5260. [bug] dnstap-read was producing malformed output for large
packets. [GL #1093]
+5258. [func] Added support for the GeoIP2 API from MaxMind,
+ when BIND is compiled using "configure --with-geoip2".
+ The legacy GeoIP API can be enabled by using
+ "configure --with-geoip" instead. These options
+ cannot be used together.
+
+ Certain geoip ACL settings that were available with
+ legacy GeoIP are not available when using GeoIP2.
+ See the ARM for details. [GL #182]
+
5257. [bug] Some statistics data was not being displayed.
Add shading to the zone tables. [GL #1030]
BIND 9.11.4
BIND 9.11.4 is a maintenance release, and addresses the security flaw
-disclosed in CVE-2018-5738. It also introduces "root key sentinel" support,
-enabling validating resolvers to indicate via a special query which trust
-anchors are configured for the root zone.
+disclosed in CVE-2018-5738. It also introduces "root key sentinel"
+support, enabling validating resolvers to indicate via a special query
+which trust anchors are configured for the root zone.
BIND 9.11.5
BIND 9.11.6
BIND 9.11.6 is a maintenance release, and also addresses the security
-flaws disclosed in CVE-2018-5744, CVE-2018-5745, CVE-2018-5744, and
+flaws disclosed in CVE-2018-5743, CVE-2018-5745, CVE-2018-5744, and
CVE-2019-6465.
BIND 9.11.7
BIND 9.11.8 is a maintenance release, and also addresses the security flaw
disclosed in CVE-2019-6471.
+BIND 9.11.9
+
+BIND 9.11.9 is a maintenance release, and also adds support for the new
+MaxMind GeoIP2 geolocation API when built with configure --with-geoip2.
+
Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
Several environment variables that can be set before running configure
will affect compilation:
- Variable Description
+Variable Description
CC The C compiler to use. configure tries to figure out the
right one for supported systems.
C compiler flags. Defaults to include -g and/or -O2 as
changes listed first. Change notes include tags indicating the category of
the change that was made; these categories are:
- Category Description
+Category Description
[func] New feature
[bug] General bug fix
[security] Fix for a significant security flaw
referred to entries in the "bind9-bugs" RT database, which was not open to
the public. More recent entries use the form [GL #NNN] or, less often, [GL
!NNN], which, respectively, refer to issues or merge requests in the
-Gitlab database. Most of these are publicly readable, unless they
-include information which is confidential or security senstive.
+Gitlab database. Most of these are publicly readable, unless they include
+information which is confidential or security senstive.
To look up a Gitlab issue by its number, use the URL https://
gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
* The original development of BIND 9 was underwritten by the following
organizations:
- Sun Microsystems, Inc.
- Hewlett Packard
- Compaq Computer Corporation
- IBM
- Process Software Corporation
- Silicon Graphics, Inc.
- Network Associates, Inc.
- U.S. Defense Information Systems Agency
- USENIX Association
- Stichting NLnet - NLnet Foundation
- Nominum, Inc.
+ Sun Microsystems, Inc.
+ Hewlett Packard
+ Compaq Computer Corporation
+ IBM
+ Process Software Corporation
+ Silicon Graphics, Inc.
+ Network Associates, Inc.
+ U.S. Defense Information Systems Agency
+ USENIX Association
+ Stichting NLnet - NLnet Foundation
+ Nominum, Inc.
* This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit. http://www.OpenSSL.org/
-
* This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com)
-
* This product includes software written by Tim Hudson
(tjh@cryptsoft.com)
</itemizedlist>
</section>
+ <section xml:id="relnotes_features"><info><title>New Features</title></info>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The new GeoIP2 API from MaxMind is now supported when BIND
+ is compiled using <command>configure --with-geoip2</command>.
+ The legacy GeoIP API can be used by compiling with
+ <command>configure --with-geoip</command> instead. (Note that
+ the databases for the legacy API are no longer maintained by
+ MaxMind.)
+ </para>
+ <para>
+ The default path to the GeoIP2 databases will be set based
+ on the location of the <command>libmaxminddb</command> library;
+ for example, if it is in <filename>/usr/local/lib</filename>,
+ then the default path will be
+ <filename>/usr/local/share/GeoIP</filename>.
+ This value can be overridden in <filename>named.conf</filename>
+ using the <command>geoip-directory</command> option.
+ </para>
+ <para>
+ Some <command>geoip</command> ACL settings that were available with
+ legacy GeoIP, including searches for <command>netspeed</command>,
+ <command>org</command>, and three-letter ISO country codes, will
+ no longer work when using GeoIP2. Supported GeoIP2 database
+ types are <command>country</command>, <command>city</command>,
+ <command>domain</command>, <command>isp</command>, and
+ <command>as</command>. All of the databases support both IPv4
+ and IPv6 lookups. [GL #182]
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
<itemizedlist>
<listitem>
projects / thirdparty / bind9.git / commitdiff
