upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-18 16:43:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/doc/arm/notes.html
Tinderbox User 1f83aca5e8 prep 9.14.4
2019-07-09 13:51:41 +00:00

231 lines
9.9 KiB
HTML
Raw Blame History

<!--
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article">
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2"></a>Release Notes for BIND Version 9.14.4</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
BIND 9.14 is a stable branch of BIND.
This document summarizes significant changes since the last
production release on that branch.
</p>
<p>
</p>
<p>
Please see the file <code class="filename">CHANGES</code> for a more
detailed list of changes and bug fixes.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_versions"></a>Note on Version Numbering</h3></div></div></div>
<p>
As of BIND 9.13/9.14, BIND has adopted the "odd-unstable/even-stable"
release numbering convention. BIND 9.14 contains new features added
during the BIND 9.13 development process. Henceforth, the 9.14 branch
will be limited to bug fixes and new feature development will proceed
in the unstable 9.15 branch, and so forth.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_platforms"></a>Supported Platforms</h3></div></div></div>
<p>
Since 9.12, BIND has undergone substantial code refactoring and
cleanup, and some very old code has been removed that supported
obsolete operating systems and operating systems for which ISC is
no longer able to perform quality assurance testing. Specifically,
workarounds for UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster
and IRIX have been removed.
</p>
<p>
On UNIX-like systems, BIND now requires support for POSIX.1c
threads (IEEE Std 1003.1c-1995), the Advanced Sockets API for
IPv6 (RFC 3542), and standard atomic operations provided by the
C compiler.
</p>
<p>
More information can be found in the <code class="filename">PLATFORM.md</code>
file that is included in the source distribution of BIND 9. If your
platform compiler and system libraries provide the above features,
BIND 9 should compile and run. If that isn't the case, the BIND
development team will generally accept patches that add support
for systems that are still supported by their respective vendors.
</p>
<p>
As of BIND 9.14, the BIND development team has also made cryptography
(i.e., TSIG and DNSSEC) an integral part of the DNS server. The
OpenSSL cryptography library must be available for the target
platform. A PKCS#11 provider can be used instead for Public Key
cryptography (i.e., DNSSEC signing and validation), but OpenSSL is
still required for general cryptography operations such as hashing
and random number generation.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
<a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
A race condition could trigger an assertion failure when
a large number of incoming packets were being rejected.
This flaw is disclosed in CVE-2019-6471. [GL #942]
</p>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The new GeoIP2 API from MaxMind is now supported when BIND
is compiled using <span class="command"><strong>configure --with-geoip2</strong></span>.
The legacy GeoIP API can be used by compiling with
<span class="command"><strong>configure --with-geoip</strong></span> instead. (Note that
the databases for the legacy API are no longer maintained by
MaxMind.)
</p>
<p>
The default path to the GeoIP2 databases will be set based
on the location of the <span class="command"><strong>libmaxminddb</strong></span> library;
for example, if it is in <code class="filename">/usr/local/lib</code>,
then the default path will be
<code class="filename">/usr/local/share/GeoIP</code>.
This value can be overridden in <code class="filename">named.conf</code>
using the <span class="command"><strong>geoip-directory</strong></span> option.
</p>
<p>
Some <span class="command"><strong>geoip</strong></span> ACL settings that were available with
legacy GeoIP, including searches for <span class="command"><strong>netspeed</strong></span>,
<span class="command"><strong>org</strong></span>, and three-letter ISO country codes, will
no longer work when using GeoIP2. Supported GeoIP2 database
types are <span class="command"><strong>country</strong></span>, <span class="command"><strong>city</strong></span>,
<span class="command"><strong>domain</strong></span>, <span class="command"><strong>isp</strong></span>, and
<span class="command"><strong>as</strong></span>. All of the databases support both IPv4
and IPv6 lookups. [GL #182]
</p>
</li>
<li class="listitem">
<p>
Two new metrics have been added to the
<span class="command"><strong>statistics-channel</strong></span> to report DNSSEC
signing operations. For each key in each zone, the
<span class="command"><strong>dnssec-sign</strong></span> counter indicates the total
number of signatures <span class="command"><strong>named</strong></span> has generated
using that key since server startup, and the
<span class="command"><strong>dnssec-refresh</strong></span> counter indicates how
many of those signatures were refreshed during zone
maintenance, as opposed to having been generated
as a result of a zone update. [GL #513]
</p>
</li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
When <span class="command"><strong>qname-minimization</strong></span> was set to
<span class="command"><strong>relaxed</strong></span>, some improperly configured domains
would fail to resolve, but would have succeeded if minimization
were disabled. <span class="command"><strong>named</strong></span> will now fall back to normal
resolution in such cases, and also uses type A rather than NS for
minimal queries in order to reduce the likelihood of encountering
the problem. [GL #1055]
</p>
</li>
<li class="listitem">
<p>
Glue address records were not being returned in responses
to root priming queries; this has been corrected. [GL #1092]
</p>
</li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License</h3></div></div></div>
<p>
BIND is open source software licensed under the terms of the Mozilla
Public License, version 2.0 (see the <code class="filename">LICENSE</code>
file for the full text).
</p>
<p>
The license requires that if you make changes to BIND and distribute
them outside your organization, those changes must be published under
the same license. It does not require that you publish or disclose
anything other than the changes you have made to our software. This
requirement does not affect anyone who is using BIND, with or without
modifications, without redistributing it, nor anyone redistributing
BIND without changes.
</p>
<p>
Those wishing to discuss license compliance may contact ISC at
<a class="link" href="https://www.isc.org/mission/contact/" target="_top">
https://www.isc.org/mission/contact/</a>.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life date for BIND 9.14 has not yet been determined.
For those needing long term support, the current Extended Support
Version (ESV) is BIND 9.11, which will be supported until at
least December 2021. See
<a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
for details of ISC's software support policy.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div>
</div></body>
</html>
Reference in a new issue View git blame Copy permalink