2015-10-06 00:59:35 -04:00
|
|
|
<!DOCTYPE book [
|
|
|
|
|
<!ENTITY Scaron "Š">
|
2017-04-24 02:16:53 -04:00
|
|
|
<!ENTITY scaron "š">
|
2015-10-06 00:59:35 -04:00
|
|
|
<!ENTITY ccaron "č">
|
2016-04-28 03:12:33 -04:00
|
|
|
<!ENTITY aacute "á">
|
2017-04-24 02:16:53 -04:00
|
|
|
<!ENTITY iacute "í">
|
2015-10-06 00:59:35 -04:00
|
|
|
<!ENTITY mdash "—">
|
|
|
|
|
<!ENTITY ouml "ö">]>
|
2014-10-20 15:49:14 -04:00
|
|
|
<!--
|
2018-02-23 03:53:12 -05:00
|
|
|
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
2014-10-20 15:49:14 -04:00
|
|
|
-
|
2016-06-27 00:56:38 -04:00
|
|
|
- This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
2018-02-23 03:53:12 -05:00
|
|
|
-
|
|
|
|
|
- See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
- information regarding copyright ownership.
|
2014-10-20 15:49:14 -04:00
|
|
|
-->
|
2015-10-06 19:45:23 -04:00
|
|
|
|
2016-12-06 18:49:55 -05:00
|
|
|
<section xmlns:db="http://docbook.org/ns/docbook" version="5.0"><info/>
|
2015-10-06 00:59:35 -04:00
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
|
|
|
|
|
<section xml:id="relnotes_intro"><info><title>Introduction</title></info>
|
2014-10-20 15:49:14 -04:00
|
|
|
<para>
|
2017-12-15 04:30:56 -05:00
|
|
|
BIND 9.13 is unstable development release of BIND.
|
2016-03-22 23:00:09 -04:00
|
|
|
This document summarizes new features and functional changes that
|
2016-03-23 02:45:14 -04:00
|
|
|
have been introduced on this branch. With each development
|
2017-12-15 04:30:56 -05:00
|
|
|
release leading up to the stable BIND 9.14 release, this document
|
2016-03-22 23:00:09 -04:00
|
|
|
will be updated with additional features added and bugs fixed.
|
2014-10-20 15:49:14 -04:00
|
|
|
</para>
|
2015-10-06 00:59:35 -04:00
|
|
|
</section>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2016-03-22 23:00:09 -04:00
|
|
|
<section xml:id="relnotes_download"><info><title>Download</title></info>
|
2014-10-20 15:49:14 -04:00
|
|
|
<para>
|
|
|
|
|
The latest versions of BIND 9 software can always be found at
|
2015-10-06 00:59:35 -04:00
|
|
|
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
|
2014-10-20 15:49:14 -04:00
|
|
|
There you will find additional information about each release,
|
|
|
|
|
source code, and pre-compiled versions for Microsoft Windows
|
|
|
|
|
operating systems.
|
|
|
|
|
</para>
|
2015-10-06 00:59:35 -04:00
|
|
|
</section>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2016-03-22 23:00:09 -04:00
|
|
|
<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
|
2014-10-20 15:49:14 -04:00
|
|
|
<itemizedlist>
|
2017-06-27 14:35:52 -04:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2018-01-03 22:11:18 -05:00
|
|
|
Addresses could be referenced after being freed during resolver
|
|
|
|
|
processing, causing an assertion failure. The chances of this
|
|
|
|
|
happening were remote, but the introduction of a delay in
|
2018-01-03 22:29:59 -05:00
|
|
|
resolution increased them. This bug is disclosed in
|
2018-01-03 22:11:18 -05:00
|
|
|
CVE-2017-3145. [RT #46839]
|
2016-11-02 02:31:27 -04:00
|
|
|
</para>
|
2018-02-06 22:03:33 -05:00
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
update-policy rules that otherwise ignore the name field now
|
|
|
|
|
require that it be set to "." to ensure that any type list
|
|
|
|
|
present is properly interpreted. If the name field was omitted
|
|
|
|
|
from the rule declaration and a type list was present it wouldn't
|
|
|
|
|
be interpreted as expected.
|
|
|
|
|
</para>
|
2016-11-02 02:31:27 -04:00
|
|
|
</listitem>
|
2014-10-20 15:49:14 -04:00
|
|
|
</itemizedlist>
|
2015-10-06 00:59:35 -04:00
|
|
|
</section>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2016-03-22 23:00:09 -04:00
|
|
|
<section xml:id="relnotes_features"><info><title>New Features</title></info>
|
2014-10-20 15:49:14 -04:00
|
|
|
<itemizedlist>
|
2017-04-22 00:48:50 -04:00
|
|
|
<listitem>
|
2017-07-28 15:57:50 -04:00
|
|
|
<para>
|
2018-03-14 08:19:00 -04:00
|
|
|
BIND now can be compiled against libidn2 library to add
|
|
|
|
|
IDNA2008 support. Previously BIND only supported IDNA2003
|
|
|
|
|
using (now obsolete) idnkit-1 library.
|
2017-08-24 18:38:19 -04:00
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2017-07-31 13:17:11 -04:00
|
|
|
</itemizedlist>
|
|
|
|
|
</section>
|
|
|
|
|
|
2018-01-18 20:29:28 -05:00
|
|
|
<section xml:id="relnotes_removed"><info><title>Removed Features</title></info>
|
|
|
|
|
<itemizedlist>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
<command>dnssec-keygen</command> can no longer generate HMAC
|
|
|
|
|
keys for TSIG authentication. Use <command>tsig-keygen</command>
|
|
|
|
|
to generate these keys. [RT #46404]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-02-22 16:26:22 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
The <command>configure --enable-seccomp</command> option,
|
|
|
|
|
which formerly turned on system-call filtering on Linux, has
|
|
|
|
|
been removed. [GL #93]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-03-05 08:13:50 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
IPv4 addresses in forms other than dotted-quad are no longer
|
|
|
|
|
accepted in master files. [GL #13] [GL #56]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-03-17 09:50:59 -04:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
IDNA2003 support via (bundled) idnkit-1.0 has been removed.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-01-18 20:29:28 -05:00
|
|
|
</itemizedlist>
|
|
|
|
|
</section>
|
|
|
|
|
|
2016-03-22 23:00:09 -04:00
|
|
|
<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
|
2014-10-20 15:49:14 -04:00
|
|
|
<itemizedlist>
|
2017-10-03 03:28:31 -04:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2017-12-15 04:47:05 -05:00
|
|
|
Zone types <command>primary</command> and
|
|
|
|
|
<command>secondary</command> are now available as synonyms for
|
|
|
|
|
<command>master</command> and <command>slave</command>,
|
|
|
|
|
respectively, in <filename>named.conf</filename>.
|
2017-10-25 03:33:51 -04:00
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-02-15 19:19:25 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
<command>named</command> will now log a warning if the old
|
|
|
|
|
root DNSSEC key is explicitly configured and has not been updated.
|
|
|
|
|
[RT #43670]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-02-15 19:11:52 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
<command>dig +nssearch</command> will now list name servers
|
|
|
|
|
that have timed out, in addition to those that respond. [GL #64]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-03-14 08:19:00 -04:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
<command>dig +noidnin</command> can be used to disable IDN
|
|
|
|
|
processing on the input domain name, when BIND is compiled
|
|
|
|
|
with IDN support.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-03-10 03:59:44 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Up to 64 <command>response-policy</command> zones are now
|
|
|
|
|
supported by default; previously the limit was 32. [GL #123]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2015-09-10 22:25:39 -04:00
|
|
|
</itemizedlist>
|
2015-10-06 00:59:35 -04:00
|
|
|
</section>
|
2016-03-22 23:00:09 -04:00
|
|
|
|
2015-10-06 00:59:35 -04:00
|
|
|
<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
|
2014-10-20 15:49:14 -04:00
|
|
|
<itemizedlist>
|
2018-02-02 13:32:17 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
When answering authoritative queries, <command>named</command>
|
|
|
|
|
does not return the target of a cross-zone CNAME between two
|
|
|
|
|
locally served zones; this prevents accidental cache poisoning.
|
|
|
|
|
This same restriction was incorrectly applied to recursive
|
|
|
|
|
queries as well; this has been fixed. [RT #47078]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2017-11-30 15:37:08 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2018-01-03 22:11:18 -05:00
|
|
|
Attempting to validate improperly unsigned CNAME responses
|
|
|
|
|
from secure zones could cause a validator loop. This caused
|
|
|
|
|
a delay in returning SERVFAIL and also increased the chances
|
|
|
|
|
of encountering the crash bug described in CVE-2017-3145.
|
|
|
|
|
[RT #46839]
|
2017-12-04 17:52:12 -05:00
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-02-17 22:56:31 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
<command>named</command> could crash due to a race condition when
|
|
|
|
|
rolling <command>dnstap</command> log files. [RT #46942]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
<command>rndc reload</command> could cause <command>named</command>
|
|
|
|
|
to leak memory if it was invoked before the zone loading actions
|
|
|
|
|
from a previous <command>rndc reload</command> command were
|
|
|
|
|
completed. [RT #47076]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2018-02-25 17:37:37 -05:00
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
<command>named</command> could crash when rolling a
|
|
|
|
|
<command>dnstap</command> log file. [RT #46942]
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
2014-10-20 15:49:14 -04:00
|
|
|
</itemizedlist>
|
2015-10-06 00:59:35 -04:00
|
|
|
</section>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2017-12-15 04:30:56 -05:00
|
|
|
<section xml:id="relnotes_license"><info><title>License</title></info>
|
|
|
|
|
<para>
|
|
|
|
|
BIND is open source software licenced under the terms of the Mozilla
|
|
|
|
|
Public License, version 2.0 (see the <filename>LICENSE</filename>
|
|
|
|
|
file for the full text).
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
The license requires that if you make changes to BIND and distribute
|
|
|
|
|
them outside your organization, those changes must be published under
|
|
|
|
|
the same license. It does not require that you publish or disclose
|
|
|
|
|
anything other than the changes you have made to our software. This
|
|
|
|
|
requirement does not affect anyone who is using BIND, with or without
|
|
|
|
|
modifications, without redistributing it, nor anyone redistributing
|
|
|
|
|
BIND without changes.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
Those wishing to discuss license compliance may contact ISC at
|
|
|
|
|
<link
|
|
|
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
|
|
|
xlink:href="https://www.isc.org/mission/contact/">
|
|
|
|
|
https://www.isc.org/mission/contact/</link>.
|
|
|
|
|
</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
2016-05-25 21:40:47 -04:00
|
|
|
<section xml:id="end_of_life"><info><title>End of Life</title></info>
|
2014-10-30 22:08:42 -04:00
|
|
|
<para>
|
2017-12-15 04:30:56 -05:00
|
|
|
BIND 9.13 is an unstable development branch. When its development
|
|
|
|
|
is complete, it will be renamed to BIND 9.14, which will be a
|
|
|
|
|
stable branch.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
The end of life date for BIND 9.14 has not yet been determined.
|
|
|
|
|
For those needing long term support, the current Extended Support
|
|
|
|
|
Version (ESV) is BIND 9.11, which will be supported until December
|
|
|
|
|
2021. See
|
2015-10-06 00:59:35 -04:00
|
|
|
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.isc.org/downloads/software-support-policy/">https://www.isc.org/downloads/software-support-policy/</link>
|
2017-12-15 04:30:56 -05:00
|
|
|
for details of ISC's software support policy.
|
2014-10-30 22:08:42 -04:00
|
|
|
</para>
|
2015-10-06 00:59:35 -04:00
|
|
|
</section>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2017-12-15 04:30:56 -05:00
|
|
|
<section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
|
2014-10-20 15:49:14 -04:00
|
|
|
<para>
|
|
|
|
|
Thank you to everyone who assisted us in making this release possible.
|
|
|
|
|
If you would like to contribute to ISC to assist us in continuing to
|
|
|
|
|
make quality open source software, please visit our donations page at
|
2015-10-06 00:59:35 -04:00
|
|
|
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/donate/">http://www.isc.org/donate/</link>.
|
2014-10-20 15:49:14 -04:00
|
|
|
</para>
|
2015-10-06 00:59:35 -04:00
|
|
|
</section>
|
|
|
|
|
</section>
|
