From: Mark Andrews (Mark_Andrewsisc.org)
Date: Thu Jun 17 2004 - 19:33:59 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                BIND 9.3.0rc1 is now available.

BIND 9.3.0rc1 is a release candidate for BIND 9.3.

        BIND 9.3.0 has a number of new features over 9.2,
        including:

        DNSSEC is now DS based.
        See doc/draft/draft-ietf-dnsext-dnssec-*

        DNSSEC lookaside validation (experimental).

        check-names is now implemented.
        rrset-order in more complete.

        IPv4/IPv6 transition support, dual-stack-servers.

        IXFR deltas can now be generated when loading master files,
        ixfr-from-differences.

        It is now possible to specify the size of a journal, max-journal-size.

        It is now possible to define a named set of master servers to be
        used in masters clause, masters.

        The advertised EDNS UDP size can now be set, edns-udp-size.

        allow-v6-synthesis has been obsoleted.

        NOTE:
        * Zones containing MD and MF will now be rejected.
        * dig, nslookup name. now report "Not Implemented" as
          NOTIMP rather than NOTIMPL. This will have impact on scripts
          that are looking for NOTIMPL.

        libbind: corresponds to that from BIND 8.4.5.

NOTE: If you specified max-journal-size with a BIND 9.3.0 beta (upto beta 3)
you may need to remove the journal. The journal compaction could leave the
journal corrupted.

NOTE: If you created TSIG keys using a BIND 9.3.0 beta dnsssec-keygen you
will need to change the key type to KEY from DNSKEY in the .key file.

NOTE: If you created keys for SIG(0) using a BIND 9.3.0 beta dnsssec-keygen
you may need to replace them if you didn't use 'dnssec-keygen -k' to create
KEY records rather than DNSKEY records.

BIND 9.3.0rc1 can be downloaded from

        ftp://ftp.isc.org/isc/bind9/9.3.0rc1/bind-9.3.0rc1.tar.gz

The PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind9/9.3.0rc1/bind-9.3.0rc1.tar.gz.asc

The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2004.txt>.

A binary kit for Windows NT 4.0 and Windows 2000 is at

        ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.0rc1/BIND9.3.0rc1.zip

The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is at
        
        ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.0rc1/BIND9.3.0rc1.zip.asc

The top of CHANGES contains:

        --- 9.3.0rc1 released ---

1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.

1662. [bug] Change #1658 failed to change one use of 'type'
                        to 'keytype'.

1659. [cleanup] Cleanup some messages that were referring to KEY vs
                        DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
                        and DH. Tighten which options apply to KEY and
                        DNSKEY records.

1657. [doc] ARM: document query log output.

1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
                        DNSKEY and RRSIG. [RT #11542]

1655. [bug] Logging multiple versions w/o a size was broken.
                        [RT #11446]

1654. [bug] isc_result_totext() contained array bounds read
                        error.

1653. [func] Add key type checking to dst_key_fromfilename(),
                        DST_TYPE_KEY should be used to read TSIG, TKEY and
                        SIG(0) keys.

1652. [bug] TKEY still uses KEY.

1651. [bug] dig: process multiple dash options.

1650. [bug] dig, nslookup: flush standard out after each command.

1649. [bug] Silence "unexpected non-minimal diff" message.
                        [RT #11206]

1648. [func] Update dnssec-lookaside named.conf syntax to support
                        multiple dnssec-lookaside namespaces (not yet
                        implemented).

1647. [bug] It was possible trigger a INSIST when chasing a DS
                        record that required walking back over a empty node.
                        [RT #11445]

1646. [bug] win32: logging file versions didn't work with
                        non-UNC filenames. [RT#11486]

1645. [bug] named could trigger a REQUIRE failure if multiple
                        masters with keys are specified.

1644. [bug] Update the journal modification time after a
                        sucessfull refresh query. [RT #11436]

1643. [bug] dns_db_closeversion() could leak memory / node
                        references. [RT #11163]

1642. [port] Support OpenSSL implementations which don't have
                        DSA support. [RT #11360]

1641. [bug] Update the check-names description in ARM. [RT #11389]

        --- 9.3.0beta4 released ---

1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
                        incorrectly closing the socket. [RT #11291]

1639. [func] Initial dlv system test.

1638. [bug] "ixfr-from-differences" could generate a REQUIRE
                        failure if the journal open failed. [RT #11347]
                        
1637. [bug] Node reference leak on error in addnoqname().

1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
                        a error had occured. The database version no longer
                        matched the version of the database that was dumped.

1635. [bug] Memory leak on error in query_addds().

1634. [bug] named didn't supply a useful error message when it
                        detected duplicate views. [RT #11208]

1633. [bug] named should return NOTIMP to update requests to a
                        slaves without a allow-update-forwarding acl specified.
                        [RT #11331]

1632. [bug] nsupdate failed to send prerequisite only UPDATE
                        messages. [RT #11288]

1631. [bug] dns_journal_compact() could sometimes corrupt the
                        journal. [RT #11124]

1630. [contrib] queryperf: add support for IPv6 transport.

1629. [func] dig now supports IPv6 scoped addresses with the
                        extended format in the local-server part. [RT #8753]

1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]

1627. [bug] win32: sockets were not being closed when the
                        last external reference was removed. [RT# 11179]

1626. [bug] --enable-getifaddrs was broken. [RT#11259]

1625. [bug] named failed to load/transfer RFC2535 signed zones
                        which contained CNAMES. [RT# 11237]

1606. [bug] DLV insecurity proof was failing.

1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.

        --- 9.3.0beta3 released ---

1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]

1623. [bug] A serial number of zero was being displayed in the
                        "sending notifies" log message when also-notify was
                        used. [RT #11177]

1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
                        available, and suppress wildcard binding if not.

1621. [bug] match-destinations did not work for IPv6 TCP queries.
                        [RT# 11156]

1620. [func] When loading a zone report if it is signed. [RT #11149]

1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
                        [RT# 11118]

1618. [bug] Fencepost errors in dns_name_ishostname() and
                        dns_name_ismailbox() could trigger a INSIST().

1617. [port] win32: VC++ 6.0 support.

1616. [compat] Ensure that named's version is visible in the core
                        dump. [RT #11127]

1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
                        it is defined.

1614. [port] win32: silence resource limit messages. [RT# 11101]

1613. [bug] Builds would fail on machines w/o a if_nametoindex().
                        Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
                        [RT #11119]

1612. [bug] check-names at the option/view level could trigger
                        an INSIST. [RT# 11116]

1611. [bug] solaris: IPv6 interface scanning failed to cope with
                        no active IPv6 interfaces.

1610. [bug] On dual stack machines "dig -b" failed to set the
                        address type to be looked up with "server".
                        [RT #11069]

1600. [bug] Duplicate zone pre-load checks were not case
                        insensitive.

1599. [bug] Fix memory leak on error path when checking named.conf.

1598. [func] Specify that certain parts of the namespace must
                        be secure (dnssec-must-be-secure).

        --- 9.3.0beta2 released ---

1609. [func] dig now has support to chase DNSSEC signature chains.
                        Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.

1608. [func] dig and host now accept -4/-6 to select IP transport
                        to use when making queries.

1607. [bug] dig, host and nslookup were still using random()
                        to generate query ids. [RT# 11013]

1604. [bug] A xfrout_ctx_create() failure would result in
                        xfrout_ctx_destroy() being called with a
                        partially initialized structure.
                        
1603. [bug] nsupdate: set interactive based on isatty().
                        [RT# 10929]

1602. [bug] Logging to a file failed unless a size was specified.
                        [RT# 10925]

1601. [bug] Silence spurious warning 'both "recursion no;" and
                        "allow-recursion" active' warning from view "_bind".
                        [RT# 10920]

1594. [bug] 'rndc dumpdb' could prevent named from answering
                        queries while the dump was in progress. [RT #10565]

1593. [bug] rndc should return "unknown command" to unknown
                        commands. [RT# 10642]

        --- 9.3.0beta1 released ---

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]