OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
BIND 9.3.0beta4 is now available

From: Mark Andrews (Mark_Andrewsisc.org)
Date: Thu May 20 2004 - 20:35:04 CDT

                BIND 9.3.0beta4 is now available.

BIND 9.3.0beta4 is a beta release candidate for BIND 9.3.

        BIND 9.3.0 has a number of new features over 9.2,
        including:

        DNSSEC is now DS based.
        See doc/draft/draft-ietf-dnsext-dnssec-*

        DNSSEC lookaside validation (experimental).

        check-names is now implemented.
        rrset-order in more complete.

        IPv4/IPv6 transition support, dual-stack-servers.

        IXFR deltas can now be generated when loading master files,
        ixfr-from-differences.

        It is now possible to specify the size of a journal, max-journal-size.

        It is now possible to define a named set of master servers to be
        used in masters clause, masters.

        The advertised EDNS UDP size can now be set, edns-udp-size.

        allow-v6-synthesis has been obsoleted.

        NOTE:
        * Zones containing MD and MF will now be rejected.
        * dig, nslookup name. now report "Not Implemented" as
          NOTIMP rather than NOTIMPL. This will have impact on scripts
          that are looking for NOTIMPL.

        libbind: corresponds to that from BIND 8.4.5.

NOTE: If you specified max-journal-size with a BIND 9.3.0 beta (upto beta 3)
you may need to remove the journal. The journal compaction could leave the
journal corrupted.

BIND 9.3.0beta4 can be downloaded from

        ftp://ftp.isc.org/isc/bind9/9.3.0beta4/bind-9.3.0beta4.tar.gz

The PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind9/9.3.0beta4/bind-9.3.0beta4.tar.gz.asc

The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2004.txt>.

A binary kit for Windows NT 4.0 and Windows 2000 is at

        ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.0beta4/BIND9.3.0beta4.zip

The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is at
        
        ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.0beta4/BIND9.3.0beta4.zip.asc

The top of CHANGES contains:

        --- 9.3.0beta4 released ---

1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
                        incorrectly closing the socket. [RT #11291]

1639. [func] Initial dlv system test.

1638. [bug] "ixfr-from-differences" could generate a REQUIRE
                        failure if the journal open failed. [RT #11347]
                        
1637. [bug] Node reference leak on error in addnoqname().

1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
                        a error had occured. The database version no longer
                        matched the version of the database that was dumped.

1635. [bug] Memory leak on error in query_addds().

1634. [bug] named didn't supply a useful error message when it
                        detected duplicate views. [RT #11208]

1633. [bug] named should return NOTIMP to update requests to a
                        slaves without a allow-update-forwarding acl specified.
                        [RT #11331]

1632. [bug] nsupdate failed to send prerequisite only UPDATE
                        messages. [RT #11288]

1631. [bug] dns_journal_compact() could sometimes corrupt the
                        journal. [RT #11124]

1630. [contrib] queryperf: add support for IPv6 transport.

1629. [func] dig now supports IPv6 scoped addresses with the
                        extended format in the local-server part. [RT #8753]

1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]

1627. [bug] win32: sockets were not being closed when the
                        last external reference was removed. [RT# 11179]

1626. [bug] --enable-getifaddrs was broken. [RT#11259]

1625. [bug] named failed to load/transfer RFC2535 signed zones
                        which contained CNAMES. [RT# 11237]

1606. [bug] DLV insecurity proof was failing.

1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.

        --- 9.3.0beta3 released ---

1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]

1623. [bug] A serial number of zero was being displayed in the
                        "sending notifies" log message when also-notify was
                        used. [RT #11177]

1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
                        available, and suppress wildcard binding if not.

1621. [bug] match-destinations did not work for IPv6 TCP queries.
                        [RT# 11156]

1620. [func] When loading a zone report if it is signed. [RT #11149]

1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
                        [RT# 11118]

1618. [bug] Fencepost errors in dns_name_ishostname() and
                        dns_name_ismailbox() could trigger a INSIST().

1617. [port] win32: VC++ 6.0 support.

1616. [compat] Ensure that named's version is visible in the core
                        dump. [RT #11127]

1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
                        it is defined.

1614. [port] win32: silence resource limit messages. [RT# 11101]

1613. [bug] Builds would fail on machines w/o a if_nametoindex().
                        Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
                        [RT #11119]

1612. [bug] check-names at the option/view level could trigger
                        an INSIST. [RT# 11116]

1611. [bug] solaris: IPv6 interface scanning failed to cope with
                        no active IPv6 interfaces.

1610. [bug] On dual stack machines "dig -b" failed to set the
                        address type to be looked up with "server".
                        [RT #11069]

1600. [bug] Duplicate zone pre-load checks were not case
                        insensitive.

1599. [bug] Fix memory leak on error path when checking named.conf.

1598. [func] Specify that certain parts of the namespace must
                        be secure (dnssec-must-be-secure).

        --- 9.3.0beta2 released ---

1609. [func] dig now has support to chase DNSSEC signature chains.
                        Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

1608. [func] dig and host now accept -4/-6 to select IP transport
                        to use when making queries.

1607. [bug] dig, host and nslookup were still using random()
                        to generate query ids. [RT# 11013]

1604. [bug] A xfrout_ctx_create() failure would result in
                        xfrout_ctx_destroy() being called with a
                        partially initialized structure.
                        
1603. [bug] nsupdate: set interactive based on isatty().
                        [RT# 10929]

1602. [bug] Logging to a file failed unless a size was specified.
                        [RT# 10925]

1601. [bug] Silence spurious warning 'both "recursion no;" and
                        "allow-recursion" active' warning from view "_bind".
                        [RT# 10920]

1594. [bug] 'rndc dumpdb' could prevent named from answering
                        queries while the dump was in progress. [RT #10565]

1593. [bug] rndc should return "unknown command" to unknown
                        commands. [RT# 10642]

        --- 9.3.0beta1 released ---