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews summary data isn't compiled when such zones are mapped into
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews memory. This limitation may be fixed in a future release,
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence but in the meantime it has been documented, and attempting
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence to use such zones in <command>response-policy</command>
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence statements is now a configuration error. [RT #38321]
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence </itemizedlist>
9a2574531e3d2ced31072200b416467fdee0c29cDavid Lawrence </itemizedlist>
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <section xml:id="end_of_life"><info><title>End of Life</title></info>
d8dcd6ad4617cc8d7df979bd62101fa9c4bac1bcBob Halley The end of life for BIND 9.11 is yet to be determined but
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence will not be before BIND 9.13.0 has been released for 6 months.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.isc.org/downloads/software-support-policy/">https://www.isc.org/downloads/software-support-policy/</link>
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence <section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence Thank you to everyone who assisted us in making this release possible.
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence If you would like to contribute to ISC to assist us in continuing to
df3c4c7988b9bae7d121a8ac9ed17a23366a948dDavid Lawrence make quality open source software, please visit our donations page at
882350d11c90de9de6fc1cead25690c8114b0b95Michael Graff <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/donate/">http://www.isc.org/donate/</link>.