[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BIND 9.3.0rc1 is now available.



		BIND 9.3.0rc1 is now available.

BIND 9.3.0rc1 is a release candidate for BIND 9.3.

        BIND 9.3.0 has a number of new features over 9.2,
        including:

        DNSSEC is now DS based.
        See doc/draft/draft-ietf-dnsext-dnssec-*

        DNSSEC lookaside validation (experimental).

        check-names is now implemented.
        rrset-order in more complete.

        IPv4/IPv6 transition support, dual-stack-servers.

        IXFR deltas can now be generated when loading master files,
        ixfr-from-differences.

        It is now possible to specify the size of a journal, max-journal-size.

        It is now possible to define a named set of master servers to be
        used in masters clause, masters.

        The advertised EDNS UDP size can now be set, edns-udp-size.

        allow-v6-synthesis has been obsoleted.

        NOTE:
        * Zones containing MD and MF will now be rejected.
        * dig, nslookup name. now report "Not Implemented" as
          NOTIMP rather than NOTIMPL.  This will have impact on scripts
          that are looking for NOTIMPL.

        libbind: corresponds to that from BIND 8.4.5.

NOTE: If you specified max-journal-size with a BIND 9.3.0 beta (upto beta 3)
you may need to remove the journal.  The journal compaction could leave the
journal corrupted.

NOTE: If you created TSIG keys using a BIND 9.3.0 beta dnsssec-keygen you
will need to change the key type to KEY from DNSKEY in the .key file.

NOTE: If you created keys for SIG(0) using a BIND 9.3.0 beta dnsssec-keygen
you may need to replace them if you didn't use 'dnssec-keygen -k' to create
KEY records rather than DNSKEY records.

BIND 9.3.0rc1 can be downloaded from

        ftp://ftp.isc.org/isc/bind9/9.3.0rc1/bind-9.3.0rc1.tar.gz

The PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind9/9.3.0rc1/bind-9.3.0rc1.tar.gz.asc

The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2004.txt>.

A binary kit for Windows NT 4.0 and Windows 2000 is at

	ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.0rc1/BIND9.3.0rc1.zip

The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is at
        
	ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.0rc1/BIND9.3.0rc1.zip.asc


The top of CHANGES contains:


	--- 9.3.0rc1 released ---

1664.	[bug]		nsupdate needed KEY for SIG(0), not DNSKEY.

1662.	[bug]		Change #1658 failed to change one use of 'type'
			to 'keytype'.

1659.	[cleanup]	Cleanup some messages that were referring to KEY vs
			DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.	[func]		Update dnssec-keygen to default to KEY for HMAC-MD5
			and DH.  Tighten which options apply to KEY and
			DNSKEY records.

1657.	[doc]		ARM: document query log output.

1656.	[doc]		Update DNSSEC description in ARM to cover DS, NSEC
			DNSKEY and RRSIG.  [RT #11542]

1655.	[bug]		Logging multiple versions w/o a size was broken.
			[RT #11446]

1654.	[bug]		isc_result_totext() contained array bounds read
			error.

1653.	[func]		Add key type checking to dst_key_fromfilename(),
			DST_TYPE_KEY should be used to read TSIG, TKEY and
			SIG(0) keys.

1652.	[bug]		TKEY still uses KEY.

1651.	[bug]		dig: process multiple dash options.

1650.	[bug]		dig, nslookup: flush standard out after each command.

1649.	[bug]		Silence "unexpected non-minimal diff" message.
			[RT #11206]

1648.	[func]		Update dnssec-lookaside named.conf syntax to support
			multiple dnssec-lookaside namespaces (not yet
			implemented).  

1647.	[bug]		It was possible trigger a INSIST when chasing a DS
			record that required walking back over a empty node.
			[RT #11445]

1646.	[bug]		win32: logging file versions didn't work with
			non-UNC filenames.  [RT#11486]

1645.	[bug]		named could trigger a REQUIRE failure if multiple
			masters with keys are specified.

1644.	[bug]		Update the journal modification time after a
			sucessfull refresh query. [RT #11436]

1643.	[bug]		dns_db_closeversion() could leak memory / node
			references. [RT #11163]

1642.	[port]		Support OpenSSL implementations which don't have
			DSA support. [RT #11360]

1641.	[bug]		Update the check-names description in ARM. [RT #11389]

	--- 9.3.0beta4 released ---

1640.	[bug]		win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
			incorrectly closing the socket.  [RT #11291]

1639.	[func]		Initial dlv system test.

1638.	[bug]		"ixfr-from-differences" could generate a REQUIRE
			failure if the journal open failed. [RT #11347]
			
1637.	[bug]		Node reference leak on error in addnoqname().

1636.	[bug]		The dump done callback could get ISC_R_SUCCESS even if
			a error had occured.  The database version no longer
			matched the version of the database that was dumped.

1635.	[bug]		Memory leak on error in query_addds().

1634.	[bug]		named didn't supply a useful error message when it
			detected duplicate views.  [RT #11208]

1633.	[bug]		named should return NOTIMP to update requests to a
			slaves without a allow-update-forwarding acl specified.
			[RT #11331]

1632.	[bug]		nsupdate failed to send prerequisite only UPDATE
			messages. [RT #11288]

1631.	[bug]		dns_journal_compact() could sometimes corrupt the
			journal. [RT #11124]

1630.	[contrib]	queryperf: add support for IPv6 transport.

1629.	[func]		dig now supports IPv6 scoped addresses with the
			extended format in the local-server part. [RT #8753]

1628.	[bug]		Typo in Compaq Trucluster support. [RT# 11264]

1627.	[bug]		win32: sockets were not being closed when the
			last external reference was removed. [RT# 11179]

1626.	[bug]		--enable-getifaddrs was broken. [RT#11259]

1625.	[bug]		named failed to load/transfer RFC2535 signed zones
			which contained CNAMES. [RT# 11237]

1606.	[bug]	 	DLV insecurity proof was failing.

1605.	[func]		New dns_db_find() option DNS_DBFIND_COVERINGNSEC.

	--- 9.3.0beta3 released ---

1624.	[bug]		zonemgr_putio() call should be locked. [RT# 11163]

1623.	[bug]		A serial number of zero was being displayed in the
			"sending notifies" log message when also-notify was
			used. [RT #11177]

1622.	[func]		probe the system to see if IPV6_(RECV)PKTINFO is
			available, and suppress wildcard binding if not.

1621.	[bug]		match-destinations did not work for IPv6 TCP queries.
			[RT# 11156]

1620.	[func]		When loading a zone report if it is signed. [RT #11149]

1619.	[bug]		Missing ISC_LIST_UNLINK in end_reserved_dispatches().
			[RT# 11118]

1618.	[bug]		Fencepost errors in dns_name_ishostname() and
			dns_name_ismailbox() could trigger a INSIST().

1617.	[port]		win32: VC++ 6.0 support.

1616.	[compat]	Ensure that named's version is visible in the core
			dump. [RT #11127]

1615.	[port]		Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
			it is defined.

1614.	[port]		win32: silence resource limit messages. [RT# 11101]

1613.	[bug]		Builds would fail on machines w/o a if_nametoindex().
			Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
			[RT #11119]

1612.	[bug]		check-names at the option/view level could trigger
			an INSIST. [RT# 11116]

1611.	[bug]		solaris: IPv6 interface scanning failed to cope with
			no active IPv6 interfaces.

1610.	[bug]		On dual stack machines "dig -b" failed to set the
			address type to be looked up with "@server".
			[RT #11069]

1600.	[bug]		Duplicate zone pre-load checks were not case
			insensitive.

1599.	[bug]		Fix memory leak on error path when checking named.conf.

1598.	[func]		Specify that certain parts of the namespace must
			be secure (dnssec-must-be-secure).

	--- 9.3.0beta2 released ---

1609.	[func]		dig now has support to chase DNSSEC signature chains.
			Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

1608.	[func]		dig and host now accept -4/-6 to select IP transport
			to use when making queries.

1607.	[bug]		dig, host and nslookup were still using random()
			to generate query ids. [RT# 11013]

1604.	[bug]		A xfrout_ctx_create() failure would result in
			xfrout_ctx_destroy() being called with a
			partially initialized structure.
			
1603.	[bug]		nsupdate: set interactive based on isatty().
			[RT# 10929]

1602.	[bug]		Logging to a file failed unless a size was specified.
			[RT# 10925]

1601.	[bug]		Silence spurious warning 'both "recursion no;" and 
			"allow-recursion" active' warning from view "_bind".
			[RT# 10920]

1594.	[bug]		'rndc dumpdb' could prevent named from answering
			queries while the dump was in progress.  [RT #10565]

1593.	[bug]		rndc should return "unknown command" to unknown
			commands. [RT# 10642]

	--- 9.3.0beta1 released ---