From 89600e8dd6e448b97bed278a6b8fe6aab59fd911 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 4 Feb 2010 23:34:33 +0000 Subject: [PATCH] Added HISTORY, added pointer to it from README. (Text changes reviewed by Larissa.) --- README | 100 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 53 insertions(+), 47 deletions(-) diff --git a/README b/README index f8bc97cf14..dcc869ebe1 100644 --- a/README +++ b/README @@ -42,6 +42,12 @@ BIND 9 Stichting NLnet - NLnet Foundation Nominum, Inc. + For a summary of functional enhancements in previous + releases, see the HISTORY file. + + For a detailed list of user-visible changes from + previous releases, see the CHANGES file. + BIND 9.7.0 BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier @@ -63,50 +69,50 @@ BIND 9.7.0 - Smart signing: simplified tools for zone signing and key maintenance. - The "statistics-channels" option is now available on Windows. - - A new DNSSEC-aware libdns API for use by non-BIND9 applications - - On some platforms, named and other binaries can now print out - a stack backtrace on assertion failure, to aid in debugging. - - A "tools only" installation mode on Windows, which only installs - dig, host, nslookup and nsupdate. - - Improved PKCS#11 support, including Keyper support and explicit - OpenSSL engine selection. + - A new DNSSEC-aware libdns API for use by non-BIND9 applications + - On some platforms, named and other binaries can now print out + a stack backtrace on assertion failure, to aid in debugging. + - A "tools only" installation mode on Windows, which only installs + dig, host, nslookup and nsupdate. + - Improved PKCS#11 support, including Keyper support and explicit + OpenSSL engine selection. - Known issues in this release: + Known issues in this release: - - In rare cases, DNSSEC validation can leak memory. When this - happens, it will cause an assertion failure when named exits, - but is otherwise harmless. A fix exists, but was too late for - this release; it will be included in BIND 9.7.1. + - In rare cases, DNSSEC validation can leak memory. When this + happens, it will cause an assertion failure when named exits, + but is otherwise harmless. A fix exists, but was too late for + this release; it will be included in BIND 9.7.1. - Compatibility notes: + Compatibility notes: - - If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE, - ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then - you should ensure that all changes that are in progress have - completed prior to upgrading to BIND 9.7. BIND 9.7 implements - those features in a way which is not backwards compatible. + - If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE, + ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then + you should ensure that all changes that are in progress have + completed prior to upgrading to BIND 9.7. BIND 9.7 implements + those features in a way which is not backwards compatible. - - Prior releases had a bug which caused HMAC-SHA* keys with long - secrets to be used incorrectly. Fixing this bug means that older - versions of BIND 9 may fail to interoperate with this version - when using TSIG keys. If this occurs, the new "isc-hmac-fixup" - tool will convert a key with a long secret into a form that works - correctly with all versions of BIND 9. See the "isc-hmac-fixup" - man page for additional details. + - Prior releases had a bug which caused HMAC-SHA* keys with long + secrets to be used incorrectly. Fixing this bug means that older + versions of BIND 9 may fail to interoperate with this version + when using TSIG keys. If this occurs, the new "isc-hmac-fixup" + tool will convert a key with a long secret into a form that works + correctly with all versions of BIND 9. See the "isc-hmac-fixup" + man page for additional details. - - Revoking a DNSSEC key with "dnssec-revoke" changes its key ID. - It is possible for the new key ID to collide with that of a - different key. Newly generated keys will not have this problem, - as "dnssec-keygen" looks for potential collisions before - generating keys, but exercise caution if using key revokation - with keys that were generated by older versions of BIND 9. - See the Administrator's Reference Manual, section 4.10 ("Dynamic - Trust Anchor Management") for more details. - - - A bug was fixed in which a key's scheduled inactivity date was - stored incorectly. Users who participated in the 9.7.0 BETA - test and had DNSSEC keys with scheduled inactivity dates will - need to reset those keys' dates using "dnssec-settime -I". + - Revoking a DNSSEC key with "dnssec-revoke" changes its key ID. + It is possible for the new key ID to collide with that of a + different key. Newly generated keys will not have this problem, + as "dnssec-keygen" looks for potential collisions before + generating keys, but exercise caution if using key revokation + with keys that were generated by older versions of BIND 9. See + the Administrator's Reference Manual, section 4.10 ("Dynamic + Trust Anchor Management") for more details. + + - A bug was fixed in which a key's scheduled inactivity date was + stored incorectly. Users who participated in the 9.7.0 BETA test + and had DNSSEC keys with scheduled inactivity dates will need to + reset those keys' dates using "dnssec-settime -I". Building @@ -126,9 +132,9 @@ Building Ubuntu 7.04, 7.10 Windows XP/2003/2008 - NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of - Windows, including Windows NT and Windows 2000, are no longer - supported. + NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of + Windows, including Windows NT and Windows 2000, are no longer + supported. We have recent reports from the user community that a supported version of BIND will build and run on the following systems: @@ -228,10 +234,10 @@ Building on the configure command line. The default is operating system dependent. - Support for the "fixed" rrset-order option can be enabled - or disabled by specifying "--enable-fixed-rrset" or - "--disable-fixed-rrset" on the configure command line. - The default is "disabled", to reduce memory footprint. + Support for the "fixed" rrset-order option can be enabled + or disabled by specifying "--enable-fixed-rrset" or + "--disable-fixed-rrset" on the configure command line. + The default is "disabled", to reduce memory footprint. If your operating system has integrated support for IPv6, it will be used automatically. If you have installed KAME IPv6 @@ -297,8 +303,8 @@ Documentation Frequently asked questions and their answers can be found in FAQ. - Additional information on various subjects can be found - in the other README files. + Additional information on various subjects can be found + in the other README files. Bug Reports and Mailing Lists