upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-04 06:20:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/doc/arm/notes.html
Tinderbox User cf2dbf5efe regen v9_10
2016-07-08 01:13:32 +00:00

259 lines
11 KiB
HTML
Raw Blame History

<!--
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article"><div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2"></a>Release Notes for BIND Version 9.10.4</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes significant changes since the last
production release of BIND on the corresponding major release
branch.
Please see the CHANGES file for a further list of bug fixes and
other changes.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
<a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
getrrsetbyname with a non absolute name could trigger a
infinite recursion bug in lwresd and named with lwres
configured if when combined with a search list entry the
resulting name is too long. This flaw is disclosed in
CVE-2016-XXXX.
</p></li>
<li class="listitem"><p>
Duplicate EDNS COOKIE options in a response could trigger
an assertion failure. This flaw is disclosed in CVE-2016-2088.
[RT #41809]
</p></li>
<li class="listitem"><p>
The resolver could abort with an assertion failure due to
improper DNAME handling when parsing fetch reply
messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
</p></li>
<li class="listitem"><p>
Malformed control messages can trigger assertions in named
and rndc. This flaw is disclosed in CVE-2016-1285. [RT
#41666]
</p></li>
<li class="listitem"><p>
Certain errors that could be encountered when printing out
or logging an OPT record containing a CLIENT-SUBNET option
could be mishandled, resulting in an assertion failure.
This flaw is disclosed in CVE-2015-8705. [RT #41397]
</p></li>
<li class="listitem"><p>
Specific APL data could trigger an INSIST. This flaw
is disclosed in CVE-2015-8704. [RT #41396]
</p></li>
<li class="listitem"><p>
Incorrect reference counting could result in an INSIST
failure if a socket error occurred while performing a
lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
</p></li>
<li class="listitem"><p>
Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
</p></li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
The following resource record types have been implemented:
AVC, CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK.
</p></li>
<li class="listitem"><p>
Added a warning for a common misconfiguration involving forwarded
RFC 1918 and IPv6 ULA (Universal Local Address) zones.
</p></li>
<li class="listitem"><p>
Contributed software from Nominum is included in the source at
contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring
the performance of authoritative DNS servers, resperf for
testing the resolution performance of a caching DNS server,
resperf-report for generating a resperf report in HTML with
gnuplot graphs, and queryparse to extract DNS queries from
pcap capture files. This software is not installed by default
with BIND.
</p></li>
<li class="listitem"><p>
When loading a signed zone, <span class="command"><strong>named</strong></span> will
now check whether an RRSIG's inception time is in the future,
and if so, it will regenerate the RRSIG immediately. This helps
when a system's clock needs to be reset backwards.
</p></li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
to be disabled in 2017. A warning is now logged when
<span class="command"><strong>named</strong></span> is configured to use this service,
either explicitly or via <code class="option">dnssec-lookaside auto;</code>.
[RT #42207]
</p></li>
<li class="listitem"><p>
Updated the compiled-in addresses for H.ROOT-SERVERS.NET
and L.ROOT-SERVERS.NET.
</p></li>
<li class="listitem"><p>
The default preferred glue is now the address type of the
transport the query was received over.
</p></li>
<li class="listitem"><p>
On machines with 2 or more processors (CPU), the default value
for the number of UDP listeners has been changed to the number
of detected processors minus one.
</p></li>
<li class="listitem"><p>
Zone transfers now use smaller message sizes to improve
message compression. This results in reduced network usage.
</p></li>
<li class="listitem"><p>
named -V output now also includes operating system details.
</p></li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
The Microsoft Windows install tool
<span class="command"><strong>BINDInstall.exe</strong></span> which requires a
non-free version of Visual Studio to be built, now uses two
files (lists of flags and files) created by the Configure
perl script with all the needed information which were
previously compiled in the binary. Read
<code class="filename">win32utils/build.txt</code> for more details.
[RT #38915]
</p></li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
Windows builds: some Visual Studio compilers generate code that
crashes when the "%z" printf() format specifier is used. [RT #42380]
</p></li>
<li class="listitem"><p>
Windows installs were failing due to triggering UAC without
the installation binary being signed.
</p></li>
<li class="listitem"><p>
A change in the internal binary representation of the RBT database
node structure enabled a race condition to occur (especially when
BIND was built with certain compilers or optimizer settings),
leading to inconsistent database state which caused random
assertion failures. [RT #42380]
</p></li>
<li class="listitem"><p>
<span class="command"><strong>rndc flushtree</strong></span> now works even if there wasn't
a cached node at the specified name. [RT #41846]
</p></li>
<li class="listitem"><p>
Don't emit records with zero TTL unless the records were
received with a zero TTL. After being returned to waiting
clients, the answer will be discarded from the cache. [RT #41687]
</p></li>
<li class="listitem"><p>
For Windows platforms, the SIT (Source Identity Token) support
was restored. (It was mistakenly partially replaced in a
previous beta with new 9.11 COOKIE support.) [RT #41905]
</p></li>
<li class="listitem"><p>
When deleting records from a zone database, interior nodes
could be left empty but not deleted, damaging search
performance afterward. [RT #40997] [RT #41941]
</p></li>
<li class="listitem"><p>
The server could crash due to a use-after-free if a
zone transfer timed out. [RT #41297]
</p></li>
<li class="listitem"><p>
Authoritative servers that were marked as bogus (e.g. blackholed
in configuration or with invalid addresses) were being queried
anyway. [RT #41321]
</p></li>
<li class="listitem"><p>
Some of the options for GeoIP ACLs, including "areacode",
"metrocode", and "timezone", were incorrectly documented
as "area", "metro" and "tz". Both the long and abbreviated
versions are now accepted.
</p></li>
<li class="listitem"><p>
Zones configured to use <span class="command"><strong>map</strong></span> format
master files can't be used as policy zones because RPZ
summary data isn't compiled when such zones are mapped into
memory. This limitation may be fixed in a future release,
but in the meantime it has been documented, and attempting
to use such zones in <span class="command"><strong>response-policy</strong></span>
statements is now a configuration error. [RT #38321]
</p></li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.10 is yet to be determined but
will not be before BIND 9.12.0 has been released for 6 months.
<a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div></div></body>
</html>
Reference in a new issue View git blame Copy permalink