mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-26 19:41:04 -05:00
379 lines
14 KiB
XML
379 lines
14 KiB
XML
<!DOCTYPE book [
|
|
<!ENTITY Scaron "Š">
|
|
<!ENTITY ccaron "č">
|
|
<!ENTITY aacute "á">
|
|
<!ENTITY mdash "—">
|
|
<!ENTITY ouml "ö">]>
|
|
<!--
|
|
- Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
|
|
-
|
|
- This Source Code Form is subject to the terms of the Mozilla Public
|
|
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
-->
|
|
|
|
<section xmlns:db="http://docbook.org/ns/docbook" version="5.0"><info/>
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
|
|
<section xml:id="relnotes_intro"><info><title>Introduction</title></info>
|
|
<para>
|
|
BIND 9.12.0 is a new feature release of BIND, still under development.
|
|
This document summarizes new features and functional changes that
|
|
have been introduced on this branch. With each development
|
|
release leading up to the final BIND 9.12.0 release, this document
|
|
will be updated with additional features added and bugs fixed.
|
|
</para>
|
|
</section>
|
|
|
|
<section xml:id="relnotes_download"><info><title>Download</title></info>
|
|
<para>
|
|
The latest versions of BIND 9 software can always be found at
|
|
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
|
|
There you will find additional information about each release,
|
|
source code, and pre-compiled versions for Microsoft Windows
|
|
operating systems.
|
|
</para>
|
|
</section>
|
|
|
|
<section xml:id="relnotes_license"><info><title>License Change</title></info>
|
|
<para>
|
|
With the release of BIND 9.11.0, ISC changed to the open
|
|
source license for BIND from the ISC license to the Mozilla
|
|
Public License (MPL 2.0).
|
|
</para>
|
|
<para>
|
|
The MPL-2.0 license requires that if you make changes to
|
|
licensed software (e.g. BIND) and distribute them outside
|
|
your organization, that you publish those changes under that
|
|
same license. It does not require that you publish or disclose
|
|
anything other than the changes you made to our software.
|
|
</para>
|
|
<para>
|
|
This new requirement will not affect anyone who is using BIND
|
|
without redistributing it, nor anyone redistributing it without
|
|
changes, therefore this change will be without consequence
|
|
for most individuals and organizations who are using BIND.
|
|
</para>
|
|
<para>
|
|
Those unsure whether or not the license change affects their
|
|
use of BIND, or who wish to discuss how to comply with the
|
|
license may contact ISC at <link
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xlink:href="https://www.isc.org/mission/contact/">
|
|
https://www.isc.org/mission/contact/</link>.
|
|
</para>
|
|
</section>
|
|
|
|
<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>rndc ""</command> could trigger an assertion failure
|
|
in <command>named</command>. This flaw is disclosed in
|
|
(CVE-2017-3138). [RT #44924]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Some chaining (i.e., type CNAME or DNAME) responses to upstream
|
|
queries could trigger assertion failures. This flaw is disclosed
|
|
in CVE-2017-3137. [RT #44734]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>dns64</command> with <command>break-dnssec yes;</command>
|
|
can result in an assertion failure. This flaw is disclosed in
|
|
CVE-2017-3136. [RT #44653]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If a server is configured with a response policy zone (RPZ)
|
|
that rewrites an answer with local data, and is also configured
|
|
for DNS64 address mapping, a NULL pointer can be read
|
|
triggering a server crash. This flaw is disclosed in
|
|
CVE-2017-3135. [RT #44434]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A coding error in the <option>nxdomain-redirect</option>
|
|
feature could lead to an assertion failure if the redirection
|
|
namespace was served from a local authoritative data source
|
|
such as a local zone or a DLZ instead of via recursive
|
|
lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named</command> could mishandle authority sections
|
|
with missing RRSIGs, triggering an assertion failure. This
|
|
flaw is disclosed in CVE-2016-9444. [RT #43632]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named</command> mishandled some responses where
|
|
covering RRSIG records were returned without the requested
|
|
data, resulting in an assertion failure. This flaw is
|
|
disclosed in CVE-2016-9147. [RT #43548]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named</command> incorrectly tried to cache TKEY
|
|
records which could trigger an assertion failure when there was
|
|
a class mismatch. This flaw is disclosed in CVE-2016-9131.
|
|
[RT #43522]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
It was possible to trigger assertions when processing
|
|
responses containing answers of type DNAME. This flaw is
|
|
disclosed in CVE-2016-8864. [RT #43465]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Added the ability to specify the maximum number of records
|
|
permitted in a zone (<option>max-records #;</option>).
|
|
This provides a mechanism to block overly large zone
|
|
transfers, which is a potential risk with slave zones from
|
|
other parties, as described in CVE-2016-6170.
|
|
[RT #42143]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section xml:id="relnotes_features"><info><title>New Features</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The <command>host -A</command> option returns most
|
|
records for a name, but omits types RRSIG, NSEC and NSEC3.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Query logic has been substantially refactored (e.g. query_find
|
|
function has been split into smaller functions) for improved
|
|
readability, maintainability and testability. [RT #43929]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>dnstap</command> logfiles can now be configured to
|
|
automatically roll when they reach a specified size. If
|
|
<command>dnstap-output</command> is configured with mode
|
|
<literal>file</literal>, then it can take optional
|
|
<command>size</command> and <command>versions</command>
|
|
key-value arguments to set the logfile rolling parameters.
|
|
(These have the same semantics as the corresponding
|
|
options in a <command>logging</command> channel statement.)
|
|
[RT #44502]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Logging channels and <command>dnstap-output</command> files can
|
|
now be configured with a <command>suffix</command> option,
|
|
set to either <literal>increment</literal> or
|
|
<literal>timestamp</literal>, indicating whether log files
|
|
should be given incrementing suffixes when they roll
|
|
over (e.g., <filename>logfile.0</filename>,
|
|
<filename>.1</filename>, <filename>.2</filename>, etc)
|
|
or suffixes indicating the time of the roll. The default
|
|
is <literal>increment</literal>. [RT #42838]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>dig +ednsopt</command> now accepts the names
|
|
for EDNS options in addition to numeric values. For example,
|
|
an EDNS Client-Subnet option could be sent using
|
|
<command>dig +ednsopt=ecs:...</command>. Thanks to
|
|
John Worley of Secure64 for the contribution. [RT #44461]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Added support for the EDNS TCP Keepalive option (RFC 7828);
|
|
this allows negotiation of longer-lived TCP sessions
|
|
to reduce the overhead of setting up TCP for individual
|
|
queries. [RT #42126]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Added support for the EDNS Padding option (RFC 7830),
|
|
which obfuscates packet size analysis when DNS queries
|
|
are sent over an encrypted channel. [RT #42094]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <option>print-time</option> option in the
|
|
<option>logging</option> configuration can now take arguments
|
|
<userinput>local</userinput>, <userinput>iso8601</userinput> or
|
|
<userinput>iso8601-utc</userinput> to indicate the format in
|
|
which the date and time should be logged. For backward
|
|
compatibility, <userinput>yes</userinput> is a synonym for
|
|
<userinput>local</userinput>. [RT #42585]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>rndc</command> commands which refer to zone names
|
|
can now reference a zone of type <command>redirect</command>
|
|
by using the special zone name "-redirect". (Previously this
|
|
was not possible because <command>redirect</command> zones
|
|
always have the name ".", which can be ambiguous.)
|
|
</para>
|
|
<para>
|
|
In the event you need to manipulate a zone actually
|
|
called "-redirect", use a trailing dot: "-redirect."
|
|
</para>
|
|
<para>
|
|
Note: This change does not appply to the
|
|
<command>rndc addzone</command> or
|
|
<command>rndc modzone</command> commands.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named-checkconf -l</command> lists the zones found
|
|
in <filename>named.conf</filename>. [RT #43154]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Query logging now includes the ECS option, if one was
|
|
present in the query, in the format
|
|
"[ECS <replaceable>address/source/scope</replaceable>]".
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The Response Policy Zone (RPZ) implementation has been
|
|
substantially refactored: updates to the RPZ summary
|
|
database are no longer directly performed by the zone
|
|
database but by a separate function that is called when
|
|
a policy zone is updated. This improves both performance
|
|
and reliability when policy zones receive frequent updates.
|
|
Summary database updates can be rate-limited by using the
|
|
<command>min-update-interval</command> option in a
|
|
<command>response-policy</command> statement. [RT #43449]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>dnstap</command> now stores both the local and remote
|
|
addresses for all messages, instead of only the remote address.
|
|
The default output format for <command>dnstap-read</command> has
|
|
been updated to include these addresses, with the initiating
|
|
address first and the responding address second, separated by
|
|
"-%gt;" or "%lt;-" to indicate in which direction the message
|
|
was sent. [RT #43595]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Expanded and improved the YAML output from
|
|
<command>dnstap-read -y</command>: it now includes packet
|
|
size and a detailed breakdown of message contents.
|
|
[RT #43622] [RT #43642]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If an ACL is specified with an address prefix in which the
|
|
prefix length is longer than the address portion (for example,
|
|
192.0.2.1/8), it will now be treated as a fatal error during
|
|
configuration. [RT #43367]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
A synthesized CNAME record appearing in a response before the
|
|
associated DNAME could be cached, when it should not have been.
|
|
This was a regression introduced while addressing CVE-2016-8864.
|
|
[RT #44318]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named</command> could deadlock if multiple changes
|
|
to NSEC/NSEC3 parameters for the same zone were being processed
|
|
at the same time. [RT #42770]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named</command> could trigger an assertion when
|
|
sending NOTIFY messages. [RT #44019]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Referencing a nonexistent zone in a <command>response-policy</command>
|
|
statement could cause an assertion failure during configuration.
|
|
[RT #43787]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>rndc addzone</command> could cause a crash
|
|
when attempting to add a zone with a type other than
|
|
<command>master</command> or <command>slave</command>.
|
|
Such zones are now rejected. [RT #43665]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>named</command> could hang when encountering log
|
|
file names with large apparent gaps in version number (for
|
|
example, when files exist called "logfile.0", "logfile.1",
|
|
and "logfile.1482954169"). This is now handled correctly.
|
|
[RT #38688]
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If a zone was updated while <command>named</command> was
|
|
processing a query for nonexistent data, it could return
|
|
out-of-sync NSEC3 records causing potential DNSSEC validation
|
|
failure. [RT #43247]
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section xml:id="end_of_life"><info><title>End of Life</title></info>
|
|
<para>
|
|
The end of life for BIND 9.12 is yet to be determined but
|
|
will not be before BIND 9.14.0 has been released for 6 months.
|
|
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.isc.org/downloads/software-support-policy/">https://www.isc.org/downloads/software-support-policy/</link>
|
|
</para>
|
|
</section>
|
|
<section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
|
|
|
|
<para>
|
|
Thank you to everyone who assisted us in making this release possible.
|
|
If you would like to contribute to ISC to assist us in continuing to
|
|
make quality open source software, please visit our donations page at
|
|
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/donate/">http://www.isc.org/donate/</link>.
|
|
</para>
|
|
</section>
|
|
</section>
|