regen v9_9_9_patch

diff --git a/configure b/configure
index 14771f7e831f50e530fb4f27cfa6ff1fdbd84b02..2033977fac9fcabb6b171984ef67761df1236074 100755 (executable)
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
 #! /bin/sh
-# Copyright (C) 2004-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2017  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1996-2003  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index f0bd9c6a904c82475b19073a51397f0770cde376..746c0facbd53632b51e8df44312d610f9da2e7c7 100644 (file)
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -555,6 +555,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 975903274a2e51e3e9e0a191ccea0b1e03d73457..0108d9a832d708b464a13c337a460e7c39224873 100644 (file)
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -153,6 +153,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 3739f367879ec5e00123a2b7062144d0798880fc..4dea2d60b5f2c75db82a0b3cfb3916723465a818 100644 (file)
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -663,6 +663,6 @@ controls {
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 8173d030b282f561f23ce692903fb847944b7f3f..f0fcb41096b645cb223ffec665bd42d42ff4add3 100644 (file)
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -1960,6 +1960,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index e3ed3c7771e110ce79a908db17c70dee40afa0a4..dbcb33047a7e93090dd02134a162264903db0494 100644 (file)
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -138,6 +138,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index d8cdaeef0a56e3d8e231509d066acec3762047b0..0f4805b9ffc49a20ab7565cbba46e3e87c070620 100644 (file)
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -12314,6 +12314,6 @@ HOST-127.EXAMPLE. MX 0 .
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index ceb5d6669e26d7ad64ee096f611c0f04183596da..df2a91887f87bbf6e87f5235c7f6358cfaa52083 100644 (file)
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -248,6 +248,6 @@ zone "example.com" {
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 6ff615e24e1b6625fa539d77998d870f4fde5975..1a580bb72e283f8b8d565efcf4aa82280647a4c2 100644 (file)
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -134,6 +134,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index b50673a8cdb8249c177ae8bd08a33e04bb90043b..c66334a99db45382df7a42c6ca84dd2a0c1f7937 100644 (file)
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -44,10 +44,11 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P6</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P7</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
@@ -59,13 +60,18 @@
 </div>
 <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.9.9-P6</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.9.9-P7</h2></div></div></div>
 <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
 <p>
       This document summarizes changes since BIND 9.9.9:
     </p>
+<p>
+      BIND 9.9.9-P7 addresses the security issue described in
+      CVE-2017-3136, and updates the built in trusted keys for
+      the root zone.
+    </p>
 <p>
       BIND 9.9.9-P6 addresses the security issue described in
       CVE-2017-3135, and fixes a regression introduced in a prior
@@ -106,8 +112,42 @@
 </div>
 <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
+<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
+<p>
+      ICANN is in the process of introducing a new Key Signing Key (KSK) for
+      the global root zone. BIND has multiple methods for managing DNSSEC
+      trust anchors, with somewhat different behaviors. If the root
+      key is configured using the <span class="command"><strong>managed-keys</strong></span>
+      statement, or if the pre-configured root key is enabled by using
+      <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep
+      keys up to date automatically. Servers configured in this way
+      will roll seamlessly to the new key when it is published in
+      the root zone. However, keys configured using the
+      <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
+      maintained. If your server is performing DNSSEC validation
+      and is configured using <span class="command"><strong>trusted-keys</strong></span>, you are
+      advised to change your configuration before the root zone begins
+      signing with the new KSK. This is currently scheduled for
+      October 11, 2017.
+    </p>
+<p>
+      This release includes an updated version of the
+      <code class="filename">bind.keys</code> file containing the new root
+      key. This file can also be downloaded from
+      <a class="link" href="https://www.isc.org/bind-keys" target="_top">
+       https://www.isc.org/bind-keys
+      </a>.
+    </p>
+</div>
+<div class="section">
+<div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+         <span class="command"><strong>dns64</strong></span> with <span class="command"><strong>break-dnssec yes;</strong></span>
+         can result in an assertion failure. This flaw is disclosed in
+         CVE-2017-3136.[RT #44653]
+       </p></li>
 <li class="listitem"><p>
          If a server is configured with a response policy zone (RPZ)
          that rewrites an answer with local data, and is also configured
@@ -226,6 +266,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 329b560cb1611a2952aca537a63e319d7030255f..b213f1de682d92bcedaa3a358d476273172712d3 100644 (file)
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -155,6 +155,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html
index d8b34b0b302f2d993ed6be0adb405aec1bb7f146..573f2ac3f0e203b1c2b758669a630876b567db99 100644 (file)
--- a/doc/arm/Bv9ARM.ch11.html
+++ b/doc/arm/Bv9ARM.ch11.html
@@ -497,6 +497,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index 5c7f1e7fee4327c0261bafd12be1c1c91e44eb27..3be51f7b4af85079e22efdc3ae73d6755bd519ca 100644 (file)
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -539,6 +539,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html
index e6b3c709bd20e3d7356bcc33c05cd1de56210552..c173a2ef235f961f001297f0e5334d706c1d9d3e 100644 (file)
--- a/doc/arm/Bv9ARM.ch13.html
+++ b/doc/arm/Bv9ARM.ch13.html
@@ -148,6 +148,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 6405f53d5c7632807cc5d3a6267c3373174e6f17..cc52caac17f4a86504f3d0bbd59b25340ed904bc 100644 (file)
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -40,7 +40,7 @@
 <div>
 <div><h1 class="title">
 <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.9.9-P6</p></div>
+<div><p class="releaseinfo">BIND Version 9.9.9-P7</p></div>
 <div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
 <div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
 </div>
@@ -233,10 +233,11 @@
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
 <dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P6</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P7</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
@@ -372,6 +373,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index 37a2c1a219ef027c878a2f2443f2b9b3a2d564dc..73d74eaac9105cc73143b1a2da0c030cebacbe38 100644 (file)
Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ

diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index d5662d5ec2b5e6df1bcef1d51a612885257daa73..1c1ae33350cc378cf6bdd54732d943b04b3238de 100644 (file)
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -81,6 +81,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index de5792109b14add848f3eacae740a99ceabfcee4..17daeda4e4b29a569c711404316a3147068882d6 100644 (file)
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -170,6 +170,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 3b0074068eea03095a1a032d0b2e3282a22e8f3d..8c5191d6e73d4aef6958473622a4cd75f5c13063 100644 (file)
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -746,6 +746,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 55711cddc6a6e51ee6f271a54b827226ce5a7fff..84949d8018e0e8d13415d65cae71ff4a0dc81dc9 100644 (file)
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -112,6 +112,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index 6f16d72200d36ae85217282fe243aa257c3e5e82..16bc1daf64f3c0ada63df36326a71b94fdb32850 100644 (file)
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -195,6 +195,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 7521d11c930ffd9322bbd19ce43dc2bee7606dde..14ebd86a46582b5562026b1f2a2798a7141bd34c 100644 (file)
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -213,6 +213,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
index d248aacb2ae68237238f1d9cd09f099bf9375c4e..0737fe1d3091f5ac9bfd891280f59a68c85b332e 100644 (file)
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -177,6 +177,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index c900f9d26e7ac350fd2cca6dc49b7fa78457f645..0a4ec482288f910faf37055c14cf4c64d5abeb2b 100644 (file)
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -346,6 +346,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 35d77d248d074258ff1924ed9216d4afa7353389..2602f71d6f7e3726beb2af70302f47f9b97e190a 100644 (file)
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -448,6 +448,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 12b8a52ee04c3954910d946781a39b5bdfab14ac..61cfad3e9a305e8de6ac93f70c0887081ecd04f9 100644 (file)
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -125,6 +125,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 2d2a455f3a17029b5aca7e5c5dcb084029101b34..128706203090fb9568adf42389d8d2eb81492ab9 100644 (file)
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -255,6 +255,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 0a38717d44e4f2a7849667104e505bc1719cd56e..945b18db3dd2c40823c33acb124ac5c1d494170b 100644 (file)
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -538,6 +538,6 @@ db.example.com.signed
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index 7fcec16404058d7cd24bdf7b7192e03e75a2b707..62f02710432a17846ef0f4a72cae593174a82406 100644 (file)
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -150,6 +150,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html
index 1d2927ba27e4d5fa539818627c82a782f9f534e6..7175845b5a451f49ed21c3bda6913f57551feb5d 100644 (file)
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -102,6 +102,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 43750dd5c19df0dc6b99486b408afe54c7254f3f..a469720cca3bb616a35b0069eed8798d202b382f 100644 (file)
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -248,6 +248,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index da32af491e46ac571ece9ea9ca62541e777a0e38..05199c49f547893e974cf6ed6326dcbc6baddc48 100644 (file)
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -112,6 +112,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html
index f68b959ddde725c4cb45f6148e610255bebb4a50..e719d966741f48550b57bd9fe4e81803385c17a8 100644 (file)
--- a/doc/arm/man.lwresd.html
+++ b/doc/arm/man.lwresd.html
@@ -253,6 +253,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 136705e273146b79e44c80380955843db12bd592..dbae6e9b52372b9a5763a3fac52aed7d2ae8ebe5 100644 (file)
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -151,6 +151,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 9c0e6484ea343a444ba86295a30ecf776850d876..be53a18aee453829ce1fa7783aff8c604affa80e 100644 (file)
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -321,6 +321,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index 15850302e19cafc24d577ef3ce0758fbada59cb5..d1b6eea031905f5c3282ffcdf2788c09f0790a39 100644 (file)
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -102,6 +102,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
index 68093216da99efc0830d8eb7d0a388030882c026..373440879a91ffa265d2534a75214bbaf50e002a 100644 (file)
--- a/doc/arm/man.named.conf.html
+++ b/doc/arm/man.named.conf.html
@@ -672,6 +672,6 @@ zone
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index fe5cf3a9580f49c172c1c710f7cc36faf7466c82..bd437c0ff65d932ae71980495fb440363203246b 100644 (file)
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -351,6 +351,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html
index 901cc006a3c85d74a2d31843ebabe224b7095ef5..cca28cfe308d047e6dfc641919eb85547c54ef7f 100644 (file)
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -103,6 +103,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 9593340dafb9844110c6bb2196db450110b9ced4..c187a43154cc56950e24700356beeb308c073f19 100644 (file)
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -639,6 +639,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 5a0abc5f512c96ea3be106501a1bf1ca4e72df58..d377eec534211a4530aa3f683bed9e184b439289 100644 (file)
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -216,6 +216,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 472f55fcde69cb06bf4118f8751b691f416571be..20fbf441cdfb7bb16d8dab6908238d3af237a6b4 100644 (file)
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -245,6 +245,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 3f1f2c595895b3e3cc5681c2f99a0a0b79cce1e0..a063b7379d03a25ccbb7c14a8038770116d4bb7b 100644 (file)
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -581,6 +581,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P6 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P7 (Extended Support Version)</p>
 </body>
 </html>

diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index d72c55c7b7c36b12d66de029d12a192152e8d93a..a62b96ba02a1df6316fb82a881edbc310265808a 100644 (file)
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -21,13 +21,18 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article"><div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.9.9-P6</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.9.9-P7</h2></div></div></div>
 <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
 <p>
       This document summarizes changes since BIND 9.9.9:
     </p>
+<p>
+      BIND 9.9.9-P7 addresses the security issue described in
+      CVE-2017-3136, and updates the built in trusted keys for
+      the root zone.
+    </p>
 <p>
       BIND 9.9.9-P6 addresses the security issue described in
       CVE-2017-3135, and fixes a regression introduced in a prior
@@ -68,8 +73,42 @@
 </div>
 <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
+<a name="root_key"></a>New DNSSEC Root Key</h3></div></div></div>
+<p>
+      ICANN is in the process of introducing a new Key Signing Key (KSK) for
+      the global root zone. BIND has multiple methods for managing DNSSEC
+      trust anchors, with somewhat different behaviors. If the root
+      key is configured using the <span class="command"><strong>managed-keys</strong></span>
+      statement, or if the pre-configured root key is enabled by using
+      <span class="command"><strong>dnssec-validation auto</strong></span>, then BIND can keep
+      keys up to date automatically. Servers configured in this way
+      will roll seamlessly to the new key when it is published in
+      the root zone. However, keys configured using the
+      <span class="command"><strong>trusted-keys</strong></span> statement are not automatically
+      maintained. If your server is performing DNSSEC validation
+      and is configured using <span class="command"><strong>trusted-keys</strong></span>, you are
+      advised to change your configuration before the root zone begins
+      signing with the new KSK. This is currently scheduled for
+      October 11, 2017.
+    </p>
+<p>
+      This release includes an updated version of the
+      <code class="filename">bind.keys</code> file containing the new root
+      key. This file can also be downloaded from
+      <a class="link" href="https://www.isc.org/bind-keys" target="_top">
+       https://www.isc.org/bind-keys
+      </a>.
+    </p>
+</div>
+<div class="section">
+<div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+         <span class="command"><strong>dns64</strong></span> with <span class="command"><strong>break-dnssec yes;</strong></span>
+         can result in an assertion failure. This flaw is disclosed in
+         CVE-2017-3136.[RT #44653]
+       </p></li>
 <li class="listitem"><p>
          If a server is configured with a response policy zone (RPZ)
          that rewrites an answer with local data, and is also configured

diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf
index d03b81a31af08177dc47289780b952d299ab2d15..79009b6694ef6cb2cbe7e081e8a101c148c10633 100644 (file)
Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ