Added HISTORY, added pointer to it from README. (Text changes reviewed
by Larissa.)
This commit is contained in:
100
README
100
README
@@ -42,6 +42,12 @@ BIND 9
|
||||
Stichting NLnet - NLnet Foundation
|
||||
Nominum, Inc.
|
||||
|
||||
For a summary of functional enhancements in previous
|
||||
releases, see the HISTORY file.
|
||||
|
||||
For a detailed list of user-visible changes from
|
||||
previous releases, see the CHANGES file.
|
||||
|
||||
BIND 9.7.0
|
||||
|
||||
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
|
||||
@@ -63,50 +69,50 @@ BIND 9.7.0
|
||||
- Smart signing: simplified tools for zone signing and key
|
||||
maintenance.
|
||||
- The "statistics-channels" option is now available on Windows.
|
||||
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
|
||||
- On some platforms, named and other binaries can now print out
|
||||
a stack backtrace on assertion failure, to aid in debugging.
|
||||
- A "tools only" installation mode on Windows, which only installs
|
||||
dig, host, nslookup and nsupdate.
|
||||
- Improved PKCS#11 support, including Keyper support and explicit
|
||||
OpenSSL engine selection.
|
||||
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
|
||||
- On some platforms, named and other binaries can now print out
|
||||
a stack backtrace on assertion failure, to aid in debugging.
|
||||
- A "tools only" installation mode on Windows, which only installs
|
||||
dig, host, nslookup and nsupdate.
|
||||
- Improved PKCS#11 support, including Keyper support and explicit
|
||||
OpenSSL engine selection.
|
||||
|
||||
Known issues in this release:
|
||||
Known issues in this release:
|
||||
|
||||
- In rare cases, DNSSEC validation can leak memory. When this
|
||||
happens, it will cause an assertion failure when named exits,
|
||||
but is otherwise harmless. A fix exists, but was too late for
|
||||
this release; it will be included in BIND 9.7.1.
|
||||
- In rare cases, DNSSEC validation can leak memory. When this
|
||||
happens, it will cause an assertion failure when named exits,
|
||||
but is otherwise harmless. A fix exists, but was too late for
|
||||
this release; it will be included in BIND 9.7.1.
|
||||
|
||||
Compatibility notes:
|
||||
Compatibility notes:
|
||||
|
||||
- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
|
||||
ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
|
||||
you should ensure that all changes that are in progress have
|
||||
completed prior to upgrading to BIND 9.7. BIND 9.7 implements
|
||||
those features in a way which is not backwards compatible.
|
||||
- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
|
||||
ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
|
||||
you should ensure that all changes that are in progress have
|
||||
completed prior to upgrading to BIND 9.7. BIND 9.7 implements
|
||||
those features in a way which is not backwards compatible.
|
||||
|
||||
- Prior releases had a bug which caused HMAC-SHA* keys with long
|
||||
secrets to be used incorrectly. Fixing this bug means that older
|
||||
versions of BIND 9 may fail to interoperate with this version
|
||||
when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
|
||||
tool will convert a key with a long secret into a form that works
|
||||
correctly with all versions of BIND 9. See the "isc-hmac-fixup"
|
||||
man page for additional details.
|
||||
- Prior releases had a bug which caused HMAC-SHA* keys with long
|
||||
secrets to be used incorrectly. Fixing this bug means that older
|
||||
versions of BIND 9 may fail to interoperate with this version
|
||||
when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
|
||||
tool will convert a key with a long secret into a form that works
|
||||
correctly with all versions of BIND 9. See the "isc-hmac-fixup"
|
||||
man page for additional details.
|
||||
|
||||
- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
|
||||
It is possible for the new key ID to collide with that of a
|
||||
different key. Newly generated keys will not have this problem,
|
||||
as "dnssec-keygen" looks for potential collisions before
|
||||
generating keys, but exercise caution if using key revokation
|
||||
with keys that were generated by older versions of BIND 9.
|
||||
See the Administrator's Reference Manual, section 4.10 ("Dynamic
|
||||
Trust Anchor Management") for more details.
|
||||
|
||||
- A bug was fixed in which a key's scheduled inactivity date was
|
||||
stored incorectly. Users who participated in the 9.7.0 BETA
|
||||
test and had DNSSEC keys with scheduled inactivity dates will
|
||||
need to reset those keys' dates using "dnssec-settime -I".
|
||||
- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
|
||||
It is possible for the new key ID to collide with that of a
|
||||
different key. Newly generated keys will not have this problem,
|
||||
as "dnssec-keygen" looks for potential collisions before
|
||||
generating keys, but exercise caution if using key revokation
|
||||
with keys that were generated by older versions of BIND 9. See
|
||||
the Administrator's Reference Manual, section 4.10 ("Dynamic
|
||||
Trust Anchor Management") for more details.
|
||||
|
||||
- A bug was fixed in which a key's scheduled inactivity date was
|
||||
stored incorectly. Users who participated in the 9.7.0 BETA test
|
||||
and had DNSSEC keys with scheduled inactivity dates will need to
|
||||
reset those keys' dates using "dnssec-settime -I".
|
||||
|
||||
Building
|
||||
|
||||
@@ -126,9 +132,9 @@ Building
|
||||
Ubuntu 7.04, 7.10
|
||||
Windows XP/2003/2008
|
||||
|
||||
NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
|
||||
Windows, including Windows NT and Windows 2000, are no longer
|
||||
supported.
|
||||
NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
|
||||
Windows, including Windows NT and Windows 2000, are no longer
|
||||
supported.
|
||||
|
||||
We have recent reports from the user community that a supported
|
||||
version of BIND will build and run on the following systems:
|
||||
@@ -228,10 +234,10 @@ Building
|
||||
on the configure command line. The default is operating
|
||||
system dependent.
|
||||
|
||||
Support for the "fixed" rrset-order option can be enabled
|
||||
or disabled by specifying "--enable-fixed-rrset" or
|
||||
"--disable-fixed-rrset" on the configure command line.
|
||||
The default is "disabled", to reduce memory footprint.
|
||||
Support for the "fixed" rrset-order option can be enabled
|
||||
or disabled by specifying "--enable-fixed-rrset" or
|
||||
"--disable-fixed-rrset" on the configure command line.
|
||||
The default is "disabled", to reduce memory footprint.
|
||||
|
||||
If your operating system has integrated support for IPv6, it
|
||||
will be used automatically. If you have installed KAME IPv6
|
||||
@@ -297,8 +303,8 @@ Documentation
|
||||
Frequently asked questions and their answers can be found in
|
||||
FAQ.
|
||||
|
||||
Additional information on various subjects can be found
|
||||
in the other README files.
|
||||
Additional information on various subjects can be found
|
||||
in the other README files.
|
||||
|
||||
|
||||
Bug Reports and Mailing Lists
|
||||
|
||||
Reference in New Issue
Block a user