195 lines
7.0 KiB
XML
195 lines
7.0 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!--
|
|
- Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
|
|
-
|
|
- Permission to use, copy, modify, and/or distribute this software for any
|
|
- purpose with or without fee is hereby granted, provided that the above
|
|
- copyright notice and this permission notice appear in all copies.
|
|
-
|
|
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
- PERFORMANCE OF THIS SOFTWARE.
|
|
-->
|
|
|
|
<sect1 xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<xi:include href="noteversion.xml"/>
|
|
<sect2 id="relnotes_intro">
|
|
<title>Introduction</title>
|
|
<para>
|
|
This document summarizes changes since the last production release
|
|
of BIND on the corresponding major release branch.
|
|
</para>
|
|
</sect2>
|
|
<sect2 id="relnotes_download">
|
|
<title>Download</title>
|
|
<para>
|
|
The latest versions of BIND 9 software can always be found at
|
|
<ulink url="http://www.isc.org/downloads/"
|
|
>http://www.isc.org/downloads/</ulink>.
|
|
There you will find additional information about each release,
|
|
source code, and pre-compiled versions for Microsoft Windows
|
|
operating systems.
|
|
</para>
|
|
</sect2>
|
|
<sect2 id="relnotes_security">
|
|
<title>Security Fixes</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>None</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</sect2>
|
|
<sect2 id="relnotes_features">
|
|
<title>New Features</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>None</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</sect2>
|
|
<sect2 id="relnotes_changes">
|
|
<title>Feature Changes</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
ACLs containing <command>geoip asnum</command> elements were
|
|
not correctly matched unless the full organization name was
|
|
specified in the ACL (as in
|
|
<command>geoip asnum "AS1234 Example, Inc.";</command>).
|
|
They can now match against the AS number alone (as in
|
|
<command>geoip asnum "AS1234";</command>).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
When using native PKCS#11 cryptography (i.e.,
|
|
<command>configure --enable-native-pkcs11</command>) HSM PINs
|
|
of up to 256 characters can now be used.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
NXDOMAIN responses to queries of type DS are now cached separately
|
|
from those for other types. This helps when using "grafted" zones
|
|
of type forward, for which the parent zone does not contain a
|
|
delegation, such as local top-level domains. Previously a query
|
|
of type DS for such a zone could cause the zone apex to be cached
|
|
as NXDOMAIN, blocking all subsequent queries. (Note: This
|
|
change is only helpful when DNSSEC validation is not enabled.
|
|
"Grafted" zones without a delegation in the parent are not a
|
|
recommended configuration.)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
NOTIFY messages that are sent because a zone has been updated
|
|
are now given priority above NOTIFY messages that were scheduled
|
|
when the server started up. This should mitigate delays in zone
|
|
propagation when servers are restarted frequently.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Errors reported when running <command>rndc addzone</command>
|
|
(e.g., when a zone file cannot be loaded) have been clarified
|
|
to make it easier to diagnose problems.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</sect2>
|
|
<sect2 id="relnotes_bugs">
|
|
<title>Bug Fixes</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>dig</command>, <command>host</command> and
|
|
<command>nslookup</command> aborted when encountering
|
|
a name which, after appending search list elements,
|
|
exceeded 255 bytes. Such names are now skipped, but
|
|
processing of other names will continue. [RT #36892]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The error message generated when
|
|
<command>named-checkzone</command> or
|
|
<command>named-checkconf -z</command> encounters a
|
|
<option>$TTL</option> directive without a value has
|
|
been clarified. [RT #37138]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Semicolon characters (;) included in TXT records were
|
|
incorrectly escaped with a backslash when the record was
|
|
displayed as text. This is actually only necessary when there
|
|
are no quotation marks. [RT #37159]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
When files opened for writing by <command>named</command>,
|
|
such as zone journal files, were referenced more than once
|
|
in <filename>named.conf</filename>, it could lead to file
|
|
corruption as multiple threads wrote to the same file. This
|
|
is now detected when loading <filename>named.conf</filename>
|
|
and reported as an error. [RT #37172]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>dnssec-keygen -S</command> failed to generate successor
|
|
keys for some algorithm types (including ECDSA and GOST) due to
|
|
a difference in the content of private key files. This has been
|
|
corrected. [RT #37183]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
UPDATE messages that arrived too soon after
|
|
an <command>rndc thaw</command> could be lost. [RT #37233]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Forwarding of UPDATE messages did not work when they were
|
|
signed with SIG(0); they resulted in a BADSIG response code.
|
|
[RT #37216]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
When checking for updates to trust anchors listed in
|
|
<option>managed-keys</option>, <command>named</command>
|
|
now revalidates keys based on the current set of
|
|
active trust anchors, without relying on any cached
|
|
record of previous validation. [RT #37506]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Large-system tuning
|
|
(<command>configure --with-tuning=large</command>) caused
|
|
problems on some platforms by setting a socket receive
|
|
buffer size that was too large. This is now detected and
|
|
corrected at run time.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</sect2>
|
|
<sect2 id="relnotes_thanks">
|
|
<title>Thank You</title>
|
|
<para>
|
|
Thank you to everyone who assisted us in making this release possible.
|
|
If you would like to contribute to ISC to assist us in continuing to
|
|
make quality open source software, please visit our donations page at
|
|
<ulink url="http://www.isc.org/donate/"
|
|
>http://www.isc.org/donate/</ulink>.
|
|
</para>
|
|
</sect2>
|
|
</sect1>
|