From: Tinderbox User Date: Fri, 10 May 2019 04:56:43 +0000 (+0000) Subject: prep 9.11.7 X-Git-Tag: v9.11.7^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d58e36b410eda38ddcbe3db498b95bda849871dd;p=thirdparty%2Fbind9.git prep 9.11.7 --- diff --git a/CHANGES b/CHANGES index 0e96c2bfa34..d9a0054703a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.11.7 released --- + 5233. [bug] Negative trust anchors did not work with "forward only;" to validating resolvers. [GL #997] diff --git a/README b/README index 3b28ae32f7d..45c1f490c8a 100644 --- a/README +++ b/README @@ -265,10 +265,10 @@ BIND 9.11.6 BIND 9.11.6 is a maintenance release, and also addresses the security flaws disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465. -BIND 9.11.6-P1 +BIND 9.11.7 -BIND 9.11.6-P1 addresses the security vulnerability disclosed in -CVE-2018-5743. +BIND 9.11.7 is a maintenance release, and also addresses the security flaw +disclosed in CVE-2018-5743. Building BIND diff --git a/README.md b/README.md index 02cc464b3d2..ea48104e686 100644 --- a/README.md +++ b/README.md @@ -282,10 +282,10 @@ feature: BIND 9.11.6 is a maintenance release, and also addresses the security flaws disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465. -#### BIND 9.11.6-P1 +#### BIND 9.11.7 -BIND 9.11.6-P1 addresses the security vulnerability disclosed in -CVE-2018-5743. +BIND 9.11.7 is a maintenance release, and also addresses the security +flaw disclosed in CVE-2018-5743. ### Building BIND diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 6f8eedb2f0b..a169e62d651 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -39,7 +39,7 @@ dnssec-keygen \- DNSSEC key generation tool .SH "SYNOPSIS" .HP \w'\fBdnssec\-keygen\fR\ 'u -\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name} +\fBdnssec\-keygen\fR [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name} .SH "DESCRIPTION" .PP \fBdnssec\-keygen\fR @@ -50,6 +50,13 @@ The of the key is specified on the command line\&. For DNSSEC keys, this must match the name of the zone for which the key is being generated\&. .SH "OPTIONS" .PP +\-3 +.RS 4 +Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used with an algorithm that has both NSEC and NSEC3 versions, then the NSEC3 version will be used; for example, +\fBdnssec\-keygen \-3a RSASHA1\fR +specifies the NSEC3RSASHA1 algorithm\&. +.RE +.PP \-a \fIalgorithm\fR .RS 4 Selects the cryptographic algorithm\&. For DNSSEC keys, the value of @@ -78,21 +85,9 @@ The key size does not need to be specified if using a default algorithm\&. The d must be used\&. .RE .PP -\-n \fInametype\fR -.RS 4 -Specifies the owner type of the key\&. The value of -\fBnametype\fR -must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&. Defaults to ZONE for DNSKEY generation\&. -.RE -.PP -\-3 -.RS 4 -Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default\&. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 and ED448 algorithms are NSEC3\-capable\&. -.RE -.PP \-C .RS 4 -Compatibility mode: generates an old\-style key, without any metadata\&. By default, +Compatibility mode: generates an old\-style key, without any timing metadata\&. By default, \fBdnssec\-keygen\fR will include the key\*(Aqs creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc)\&. Keys that include this data may be incompatible with older versions of BIND; the \fB\-C\fR @@ -151,9 +146,17 @@ none is the same as leaving it unset\&. .RE .PP +\-n \fInametype\fR +.RS 4 +Specifies the owner type of the key\&. The value of +\fBnametype\fR +must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&. Defaults to ZONE for DNSKEY generation\&. +.RE +.PP \-p \fIprotocol\fR .RS 4 -Sets the protocol value for the generated key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&. +Sets the protocol value for the generated key, for use with +\fB\-T KEY\fR\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&. .RE .PP \-q @@ -196,19 +199,20 @@ Using any TSIG algorithm (HMAC\-* or DH) forces this option to KEY\&. .PP \-t \fItype\fR .RS 4 -Indicates the use of the key\&. +Indicates the use of the key, for use with +\fB\-T KEY\fR\&. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&. .RE .PP -\-v \fIlevel\fR +\-V .RS 4 -Sets the debugging level\&. +Prints version information\&. .RE .PP -\-V +\-v \fIlevel\fR .RS 4 -Prints version information\&. +Sets the debugging level\&. .RE .SH "TIMING OPTIONS" .PP @@ -338,6 +342,10 @@ creates the files Kexample\&.com\&.+003+26160\&.key and Kexample\&.com\&.+003+26160\&.private\&. +.PP +To generate a matching key\-signing key, issue the command: +.PP +\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE \-f KSK example\&.com\fR .SH "SEE ALSO" .PP \fBdnssec-signzone\fR(8), diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 4cdeca62cc2..70f75b8ff2a 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -33,11 +33,10 @@

Synopsis

dnssec-keygen - [-a algorithm] - [-b keysize] - [-n nametype] [-3] [-A date/offset] + [-a algorithm] + [-b keysize] [-C] [-c class] [-D date/offset] @@ -52,6 +51,7 @@ [-K directory] [-k] [-L ttl] + [-n nametype] [-P date/offset] [-P sync date/offset] [-p protocol] @@ -63,7 +63,6 @@ [-t type] [-V] [-v level] - [-z] {name}

@@ -89,6 +88,16 @@
+
-3
+
+

+ Use an NSEC3-capable algorithm to generate a DNSSEC key. + If this option is used with an algorithm that has both + NSEC and NSEC3 versions, then the NSEC3 version will be + used; for example, dnssec-keygen -3a RSASHA1 + specifies the NSEC3RSASHA1 algorithm. +

+
-a algorithm

@@ -139,38 +148,15 @@ must be used.

-
-n nametype
-
-

- Specifies the owner type of the key. The value of - nametype must either be ZONE (for a DNSSEC - zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with - a host (KEY)), - USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). - These values are case insensitive. Defaults to ZONE for DNSKEY - generation. -

-
-
-3
-
-

- Use an NSEC3-capable algorithm to generate a DNSSEC key. - If this option is used and no algorithm is explicitly - set on the command line, NSEC3RSASHA1 will be used by - default. Note that RSASHA256, RSASHA512, ECCGOST, - ECDSAP256SHA256, ECDSAP384SHA384, ED25519 and ED448 - algorithms are NSEC3-capable. -

-
-C

- Compatibility mode: generates an old-style key, without - any metadata. By default, dnssec-keygen - will include the key's creation date in the metadata stored - with the private key, and other dates may be set there as well - (publication date, activation date, etc). Keys that include - this data may be incompatible with older versions of BIND; the + Compatibility mode: generates an old-style key, without any + timing metadata. By default, dnssec-keygen + will include the key's creation date in the metadata stored with + the private key, and other dates may be set there as well + (publication date, activation date, etc). Keys that include this + data may be incompatible with older versions of BIND; the -C option suppresses them.

@@ -250,13 +236,24 @@ or none is the same as leaving it unset.

+
-n nametype
+
+

+ Specifies the owner type of the key. The value of + nametype must either be ZONE (for a DNSSEC + zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated + with a host (KEY)), USER (for a key associated with a + user(KEY)) or OTHER (DNSKEY). These values are case + insensitive. Defaults to ZONE for DNSKEY generation. +

+
-p protocol

- Sets the protocol value for the generated key. The protocol - is a number between 0 and 255. The default is 3 (DNSSEC). - Other possible values for this argument are listed in - RFC 2535 and its successors. + Sets the protocol value for the generated key, for use + with -T KEY. The protocol is a number between 0 + and 255. The default is 3 (DNSSEC). Other possible values for + this argument are listed in RFC 2535 and its successors.

-q
@@ -327,22 +324,23 @@
-t type

- Indicates the use of the key. type must be - one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default - is AUTHCONF. AUTH refers to the ability to authenticate - data, and CONF the ability to encrypt data. + Indicates the use of the key, for use with -T + KEY. type must be one of AUTHCONF, + NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH + refers to the ability to authenticate data, and CONF the ability + to encrypt data.

-
-v level
+
-V

- Sets the debugging level. + Prints version information.

-
-V
+
-v level

- Prints version information. + Sets the debugging level.

@@ -526,6 +524,12 @@ and Kexample.com.+003+26160.private.

+

+ To generate a matching key-signing key, issue the command: +

+

+ dnssec-keygen -a DSA -b 768 -n ZONE -f KSK example.com +

diff --git a/configure b/configure index 3ae0f2210cb..b219e160744 100755 --- a/configure +++ b/configure @@ -971,7 +971,6 @@ infodir docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -1139,7 +1138,6 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1392,15 +1390,6 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1538,7 +1527,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1691,7 +1680,6 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index adc74306673..120ae4f5c41 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -616,6 +616,6 @@
-

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html index 54f42326c30..5e96ea21574 100644 --- a/doc/arm/Bv9ARM.ch02.html +++ b/doc/arm/Bv9ARM.ch02.html @@ -151,6 +151,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 777fd4e5739..4313d192487 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -759,6 +759,6 @@ controls { -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 9ec539676c3..6401c9ea685 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index 2d09741b770..d03d0cbbc50 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -142,6 +142,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 7facb4d5b7f..f7c381acf13 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -3401,6 +3401,12 @@ options { by the disable-algorithms will be treated as insecure.

+

+ Configured trust anchors in trusted-keys + or managed-keys that match a disabled + algorithm will be ignored and treated as if they were not + configured at all. +

disable-ds-digests
@@ -7870,7 +7876,7 @@ deny-answer-aliases { "example.net"; }; The empty set of resource records is specified by CNAME whose target is the wildcard top-level domain (*.). - It rewrites the response to NODATA or ANCOUNT=1. + It rewrites the response to NODATA or ANCOUNT=0.

Local Data
@@ -14677,6 +14683,6 @@ HOST-127.EXAMPLE. MX 0 . -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index d3d729a6275..46a0eca3f48 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -399,6 +399,6 @@ allow-query { !{ !10/8; any; }; key example; }; -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index 220f0c93bc3..a7d6b718f8e 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -136,6 +136,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index 8687123d3c8..77d27ecba98 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -36,12 +36,11 @@

Table of Contents

-
Release Notes for BIND Version 9.11.6-P1
+
Release Notes for BIND Version 9.11.7
Introduction
Download
License Change
-
Legacy Windows No Longer Supported
Security Fixes
New Features
Feature Changes
@@ -53,16 +52,19 @@

-Release Notes for BIND Version 9.11.6-P1

+Release Notes for BIND Version 9.11.7

Introduction

- This document summarizes changes since the last production - release on the BIND 9.11 (Extended Support Version) branch. - Please see the CHANGES file for a further - list of bug fixes and other changes. + BIND 9.11 (Extended Support Version) is a stable branch of BIND. + This document summarizes significant changes since the last + production release on that branch. +

+

+ Please see the file CHANGES for a more + detailed list of changes and bug fixes.

@@ -110,16 +112,6 @@

-Legacy Windows No Longer Supported

-

- As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported - platforms for BIND; "XP" binaries are no longer available for download - from ISC. -

-
- -
-

Security Fixes

  • @@ -146,7 +138,19 @@ Feature Changes

@@ -201,6 +205,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html index 6deb971740b..22182e36925 100644 --- a/doc/arm/Bv9ARM.ch10.html +++ b/doc/arm/Bv9ARM.ch10.html @@ -148,6 +148,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html index e258d65d496..ec683f3f6b4 100644 --- a/doc/arm/Bv9ARM.ch11.html +++ b/doc/arm/Bv9ARM.ch11.html @@ -914,6 +914,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html index 490e9114a42..76b794f372b 100644 --- a/doc/arm/Bv9ARM.ch12.html +++ b/doc/arm/Bv9ARM.ch12.html @@ -533,6 +533,6 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html index 7ed047ecabd..cc40a3440ab 100644 --- a/doc/arm/Bv9ARM.ch13.html +++ b/doc/arm/Bv9ARM.ch13.html @@ -213,6 +213,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index 9f4a4e6e357..103caa829d5 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -32,7 +32,7 @@

BIND 9 Administrator Reference Manual

-

BIND Version 9.11.6-P1

+

BIND Version 9.11.7

Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")

@@ -241,12 +241,11 @@
A. Release Notes
-
Release Notes for BIND Version 9.11.6-P1
+
Release Notes for BIND Version 9.11.7
Introduction
Download
License Change
-
Legacy Windows No Longer Supported
Security Fixes
New Features
Feature Changes
@@ -442,6 +441,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf index d50717baebc..99ece4db6cc 100644 Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 395bad2b63d..3dcc89f11de 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -91,6 +91,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 205b2effc71..542af798b85 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -236,6 +236,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index b71019e7542..54f43bdcf1a 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -624,6 +624,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index f30a4ade877..b6a0098e1e6 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -1128,6 +1128,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index 3a6e175b6cd..ef03080bd0f 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -148,6 +148,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index be9478b4b64..d8a2f17908a 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -270,6 +270,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index c06a3560219..8e55ec93250 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -352,6 +352,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html index f350497e5e7..db9f9e226e3 100644 --- a/doc/arm/man.dnssec-importkey.html +++ b/doc/arm/man.dnssec-importkey.html @@ -250,6 +250,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index a936dd702ae..e0a8676c961 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -492,6 +492,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index dfb51c0d05d..ef6522095d7 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -51,11 +51,10 @@

Synopsis

dnssec-keygen - [-a algorithm] - [-b keysize] - [-n nametype] [-3] [-A date/offset] + [-a algorithm] + [-b keysize] [-C] [-c class] [-D date/offset] @@ -70,6 +69,7 @@ [-K directory] [-k] [-L ttl] + [-n nametype] [-P date/offset] [-P sync date/offset] [-p protocol] @@ -81,7 +81,6 @@ [-t type] [-V] [-v level] - [-z] {name}

@@ -107,6 +106,16 @@
+
-3
+
+

+ Use an NSEC3-capable algorithm to generate a DNSSEC key. + If this option is used with an algorithm that has both + NSEC and NSEC3 versions, then the NSEC3 version will be + used; for example, dnssec-keygen -3a RSASHA1 + specifies the NSEC3RSASHA1 algorithm. +

+
-a algorithm

@@ -157,38 +166,15 @@ must be used.

-
-n nametype
-
-

- Specifies the owner type of the key. The value of - nametype must either be ZONE (for a DNSSEC - zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with - a host (KEY)), - USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). - These values are case insensitive. Defaults to ZONE for DNSKEY - generation. -

-
-
-3
-
-

- Use an NSEC3-capable algorithm to generate a DNSSEC key. - If this option is used and no algorithm is explicitly - set on the command line, NSEC3RSASHA1 will be used by - default. Note that RSASHA256, RSASHA512, ECCGOST, - ECDSAP256SHA256, ECDSAP384SHA384, ED25519 and ED448 - algorithms are NSEC3-capable. -

-
-C

- Compatibility mode: generates an old-style key, without - any metadata. By default, dnssec-keygen - will include the key's creation date in the metadata stored - with the private key, and other dates may be set there as well - (publication date, activation date, etc). Keys that include - this data may be incompatible with older versions of BIND; the + Compatibility mode: generates an old-style key, without any + timing metadata. By default, dnssec-keygen + will include the key's creation date in the metadata stored with + the private key, and other dates may be set there as well + (publication date, activation date, etc). Keys that include this + data may be incompatible with older versions of BIND; the -C option suppresses them.

@@ -268,13 +254,24 @@ or none is the same as leaving it unset.

+
-n nametype
+
+

+ Specifies the owner type of the key. The value of + nametype must either be ZONE (for a DNSSEC + zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated + with a host (KEY)), USER (for a key associated with a + user(KEY)) or OTHER (DNSKEY). These values are case + insensitive. Defaults to ZONE for DNSKEY generation. +

+
-p protocol

- Sets the protocol value for the generated key. The protocol - is a number between 0 and 255. The default is 3 (DNSSEC). - Other possible values for this argument are listed in - RFC 2535 and its successors. + Sets the protocol value for the generated key, for use + with -T KEY. The protocol is a number between 0 + and 255. The default is 3 (DNSSEC). Other possible values for + this argument are listed in RFC 2535 and its successors.

-q
@@ -345,22 +342,23 @@
-t type

- Indicates the use of the key. type must be - one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default - is AUTHCONF. AUTH refers to the ability to authenticate - data, and CONF the ability to encrypt data. + Indicates the use of the key, for use with -T + KEY. type must be one of AUTHCONF, + NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH + refers to the ability to authenticate data, and CONF the ability + to encrypt data.

-
-v level
+
-V

- Sets the debugging level. + Prints version information.

-
-V
+
-v level

- Prints version information. + Sets the debugging level.

@@ -544,6 +542,12 @@ and Kexample.com.+003+26160.private.

+

+ To generate a matching key-signing key, issue the command: +

+

+ dnssec-keygen -a DSA -b 768 -n ZONE -f KSK example.com +

@@ -579,6 +583,6 @@
-

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-keymgr.html b/doc/arm/man.dnssec-keymgr.html index fc348c2c983..c3ec5067d2f 100644 --- a/doc/arm/man.dnssec-keymgr.html +++ b/doc/arm/man.dnssec-keymgr.html @@ -416,6 +416,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index e9087374cbf..16cc499d072 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -171,6 +171,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index c5dc1af9232..7bd55b623c4 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -349,6 +349,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index 35948273b26..6d223783e3c 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -708,6 +708,6 @@ db.example.com.signed -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index 63b948a9d34..a4cc0d75d89 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -202,6 +202,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html index 59f3271ebe7..d8a75d104b5 100644 --- a/doc/arm/man.dnstap-read.html +++ b/doc/arm/man.dnstap-read.html @@ -134,6 +134,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index f68c808795b..6740a12af91 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -127,6 +127,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index 1c7d82203df..fa69269bdb5 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -366,6 +366,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 65ebc3f4f38..3d4c57d49e9 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -126,6 +126,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html index a5c57babb7d..4737e823ae5 100644 --- a/doc/arm/man.lwresd.html +++ b/doc/arm/man.lwresd.html @@ -329,6 +329,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html index 8fcfa030ee1..ad7aa9b5330 100644 --- a/doc/arm/man.mdig.html +++ b/doc/arm/man.mdig.html @@ -609,6 +609,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index 3f4e73b4616..e36e952680c 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -192,6 +192,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 443a6c614c5..bc3f77bac72 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -463,6 +463,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 889ddceebde..fc608e46626 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -117,6 +117,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html index 0927aaa532f..7f327aeca97 100644 --- a/doc/arm/man.named-nzd2nzf.html +++ b/doc/arm/man.named-nzd2nzf.html @@ -119,6 +119,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index 395eca2d5e8..326ec75f4f6 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -121,6 +121,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index fcb3df6eadb..f25dc388af0 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -1034,6 +1034,6 @@ zone -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index dbb82c356eb..cb28d2b8c34 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -490,6 +490,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index ac3aaea47e6..28f1b5e85e1 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -131,6 +131,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html index 7edcd76db30..1784785b886 100644 --- a/doc/arm/man.nslookup.html +++ b/doc/arm/man.nslookup.html @@ -436,6 +436,6 @@ nslookup -query=hinfo -timeout=10 -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 7a6273954da..ebc40ff0896 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -817,6 +817,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html index 7ec83807432..c5ae74486e1 100644 --- a/doc/arm/man.pkcs11-destroy.html +++ b/doc/arm/man.pkcs11-destroy.html @@ -162,6 +162,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html index 289fdc56275..ff84c51b5b9 100644 --- a/doc/arm/man.pkcs11-keygen.html +++ b/doc/arm/man.pkcs11-keygen.html @@ -200,6 +200,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html index d75d76699b9..fe71c60fb14 100644 --- a/doc/arm/man.pkcs11-list.html +++ b/doc/arm/man.pkcs11-list.html @@ -158,6 +158,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html index 33cf80705a7..981f7fbec8f 100644 --- a/doc/arm/man.pkcs11-tokens.html +++ b/doc/arm/man.pkcs11-tokens.html @@ -119,6 +119,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 2d0fd79ddd8..8cbc630545e 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -277,6 +277,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index fd0525103df..1eb437e376d 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -268,6 +268,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 1dd2e9260c7..f78c8e9b37b 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -894,6 +894,6 @@ -

BIND 9.11.6-P1 (Extended Support Version)

+

BIND 9.11.7 (Extended Support Version)

diff --git a/doc/arm/notes.html b/doc/arm/notes.html index abb0ef6fcaa..d63bb3def92 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -15,16 +15,19 @@

-Release Notes for BIND Version 9.11.6-P1

+Release Notes for BIND Version 9.11.7

Introduction

- This document summarizes changes since the last production - release on the BIND 9.11 (Extended Support Version) branch. - Please see the CHANGES file for a further - list of bug fixes and other changes. + BIND 9.11 (Extended Support Version) is a stable branch of BIND. + This document summarizes significant changes since the last + production release on that branch. +

+

+ Please see the file CHANGES for a more + detailed list of changes and bug fixes.

@@ -72,16 +75,6 @@

-Legacy Windows No Longer Supported

-

- As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported - platforms for BIND; "XP" binaries are no longer available for download - from ISC. -

-
- -
-

Security Fixes

  • @@ -108,7 +101,19 @@ Feature Changes

  • - None. + When trusted-keys and + managed-keys are both configured for the + same name, or when trusted-keys is used to + configure a trust anchor for the root zone and + dnssec-validation is set to + auto, automatic RFC 5011 key + rollovers will fail. +

    +

    + This combination of settings was never intended to work, + but there was no check for it in the parser. This has been + corrected; a warning is now logged. (In BIND 9.15 and + higher this error will be fatal.) [GL #868]

diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf index e7c9babe3b6..bcabafab22b 100644 Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ diff --git a/doc/arm/notes.txt b/doc/arm/notes.txt index 6f2ad74bf41..aecfb96a965 100644 --- a/doc/arm/notes.txt +++ b/doc/arm/notes.txt @@ -1,10 +1,13 @@ -Release Notes for BIND Version 9.11.6-P1 +Release Notes for BIND Version 9.11.7 Introduction -This document summarizes changes since the last production release on the -BIND 9.11 (Extended Support Version) branch. Please see the CHANGES file -for a further list of bug fixes and other changes. +BIND 9.11 (Extended Support Version) is a stable branch of BIND. This +document summarizes significant changes since the last production release +on that branch. + +Please see the file CHANGES for a more detailed list of changes and bug +fixes. Download @@ -33,12 +36,6 @@ Those unsure whether or not the license change affects their use of BIND, or who wish to discuss how to comply with the license may contact ISC at https://www.isc.org/mission/contact/. -Legacy Windows No Longer Supported - -As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported -platforms for BIND; "XP" binaries are no longer available for download -from ISC. - Security Fixes * The TCP client quota set using the tcp-clients option could be @@ -51,7 +48,15 @@ New Features Feature Changes - * None. + * When trusted-keys and managed-keys are both configured for the same + name, or when trusted-keys is used to configure a trust anchor for the + root zone and dnssec-validation is set to auto, automatic RFC 5011 key + rollovers will fail. + + This combination of settings was never intended to work, but there was + no check for it in the parser. This has been corrected; a warning is + now logged. (In BIND 9.15 and higher this error will be fatal.) [GL # + 868] Bug Fixes diff --git a/lib/bind9/api b/lib/bind9/api index 060936fe15b..2fbdc78024e 100644 --- a/lib/bind9/api +++ b/lib/bind9/api @@ -9,5 +9,5 @@ # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 LIBINTERFACE = 161 -LIBREVISION = 1 +LIBREVISION = 2 LIBAGE = 0 diff --git a/lib/dns/api b/lib/dns/api index 2edf29de3a8..ba00d7368c5 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1105 +LIBINTERFACE = 1106 LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isc/api b/lib/isc/api index 9d5a98d20cc..13ceae1114c 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1101 +LIBINTERFACE = 1102 LIBREVISION = 0 -LIBAGE = 1 +LIBAGE = 2 diff --git a/version b/version index 1fab3bb5024..9584d345fd4 100644 --- a/version +++ b/version @@ -5,7 +5,7 @@ PRODUCT=BIND DESCRIPTION="(Extended Support Version)" MAJORVER=9 MINORVER=11 -PATCHVER=6 -RELEASETYPE=-P -RELEASEVER=1 +PATCHVER=7 +RELEASETYPE= +RELEASEVER= EXTENSIONS=