+ --- 9.14.12 released ---
+
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
BIND 9.14.11 is a maintenance release.
+BIND 9.14.12
+
+BIND 9.14.12 is a maintenance release, and also addresses the security
+vulnerabilities disclosed in CVE-2020-8616 and CVE-2020-8617.
+
Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
BIND 9.14.11 is a maintenance release.
+#### BIND 9.14.12
+
+BIND 9.14.12 is a maintenance release, and also addresses the security
+vulnerabilities disclosed in CVE-2020-8616 and CVE-2020-8617.
+
### <a name="build"/> Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
Sets the maximum number of iterative queries that
may be sent while servicing a recursive query.
If more queries are sent, the recursive query
- is terminated and returns SERVFAIL. Queries to
- look up top level domains such as "com" and "net"
- and the DNS root zone are exempt from this limitation.
- The default is 75.
+ is terminated and returns SERVFAIL. The default is 75.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>notify-delay</strong></span></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.11</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.12</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_platforms">Supported Platforms</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.12">Notes for BIND 9.14.12</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.11">Notes for BIND 9.14.11</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.10">Notes for BIND 9.14.10</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.9">Notes for BIND 9.14.9</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.14.11</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.14.12</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
cleanup, and some very old code has been removed that supported
obsolete operating systems and operating systems for which ISC is
no longer able to perform quality assurance testing. Specifically,
- workarounds for UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster
+ workarounds for UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster,
and IRIX have been removed.
</p>
<p>
More information can be found in the <code class="filename">PLATFORM.md</code>
file that is included in the source distribution of BIND 9. If your
platform compiler and system libraries provide the above features,
- BIND 9 should compile and run. If that isn't the case, the BIND
+ BIND 9 should compile and run. If that is not the case, the BIND
development team will generally accept patches that add support
for systems that are still supported by their respective vendors.
</p>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes-9.14.12"></a>Notes for BIND 9.14.12</h3></div></div></div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h4 class="title">
+<a name="relnotes-9.14.12-security"></a>Security Fixes</h4></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ To prevent exhaustion of server resources by a maliciously configured
+ domain, the number of recursive queries that can be triggered by a
+ request before aborting recursion has been further limited. Root and
+ top-level domain servers are no longer exempt from the
+ <span class="command"><strong>max-recursion-queries</strong></span> limit. Fetches for missing
+ name server address records are limited to 4 for any domain. This
+ issue was disclosed in CVE-2020-8616. [GL #1388]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Replaying a TSIG BADTIME response as a request could
+ trigger an assertion failure. This was disclosed in
+ CVE-2020-8617. [GL #1703]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ DNS rebinding protection was ineffective when BIND 9 was configured
+ as a forwarding DNS server. Found and responsibly reported by Tobias
+ Klein. [GL #1574]
+ </p>
+ </li>
+</ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h4 class="title">
+<a name="relnotes-9.14.12-bugs"></a>Bug Fixes</h4></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <p>
+ Fixed re-signing issues with inline zones which resulted in
+ records being re-signed late or not at all.
+ </p>
+ </li></ul></div>
+ </div>
+
+</div>
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes-9.14.11"></a>Notes for BIND 9.14.11</h3></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
- The end of life date for BIND 9.14 has not yet been determined.
- For those needing long term support, the current Extended Support
+ BIND 9.16 has replaced 9.14 as the current stable version.
+ This BIND release is the last one in the BIND 9.14 release train.
+ For those needing long-term support, the current Extended Support
Version (ESV) is BIND 9.11, which will be supported until at
least December 2021. See
<a class="link" href="https://kb.isc.org/docs/aa-00896" target="_top">https://kb.isc.org/docs/aa-00896</a>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.14.11</p></div>
+<div><p class="releaseinfo">BIND Version 9.14.12</p></div>
<div><p class="copyright">Copyright © 2000-2020 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.11</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.12</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_platforms">Supported Platforms</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.12">Notes for BIND 9.14.12</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.11">Notes for BIND 9.14.11</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.10">Notes for BIND 9.14.10</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes-9.14.9">Notes for BIND 9.14.9</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.11 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.12 (Stable Release)</p>
</body>
</html>
</listitem>
<listitem>
<para>
- DNS rebinding protection was ineffective when BIND 9 is configured as
- a forwarding DNS server. Found and responsibly reported by Tobias
+ DNS rebinding protection was ineffective when BIND 9 was configured
+ as a forwarding DNS server. Found and responsibly reported by Tobias
Klein. [GL #1574]
</para>
</listitem>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.14.11</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.14.12</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
cleanup, and some very old code has been removed that supported
obsolete operating systems and operating systems for which ISC is
no longer able to perform quality assurance testing. Specifically,
- workarounds for UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster
+ workarounds for UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster,
and IRIX have been removed.
</p>
<p>
More information can be found in the <code class="filename">PLATFORM.md</code>
file that is included in the source distribution of BIND 9. If your
platform compiler and system libraries provide the above features,
- BIND 9 should compile and run. If that isn't the case, the BIND
+ BIND 9 should compile and run. If that is not the case, the BIND
development team will generally accept patches that add support
for systems that are still supported by their respective vendors.
</p>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes-9.14.12"></a>Notes for BIND 9.14.12</h3></div></div></div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h4 class="title">
+<a name="relnotes-9.14.12-security"></a>Security Fixes</h4></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ To prevent exhaustion of server resources by a maliciously configured
+ domain, the number of recursive queries that can be triggered by a
+ request before aborting recursion has been further limited. Root and
+ top-level domain servers are no longer exempt from the
+ <span class="command"><strong>max-recursion-queries</strong></span> limit. Fetches for missing
+ name server address records are limited to 4 for any domain. This
+ issue was disclosed in CVE-2020-8616. [GL #1388]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Replaying a TSIG BADTIME response as a request could
+ trigger an assertion failure. This was disclosed in
+ CVE-2020-8617. [GL #1703]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ DNS rebinding protection was ineffective when BIND 9 was configured
+ as a forwarding DNS server. Found and responsibly reported by Tobias
+ Klein. [GL #1574]
+ </p>
+ </li>
+</ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h4 class="title">
+<a name="relnotes-9.14.12-bugs"></a>Bug Fixes</h4></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <p>
+ Fixed re-signing issues with inline zones which resulted in
+ records being re-signed late or not at all.
+ </p>
+ </li></ul></div>
+ </div>
+
+</div>
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes-9.14.11"></a>Notes for BIND 9.14.11</h3></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
- The end of life date for BIND 9.14 has not yet been determined.
- For those needing long term support, the current Extended Support
+ BIND 9.16 has replaced 9.14 as the current stable version.
+ This BIND release is the last one in the BIND 9.14 release train.
+ For those needing long-term support, the current Extended Support
Version (ESV) is BIND 9.11, which will be supported until at
least December 2021. See
<a class="link" href="https://kb.isc.org/docs/aa-00896" target="_top">https://kb.isc.org/docs/aa-00896</a>
-Release Notes for BIND Version 9.14.11
+Release Notes for BIND Version 9.14.12
Introduction
and some very old code has been removed that supported obsolete operating
systems and operating systems for which ISC is no longer able to perform
quality assurance testing. Specifically, workarounds for UnixWare, BSD/OS,
-AIX, Tru64, SunOS, TruCluster and IRIX have been removed.
+AIX, Tru64, SunOS, TruCluster, and IRIX have been removed.
On UNIX-like systems, BIND now requires support for POSIX.1c threads (IEEE
Std 1003.1c-1995), the Advanced Sockets API for IPv6 (RFC 3542), and
More information can be found in the PLATFORM.md file that is included in
the source distribution of BIND 9. If your platform compiler and system
libraries provide the above features, BIND 9 should compile and run. If
-that isn't the case, the BIND development team will generally accept
+that is not the case, the BIND development team will generally accept
patches that add support for systems that are still supported by their
respective vendors.
each release, source code, and pre-compiled versions for Microsoft Windows
operating systems.
+Notes for BIND 9.14.12
+
+Security Fixes
+
+ * To prevent exhaustion of server resources by a maliciously configured
+ domain, the number of recursive queries that can be triggered by a
+ request before aborting recursion has been further limited. Root and
+ top-level domain servers are no longer exempt from the
+ max-recursion-queries limit. Fetches for missing name server address
+ records are limited to 4 for any domain. This issue was disclosed in
+ CVE-2020-8616. [GL #1388]
+
+ * Replaying a TSIG BADTIME response as a request could trigger an
+ assertion failure. This was disclosed in CVE-2020-8617. [GL #1703]
+
+ * DNS rebinding protection was ineffective when BIND 9 was configured as
+ a forwarding DNS server. Found and responsibly reported by Tobias
+ Klein. [GL #1574]
+
+Bug Fixes
+
+ * Fixed re-signing issues with inline zones which resulted in records
+ being re-signed late or not at all.
+
Notes for BIND 9.14.11
Bug Fixes
End of Life
-The end of life date for BIND 9.14 has not yet been determined. For those
-needing long term support, the current Extended Support Version (ESV) is
-BIND 9.11, which will be supported until at least December 2021. See
-https://kb.isc.org/docs/aa-00896 for details of ISC's software support
-policy.
+BIND 9.16 has replaced 9.14 as the current stable version. This BIND
+release is the last one in the BIND 9.14 release train. For those needing
+long-term support, the current Extended Support Version (ESV) is BIND
+9.11, which will be supported until at least December 2021. See https://
+kb.isc.org/docs/aa-00896 for details of ISC's software support policy.
Thank You
# 9.12: 1200-1299
# 9.13/9.14: 1300-1499
LIBINTERFACE = 1312
-LIBREVISION = 1
+LIBREVISION = 2
LIBAGE = 0
DESCRIPTION="(Stable Release)"
MAJORVER=9
MINORVER=14
-PATCHVER=11
+PATCHVER=12
RELEASETYPE=
RELEASEVER=
EXTENSIONS=
projects / thirdparty / bind9.git / commitdiff
