+ --- 9.11.4rc1 released ---
+
4968. [bug] If glue records are signed, attempt to validate them.
[GL #209]
DNSSEC implementation is still considered experimental. For detailed
information about the state of the DNSSEC implementation, see the file
doc/misc/dnssec.
-
Disable the use of inline functions to implement
-DISC_BUFFER_USEINLINE=0 the isc_buffer API: this reduces performance but
may be useful when debugging
-
BIND 9.11.3 is a maintenance release, and addresses the security flaw
disclosed in CVE-2017-3145.
+BIND 9.11.4
+
+BIND 9.11.3 is a maintenance release, and addresses the security flaw
+disclosed in CVE-2018-5738.
+
Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
BIND 9.11.3 is a maintenance release, and addresses the security flaw
disclosed in CVE-2017-3145.
+#### BIND 9.11.4
+
+BIND 9.11.3 is a maintenance release, and addresses the security flaw
+disclosed in CVE-2018-5738.
+
### <a name="build"/> Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
.PP
\-i
.RS 4
-Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
+Do reverse IPv6 lookups using the obsolete RFC 1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC 2874) are not attempted\&.
.RE
.PP
\-k \fIkeyfile\fR
.PP
\-t \fItype\fR
.RS 4
-The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
+The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
\fB\-x\fR
option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
\fItype\fR
to
ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
\fIN\fR\&.
+.sp
+All resource record types can be expressed as "TYPEnn", where "nn" is the number of the type\&. If the resource record type is not supported in BIND 9, the result will be displayed as described in RFC 3597\&.
.RE
.PP
\-u
option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
.RE
.PP
+\fB+[no]idnin\fR
+.RS 4
+Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to process IDN input\&.
+.RE
+.PP
\fB+[no]idnout\fR
.RS 4
Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to convert output\&.
\fBdig\fR
has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
\fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBdig\fR
-runs\&.
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
+\fI+noidnin\fR
+and
+\fI+noidnout\fR\&.
.SH "FILES"
.PP
/etc/resolv\&.conf
\fBhost\fR(1),
\fBnamed\fR(8),
\fBdnssec-keygen\fR(8),
-RFC1035\&.
+RFC 1035\&.
.SH "BUGS"
.PP
There are probably too many query options\&.
<dt><span class="term">-i</span></dt>
<dd>
<p>
- Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+ Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
domain, which is no longer in use. Obsolete bit string
- label queries (RFC2874) are not attempted.
+ label queries (RFC 2874) are not attempted.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd>
<p>
- The resource record type to query. It can be any valid query type
- which is
- supported in BIND 9. The default query type is "A", unless the
- <code class="option">-x</code> option is supplied to indicate a reverse lookup.
- A zone transfer can be requested by specifying a type of AXFR. When
+ The resource record type to query. It can be any valid query
+ type. If it is a resource record type supported in BIND 9, it
+ can be given by the type mnemonic (such as "NS" or "AAAA").
+ The default query type is "A", unless the <code class="option">-x</code>
+ option is supplied to indicate a reverse lookup. A zone
+ transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required, set the
<em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
The incremental zone transfer will contain the changes
record was
<em class="parameter"><code>N</code></em>.
</p>
+ <p>
+ All resource record types can be expressed as "TYPEnn", where
+ "nn" is the number of the type. If the resource record type is
+ not supported in BIND 9, the result will be displayed as
+ described in RFC 3597.
+ </p>
</dd>
<dt><span class="term">-u</span></dt>
<dd>
server that provided the answer.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
+<dd>
+ <p>
+ Process [do not process] IDN domain names on input.
+ This requires IDN SUPPORT to have been enabled at
+ compile time. The default is to process IDN input.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
<dd>
<p>
<span class="command"><strong>dig</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
- If you'd like to turn off the IDN support for some reason, defines
- the <code class="envar">IDN_DISABLE</code> environment variable.
- The IDN support is disabled if the variable is set when
- <span class="command"><strong>dig</strong></span> runs.
+ If you'd like to turn off the IDN support for some reason, use
+ parameters <em class="parameter"><code>+noidnin</code></em> and
+ <em class="parameter"><code>+noidnout</code></em>.
</p>
</div>
<span class="citerefentry">
<span class="refentrytitle">dnssec-keygen</span>(8)
</span>,
- <em class="citetitle">RFC1035</em>.
+ <em class="citetitle">RFC 1035</em>.
</p>
</div>
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015, 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015, 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015, 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009-2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009-2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009-2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009-2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
Internet Systems Consortium
.SH "COPYRIGHT"
.br
-Copyright \(co 2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
/* Define to allow building of objects for dlopen(). */
#undef ISC_DLZ_DLOPEN
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
- */
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Defined if extern char *optarg is not declared. */
/* end confdefs.h. */
#include <stdio.h>
+
+int
main() {
size_t j = 0;
char buf[100];
buf[0] = 0;
sprintf(buf, "%zu", j);
- exit(strcmp(buf, "0") != 0);
+ return ((buf[0] == '0' && buf[1] == '\0') ? 0 : 1);
}
_ACEOF
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
syslog daemon;
// only send priority info and higher
severity info;
+};
channel default_debug {
// write to named.run in the working directory
Not implemented in BIND 9.
</p>
</dd>
+<dt><span class="term"><span class="command"><strong>root-key-sentinel</strong></span></span></dt>
+<dd>
+ <p>
+ Respond to root key sentinel probes as described in
+ draft-ietf-dnsop-kskroll-sentinel-08. The default is
+ <strong class="userinput"><code>yes</code></strong>.
+ </p>
+ </dd>
<dt><span class="term"><span class="command"><strong>maintain-ixfr-base</strong></span></span></dt>
<dd>
<p>
server cookie.
</p>
</dd>
+<dt><span class="term"><span class="command"><strong>answer-cookie</strong></span></span></dt>
+<dd>
+ <p>
+ When set to the default value of <strong class="userinput"><code>yes</code></strong>,
+ COOKIE EDNS options will be sent when applicable in
+ replies to client queries. If set to
+ <strong class="userinput"><code>no</code></strong>, COOKIE EDNS options will not
+ be sent in replies. This can only be set at the global
+ options level, not per-view.
+ </p>
+ <p>
+ <span class="command"><strong>answer-cookie</strong></span> is only available
+ as a temporary measure, for use when
+ <span class="command"><strong>named</strong></span> shares an IP address
+ with other servers that do not yet support DNS
+ COOKIE. A mismatch between servers on the same
+ address is not expected to cause operational
+ problems, but the option to disable COOKIE responses
+ so that all servers have the same behavior is
+ provided out of an abundance of caution. DNS COOKIE
+ is an important security mechanism and should not be
+ disabled unless absolutely necessary. The
+ <span class="command"><strong>answer-cookie</strong></span> option is obsolete
+ as of BIND 9.13.
+ </p>
+ </dd>
<dt><span class="term"><span class="command"><strong>send-cookie</strong></span></span></dt>
<dd>
<p>
to be 128 bits for AES128, 160 bits for SHA1 and
256 bits for SHA256.
</p>
+ <p>
+ If there are multiple secrets specified, the first
+ one listed in <code class="filename">named.conf</code> is
+ used to generate new server cookies. The others
+ will only be used to verify returned cookies.
+ </p>
</dd>
<dt><span class="term"><span class="command"><strong>rfc2308-type1</strong></span></span></dt>
<dd>
<li class="listitem">9.E.F.IP6.ARPA</li>
<li class="listitem">A.E.F.IP6.ARPA</li>
<li class="listitem">B.E.F.IP6.ARPA</li>
+<li class="listitem">EMPTY.AS112.ARPA</li>
+<li class="listitem">HOME.ARPA</li>
</ul></div>
<p>
</p>
<span class="command"><strong>update-policy</strong></span> option, respectively.
</p>
<p>
- The <span class="command"><strong>allow-update</strong></span> clause works the
- same way as in previous versions of <acronym class="acronym">BIND</acronym>.
- It grants given clients the permission to update any
- record of any name in the zone.
+ The <span class="command"><strong>allow-update</strong></span> clause is a simple
+ access control list. Any client that matches
+ the ACL is granted permission to update any record
+ in the zone.
</p>
<p>
The <span class="command"><strong>update-policy</strong></span> clause
allows more fine-grained control over what updates are
- allowed. A set of rules is specified, where each rule
- either grants or denies permissions for one or more
- names to be updated by one or more identities. If
- the dynamic update request message is signed (that is,
- it includes either a TSIG or SIG(0) record), the
- identity of the signer can be determined.
+ allowed. It specifies a set of rules, in which each rule
+ either grants or denies permission for one or more
+ names in the zone to be updated by one or more
+ identities. Identity is determined by the key that
+ signed the update request using either TSIG or SIG(0).
+ In most cases, <span class="command"><strong>update-policy</strong></span> rules
+ only apply to key-based identities. There is no way
+ to specify update permissions based on client source
+ address.
</p>
<p>
- Rules are specified in the <span class="command"><strong>update-policy</strong></span>
- zone option, and are only meaningful for master zones.
- When the <span class="command"><strong>update-policy</strong></span> statement
- is present, it is a configuration error for the
- <span class="command"><strong>allow-update</strong></span> statement to be
- present. The <span class="command"><strong>update-policy</strong></span> statement
- (except when set to <code class="literal">local</code>) only
- examines the signer of a message; the source
- address is not relevant.
+ <span class="command"><strong>update-policy</strong></span> rules are only meaningful
+ for zones of type <span class="command"><strong>master</strong></span>, and are
+ not allowed in any other zone type.
+ It is a configuration error to specify both
+ <span class="command"><strong>allow-update</strong></span> and
+ <span class="command"><strong>update-policy</strong></span> at the same time.
</p>
<p>
A pre-defined <span class="command"><strong>update-policy</strong></span> rule can be
switched on with the command
<span class="command"><strong>update-policy local;</strong></span>.
- Switching on this rule in a zone causes
- <span class="command"><strong>named</strong></span> to generate a TSIG session key and
- place it in a file. That key will then be allowed to update
- the zone, if the update request is sent from localhost.
+ Using this in a zone causes
+ <span class="command"><strong>named</strong></span> to generate a TSIG session key
+ when starting up and store it in a file; this key can then
+ be used by local clients to update the zone while
+ <span class="command"><strong>named</strong></span> is running.
By default, the session key is stored in the file
- <code class="filename">/var/run/named/session.key</code>; the key name
- is "local-ddns" and the key algorithm is HMAC-SHA256.
+ <code class="filename">/var/run/named/session.key</code>, the key name
+ is "local-ddns", and the key algorithm is HMAC-SHA256.
These values are configurable with the
<span class="command"><strong>session-keyfile</strong></span>,
<span class="command"><strong>session-keyname</strong></span> and
- <span class="command"><strong>session-keyalg</strong></span> options, respectively).
- </p>
- <p>
- A client on the local system, if it is run with appropriate
+ <span class="command"><strong>session-keyalg</strong></span> options, respectively.
+ A client running on the local system, if run with appropriate
permissions, may read the session key from the key file and
- use the key to sign update requests. The zone's update
+ use it to sign update requests. The zone's update
policy will be set to allow that key to change any record
within the zone. Assuming the key name is "local-ddns",
- this policy is:
+ this policy is equivalent to:
</p>
<pre class="programlisting">update-policy { grant local-ddns zonesub any; };
</pre>
<p>
- ...with an additional restriction that only clients
+ ...with the additional restriction that only clients
connecting from the local system will be permitted to send
updates.
</p>
<p>
- Note that only one session key is generated; all zones
- configured to use <span class="command"><strong>update-policy local</strong></span>
- will accept the same key.
+ Note that only one session key is generated by
+ <span class="command"><strong>named</strong></span>; all zones configured to use
+ <span class="command"><strong>update-policy local</strong></span> will accept the same key.
</p>
<p>
The command <span class="command"><strong>nsupdate -l</strong></span> implements this
</p>
<pre class="programlisting">
-( <span class="command"><strong>grant</strong></span> | <span class="command"><strong>deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
+( <span class="command"><strong>grant</strong></span> | <span class="command"><strong>deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>ruletype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
</pre>
<p>
- Each rule grants or denies privileges. Once a message has
- successfully matched a rule, the operation is immediately
- granted or denied and no further rules are examined. A rule
- is matched when the signer matches the identity field, the
- name matches the name field in accordance with the nametype
- field, and the type matches the types specified in the type
- field.
+ Each rule grants or denies privileges. Rules are checked
+ in the order in which they are specified in the
+ <span class="command"><strong>update-policy</strong></span> statement. Once a message
+ has successfully matched a rule, the operation is immediately
+ granted or denied, and no further rules are examined. There
+ are 13 types of rules; the rule type is specified by the
+ <span class="command"><strong>ruletype</strong></span> field, and the interpretation
+ of other fields varies depending on the rule type.
</p>
<p>
- No signer is required for <em class="replaceable"><code>tcp-self</code></em>
- or <em class="replaceable"><code>6to4-self</code></em> however the standard
- reverse mapping / prefix conversion must match the identity
- field.
+ In general, a rule is matched when the
+ key that signed an update request matches the
+ <span class="command"><strong>identity</strong></span> field, the name of the record
+ to be updated matches the <span class="command"><strong>name</strong></span> field
+ (in the manner specified by the <span class="command"><strong>ruletype</strong></span>
+ field), and the type of the record to be updated matches the
+ <span class="command"><strong>types</strong></span> field. Details for each rule type
+ are described below.
</p>
<p>
- The identity field specifies a name or a wildcard
- name. Normally, this is the name of the TSIG or
- SIG(0) key used to sign the update request. When a
- TKEY exchange has been used to create a shared secret,
- the identity of the shared secret is the same as the
- identity of the key used to authenticate the TKEY
- exchange. TKEY is also the negotiation method used
- by GSS-TSIG, which establishes an identity that is
- the Kerberos principal of the client, such as
- <strong class="userinput"><code>"user@host.domain"</code></strong>. When the
- <em class="replaceable"><code>identity</code></em> field specifies
- a wildcard name, it is subject to DNS wildcard
- expansion, so the rule will apply to multiple identities.
- The <em class="replaceable"><code>identity</code></em> field must
- contain a fully-qualified domain name.
+ The <span class="command"><strong>identity</strong></span> field must be set to
+ a fully-qualified domain name. In most cases, this
+ represensts the name of the TSIG or SIG(0) key that must be
+ used to sign the update request. If the specified name is a
+ wildcard, it is subject to DNS wildcard expansion, and the
+ rule may apply to multiple identities. When a TKEY exchange
+ has been used to create a shared secret, the identity of
+ the key used to authenticate the TKEY exchange will be
+ used as the identity of the shared secret. Some rule types
+ use indentities matching the client's Kerberos principal
+ (e.g, <strong class="userinput"><code>"host/machine@REALM"</code></strong>) or
+ Windows realm (<strong class="userinput"><code>machine$@REALM</code></strong>).
</p>
<p>
- For nametypes <code class="varname">krb5-self</code>,
- <code class="varname">ms-self</code>, <code class="varname">krb5-subdomain</code>,
- and <code class="varname">ms-subdomain</code> the
- <em class="replaceable"><code>identity</code></em> field specifies
- the Windows or Kerberos realm of the machine belongs to.
+ The <em class="replaceable"><code>name</code></em> field also specifies
+ a fully-qualified domain name. This often
+ represents the name of the record to be updated.
+ Interpretation of this field is dependent on rule type.
</p>
<p>
- The <em class="replaceable"><code>nametype</code></em> field has 13
+ If no <span class="command"><strong>types</strong></span> are explicitly specified,
+ then a rule matches all types except RRSIG, NS, SOA, NSEC
+ and NSEC3. Types may be specified by name, including
+ "ANY" (ANY matches all types except NSEC and NSEC3,
+ which can never be updated). Note that when an attempt
+ is made to delete all records associated with a name,
+ the rules are checked for each existing record type.
+ </p>
+ <p>
+ The <em class="replaceable"><code>ruletype</code></em> field has 13
values:
<code class="varname">name</code>, <code class="varname">subdomain</code>,
<code class="varname">wildcard</code>, <code class="varname">self</code>,
</td>
<td>
<p>
- This rule matches when the name being updated
- matches the contents of the
+ This rule matches when the name of the record
+ being updated matches the contents of the
<em class="replaceable"><code>identity</code></em> field.
The <em class="replaceable"><code>name</code></em> field
- is ignored, but should be the same as the
- <em class="replaceable"><code>identity</code></em> field or
+ is ignored. To avoid confusion, it is recommended
+ that this field be set to the same value as the
+ <em class="replaceable"><code>identity</code></em> field or to
"."
- The <code class="varname">self</code> nametype is
- most useful when allowing using one key per
+ </p>
+ <p>
+ The <code class="varname">self</code> rule type is
+ most useful when allowing one key per
name to update, where the key has the same
- name as the name to be updated. The
- <em class="replaceable"><code>identity</code></em> would
- be specified as <code class="constant">*</code> (an asterisk) in
- this case.
+ name as the record to be updated. In this case,
+ the <em class="replaceable"><code>identity</code></em> field
+ can be specified as <code class="constant">*</code>
+ (an asterisk).
</p>
</td>
</tr>
</td>
<td>
<p>
- Allow updates that have been sent via TCP and
- for which the standard mapping from the initiating
- IP address into the IN-ADDR.ARPA and IP6.ARPA
- namespaces match the name to be updated. The
- name field should be set to "."
+ This rule allows updates that have been sent via
+ TCP and for which the standard mapping from the
+ client's IP address into the
+ <code class="literal">in-addr.arpa</code> and
+ <code class="literal">ip6.arpa</code>
+ namespaces match the name to be updated.
+ The <span class="command"><strong>identity</strong></span> field must match
+ that name. The <span class="command"><strong>name</strong></span> field
+ should be set to ".".
+ Note that, since identity is based on the client's
+ IP address, it is not necessary for update request
+ messages to be signed.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
</td>
<td>
<p>
- Allow the 6to4 prefix to be update by any TCP
- connection from the 6to4 network or from the
- corresponding IPv4 address. This is intended
- to allow NS or DNAME RRsets to be added to the
- reverse tree.
+ This allows the name matching a 6to4 IPv6 prefix,
+ as specified in RFC 3056, to be updated by any
+ TCP connection from either the 6to4 network or
+ from the corresponding IPv4 address. This is
+ intended to allow NS or DNAME RRsets to be added
+ to the <code class="literal">ip6.arpa</code> reverse tree.
+ </p>
+ <p>
+ The <span class="command"><strong>identity</strong></span> field must match
+ the 6to4 prefix in <code class="literal">ip6.arpa</code>.
+ The <span class="command"><strong>name</strong></span> field should
+ be set to ".".
+ Note that, since identity is based on the client's
+ IP address, it is not necessary for update request
+ messages to be signed.
+ </p>
+ <p>
+ In addition, if specified for an
+ <code class="literal">ip6.arpa</code> name outside of the
+ <code class="literal">2.0.0.2.ip6.arpa</code> namespace,
+ the corresponding /48 reverse name can be updated.
+ For example, TCP/IPv6 connections
+ from 2001:DB8:ED0C::/48 can update records at
+ <code class="literal">C.0.D.E.8.B.D.0.1.0.0.2.ip6.arpa</code>.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
</tbody>
</table>
</div>
-
- <p>
- In all cases, the <em class="replaceable"><code>name</code></em>
- field must specify a fully-qualified domain name.
- </p>
-
- <p>
- If no types are explicitly specified, this rule matches
- all types except RRSIG, NS, SOA, NSEC and NSEC3. Types
- may be specified by name, including "ANY" (ANY matches
- all types except NSEC and NSEC3, which can never be
- updated). Note that when an attempt is made to delete
- all records associated with a name, the rules are
- checked for each existing record type.
- </p>
</div>
<div class="section">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#proto_changes">Protocol Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.3</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.4rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes changes since the last production
- release on the BIND 9.11 branch.
+ release on the BIND 9.11 (Extended Support Version) branch.
Please see the <code class="filename">CHANGES</code> file for a further
list of bug fixes and other changes.
</p>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
- <p>
- ICANN is in the process of introducing a new Key Signing Key (KSK) for
- the global root zone. BIND has multiple methods for managing DNSSEC
- trust anchors, with somewhat different behaviors. If the root
- key is configured using the <span class="command"><strong>managed-keys</strong></span>
- statement, or if the pre-configured root key is enabled by using
- <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep keys up
- to date automatically. Servers configured in this way should have
- begun the process of rolling to the new key when it was published in
- the root zone in July 2017. However, keys configured using the
- <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
- maintained. If your server is performing DNSSEC validation and is
- configured using <span class="command"><strong>trusted-keys</strong></span>, you are advised to
- change your configuration before the root zone begins signing with
- the new KSK. This is currently scheduled for October 11, 2017.
- </p>
- <p>
- This release includes an updated version of the
- <code class="filename">bind.keys</code> file containing the new root
- key. This file can also be downloaded from
- <a class="link" href="https://www.isc.org/bind-keys" target="_top">
- https://www.isc.org/bind-keys
- </a>.
- </p>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License Change</h3></div></div></div>
<p>
With the release of BIND 9.11.0, ISC changed to the open
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- An error in TSIG handling could permit unauthorized zone
- transfers or zone updates. These flaws are disclosed in
- CVE-2017-3142 and CVE-2017-3143. [RT #45383]
- </p>
- </li>
-<li class="listitem">
- <p>
- The BIND installer on Windows used an unquoted service path,
- which can enable privilege escalation. This flaw is disclosed
- in CVE-2017-3141. [RT #45229]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- With certain RPZ configurations, a response with TTL 0
- could cause <span class="command"><strong>named</strong></span> to go into an infinite
- query loop. This flaw is disclosed in CVE-2017-3140.
- [RT #45181]
+ When recursion is enabled but the <span class="command"><strong>allow-recursion</strong></span>
+ and <span class="command"><strong>allow-query-cache</strong></span> ACLs are not specified, they
+ should be limited to local networks, but they were inadvertently set
+ to match the default <span class="command"><strong>allow-query</strong></span>, thus allowing
+ remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]
</p>
- </li>
-<li class="listitem">
- <p>
- Addresses could be referenced after being freed during resolver
- processing, causing an assertion failure. The chances of this
- happening were remote, but the introduction of a delay in
- resolution increased them. This bug is disclosed in
- CVE-2017-3145. [RT #46839]
- </p>
- </li>
-<li class="listitem">
- <p>
- update-policy rules that otherwise ignore the name field now
- require that it be set to "." to ensure that any type list
- present is properly interpreted. If the name field was omitted
- from the rule declaration and a type list was present it wouldn't
- be interpreted as expected.
- </p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- The ISC DNSSEC Lookaside Validation (DLV) service has
- been shut down; all DLV records in the dlv.isc.org zone
- have been removed. References to the service have been
- removed from BIND documentation. Lookaside validation
- is no longer used by default by <span class="command"><strong>delv</strong></span>.
- The DLV key has been removed from <code class="filename">bind.keys</code>.
- Setting <span class="command"><strong>dnssec-lookaside</strong></span> to
- <span class="command"><strong>auto</strong></span> or to use dlv.isc.org as a trust
- anchor results in a warning being issued.
+ <span class="command"><strong>named</strong></span> now supports the "root key sentinel"
+ mechanism. This enables validating resolvers to indicate
+ which trust anchors are configured for the root, so that
+ information about root key rollover status can be gathered.
+ To disable this feature, add
+ <span class="command"><strong>root-key-sentinel no;</strong></span> to
+ <code class="filename">named.conf</code>.
</p>
</li>
<li class="listitem">
<p>
- <span class="command"><strong>named</strong></span> will now log a warning if the old
- root DNSSEC key is explicitly configured and has not been updated.
- [RT #43670]
+ Added the ability not to return a DNS COOKIE option when one
+ is present in the request. To prevent a cookie being returned,
+ add <span class="command"><strong>answer-cookie no;</strong></span> to
+ <code class="filename">named.conf</code>. [GL #173]
+ </p>
+ <p>
+ <span class="command"><strong>answer-cookie</strong></span> is only available as a
+ temporary measure, for use when <span class="command"><strong>named</strong></span>
+ shares an IP address with other servers that do not yet
+ support DNS COOKIE. A mismatch between servers on the
+ same address is not expected to cause operational problems,
+ but the option to disable COOKIE responses so that all
+ servers have the same behavior is provided out of an
+ abundance of caution. DNS COOKIE is an important security
+ mechanism and should not be disabled unless absolutely
+ necessary. The <span class="command"><strong>answer-cookie</strong></span> option
+ is obsolete as of BIND 9.13.
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="proto_changes"></a>Protocol Changes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- BIND can now use the Ed25519 and Ed448 Edwards Curve DNSSEC
- signing algorithms described in RFC 8080. Note, however, that
- these algorithms must be supported in OpenSSL;
- currently they are only available in the development branch
- of OpenSSL at
- <a class="link" href="https://github.com/openssl/openssl" target="_top">
- https://github.com/openssl/openssl</a>.
- [RT #44696]
- </p>
- </li>
-<li class="listitem">
+<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- When parsing DNS messages, EDNS KEY TAG options are checked
- for correctness. When printing messages (for example, in
- <span class="command"><strong>dig</strong></span>), EDNS KEY TAG options are printed
- in readable format.
+ <span class="command"><strong>named</strong></span> will now log a warning if the old
+ BIND now can be compiled against libidn2 library to add
+ IDNA2008 support. Previously BIND only supported IDNA2003
+ using (now obsolete) idnkit-1 library.
</p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- <span class="command"><strong>named</strong></span> will no longer start or accept
- reconfiguration if <span class="command"><strong>managed-keys</strong></span> or
- <span class="command"><strong>dnssec-validation auto</strong></span> are in use and
- the managed-keys directory (specified by
- <span class="command"><strong>managed-keys-directory</strong></span>, and defaulting
- to the working directory if not specified),
- is not writable by the effective user ID. [RT #46077]
- </p>
- </li>
-<li class="listitem">
- <p>
- Previously, <span class="command"><strong>update-policy local;</strong></span> accepted
- updates from any source so long as they were signed by the
- locally-generated session key. This has been further restricted;
- updates are now only accepted from locally configured addresses.
- [RT #45492]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>dig +ednsopt</strong></span> now accepts the names
- for EDNS options in addition to numeric values. For example,
- an EDNS Client-Subnet option could be sent using
- <span class="command"><strong>dig +ednsopt=ecs:...</strong></span>. Thanks to
- John Worley of Secure64 for the contribution. [RT #44461]
- </p>
- </li>
-<li class="listitem">
- <p>
- Threads in <span class="command"><strong>named</strong></span> are now set to human-readable
- names to assist debugging on operating systems that support that.
- Threads will have names such as "isc-timer", "isc-sockmgr",
- "isc-worker0001", and so on. This will affect the reporting of
- subsidiary thread names in <span class="command"><strong>ps</strong></span> and
- <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]
+ <span class="command"><strong>dig +noidnin</strong></span> can be used to disable IDN
+ processing on the input domain name, when BIND is compiled
+ with IDN support.
</p>
</li>
<li class="listitem">
<p>
- DiG now warns about .local queries which are reserved for
- Multicast DNS. [RT #44783]
+ Multiple <span class="command"><strong>cookie-secret</strong></span> clause are now
+ supported. The first <span class="command"><strong>cookie-secret</strong></span> in
+ <code class="filename">named.conf</code> is used to generate new
+ server cookies. Any others are used to accept old server
+ cookies or those generated by other servers using the
+ matching <span class="command"><strong>cookie-secret</strong></span>.
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- Attempting to validate improperly unsigned CNAME responses
- from secure zones could cause a validator loop. This caused
- a delay in returning SERVFAIL and also increased the chances
- of encountering the crash bug described in CVE-2017-3145.
- [RT #46839]
- </p>
- </li>
-<li class="listitem">
- <p>
- When <span class="command"><strong>named</strong></span> was reconfigured, failure of some
- zones to load correctly could leave the system in an inconsistent
- state; while generally harmless, this could lead to a crash later
- when using <span class="command"><strong>rndc addzone</strong></span>. Reconfiguration changes
- are now fully rolled back in the event of failure. [RT #45841]
- </p>
- </li>
-<li class="listitem">
- <p>
- Fixed a bug that was introduced in an earlier development
- release which caused multi-packet AXFR and IXFR messages to fail
- validation if not all packets contained TSIG records; this
- caused interoperability problems with some other DNS
- implementations. [RT #45509]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- Reloading or reconfiguring <span class="command"><strong>named</strong></span> could
- fail on some platforms when LMDB was in use. [RT #45203]
+ <span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
+ to leak memory if it was invoked before the zone loading actions
+ from a previous <span class="command"><strong>rndc reload</strong></span> command were
+ completed. [RT #47076]
</p>
- </li>
-<li class="listitem">
- <p>
- Due to some incorrectly deleted code, when BIND was
- built with LMDB, zones that were deleted via
- <span class="command"><strong>rndc delzone</strong></span> were removed from the
- running server but were not removed from the new zone
- database, so that deletion did not persist after a
- server restart. This has been corrected. [RT #45185]
- </p>
- </li>
-<li class="listitem">
- <p>
- Semicolons are no longer escaped when printing CAA and
- URI records. This may break applications that depend on the
- presence of the backslash before the semicolon. [RT #45216]
- </p>
- </li>
-<li class="listitem">
- <p>
- AD could be set on truncated answer with no records present
- in the answer and authority sections. [RT #45140]
- </p>
- </li>
-<li class="listitem">
- <p>
- Some header files included <isc/util.h> incorrectly as
- it pollutes with namespace with non ISC_ macros and this should
- only be done by explicitly including <isc/util.h>. This
- has been corrected. Some code may depend on <isc/util.h>
- being implicitly included via other header files. Such
- code should explicitly include <isc/util.h>.
- </p>
- </li>
-<li class="listitem">
- <p>
- Zones created with <span class="command"><strong>rndc addzone</strong></span> could
- temporarily fail to inherit the <span class="command"><strong>allow-transfer</strong></span>
- ACL set in the <span class="command"><strong>options</strong></span> section of
- <code class="filename">named.conf</code>. [RT #46603]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> failed to properly determine whether
- there were active KSK and ZSK keys for an algorithm when
- <span class="command"><strong>update-check-ksk</strong></span> was true (which is the
- default setting). This could leave records unsigned
- when rolling keys. [RT #46743] [RT #46754] [RT #46774]
- </p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
- The end of life for BIND 9.11 is yet to be determined but
- will not be before BIND 9.13.0 has been released for 6 months.
- <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
+ BIND 9.11 (Extended Support Version) will be supported until at
+ least December, 2021.
+ See <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a> for details of ISC's software support policy.
</p>
</div>
<div class="section">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.11.3</p></div>
+<div><p class="releaseinfo">BIND Version 9.11.4rc1</p></div>
<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#proto_changes">Protocol Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
<dt><span class="term">-i</span></dt>
<dd>
<p>
- Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+ Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
domain, which is no longer in use. Obsolete bit string
- label queries (RFC2874) are not attempted.
+ label queries (RFC 2874) are not attempted.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd>
<p>
- The resource record type to query. It can be any valid query type
- which is
- supported in BIND 9. The default query type is "A", unless the
- <code class="option">-x</code> option is supplied to indicate a reverse lookup.
- A zone transfer can be requested by specifying a type of AXFR. When
+ The resource record type to query. It can be any valid query
+ type. If it is a resource record type supported in BIND 9, it
+ can be given by the type mnemonic (such as "NS" or "AAAA").
+ The default query type is "A", unless the <code class="option">-x</code>
+ option is supplied to indicate a reverse lookup. A zone
+ transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required, set the
<em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
The incremental zone transfer will contain the changes
record was
<em class="parameter"><code>N</code></em>.
</p>
+ <p>
+ All resource record types can be expressed as "TYPEnn", where
+ "nn" is the number of the type. If the resource record type is
+ not supported in BIND 9, the result will be displayed as
+ described in RFC 3597.
+ </p>
</dd>
<dt><span class="term">-u</span></dt>
<dd>
server that provided the answer.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
+<dd>
+ <p>
+ Process [do not process] IDN domain names on input.
+ This requires IDN SUPPORT to have been enabled at
+ compile time. The default is to process IDN input.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
<dd>
<p>
<span class="command"><strong>dig</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
- If you'd like to turn off the IDN support for some reason, defines
- the <code class="envar">IDN_DISABLE</code> environment variable.
- The IDN support is disabled if the variable is set when
- <span class="command"><strong>dig</strong></span> runs.
+ If you'd like to turn off the IDN support for some reason, use
+ parameters <em class="parameter"><code>+noidnin</code></em> and
+ <em class="parameter"><code>+noidnout</code></em>.
</p>
</div>
<span class="citerefentry">
<span class="refentrytitle">dnssec-keygen</span>(8)
</span>,
- <em class="citetitle">RFC1035</em>.
+ <em class="citetitle">RFC 1035</em>.
</p>
</div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
</body>
</html>
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.11.3</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.11.4rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes changes since the last production
- release on the BIND 9.11 branch.
+ release on the BIND 9.11 (Extended Support Version) branch.
Please see the <code class="filename">CHANGES</code> file for a further
list of bug fixes and other changes.
</p>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
- <p>
- ICANN is in the process of introducing a new Key Signing Key (KSK) for
- the global root zone. BIND has multiple methods for managing DNSSEC
- trust anchors, with somewhat different behaviors. If the root
- key is configured using the <span class="command"><strong>managed-keys</strong></span>
- statement, or if the pre-configured root key is enabled by using
- <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep keys up
- to date automatically. Servers configured in this way should have
- begun the process of rolling to the new key when it was published in
- the root zone in July 2017. However, keys configured using the
- <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
- maintained. If your server is performing DNSSEC validation and is
- configured using <span class="command"><strong>trusted-keys</strong></span>, you are advised to
- change your configuration before the root zone begins signing with
- the new KSK. This is currently scheduled for October 11, 2017.
- </p>
- <p>
- This release includes an updated version of the
- <code class="filename">bind.keys</code> file containing the new root
- key. This file can also be downloaded from
- <a class="link" href="https://www.isc.org/bind-keys" target="_top">
- https://www.isc.org/bind-keys
- </a>.
- </p>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License Change</h3></div></div></div>
<p>
With the release of BIND 9.11.0, ISC changed to the open
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- An error in TSIG handling could permit unauthorized zone
- transfers or zone updates. These flaws are disclosed in
- CVE-2017-3142 and CVE-2017-3143. [RT #45383]
- </p>
- </li>
-<li class="listitem">
- <p>
- The BIND installer on Windows used an unquoted service path,
- which can enable privilege escalation. This flaw is disclosed
- in CVE-2017-3141. [RT #45229]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- With certain RPZ configurations, a response with TTL 0
- could cause <span class="command"><strong>named</strong></span> to go into an infinite
- query loop. This flaw is disclosed in CVE-2017-3140.
- [RT #45181]
+ When recursion is enabled but the <span class="command"><strong>allow-recursion</strong></span>
+ and <span class="command"><strong>allow-query-cache</strong></span> ACLs are not specified, they
+ should be limited to local networks, but they were inadvertently set
+ to match the default <span class="command"><strong>allow-query</strong></span>, thus allowing
+ remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]
</p>
- </li>
-<li class="listitem">
- <p>
- Addresses could be referenced after being freed during resolver
- processing, causing an assertion failure. The chances of this
- happening were remote, but the introduction of a delay in
- resolution increased them. This bug is disclosed in
- CVE-2017-3145. [RT #46839]
- </p>
- </li>
-<li class="listitem">
- <p>
- update-policy rules that otherwise ignore the name field now
- require that it be set to "." to ensure that any type list
- present is properly interpreted. If the name field was omitted
- from the rule declaration and a type list was present it wouldn't
- be interpreted as expected.
- </p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- The ISC DNSSEC Lookaside Validation (DLV) service has
- been shut down; all DLV records in the dlv.isc.org zone
- have been removed. References to the service have been
- removed from BIND documentation. Lookaside validation
- is no longer used by default by <span class="command"><strong>delv</strong></span>.
- The DLV key has been removed from <code class="filename">bind.keys</code>.
- Setting <span class="command"><strong>dnssec-lookaside</strong></span> to
- <span class="command"><strong>auto</strong></span> or to use dlv.isc.org as a trust
- anchor results in a warning being issued.
+ <span class="command"><strong>named</strong></span> now supports the "root key sentinel"
+ mechanism. This enables validating resolvers to indicate
+ which trust anchors are configured for the root, so that
+ information about root key rollover status can be gathered.
+ To disable this feature, add
+ <span class="command"><strong>root-key-sentinel no;</strong></span> to
+ <code class="filename">named.conf</code>.
</p>
</li>
<li class="listitem">
<p>
- <span class="command"><strong>named</strong></span> will now log a warning if the old
- root DNSSEC key is explicitly configured and has not been updated.
- [RT #43670]
+ Added the ability not to return a DNS COOKIE option when one
+ is present in the request. To prevent a cookie being returned,
+ add <span class="command"><strong>answer-cookie no;</strong></span> to
+ <code class="filename">named.conf</code>. [GL #173]
+ </p>
+ <p>
+ <span class="command"><strong>answer-cookie</strong></span> is only available as a
+ temporary measure, for use when <span class="command"><strong>named</strong></span>
+ shares an IP address with other servers that do not yet
+ support DNS COOKIE. A mismatch between servers on the
+ same address is not expected to cause operational problems,
+ but the option to disable COOKIE responses so that all
+ servers have the same behavior is provided out of an
+ abundance of caution. DNS COOKIE is an important security
+ mechanism and should not be disabled unless absolutely
+ necessary. The <span class="command"><strong>answer-cookie</strong></span> option
+ is obsolete as of BIND 9.13.
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="proto_changes"></a>Protocol Changes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- BIND can now use the Ed25519 and Ed448 Edwards Curve DNSSEC
- signing algorithms described in RFC 8080. Note, however, that
- these algorithms must be supported in OpenSSL;
- currently they are only available in the development branch
- of OpenSSL at
- <a class="link" href="https://github.com/openssl/openssl" target="_top">
- https://github.com/openssl/openssl</a>.
- [RT #44696]
- </p>
- </li>
-<li class="listitem">
+<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- When parsing DNS messages, EDNS KEY TAG options are checked
- for correctness. When printing messages (for example, in
- <span class="command"><strong>dig</strong></span>), EDNS KEY TAG options are printed
- in readable format.
+ <span class="command"><strong>named</strong></span> will now log a warning if the old
+ BIND now can be compiled against libidn2 library to add
+ IDNA2008 support. Previously BIND only supported IDNA2003
+ using (now obsolete) idnkit-1 library.
</p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- <span class="command"><strong>named</strong></span> will no longer start or accept
- reconfiguration if <span class="command"><strong>managed-keys</strong></span> or
- <span class="command"><strong>dnssec-validation auto</strong></span> are in use and
- the managed-keys directory (specified by
- <span class="command"><strong>managed-keys-directory</strong></span>, and defaulting
- to the working directory if not specified),
- is not writable by the effective user ID. [RT #46077]
- </p>
- </li>
-<li class="listitem">
- <p>
- Previously, <span class="command"><strong>update-policy local;</strong></span> accepted
- updates from any source so long as they were signed by the
- locally-generated session key. This has been further restricted;
- updates are now only accepted from locally configured addresses.
- [RT #45492]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>dig +ednsopt</strong></span> now accepts the names
- for EDNS options in addition to numeric values. For example,
- an EDNS Client-Subnet option could be sent using
- <span class="command"><strong>dig +ednsopt=ecs:...</strong></span>. Thanks to
- John Worley of Secure64 for the contribution. [RT #44461]
- </p>
- </li>
-<li class="listitem">
- <p>
- Threads in <span class="command"><strong>named</strong></span> are now set to human-readable
- names to assist debugging on operating systems that support that.
- Threads will have names such as "isc-timer", "isc-sockmgr",
- "isc-worker0001", and so on. This will affect the reporting of
- subsidiary thread names in <span class="command"><strong>ps</strong></span> and
- <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]
+ <span class="command"><strong>dig +noidnin</strong></span> can be used to disable IDN
+ processing on the input domain name, when BIND is compiled
+ with IDN support.
</p>
</li>
<li class="listitem">
<p>
- DiG now warns about .local queries which are reserved for
- Multicast DNS. [RT #44783]
+ Multiple <span class="command"><strong>cookie-secret</strong></span> clause are now
+ supported. The first <span class="command"><strong>cookie-secret</strong></span> in
+ <code class="filename">named.conf</code> is used to generate new
+ server cookies. Any others are used to accept old server
+ cookies or those generated by other servers using the
+ matching <span class="command"><strong>cookie-secret</strong></span>.
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- Attempting to validate improperly unsigned CNAME responses
- from secure zones could cause a validator loop. This caused
- a delay in returning SERVFAIL and also increased the chances
- of encountering the crash bug described in CVE-2017-3145.
- [RT #46839]
- </p>
- </li>
-<li class="listitem">
- <p>
- When <span class="command"><strong>named</strong></span> was reconfigured, failure of some
- zones to load correctly could leave the system in an inconsistent
- state; while generally harmless, this could lead to a crash later
- when using <span class="command"><strong>rndc addzone</strong></span>. Reconfiguration changes
- are now fully rolled back in the event of failure. [RT #45841]
- </p>
- </li>
-<li class="listitem">
- <p>
- Fixed a bug that was introduced in an earlier development
- release which caused multi-packet AXFR and IXFR messages to fail
- validation if not all packets contained TSIG records; this
- caused interoperability problems with some other DNS
- implementations. [RT #45509]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- Reloading or reconfiguring <span class="command"><strong>named</strong></span> could
- fail on some platforms when LMDB was in use. [RT #45203]
+ <span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
+ to leak memory if it was invoked before the zone loading actions
+ from a previous <span class="command"><strong>rndc reload</strong></span> command were
+ completed. [RT #47076]
</p>
- </li>
-<li class="listitem">
- <p>
- Due to some incorrectly deleted code, when BIND was
- built with LMDB, zones that were deleted via
- <span class="command"><strong>rndc delzone</strong></span> were removed from the
- running server but were not removed from the new zone
- database, so that deletion did not persist after a
- server restart. This has been corrected. [RT #45185]
- </p>
- </li>
-<li class="listitem">
- <p>
- Semicolons are no longer escaped when printing CAA and
- URI records. This may break applications that depend on the
- presence of the backslash before the semicolon. [RT #45216]
- </p>
- </li>
-<li class="listitem">
- <p>
- AD could be set on truncated answer with no records present
- in the answer and authority sections. [RT #45140]
- </p>
- </li>
-<li class="listitem">
- <p>
- Some header files included <isc/util.h> incorrectly as
- it pollutes with namespace with non ISC_ macros and this should
- only be done by explicitly including <isc/util.h>. This
- has been corrected. Some code may depend on <isc/util.h>
- being implicitly included via other header files. Such
- code should explicitly include <isc/util.h>.
- </p>
- </li>
-<li class="listitem">
- <p>
- Zones created with <span class="command"><strong>rndc addzone</strong></span> could
- temporarily fail to inherit the <span class="command"><strong>allow-transfer</strong></span>
- ACL set in the <span class="command"><strong>options</strong></span> section of
- <code class="filename">named.conf</code>. [RT #46603]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> failed to properly determine whether
- there were active KSK and ZSK keys for an algorithm when
- <span class="command"><strong>update-check-ksk</strong></span> was true (which is the
- default setting). This could leave records unsigned
- when rolling keys. [RT #46743] [RT #46754] [RT #46774]
- </p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
- The end of life for BIND 9.11 is yet to be determined but
- will not be before BIND 9.13.0 has been released for 6 months.
- <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
+ BIND 9.11 (Extended Support Version) will be supported until at
+ least December, 2021.
+ See <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a> for details of ISC's software support policy.
</p>
</div>
<div class="section">
-Release Notes for BIND Version 9.13.0
+Release Notes for BIND Version 9.11.4rc1
Introduction
-BIND 9.13 is an unstable development release of BIND. This document
-summarizes new features and functional changes that have been introduced
-on this branch. With each development release leading up to the stable
-BIND 9.14 release, this document will be updated with additional features
-added and bugs fixed.
-
-Note on Version Numbering
-
-Prior to BIND 9.13, new feature development releases were tagged as
-"alpha" and "beta", leading up to the first stable release for a given
-development branch, which always ended in ".0".
-
-Now, however, BIND has adopted the "odd-unstable/even-stable" release
-numbering convention. There will be no "alpha" or "beta" releases in the
-9.13 branch, only increasing version numbers. So, for example, what would
-previously have been called 9.13.0a1, 9.13.0a2, 9.13.0b1, and so on, will
-instead be called 9.13.0, 9.13.1, 9.13.2, etc.
-
-The first stable release from this development branch will be renamed as
-9.14.0. Thereafter, maintenance releases will continue on the 9.14 branch,
-while unstable feature development proceeds in 9.15.
+This document summarizes changes since the last production release on the
+BIND 9.11 (Extended Support Version) branch. Please see the CHANGES file
+for a further list of bug fixes and other changes.
Download
each release, source code, and pre-compiled versions for Microsoft Windows
operating systems.
-Security Fixes
+License Change
- * None.
+With the release of BIND 9.11.0, ISC changed to the open source license
+for BIND from the ISC license to the Mozilla Public License (MPL 2.0).
-New Features
+The MPL-2.0 license requires that if you make changes to licensed software
+(e.g. BIND) and distribute them outside your organization, that you
+publish those changes under that same license. It does not require that
+you publish or disclose anything other than the changes you made to our
+software.
- * BIND now can be compiled against the libidn2 library to add IDNA2008
- support. Previously, BIND supported IDNA2003 using the (now obsolete
- and unsupported) idnkit-1 library.
+This requirement will not affect anyone who is using BIND, with or without
+modifications, without redistributing it, nor anyone redistributing it
+without changes. Therefore, this change will be without consequence for
+most individuals and organizations who are using BIND.
- * named now supports the "root key sentinel" mechanism. This enables
- validating resolvers to indicate to which trust anchors are configured
- for the root, so that information about root key rollover status can
- be gathered. To disable this feature, add root-key-sentinel no; to
- named.conf.
+Those unsure whether or not the license change affects their use of BIND,
+or who wish to discuss how to comply with the license may contact ISC at
+https://www.isc.org/mission/contact/.
- * The dnskey-sig-validity option allows the sig-validity-interval to be
- overriden for signatures covering DNSKEY RRsets. [GL #145]
+Legacy Windows No Longer Supported
-Removed Features
+As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
+platforms for BIND; "XP" binaries are no longer available for download
+from ISC.
- * dnssec-keygen can no longer generate HMAC keys for TSIG
- authentication. Use tsig-keygen to generate these keys. [RT #46404]
+Security Fixes
- * Support for OpenSSL 0.9.x has been removed. OpenSSL version 1.0.0 or
- greater, or LibreSSL is now required.
+ * When recursion is enabled but the allow-recursion and
+ allow-query-cache ACLs are not specified, they should be limited to
+ local networks, but they were inadvertently set to match the default
+ allow-query, thus allowing remote queries. This flaw is disclosed in
+ CVE-2018-5738. [GL #309]
- * The configure --enable-seccomp option, which formerly turned on
- system-call filtering on Linux, has been removed. [GL #93]
+New Features
- * IPv4 addresses in forms other than dotted-quad are no longer accepted
- in master files. [GL #13] [GL #56]
+ * named now supports the "root key sentinel" mechanism. This enables
+ validating resolvers to indicate which trust anchors are configured
+ for the root, so that information about root key rollover status can
+ be gathered. To disable this feature, add root-key-sentinel no; to
+ named.conf.
- * IDNA2003 support via (bundled) idnkit-1.0 has been removed.
+ * Added the ability not to return a DNS COOKIE option when one is
+ present in the request. To prevent a cookie being returned, add
+ answer-cookie no; to named.conf. [GL #173]
- * The "rbtdb64" database implementation (a parallel implementation of
- "rbt") has been removed. [GL #217]
+ answer-cookie is only available as a temporary measure, for use when
+ named shares an IP address with other servers that do not yet support
+ DNS COOKIE. A mismatch between servers on the same address is not
+ expected to cause operational problems, but the option to disable
+ COOKIE responses so that all servers have the same behavior is
+ provided out of an abundance of caution. DNS COOKIE is an important
+ security mechanism and should not be disabled unless absolutely
+ necessary. The answer-cookie option is obsolete as of BIND 9.13.
- * The -r randomdev option to explicitly select random device has been
- removed from the ddns-confgen, rndc-confgen, nsupdate, dnssec-confgen,
- and dnssec-signzone commands.
+Removed Features
- The -p option to use pseudo-random data has been removed from the
- dnssec-signzone command.
+ * named will now log a warning if the old BIND now can be compiled
+ against libidn2 library to add IDNA2008 support. Previously BIND only
+ supported IDNA2003 using (now obsolete) idnkit-1 library.
Feature Changes
- * BIND will now always use the best CSPRNG (cryptographically-secure
- pseudo-random number generator) available on the platform where it is
- compiled. It will use arc4random() family of functions on BSD
- operating systems, getrandom() on Linux and Solaris, CryptGenRandom on
- Windows, and the selected cryptography provider library (OpenSSL or
- PKCS#11) as the last resort. [GL #221]
-
- * BIND can no longer be built without DNSSEC support. A cryptography
- provder (i.e., OpenSSL or a hardware service module with PKCS#11
- support) must be available. [GL #244]
-
- * Zone types primary and secondary are now available as synonyms for
- master and slave, respectively, in named.conf.
-
- * named will now log a warning if the old root DNSSEC key is explicitly
- configured and has not been updated. [RT #43670]
-
- * dig +nssearch will now list name servers that have timed out, in
- addition to those that respond. [GL #64]
-
* dig +noidnin can be used to disable IDN processing on the input domain
name, when BIND is compiled with IDN support.
- * Up to 64 response-policy zones are now supported by default;
- previously the limit was 32. [GL #123]
-
- * Several configuration options for time periods can now use TTL value
- suffixes (for example, 2h or 1d) in addition to an integer number of
- seconds. These include fstrm-set-reopen-interval, interface-interval,
- max-cache-ttl, max-ncache-ttl, max-policy-ttl, and min-update-interval
- . [GL #203]
+ * Multiple cookie-secret clause are now supported. The first
+ cookie-secret in named.conf is used to generate new server cookies.
+ Any others are used to accept old server cookies or those generated by
+ other servers using the matching cookie-secret.
Bug Fixes
- * None.
-
-License
-
-BIND is open source software licenced under the terms of the Mozilla
-Public License, version 2.0 (see the LICENSE file for the full text).
-
-The license requires that if you make changes to BIND and distribute them
-outside your organization, those changes must be published under the same
-license. It does not require that you publish or disclose anything other
-than the changes you have made to our software. This requirement does not
-affect anyone who is using BIND, with or without modifications, without
-redistributing it, nor anyone redistributing BIND without changes.
-
-Those wishing to discuss license compliance may contact ISC at https://
-www.isc.org/mission/contact/.
+ * rndc reload could cause named to leak memory if it was invoked before
+ the zone loading actions from a previous rndc reload command were
+ completed. [RT #47076]
End of Life
-BIND 9.13 is an unstable development branch. When its development is
-complete, it will be renamed to BIND 9.14, which will be a stable branch.
-
-The end of life date for BIND 9.14 has not yet been determined. For those
-needing long term support, the current Extended Support Version (ESV) is
-BIND 9.11, which will be supported until at least December 2021. See
-https://www.isc.org/downloads/software-support-policy/ for details of
-ISC's software support policy.
+BIND 9.11 (Extended Support Version) will be supported until at least
+December, 2021. See https://www.isc.org/downloads/software-support-policy/
+for details of ISC's software support policy.
Thank You
<itemizedlist>
<listitem>
<para>
- Add root key sentinel support which enables resolvers to test
- which trust anchors are configured for the root. To disable, add
- 'root-key-sentinel no;' to named.conf. [GL #37]
+ <command>named</command> now supports the "root key sentinel"
+ mechanism. This enables validating resolvers to indicate
+ which trust anchors are configured for the root, so that
+ information about root key rollover status can be gathered.
+ To disable this feature, add
+ <command>root-key-sentinel no;</command> to
+ <filename>named.conf</filename>.
</para>
</listitem>
<listitem>
<para>
- Add the ability to not return a DNS COOKIE option when one
- is present in the request. To prevent a cookie being returned
- add 'answer-cookie no;' to named.conf. [GL #173]
+ Added the ability not to return a DNS COOKIE option when one
+ is present in the request. To prevent a cookie being returned,
+ add <command>answer-cookie no;</command> to
+ <filename>named.conf</filename>. [GL #173]
</para>
<para>
<command>answer-cookie</command> is only available as a
<section xml:id="relnotes_removed"><info><title>Removed Features</title></info>
<itemizedlist>
- <listitem>
- <para>
- The ISC DNSSEC Lookaside Validation (DLV) service has
- been shut down; all DLV records in the dlv.isc.org zone
- have been removed. References to the service have been
- removed from BIND documentation. Lookaside validation
- is no longer used by default by <command>delv</command>.
- The DLV key has been removed from <filename>bind.keys</filename>.
- Setting <command>dnssec-lookaside</command> to
- <command>auto</command> or to use dlv.isc.org as a trust
- anchor results in a warning being issued.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>named</command> will now log a warning if the old
- root DNSSEC key is explicitly configured and has not been updated.
- [RT #43670]
- </para>
- </listitem>
<listitem>
<para>
<command>named</command> will now log a warning if the old
</itemizedlist>
</section>
- <section xml:id="proto_changes"><info><title>Protocol Changes</title></info>
- <itemizedlist>
- <listitem>
- <para>
- BIND can now use the Ed25519 and Ed448 Edwards Curve DNSSEC
- signing algorithms described in RFC 8080. Note, however, that
- these algorithms must be supported in OpenSSL;
- currently they are only available in the development branch
- of OpenSSL at
- <link xmlns:xlink="http://www.w3.org/1999/xlink"
- xlink:href="https://github.com/openssl/openssl">
- https://github.com/openssl/openssl</link>.
- [RT #44696]
- </para>
- </listitem>
- <listitem>
- <para>
- When parsing DNS messages, EDNS KEY TAG options are checked
- for correctness. When printing messages (for example, in
- <command>dig</command>), EDNS KEY TAG options are printed
- in readable format.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>rndc reload</command> could cause <command>named</command>
- to leak memory if it was invoked before the zone loading actions
- from a previous <command>rndc reload</command> command were
- completed. [RT #47076]
- </para>
- </listitem>
- </itemizedlist>
- </section>
-
<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
<itemizedlist>
- <listitem>
- <para>
- <command>named</command> will no longer start or accept
- reconfiguration if <command>managed-keys</command> or
- <command>dnssec-validation auto</command> are in use and
- the managed-keys directory (specified by
- <command>managed-keys-directory</command>, and defaulting
- to the working directory if not specified),
- is not writable by the effective user ID. [RT #46077]
- </para>
- </listitem>
- <listitem>
- <para>
- Previously, <command>update-policy local;</command> accepted
- updates from any source so long as they were signed by the
- locally-generated session key. This has been further restricted;
- updates are now only accepted from locally configured addresses.
- [RT #45492]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>dig +ednsopt</command> now accepts the names
- for EDNS options in addition to numeric values. For example,
- an EDNS Client-Subnet option could be sent using
- <command>dig +ednsopt=ecs:...</command>. Thanks to
- John Worley of Secure64 for the contribution. [RT #44461]
- </para>
- </listitem>
- <listitem>
- <para>
- Threads in <command>named</command> are now set to human-readable
- names to assist debugging on operating systems that support that.
- Threads will have names such as "isc-timer", "isc-sockmgr",
- "isc-worker0001", and so on. This will affect the reporting of
- subsidiary thread names in <command>ps</command> and
- <command>top</command>, but not the main thread. [RT #43234]
- </para>
- </listitem>
- <listitem>
- <para>
- DiG now warns about .local queries which are reserved for
- Multicast DNS. [RT #44783]
- </para>
- </listitem>
<listitem>
<para>
<command>dig +noidnin</command> can be used to disable IDN
<itemizedlist>
<listitem>
<para>
- Attempting to validate improperly unsigned CNAME responses
- from secure zones could cause a validator loop. This caused
- a delay in returning SERVFAIL and also increased the chances
- of encountering the crash bug described in CVE-2017-3145.
- [RT #46839]
- </para>
- </listitem>
- <listitem>
- <para>
- When <command>named</command> was reconfigured, failure of some
- zones to load correctly could leave the system in an inconsistent
- state; while generally harmless, this could lead to a crash later
- when using <command>rndc addzone</command>. Reconfiguration changes
- are now fully rolled back in the event of failure. [RT #45841]
- </para>
- </listitem>
- <listitem>
- <para>
- Fixed a bug that was introduced in an earlier development
- release which caused multi-packet AXFR and IXFR messages to fail
- validation if not all packets contained TSIG records; this
- caused interoperability problems with some other DNS
- implementations. [RT #45509]
- </para>
- </listitem>
- <listitem>
- <para>
- Reloading or reconfiguring <command>named</command> could
- fail on some platforms when LMDB was in use. [RT #45203]
- </para>
- </listitem>
- <listitem>
- <para>
- Due to some incorrectly deleted code, when BIND was
- built with LMDB, zones that were deleted via
- <command>rndc delzone</command> were removed from the
- running server but were not removed from the new zone
- database, so that deletion did not persist after a
- server restart. This has been corrected. [RT #45185]
- </para>
- </listitem>
- <listitem>
- <para>
- Semicolons are no longer escaped when printing CAA and
- URI records. This may break applications that depend on the
- presence of the backslash before the semicolon. [RT #45216]
- </para>
- </listitem>
- <listitem>
- <para>
- AD could be set on truncated answer with no records present
- in the answer and authority sections. [RT #45140]
- </para>
- </listitem>
- <listitem>
- <para>
- Some header files included <isc/util.h> incorrectly as
- it pollutes with namespace with non ISC_ macros and this should
- only be done by explicitly including <isc/util.h>. This
- has been corrected. Some code may depend on <isc/util.h>
- being implicitly included via other header files. Such
- code should explicitly include <isc/util.h>.
- </para>
- </listitem>
- <listitem>
- <para>
- Zones created with <command>rndc addzone</command> could
- temporarily fail to inherit the <command>allow-transfer</command>
- ACL set in the <command>options</command> section of
- <filename>named.conf</filename>. [RT #46603]
- </para>
- </listitem>
- <listitem>
- <para>
- <command>named</command> failed to properly determine whether
- there were active KSK and ZSK keys for an algorithm when
- <command>update-check-ksk</command> was true (which is the
- default setting). This could leave records unsigned
- when rolling keys. [RT #46743] [RT #46754] [RT #46774]
+ <command>rndc reload</command> could cause <command>named</command>
+ to leak memory if it was invoked before the zone loading actions
+ from a previous <command>rndc reload</command> command were
+ completed. [RT #47076]
</para>
</listitem>
</itemizedlist>
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
+ answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auto-dnssec ( allow | maintain | off );
cleaning-interval <integer>;
clients-per-query <integer>;
cookie-algorithm ( aes | sha1 | sha256 );
- cookie-secret <string>;
+ cookie-secret <string>; // may occur multiple times
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
deallocate-on-exit <boolean>; // obsolete
min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
rfc2308-type1 <boolean>; // not yet implemented
- root-key-sentinel <boolean>;
root-delegation-only [ exclude { <quoted_string>; ... } ];
+ root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
send-cookie <boolean>;
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
-LIBREVISION = 6
+LIBREVISION = 7
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 1101
-LIBREVISION = 1
-LIBAGE = 1
+LIBINTERFACE = 1102
+LIBREVISION = 0
+LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
-LIBREVISION = 4
+LIBREVISION = 5
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 169
-LIBREVISION = 1
+LIBREVISION = 2
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
-LIBREVISION = 2
+LIBREVISION = 3
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 161
-LIBREVISION = 2
-LIBAGE = 1
+LIBINTERFACE = 162
+LIBREVISION = 0
+LIBAGE = 2
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
-LIBREVISION = 1
+LIBREVISION = 2
LIBAGE = 0
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003-2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
DESCRIPTION="(Extended Support Version)"
MAJORVER=9
MINORVER=11
-PATCHVER=3
-RELEASETYPE=
-RELEASEVER=
+PATCHVER=4
+RELEASETYPE=rc
+RELEASEVER=1
EXTENSIONS=
"..\\bin\\tools\\win32\\nsec3hash.mak",
"..\\bin\\tools\\win32\\rrchecker.dsp",
"..\\bin\\tools\\win32\\rrchecker.mak",
- "..\\bin\\tests\\atomic\\win32\\t_atomic.dsp",
- "..\\bin\\tests\\atomic\\win32\\t_atomic.mak",
- "..\\bin\\tests\\db\\win32\\t_db.dsp",
- "..\\bin\\tests\\db\\win32\\t_db.mak",
- "..\\bin\\tests\\dst\\win32\\t_dst.dsp",
- "..\\bin\\tests\\dst\\win32\\t_dst.mak",
- "..\\bin\\tests\\master\\win32\\t_master.dsp",
- "..\\bin\\tests\\master\\win32\\t_master.mak",
- "..\\bin\\tests\\mem\\win32\\t_mem.dsp",
- "..\\bin\\tests\\mem\\win32\\t_mem.mak",
- "..\\bin\\tests\\hashes\\win32\\t_hashes.dsp",
- "..\\bin\\tests\\hashes\\win32\\t_hashes.mak",
- "..\\bin\\tests\\names\\win32\\t_names.dsp",
- "..\\bin\\tests\\names\\win32\\t_names.mak",
- "..\\bin\\tests\\rbt\\win32\\t_rbt.dsp",
- "..\\bin\\tests\\rbt\\win32\\t_rbt.mak",
- "..\\bin\\tests\\resolver\\win32\\t_resolver.dsp",
- "..\\bin\\tests\\resolver\\win32\\t_resolver.mak",
- "..\\bin\\tests\\sockaddr\\win32\\t_sockaddr.dsp",
- "..\\bin\\tests\\sockaddr\\win32\\t_sockaddr.mak",
- "..\\bin\\tests\\tasks\\win32\\t_tasks.dsp",
- "..\\bin\\tests\\tasks\\win32\\t_tasks.mak",
- "..\\bin\\tests\\timers\\win32\\t_timers.dsp",
- "..\\bin\\tests\\timers\\win32\\t_timers.mak",
"..\\bin\\tests\\system\\win32\\bigkey.dsp",
"..\\bin\\tests\\system\\win32\\bigkey.mak",
"..\\bin\\tests\\system\\win32\\feature-test.dsp",
"..\\lib\\samples\\win32\\resolve.mak",
"..\\lib\\samples\\win32\\update.dsp",
"..\\lib\\samples\\win32\\update.mak",
- "..\\lib\\tests\\win32\\libtests.dsp",
- "..\\lib\\tests\\win32\\libtests.mak",
"..\\lib\\win32\\bindevt\\bindevt.dsp",
"..\\lib\\win32\\bindevt\\bindevt.mak",
"legacy\\BINDBuild.dsw",
projects / thirdparty / bind9.git / commitdiff
