--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" type="text/css" href="release-notes.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.76.1" /></head><body><div class="article"><div class="titlepage"><hr /></div>
+
+ <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112068"></a>Introduction</h2></div></div></div>
+
+ <p>
+ BIND 9.6.2-P3 is a maintenance release for BIND 9.6.
+ </p>
+ <p>
+ This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.2-P3.
+ Please see the CHANGES file in the source code release for a
+ complete list of all changes.
+ </p>
+ </div>
+
+ <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112131"></a>Download</h2></div></div></div>
+
+ <p>
+ The latest release of BIND 9 software can always be found
+ on our web site at
+ <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
+ There you will find additional information about each release,
+ source code, and some pre-compiled versions for certain operating
+ systems.
+ </p>
+ </div>
+
+ <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112155"></a>Support</h2></div></div></div>
+
+ <p>Product support information is available on
+ <a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
+ for paid support options. Free support is provided by our user
+ community via a mailing list. Information on all public email
+ lists is available at
+ <a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
+ </p>
+ </div>
+
+ <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112103"></a>New Features</h2></div></div></div>
+
+ <div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112200"></a>9.6.2-P3</h3></div></div></div>
+
+ <p>None.</p>
+ </div>
+ </div>
+
+ <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112071"></a>Feature Changes</h2></div></div></div>
+
+ <div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112234"></a>9.6.2-P3</h3></div></div></div>
+
+ <p>None.</p>
+ </div>
+ </div>
+
+ <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112245"></a>Security Fixes</h2></div></div></div>
+
+ <div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112250"></a>9.6.2-P3</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+ Adding a NO DATA signed negative response to cache failed to clear
+ any matching RRSIG records already in cache. A subsequent lookup
+ of the cached NO DATA entry could crash named (INSIST) when the
+ unexpected RRSIG was also returned with the NO DATA cache entry.
+ [RT #22288] [CVE-2010-3613] [VU#706148]
+ </li><li class="listitem">
+ BIND, acting as a DNSSEC validator, was determining if the NS RRset
+ is insecure based on a value that could mean either that the RRset
+ is actually insecure or that there wasn't a matching key for the RRSIG
+ in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
+ This can happen when in the middle of a DNSKEY algorithm rollover,
+ when two different algorithms were used to sign a zone but only the
+ new set of keys are in the zone DNSKEY RRset.
+ [RT #22309] [CVE-2010-3614] [VU#837744]
+ </li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112276"></a>Bug Fixes</h2></div></div></div>
+
+ <div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112281"></a>9.6.2-P3</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+ Worked around a race condition in the cache database memory
+ handling. Without this fix a DNS cache DB or ADB could
+ incorrectly stay in an over memory state, effectively refusing
+ further caching, which subsequently made a BIND 9 caching
+ server unworkable.
+ [RT #21818]
+ </li><li class="listitem">
+ Microsoft changed the behavior of sockets between NT/XP based
+ stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+ behavior, 2008r2 has the new behavior. With the change, different
+ error results are possible, so ISC adapted BIND to handle the new
+ error results.
+ This resolves an issue where sockets would shut down on
+ Windows servers causing named to stop responding to queries.
+ [RT #21906]
+ </li><li class="listitem">
+ Windows has non-POSIX compliant behavior in its rename() and unlink()
+ calls. This caused journal compaction to fail on Windows BIND servers
+ with the log error: "dns_journal_compact failed: failure".
+ [RT #22434]
+ </li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112310"></a>Thank You</h2></div></div></div>
+
+ <p>
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to make
+ quality open source software, please visit our donations page at
+ <a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
+ </p>
+ </div>
+</div></body></html>
--- /dev/null
+ __________________________________________________________________
+
+Introduction
+
+ BIND 9.6.2-P3 is a maintenance release for BIND 9.6.
+
+ This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.2-P3.
+ Please see the CHANGES file in the source code release for a complete
+ list of all changes.
+
+Download
+
+ The latest release of BIND 9 software can always be found on our web
+ site at http://www.isc.org/software/bind. There you will find
+ additional information about each release, source code, and some
+ pre-compiled versions for certain operating systems.
+
+Support
+
+ Product support information is available on
+ http://www.isc.org/services/support for paid support options. Free
+ support is provided by our user community via a mailing list.
+ Information on all public email lists is available at
+ https://lists.isc.org/mailman/listinfo.
+
+New Features
+
+9.6.2-P3
+
+ None.
+
+Feature Changes
+
+9.6.2-P3
+
+ None.
+
+Security Fixes
+
+9.6.2-P3
+
+ * Adding a NO DATA signed negative response to cache failed to clear
+ any matching RRSIG records already in cache. A subsequent lookup of
+ the cached NO DATA entry could crash named (INSIST) when the
+ unexpected RRSIG was also returned with the NO DATA cache entry.
+ [RT #22288] [CVE-2010-3613] [VU#706148]
+ * BIND, acting as a DNSSEC validator, was determining if the NS RRset
+ is insecure based on a value that could mean either that the RRset
+ is actually insecure or that there wasn't a matching key for the
+ RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY
+ RRset. This can happen when in the middle of a DNSKEY algorithm
+ rollover, when two different algorithms were used to sign a zone
+ but only the new set of keys are in the zone DNSKEY RRset. [RT
+ #22309] [CVE-2010-3614] [VU#837744]
+
+Bug Fixes
+
+9.6.2-P3
+
+ * Worked around a race condition in the cache database memory
+ handling. Without this fix a DNS cache DB or ADB could incorrectly
+ stay in an over memory state, effectively refusing further caching,
+ which subsequently made a BIND 9 caching server unworkable. [RT
+ #21818]
+ * Microsoft changed the behavior of sockets between NT/XP based
+ stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+ behavior, 2008r2 has the new behavior. With the change, different
+ error results are possible, so ISC adapted BIND to handle the new
+ error results. This resolves an issue where sockets would shut down
+ on Windows servers causing named to stop responding to queries. [RT
+ #21906]
+ * Windows has non-POSIX compliant behavior in its rename() and
+ unlink() calls. This caused journal compaction to fail on Windows
+ BIND servers with the log error: "dns_journal_compact failed:
+ failure". [RT #22434]
+
+Thank You
+
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to
+ make quality open source software, please visit our donations page at
+ http://www.isc.org/supportisc.
--- /dev/null
+body {
+ background-color: #ffffff;
+ color: #333333;
+ font-family: "Helvetica Neue", "ArialMT", "Verdana", "Arial", "Helvetica", sans-serif;
+ font-size: 14px;
+ line-height: 18px;
+ margin: 2em auto;
+ width: 700px;
+}
+
+.command {
+ font-family: "Courier New", "Courier", monospace;
+ font-weight: normal;
+}
+
+.note {
+ background-color: #ddeedd;
+ border: 1px solid #aaccaa;
+ margin: 1em 0 1em 0;
+ padding: 0.5em 1em 0.5em 1em;
+ -moz-border-radius: 10px;
+ -webkit-border-radius: 10px;
+}
+
+.screen {
+ background-color: #ffffee;
+ border: 1px solid #ddddaa;
+ padding: 0.25em 1em 0.25em 1em;
+ margin: 1em 0 1em 0;
+ -moz-border-radius: 10px;
+ -webkit-border-radius: 10px;
+}
+
+.section.title {
+ font-size: 150%;
+ font-weight: bold;
+}
+
+.section.section.title {
+ font-size: 130%;
+ font-weight: bold;
+}
projects / thirdparty / bind9.git / commitdiff
