Added HISTORY, added pointer to it from README. (Text changes reviewed

by Larissa.)
This commit is contained in:
Evan Hunt
2010-02-04 23:34:33 +00:00
parent e690855bc3
commit 89600e8dd6

100
README
View File

@@ -42,6 +42,12 @@ BIND 9
Stichting NLnet - NLnet Foundation
Nominum, Inc.
For a summary of functional enhancements in previous
releases, see the HISTORY file.
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
BIND 9.7.0
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
@@ -63,50 +69,50 @@ BIND 9.7.0
- Smart signing: simplified tools for zone signing and key
maintenance.
- The "statistics-channels" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A "tools only" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A "tools only" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
Known issues in this release:
Known issues in this release:
- In rare cases, DNSSEC validation can leak memory. When this
happens, it will cause an assertion failure when named exits,
but is otherwise harmless. A fix exists, but was too late for
this release; it will be included in BIND 9.7.1.
- In rare cases, DNSSEC validation can leak memory. When this
happens, it will cause an assertion failure when named exits,
but is otherwise harmless. A fix exists, but was too late for
this release; it will be included in BIND 9.7.1.
Compatibility notes:
Compatibility notes:
- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
you should ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7 implements
those features in a way which is not backwards compatible.
- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
you should ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7 implements
those features in a way which is not backwards compatible.
- Prior releases had a bug which caused HMAC-SHA* keys with long
secrets to be used incorrectly. Fixing this bug means that older
versions of BIND 9 may fail to interoperate with this version
when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
tool will convert a key with a long secret into a form that works
correctly with all versions of BIND 9. See the "isc-hmac-fixup"
man page for additional details.
- Prior releases had a bug which caused HMAC-SHA* keys with long
secrets to be used incorrectly. Fixing this bug means that older
versions of BIND 9 may fail to interoperate with this version
when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
tool will convert a key with a long secret into a form that works
correctly with all versions of BIND 9. See the "isc-hmac-fixup"
man page for additional details.
- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
It is possible for the new key ID to collide with that of a
different key. Newly generated keys will not have this problem,
as "dnssec-keygen" looks for potential collisions before
generating keys, but exercise caution if using key revokation
with keys that were generated by older versions of BIND 9.
See the Administrator's Reference Manual, section 4.10 ("Dynamic
Trust Anchor Management") for more details.
- A bug was fixed in which a key's scheduled inactivity date was
stored incorectly. Users who participated in the 9.7.0 BETA
test and had DNSSEC keys with scheduled inactivity dates will
need to reset those keys' dates using "dnssec-settime -I".
- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
It is possible for the new key ID to collide with that of a
different key. Newly generated keys will not have this problem,
as "dnssec-keygen" looks for potential collisions before
generating keys, but exercise caution if using key revokation
with keys that were generated by older versions of BIND 9. See
the Administrator's Reference Manual, section 4.10 ("Dynamic
Trust Anchor Management") for more details.
- A bug was fixed in which a key's scheduled inactivity date was
stored incorectly. Users who participated in the 9.7.0 BETA test
and had DNSSEC keys with scheduled inactivity dates will need to
reset those keys' dates using "dnssec-settime -I".
Building
@@ -126,9 +132,9 @@ Building
Ubuntu 7.04, 7.10
Windows XP/2003/2008
NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
Windows, including Windows NT and Windows 2000, are no longer
supported.
NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
Windows, including Windows NT and Windows 2000, are no longer
supported.
We have recent reports from the user community that a supported
version of BIND will build and run on the following systems:
@@ -228,10 +234,10 @@ Building
on the configure command line. The default is operating
system dependent.
Support for the "fixed" rrset-order option can be enabled
or disabled by specifying "--enable-fixed-rrset" or
"--disable-fixed-rrset" on the configure command line.
The default is "disabled", to reduce memory footprint.
Support for the "fixed" rrset-order option can be enabled
or disabled by specifying "--enable-fixed-rrset" or
"--disable-fixed-rrset" on the configure command line.
The default is "disabled", to reduce memory footprint.
If your operating system has integrated support for IPv6, it
will be used automatically. If you have installed KAME IPv6
@@ -297,8 +303,8 @@ Documentation
Frequently asked questions and their answers can be found in
FAQ.
Additional information on various subjects can be found
in the other README files.
Additional information on various subjects can be found
in the other README files.
Bug Reports and Mailing Lists