From: Tinderbox User Date: Sat, 29 Sep 2018 04:12:36 +0000 (+0000) Subject: prep 9.12.3rc1 X-Git-Tag: v9.12.3rc1~1^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f5e4faed84e149e8b552517cfa33a8bec10771f;p=thirdparty%2Fbind9.git prep 9.12.3rc1 --- diff --git a/CHANGES b/CHANGES index 607e772929b..77ced9b2237 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.12.3rc1 released --- + 5038. [bug] Chaosnet addresses were compared incorrectly. [GL #562] diff --git a/README b/README index 7b07eb9e1f7..a368dac4f04 100644 --- a/README +++ b/README @@ -141,6 +141,15 @@ BIND 9.12.2 is a maintenance release, and addresses security vulnerabilities disclosed in CVE-2018-5736, CVE-2018-5737 and CVE-2018-5738. +BIND 9.12.3 + +BIND 9.12.3 is a maintenance release, and also addresses CVE-2018-5741 by +correcting faulty documentation and introducing the following new feature: + + * New krb5-selfsub and ms-selfsub rule types for update-policy + statements allow updating of subdomains based on a Kerberos or Active + Directory machine principal. + Building BIND BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX diff --git a/README.md b/README.md index fefc2e86acb..33ad8cfa4d0 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,16 @@ BIND 9.12.2 is a maintenance release, and addresses security vulnerabilities disclosed in CVE-2018-5736, CVE-2018-5737 and CVE-2018-5738. +#### BIND 9.12.3 + +BIND 9.12.3 is a maintenance release, and also addresses CVE-2018-5741 +by correcting faulty documentation and introducing the following new +feature: + +* New `krb5-selfsub` and `ms-selfsub` rule types for `update-policy` + statements allow updating of subdomains based on a Kerberos or + Active Directory machine principal. + ### Building BIND BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 6e512f7ac96..80e5869780f 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -907,10 +907,10 @@ view \fIstring\fR [ \fIclass\fR ] { | slave | static\-stub | stub ); update\-check\-ksk \fIboolean\fR; update\-policy ( local | { ( deny | grant ) \fIstring\fR ( - 6to4\-self | external | krb5\-self | krb5\-subdomain | - ms\-self | ms\-subdomain | name | self | selfsub | - selfwild | subdomain | tcp\-self | wildcard | zonesub ) - [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; + 6to4\-self | external | krb5\-self | krb5\-selfsub | + krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain | + name | self | selfsub | selfwild | subdomain | tcp\-self + | wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; use\-alt\-transfer\-source \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zone\-statistics ( full | terse | none | \fIboolean\fR ); @@ -1012,9 +1012,10 @@ zone \fIstring\fR [ \fIclass\fR ] { | static\-stub | stub ); update\-check\-ksk \fIboolean\fR; update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self | - external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain - | name | self | selfsub | selfwild | subdomain | tcp\-self | - wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; + external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self + | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild + | subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ] + \fIrrtypelist\fR; \&.\&.\&. }; use\-alt\-transfer\-source \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zone\-statistics ( full | terse | none | \fIboolean\fR ); diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 6970f9a0981..56bb23e1206 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -884,10 +884,10 @@ view string [ class ] { | slave | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( - 6to4-self | external | krb5-self | krb5-subdomain | - ms-self | ms-subdomain | name | self | selfsub | - selfwild | subdomain | tcp-self | wildcard | zonesub ) - [ string ] rrtypelist; ... }; + 6to4-self | external | krb5-self | krb5-selfsub | + krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | + name | self | selfsub | selfwild | subdomain | tcp-self + | wildcard | zonesub ) [ string ] rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); @@ -985,9 +985,10 @@ zone string [ class ] { | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( 6to4-self | - external | krb5-self | krb5-subdomain | ms-self | ms-subdomain - | name | self | selfsub | selfwild | subdomain | tcp-self | - wildcard | zonesub ) [ string ] rrtypelist; ... }; + external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self + | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild + | subdomain | tcp-self | wildcard | zonesub ) [ string ] + rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index f50191450c6..77e396576c5 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -876,10 +876,10 @@ view     | slave | static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string (
-     6to4-self | external | krb5-self | krb5-subdomain |
-     ms-self | ms-subdomain | name | self | selfsub |
-     selfwild | subdomain | tcp-self | wildcard | zonesub )
-     [ string ] rrtypelist; ... };
+     6to4-self | external | krb5-self | krb5-selfsub |
+     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+     name | self | selfsub | selfwild | subdomain | tcp-self
+     | wildcard | zonesub ) [ string ] rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
@@ -978,9 +978,10 @@ zone     | static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string ( 6to4-self |
-     external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
-     | name | self | selfsub | selfwild | subdomain | tcp-self |
-     wildcard | zonesub ) [ string ] rrtypelist; ... };
+     external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+     | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+     | subdomain | tcp-self | wildcard | zonesub ) [ string ]
+     rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index ca2daec1b17..fe56839aedb 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -386,7 +386,7 @@ See also \fBrndc trace\fR\&. .RE .PP -\fBnta \fR\fB[( \-d | \-f | \-r | \-l \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR +\fBnta \fR\fB[( \-class \fIclass\fR | \-dump | \-force | \-remove | \-lifetime \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR .RS 4 Sets a DNSSEC negative trust anchor (NTA) for \fBdomain\fR, with a lifetime of @@ -418,7 +418,7 @@ option\&. TTL\-style suffixes can be used to specify the lifetime in seconds, mi to zero is equivalent to \fB\-remove\fR\&. .sp -If +If the \fB\-dump\fR is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up)\&. .sp @@ -430,11 +430,16 @@ option in the Administrator Reference Manual for details)\&. If data can be vali \fB\-force\fR overrides this behavior and forces an NTA to persist for its entire lifetime, regardless of whether data could be validated if the NTA were not present\&. .sp +The view class can be specified with +\fB\-class\fR\&. The default is class +\fBIN\fR, which is the only class for which DNSSEC is currently supported\&. +.sp All of these options can be shortened, i\&.e\&., to \fB\-l\fR, \fB\-r\fR, -\fB\-d\fR, and -\fB\-f\fR\&. +\fB\-d\fR, +\fB\-f\fR, and +\fB\-c\fR\&. .RE .PP \fBquerylog\fR [ on | off ] diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 97b77cb8dc5..9a1bde881c4 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -484,7 +484,7 @@

nta - [( -d | -f | -r | -l duration)] + [( -class class | -dump | -force | -remove | -lifetime duration)] domain [view]
@@ -532,7 +532,7 @@ is equivalent to -remove.

- If -dump is used, any other arguments + If the -dump is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up). @@ -549,10 +549,15 @@ lifetime, regardless of whether data could be validated if the NTA were not present.

+

+ The view class can be specified with -class. + The default is class IN, which is + the only class for which DNSSEC is currently supported. +

All of these options can be shortened, i.e., to -l, -r, -d, - and -f. + -f, and -c.

querylog [ on | off ]
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index 354f7a81241..4343f510cdb 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -614,6 +614,6 @@ -

BIND 9.12.2-P1

+

BIND 9.12.3rc1

diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html index 376182e5f5e..c63558cc716 100644 --- a/doc/arm/Bv9ARM.ch02.html +++ b/doc/arm/Bv9ARM.ch02.html @@ -146,6 +146,6 @@ -

BIND 9.12.2-P1

+

BIND 9.12.3rc1

diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 99f223c0b14..34774c28154 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -759,6 +759,6 @@ controls { -

BIND 9.12.2-P1

+

BIND 9.12.3rc1

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 3d11c6d563d..d8f11fc11b9 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. -

BIND 9.12.2-P1

+

BIND 9.12.3rc1

diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index 5f23a7e2927..ec3d9b92cb5 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -4700,6 +4700,11 @@ options { slave zones respectively. It is off by default.

+

+ Note: if inline signing is enabled for a zone, the + user-provided ixfr-from-differences + setting is ignored for that zone. +

multi-master
@@ -6764,8 +6769,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };

- Records are returned in some random order. When no - ordering is specified, this is the default. + Records are returned in some random order.

@@ -6796,7 +6800,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; Records are returned in whatever order they were retrieved from the database. This order is indeterminate, but will be consistent as long as the - database is not modified. + database is not modified. When no ordering is + specified, this is the default.

@@ -9291,7 +9296,7 @@ view "external" { sig-signing-type integer; sig-validity-interval integer [ integer ]; update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; + update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); }; @@ -10524,7 +10529,7 @@ example.com. NS ns2.example.net. has been used to create a shared secret, the identity of the key used to authenticate the TKEY exchange will be used as the identity of the shared secret. Some rule types - use indentities matching the client's Kerberos principal + use identities matching the client's Kerberos principal (e.g, "host/machine@REALM") or Windows realm (machine$@REALM).

@@ -10544,12 +10549,13 @@ example.com. NS ns2.example.net. the rules are checked for each existing record type.

- The ruletype field has 13 + The ruletype field has 16 values: name, subdomain, wildcard, self, selfsub, selfwild, krb5-self, ms-self, + krb5-selfsub, ms-selfsub, krb5-subdomain, ms-subdomain, tcp-self, 6to4-self, @@ -10694,12 +10700,41 @@ example.com. NS ns2.example.net.

- This rule takes a Windows machine principal - (machine$@REALM) for machine in REALM and - and converts it machine.realm allowing the machine - to update machine.realm. The REALM to be matched - is specified in the identity - field. The name field should be set to "." + When a client sends an UPDATE using a Windows + machine principal (for example, 'machine$@REALM'), + this rule allows records with the absolute name + of 'machine.REALM' to be updated. +

+

+ The realm to be matched is specified in the + identity field. +

+

+ The name field has + no effect on this rule; it should be set to "." + as a placeholder. +

+

+ For example, + grant EXAMPLE.COM ms-self . A AAAA + allows any machine with a valid principal in + the realm EXAMPLE.COM to update + its own address records. +

+ + + + +

+ ms-selfsub +

+ + +

+ This is similar to ms-self + except it also allows updates to any subdomain of + the name specified in the Windows machine + principal, not just to the name itself.

@@ -10711,13 +10746,32 @@ example.com. NS ns2.example.net.

- This rule takes a Windows machine principal - (machine$@REALM) for machine in REALM and - converts it to machine.realm allowing the machine - to update subdomains of machine.realm. The REALM - to be matched is specified in the + When a client sends an UPDATE using a Windows + machine principal (for example, 'machine$@REALM'), + this rule allows any machine in the specified + realm to update any record in the zone or in a + specified subdomain of the zone. +

+

+ The realm to be matched is specified in the identity field.

+

+ The name field + specifies the subdomain that may be updated. + If set to "." (or any other name at or above + the zone apex), any name in the zone can be + updated. +

+

+ For example, if update-policy + for the zone "example.com" includes + grant EXAMPLE.COM ms-subdomain hosts.example.com. A AAAA, + any machine with a valid principal in + the realm EXAMPLE.COM will + be able to update address records at or below + "hosts.example.com". +

@@ -10728,12 +10782,47 @@ example.com. NS ns2.example.net.

- This rule takes a Kerberos machine principal - (host/machine@REALM) for machine in REALM and - and converts it machine.realm allowing the machine - to update machine.realm. The REALM to be matched - is specified in the identity - field. The name field should be set to "." + When a client sends an UPDATE using a + Kerberos machine principal (for example, + 'host/machine@REALM'), this rule allows + records with the absolute name of 'machine' + to be updated provided it has been authenticated + by REALM. This is similar but not identical + to ms-self due to the + 'machine' part of the Kerberos principal + being an absolute name instead of a unqualified + name. +

+

+ The realm to be matched is specified in the + identity field. +

+

+ The name field has + no effect on this rule; it should be set to "." + as a placeholder. +

+

+ For example, + grant EXAMPLE.COM krb5-self . A AAAA + allows any machine with a valid principal in + the realm EXAMPLE.COM to update + its own address records. +

+ + + + +

+ krb5-selfsub +

+ + +

+ This is similar to krb5-self + except it also allows updates to any subdomain of + the name specified in the 'machine' part of the + Kerberos principal, not just to the name itself.

@@ -10745,13 +10834,11 @@ example.com. NS ns2.example.net.

- This rule takes a Kerberos machine principal - (host/machine@REALM) for machine in REALM and - converts it to machine.realm allowing the machine - to update subdomains of machine.realm. The REALM - to be matched is specified in the - identity field. The - name field should be set to "." + This rule is identical to + ms-subdomain, except that it works + with Kerberos machine principals (i.e., + 'host/machine@REALM') rather than Windows machine + principals.

@@ -14700,6 +14787,6 @@ HOST-127.EXAMPLE. MX 0 . -

BIND 9.12.2-P1

+

BIND 9.12.3rc1

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 0488d13c3a1..2d3d55f14c2 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -399,6 +399,6 @@ allow-query { !{ !10/8; any; }; key example; }; -

BIND 9.12.2-P1

+

BIND 9.12.3rc1

diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index 4f6526d660f..506acd27e4b 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -136,6 +136,6 @@ -

BIND 9.12.2-P1

+

BIND 9.12.3rc1

diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index e77d89cb101..2b6e9a5899f 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -36,7 +36,7 @@

Table of Contents

-
Release Notes for BIND Version 9.12.2-P1
+
Release Notes for BIND Version 9.12.3rc1
Introduction
Download
@@ -52,7 +52,7 @@

-Release Notes for BIND Version 9.12.2-P1

+Release Notes for BIND Version 9.12.3rc1

@@ -162,6 +162,15 @@ necessary.

+
  • +

    + Two new update policy rule types have been added + krb5-selfsub and ms-selfsub + which allow machines with Kerberos principals to update + the name space at or below the machine names identified + in the respective principals. +

    +

    • @@ -183,20 +192,39 @@ with IDN support.

    +
  • +

    + The rndc nta command could not differentiate + between views of the same name but different class; this + has been corrected with the addition of a -class + option. [GL #105] +

    +

    • Bug Fixes

    -
    • +
        +
      • +

        + When a negative trust anchor was added to multiple views + using rndc nta, the text returned via + rndc was incorrectly truncated after the + first line, making it appear that only one NTA had been + added. This has been fixed. [GL #105] +

        +
        • +

      • named now rejects excessively large incremental (IXFR) zone transfers in order to prevent possible corruption of journal files which could cause named to abort when loading zones. [GL #339]

        -
      +
      • +
    @@ -268,6 +296,6 @@
    -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index 6a4a38be036..c376367f418 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -148,6 +148,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html index e254aca8521..cf6a6787a90 100644 --- a/doc/arm/Bv9ARM.ch10.html +++ b/doc/arm/Bv9ARM.ch10.html @@ -914,6 +914,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html index eb736a10b3d..d181ce18b45 100644 --- a/doc/arm/Bv9ARM.ch11.html +++ b/doc/arm/Bv9ARM.ch11.html @@ -533,6 +533,6 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html index 9d7453bbca5..52980bd389c 100644 --- a/doc/arm/Bv9ARM.ch12.html +++ b/doc/arm/Bv9ARM.ch12.html @@ -210,6 +210,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index a85c7be427c..80b4fb12160 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -32,7 +32,7 @@

    BIND 9 Administrator Reference Manual

    -

    BIND Version 9.12.2-P1

    +

    BIND Version 9.12.3rc1

    Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")

    @@ -234,7 +234,7 @@
    A. Release Notes
    -
    Release Notes for BIND Version 9.12.2-P1
    +
    Release Notes for BIND Version 9.12.3rc1
    Introduction
    Download
    @@ -429,6 +429,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf index 5acb000ab61..03707ebb87a 100644 Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 6eaf714dfaf..1fca0e9f14b 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -90,6 +90,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 0a795d5b66f..58718afe000 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -235,6 +235,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index 2949a4a823f..413f2af3eb3 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -625,6 +625,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index 6242459301a..8ab737d718e 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -1121,6 +1121,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-cds.html b/doc/arm/man.dnssec-cds.html index 37a2aa9eee7..9a27c357a49 100644 --- a/doc/arm/man.dnssec-cds.html +++ b/doc/arm/man.dnssec-cds.html @@ -376,6 +376,6 @@ nsupdate -l -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index 713fd2a3ced..161a891476e 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -150,6 +150,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index 3a6d64fc9f9..8e4188dcd09 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -270,6 +270,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index aefa5c09701..1893966a63d 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -289,6 +289,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html index cf3e4fad811..476eff01e3e 100644 --- a/doc/arm/man.dnssec-importkey.html +++ b/doc/arm/man.dnssec-importkey.html @@ -250,6 +250,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 7d9971e6b91..b2e3ee92ce2 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -498,6 +498,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 5ea71887777..30c7ac75eb7 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -596,6 +596,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-keymgr.html b/doc/arm/man.dnssec-keymgr.html index 6a796ad693e..2239e87c612 100644 --- a/doc/arm/man.dnssec-keymgr.html +++ b/doc/arm/man.dnssec-keymgr.html @@ -398,6 +398,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index b4032f4578a..3ebcb8a4c06 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -171,6 +171,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index c17f85d06d8..5dbf73962d2 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -349,6 +349,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index d8456483cf8..aa64191bb46 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -725,6 +725,6 @@ db.example.com.signed -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index 727d15fd98e..700af92034e 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -202,6 +202,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html index 521123e9882..a1f3ac76fc5 100644 --- a/doc/arm/man.dnstap-read.html +++ b/doc/arm/man.dnstap-read.html @@ -143,6 +143,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index af2aba6ca60..55cec24dec9 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -126,6 +126,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index 88ddf6ebd94..d7d81b5311d 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -375,6 +375,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html index 784f76412da..cb1e8052a3c 100644 --- a/doc/arm/man.mdig.html +++ b/doc/arm/man.mdig.html @@ -610,6 +610,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index f14fc3f5ec2..061f9ecba66 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -200,6 +200,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 2f3969c7e7c..14fdcaa9d3b 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -463,6 +463,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 5f618002dfe..f0dde8aa238 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -117,6 +117,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html index 9d64fa97cc8..4fff46ad2ea 100644 --- a/doc/arm/man.named-nzd2nzf.html +++ b/doc/arm/man.named-nzd2nzf.html @@ -119,6 +119,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index bc931287e6f..db1512e08e4 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -121,6 +121,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index 1cb2d5dc96f..b12fb04d6cc 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -894,10 +894,10 @@ view     | slave | static-stub | stub );
    update-check-ksk boolean;
    update-policy ( local | { ( deny | grant ) string (
    -     6to4-self | external | krb5-self | krb5-subdomain |
    -     ms-self | ms-subdomain | name | self | selfsub |
    -     selfwild | subdomain | tcp-self | wildcard | zonesub )
    -     [ string ] rrtypelist; ... };
    +     6to4-self | external | krb5-self | krb5-selfsub |
    +     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
    +     name | self | selfsub | selfwild | subdomain | tcp-self
    +     | wildcard | zonesub ) [ string ] rrtypelist; ... };
    use-alt-transfer-source boolean;
    zero-no-soa-ttl boolean;
    zone-statistics ( full | terse | none | boolean );
    @@ -996,9 +996,10 @@ zone     | static-stub | stub );
    update-check-ksk boolean;
    update-policy ( local | { ( deny | grant ) string ( 6to4-self |
    -     external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
    -     | name | self | selfsub | selfwild | subdomain | tcp-self |
    -     wildcard | zonesub ) [ string ] rrtypelist; ... };
    +     external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
    +     | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
    +     | subdomain | tcp-self | wildcard | zonesub ) [ string ]
    +     rrtypelist; ... };
    use-alt-transfer-source boolean;
    zero-no-soa-ttl boolean;
    zone-statistics ( full | terse | none | boolean );
    @@ -1055,6 +1056,6 @@ zone -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index 7e86f7e0ebb..2b5366b037f 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -492,6 +492,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index bee43623215..13f57531f36 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -155,6 +155,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html index 56e344c99af..fb2ec0c3536 100644 --- a/doc/arm/man.nslookup.html +++ b/doc/arm/man.nslookup.html @@ -420,6 +420,6 @@ nslookup -query=hinfo -timeout=10 -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 4cc4dc0da1e..4d77ee6c4b3 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -832,6 +832,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html index 89917984d9e..a8851877338 100644 --- a/doc/arm/man.pkcs11-destroy.html +++ b/doc/arm/man.pkcs11-destroy.html @@ -162,6 +162,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html index c608f9cdb3d..ef343260bfb 100644 --- a/doc/arm/man.pkcs11-keygen.html +++ b/doc/arm/man.pkcs11-keygen.html @@ -200,6 +200,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html index 816f0448cfa..1a56078e44a 100644 --- a/doc/arm/man.pkcs11-list.html +++ b/doc/arm/man.pkcs11-list.html @@ -158,6 +158,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html index d0a345a1a05..5f02d11274e 100644 --- a/doc/arm/man.pkcs11-tokens.html +++ b/doc/arm/man.pkcs11-tokens.html @@ -123,6 +123,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 426b077109c..3dda8364c3f 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -276,6 +276,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index bdfcfaa9876..ac8323b4652 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -268,6 +268,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 4f98f093305..60f2d4285ec 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -500,7 +500,7 @@

    nta - [( -d | -f | -r | -l duration)] + [( -class class | -dump | -force | -remove | -lifetime duration)] domain [view]
    @@ -548,7 +548,7 @@ is equivalent to -remove.

    - If -dump is used, any other arguments + If the -dump is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up). @@ -565,10 +565,15 @@ lifetime, regardless of whether data could be validated if the NTA were not present.

    +

    + The view class can be specified with -class. + The default is class IN, which is + the only class for which DNSSEC is currently supported. +

    All of these options can be shortened, i.e., to -l, -r, -d, - and -f. + -f, and -c.

    querylog [ on | off ]
    @@ -1010,6 +1015,6 @@ -

    BIND 9.12.2-P1

    +

    BIND 9.12.3rc1

    diff --git a/doc/arm/master.zoneopt.xml b/doc/arm/master.zoneopt.xml index f68ace8b982..792265312fe 100644 --- a/doc/arm/master.zoneopt.xml +++ b/doc/arm/master.zoneopt.xml @@ -62,7 +62,7 @@ sig-signing-type integer; sig-validity-interval integer [ integer ]; update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; + update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); }; diff --git a/doc/arm/notes.html b/doc/arm/notes.html index 4482f7ca3f6..e62dd59acf3 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -15,7 +15,7 @@

    -Release Notes for BIND Version 9.12.2-P1

    +Release Notes for BIND Version 9.12.3rc1

    @@ -125,6 +125,15 @@ necessary.

    +
  • +

    + Two new update policy rule types have been added + krb5-selfsub and ms-selfsub + which allow machines with Kerberos principals to update + the name space at or below the machine names identified + in the respective principals. +

    +

    • @@ -146,20 +155,39 @@ with IDN support.

    +
  • +

    + The rndc nta command could not differentiate + between views of the same name but different class; this + has been corrected with the addition of a -class + option. [GL #105] +

    +

    • Bug Fixes

    -
    • +
        +
      • +

        + When a negative trust anchor was added to multiple views + using rndc nta, the text returned via + rndc was incorrectly truncated after the + first line, making it appear that only one NTA had been + added. This has been fixed. [GL #105] +

        +
        • +

      • named now rejects excessively large incremental (IXFR) zone transfers in order to prevent possible corruption of journal files which could cause named to abort when loading zones. [GL #339]

        -
      +
      • +
    diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf index 83894bd6246..ec280fbfae6 100644 Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ diff --git a/doc/arm/notes.txt b/doc/arm/notes.txt index b2768b858e1..08edeccd7c9 100644 --- a/doc/arm/notes.txt +++ b/doc/arm/notes.txt @@ -1,4 +1,4 @@ -Release Notes for BIND Version 9.12.2-P1 +Release Notes for BIND Version 9.12.3rc1 Introduction @@ -62,6 +62,11 @@ New Features security mechanism, and should not be disabled unless absolutely necessary. + * Two new update policy rule types have been added krb5-selfsub and + ms-selfsub which allow machines with Kerberos principals to update the + name space at or below the machine names identified in the respective + principals. + Feature Changes * BIND now can be compiled against libidn2 library to add IDNA2008 @@ -71,8 +76,17 @@ Feature Changes * dig +noidnin can be used to disable IDN processing on the input domain name, when BIND is compiled with IDN support. + * The rndc nta command could not differentiate between views of the same + name but different class; this has been corrected with the addition of + a -class option. [GL #105] + Bug Fixes + * When a negative trust anchor was added to multiple views using rndc + nta, the text returned via rndc was incorrectly truncated after the + first line, making it appear that only one NTA had been added. This + has been fixed. [GL #105] + * named now rejects excessively large incremental (IXFR) zone transfers in order to prevent possible corruption of journal files which could cause named to abort when loading zones. [GL #339] diff --git a/doc/misc/master.zoneopt b/doc/misc/master.zoneopt index 7bec788bb65..2f130a2df99 100644 --- a/doc/misc/master.zoneopt +++ b/doc/misc/master.zoneopt @@ -50,7 +50,7 @@ zone [ ] { sig-signing-type ; sig-validity-interval [ ]; update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ; ... }; + update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ; ... }; zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); }; diff --git a/doc/misc/options b/doc/misc/options index 62392b0b917..5e358614f9f 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -807,10 +807,10 @@ view [ ] { | slave | static-stub | stub ); update-check-ksk ; update-policy ( local | { ( deny | grant ) ( - 6to4-self | external | krb5-self | krb5-subdomain | - ms-self | ms-subdomain | name | self | selfsub | - selfwild | subdomain | tcp-self | wildcard | zonesub ) - [ ] ; ... }; + 6to4-self | external | krb5-self | krb5-selfsub | + krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | + name | self | selfsub | selfwild | subdomain | tcp-self + | wildcard | zonesub ) [ ] ; ... }; use-alt-transfer-source ; zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); @@ -909,9 +909,10 @@ zone [ ] { | static-stub | stub ); update-check-ksk ; update-policy ( local | { ( deny | grant ) ( 6to4-self | - external | krb5-self | krb5-subdomain | ms-self | ms-subdomain - | name | self | selfsub | selfwild | subdomain | tcp-self | - wildcard | zonesub ) [ ] ; ... }; + external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self + | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild + | subdomain | tcp-self | wildcard | zonesub ) [ ] + ; ... }; use-alt-transfer-source ; zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); diff --git a/lib/bind9/api b/lib/bind9/api index 915fa662e04..86ee606161c 100644 --- a/lib/bind9/api +++ b/lib/bind9/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1200 -LIBREVISION = 7 +LIBINTERFACE = 1201 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/dns/api b/lib/dns/api index ce582131904..93218ac06d0 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1206 -LIBREVISION = 1 -LIBAGE = 1 +LIBINTERFACE = 1207 +LIBREVISION = 0 +LIBAGE = 0 diff --git a/lib/irs/api b/lib/irs/api index 4f4a04c5013..86ee606161c 100644 --- a/lib/irs/api +++ b/lib/irs/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1200 -LIBREVISION = 2 +LIBINTERFACE = 1201 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isc/api b/lib/isc/api index cfd1d0e3ba6..5c94ca20c7c 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1203 -LIBREVISION = 3 -LIBAGE = 3 +LIBINTERFACE = 1204 +LIBREVISION = 0 +LIBAGE = 0 diff --git a/lib/isccc/api b/lib/isccc/api index 4d31f766d21..86ee606161c 100644 --- a/lib/isccc/api +++ b/lib/isccc/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1200 -LIBREVISION = 1 +LIBINTERFACE = 1201 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isccfg/api b/lib/isccfg/api index 3e53ccbeff4..a814bd38241 100644 --- a/lib/isccfg/api +++ b/lib/isccfg/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1202 -LIBREVISION = 1 -LIBAGE = 2 +LIBINTERFACE = 1203 +LIBREVISION = 0 +LIBAGE = 0 diff --git a/lib/ns/api b/lib/ns/api index 64f06611ef4..248d069594f 100644 --- a/lib/ns/api +++ b/lib/ns/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169 # 9.12: 1200-1299 -LIBINTERFACE = 1204 +LIBINTERFACE = 1205 LIBREVISION = 0 -LIBAGE = 1 +LIBAGE = 0 diff --git a/version b/version index 078865feb07..37af1c9a23a 100644 --- a/version +++ b/version @@ -5,7 +5,7 @@ PRODUCT=BIND DESCRIPTION= MAJORVER=9 MINORVER=12 -PATCHVER=2 -RELEASETYPE=-P +PATCHVER=3 +RELEASETYPE=rc RELEASEVER=1 EXTENSIONS=