+ --- 9.11.5rc1 released ---
+
5038. [bug] Chaosnet addresses were compared incorrectly.
[GL #562]
BIND 9.11.4 is a maintenance release, and addresses the security flaw
disclosed in CVE-2018-5738.
+BIND 9.11.5
+
+BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741 by
+correcting faulty documentation and introducing the following new feature:
+
+ * New krb5-selfsub and ms-selfsub rule types for update-policy
+ statements allow updating of subdomains based on a Kerberos or Active
+ Directory machine principal.
+
Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
BIND 9.11.4 is a maintenance release, and addresses the security flaw
disclosed in CVE-2018-5738.
+#### BIND 9.11.5
+
+BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741
+by correcting faulty documentation and introducing the following new
+feature:
+
+* New `krb5-selfsub` and `ms-selfsub` rule types for `update-policy`
+ statements allow updating of subdomains based on a Kerberos or
+ Active Directory machine principal.
+
### <a name="build"/> Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
| slave | static\-stub | stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR (
- 6to4\-self | external | krb5\-self | krb5\-subdomain |
- ms\-self | ms\-subdomain | name | self | selfsub |
- selfwild | subdomain | tcp\-self | wildcard | zonesub )
- [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
+ 6to4\-self | external | krb5\-self | krb5\-selfsub |
+ krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp\-self
+ | wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR );
| static\-stub | stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self |
- external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain
- | name | self | selfsub | selfwild | subdomain | tcp\-self |
- wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
+ external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self
+ | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ]
+ \fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR );
| slave | static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> (
- 6to4-self | external | krb5-self | krb5-subdomain |
- ms-self | ms-subdomain | name | self | selfsub |
- selfwild | subdomain | tcp-self | wildcard | zonesub )
- [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
+ 6to4-self | external | krb5-self | krb5-selfsub |
+ krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp-self
+ | wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
| static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
- external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
- | name | self | selfsub | selfwild | subdomain | tcp-self |
- wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
+ external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+ | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ]
+ <replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
    | slave | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> (<br>
-     6to4-self | external | krb5-self | krb5-subdomain |<br>
-     ms-self | ms-subdomain | name | self | selfsub |<br>
-     selfwild | subdomain | tcp-self | wildcard | zonesub )<br>
-     [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+     6to4-self | external | krb5-self | krb5-selfsub |<br>
+     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |<br>
+     name | self | selfsub | selfwild | subdomain | tcp-self<br>
+     | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
    | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
-     external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>
-     | name | self | selfsub | selfwild | subdomain | tcp-self |<br>
-     wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+     external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self<br>
+     | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild<br>
+     | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ]<br>
+     <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
\fBrndc trace\fR\&.
.RE
.PP
-\fBnta \fR\fB[( \-d | \-f | \-r | \-l \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR
+\fBnta \fR\fB[( \-class \fIclass\fR | \-dump | \-force | \-remove | \-lifetime \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR
.RS 4
Sets a DNSSEC negative trust anchor (NTA) for
\fBdomain\fR, with a lifetime of
to zero is equivalent to
\fB\-remove\fR\&.
.sp
-If
+If the
\fB\-dump\fR
is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up)\&.
.sp
\fB\-force\fR
overrides this behavior and forces an NTA to persist for its entire lifetime, regardless of whether data could be validated if the NTA were not present\&.
.sp
+The view class can be specified with
+\fB\-class\fR\&. The default is class
+\fBIN\fR, which is the only class for which DNSSEC is currently supported\&.
+.sp
All of these options can be shortened, i\&.e\&., to
\fB\-l\fR,
\fB\-r\fR,
-\fB\-d\fR, and
-\fB\-f\fR\&.
+\fB\-d\fR,
+\fB\-f\fR, and
+\fB\-c\fR\&.
.RE
.PP
\fBquerylog\fR [ on | off ]
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>nta
- [<span class="optional">( -d | -f | -r | -l <em class="replaceable"><code>duration</code></em>)</span>]
+ [<span class="optional">( -class <em class="replaceable"><code>class</code></em> | -dump | -force | -remove | -lifetime <em class="replaceable"><code>duration</code></em>)</span>]
<em class="replaceable"><code>domain</code></em>
[<span class="optional"><em class="replaceable"><code>view</code></em></span>]
</code></strong></span></dt>
is equivalent to <code class="option">-remove</code>.
</p>
<p>
- If <code class="option">-dump</code> is used, any other arguments
+ If the <code class="option">-dump</code> is used, any other arguments
are ignored, and a list of existing NTAs is printed
(note that this may include NTAs that are expired but
have not yet been cleaned up).
lifetime, regardless of whether data could be
validated if the NTA were not present.
</p>
+ <p>
+ The view class can be specified with <code class="option">-class</code>.
+ The default is class <strong class="userinput"><code>IN</code></strong>, which is
+ the only class for which DNSSEC is currently supported.
+ </p>
<p>
All of these options can be shortened, i.e., to
<code class="option">-l</code>, <code class="option">-r</code>, <code class="option">-d</code>,
- and <code class="option">-f</code>.
+ <code class="option">-f</code>, and <code class="option">-c</code>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional"> on | off </span>] </span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
<span class="command"><strong>slave</strong></span> zones respectively.
It is off by default.
</p>
+ <p>
+ Note: if inline signing is enabled for a zone, the
+ user-provided <span class="command"><strong>ixfr-from-differences</strong></span>
+ setting is ignored for that zone.
+ </p>
</dd>
<dt><span class="term"><span class="command"><strong>multi-master</strong></span></span></dt>
<dd>
<span class="command"><strong>sig-signing-type</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>sig-validity-interval</strong></span> <em class="replaceable"><code>integer</code></em> [ <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>update-check-ksk</strong></span> <em class="replaceable"><code>boolean</code></em>;
- <span class="command"><strong>update-policy</strong></span> ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };
+ <span class="command"><strong>update-policy</strong></span> ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };
<span class="command"><strong>zero-no-soa-ttl</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>zone-statistics</strong></span> ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );
};
has been used to create a shared secret, the identity of
the key used to authenticate the TKEY exchange will be
used as the identity of the shared secret. Some rule types
- use indentities matching the client's Kerberos principal
+ use identities matching the client's Kerberos principal
(e.g, <strong class="userinput"><code>"host/machine@REALM"</code></strong>) or
Windows realm (<strong class="userinput"><code>machine$@REALM</code></strong>).
</p>
the rules are checked for each existing record type.
</p>
<p>
- The <em class="replaceable"><code>ruletype</code></em> field has 13
+ The <em class="replaceable"><code>ruletype</code></em> field has 16
values:
<code class="varname">name</code>, <code class="varname">subdomain</code>,
<code class="varname">wildcard</code>, <code class="varname">self</code>,
<code class="varname">selfsub</code>, <code class="varname">selfwild</code>,
<code class="varname">krb5-self</code>, <code class="varname">ms-self</code>,
+ <code class="varname">krb5-selfsub</code>, <code class="varname">ms-selfsub</code>,
<code class="varname">krb5-subdomain</code>,
<code class="varname">ms-subdomain</code>,
<code class="varname">tcp-self</code>, <code class="varname">6to4-self</code>,
</td>
<td>
<p>
- This rule takes a Windows machine principal
- (machine$@REALM) for machine in REALM and
- and converts it machine.realm allowing the machine
- to update machine.realm. The REALM to be matched
- is specified in the <em class="replaceable"><code>identity</code></em>
- field. The name field should be set to "."
+ When a client sends an UPDATE using a Windows
+ machine principal (for example, 'machine$@REALM'),
+ this rule allows records with the absolute name
+ of 'machine.REALM' to be updated.
+ </p>
+ <p>
+ The realm to be matched is specified in the
+ <em class="replaceable"><code>identity</code></em> field.
+ </p>
+ <p>
+ The <em class="replaceable"><code>name</code></em> field has
+ no effect on this rule; it should be set to "."
+ as a placeholder.
+ </p>
+ <p>
+ For example,
+ <strong class="userinput"><code>grant EXAMPLE.COM ms-self . A AAAA</code></strong>
+ allows any machine with a valid principal in
+ the realm <strong class="userinput"><code>EXAMPLE.COM</code></strong> to update
+ its own address records.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ <code class="varname">ms-selfsub</code>
+ </p>
+ </td>
+<td>
+ <p>
+ This is similar to <span class="command"><strong>ms-self</strong></span>
+ except it also allows updates to any subdomain of
+ the name specified in the Windows machine
+ principal, not just to the name itself.
</p>
</td>
</tr>
</td>
<td>
<p>
- This rule takes a Windows machine principal
- (machine$@REALM) for machine in REALM and
- converts it to machine.realm allowing the machine
- to update subdomains of machine.realm. The REALM
- to be matched is specified in the
+ When a client sends an UPDATE using a Windows
+ machine principal (for example, 'machine$@REALM'),
+ this rule allows any machine in the specified
+ realm to update any record in the zone or in a
+ specified subdomain of the zone.
+ </p>
+ <p>
+ The realm to be matched is specified in the
<em class="replaceable"><code>identity</code></em> field.
</p>
+ <p>
+ The <em class="replaceable"><code>name</code></em> field
+ specifies the subdomain that may be updated.
+ If set to "." (or any other name at or above
+ the zone apex), any name in the zone can be
+ updated.
+ </p>
+ <p>
+ For example, if <span class="command"><strong>update-policy</strong></span>
+ for the zone "example.com" includes
+ <strong class="userinput"><code>grant EXAMPLE.COM ms-subdomain hosts.example.com. A AAAA</code></strong>,
+ any machine with a valid principal in
+ the realm <strong class="userinput"><code>EXAMPLE.COM</code></strong> will
+ be able to update address records at or below
+ "hosts.example.com".
+ </p>
</td>
</tr>
<tr>
</td>
<td>
<p>
- This rule takes a Kerberos machine principal
- (host/machine@REALM) for machine in REALM and
- and converts it machine.realm allowing the machine
- to update machine.realm. The REALM to be matched
- is specified in the <em class="replaceable"><code>identity</code></em>
- field. The name field should be set to "."
+ When a client sends an UPDATE using a
+ Kerberos machine principal (for example,
+ 'host/machine@REALM'), this rule allows
+ records with the absolute name of 'machine'
+ to be updated provided it has been authenticated
+ by REALM. This is similar but not identical
+ to <span class="command"><strong>ms-self</strong></span> due to the
+ 'machine' part of the Kerberos principal
+ being an absolute name instead of a unqualified
+ name.
+ </p>
+ <p>
+ The realm to be matched is specified in the
+ <em class="replaceable"><code>identity</code></em> field.
+ </p>
+ <p>
+ The <em class="replaceable"><code>name</code></em> field has
+ no effect on this rule; it should be set to "."
+ as a placeholder.
+ </p>
+ <p>
+ For example,
+ <strong class="userinput"><code>grant EXAMPLE.COM krb5-self . A AAAA</code></strong>
+ allows any machine with a valid principal in
+ the realm <strong class="userinput"><code>EXAMPLE.COM</code></strong> to update
+ its own address records.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ <code class="varname">krb5-selfsub</code>
+ </p>
+ </td>
+<td>
+ <p>
+ This is similar to <span class="command"><strong>krb5-self</strong></span>
+ except it also allows updates to any subdomain of
+ the name specified in the 'machine' part of the
+ Kerberos principal, not just to the name itself.
</p>
</td>
</tr>
</td>
<td>
<p>
- This rule takes a Kerberos machine principal
- (host/machine@REALM) for machine in REALM and
- converts it to machine.realm allowing the machine
- to update subdomains of machine.realm. The REALM
- to be matched is specified in the
- <em class="replaceable"><code>identity</code></em> field. The
- name field should be set to "."
+ This rule is identical to
+ <span class="command"><strong>ms-subdomain</strong></span>, except that it works
+ with Kerberos machine principals (i.e.,
+ 'host/machine@REALM') rather than Windows machine
+ principals.
</p>
</td>
</tr>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4-P1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.5rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.4-P1</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.5rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
necessary.
</p>
</li>
+<li class="listitem">
+ <p>
+ Two new update policy rule types have been added
+ <span class="command"><strong>krb5-selfsub</strong></span> and <span class="command"><strong>ms-selfsub</strong></span>
+ which allow machines with Kerberos principals to update
+ the name space at or below the machine names identified
+ in the respective principals.
+ </p>
+ </li>
</ul></div>
</div>
matching <span class="command"><strong>cookie-secret</strong></span>.
</p>
</li>
+<li class="listitem">
+ <p>
+ The <span class="command"><strong>rndc nta</strong></span> command could not differentiate
+ between views of the same name but different class; this
+ has been corrected with the addition of a <span class="command"><strong>-class</strong></span>
+ option. [GL #105]
+ </p>
+ </li>
</ul></div>
</div>
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ When a negative trust anchor was added to multiple views
+ using <span class="command"><strong>rndc nta</strong></span>, the text returned via
+ <span class="command"><strong>rndc</strong></span> was incorrectly truncated after the
+ first line, making it appear that only one NTA had been
+ added. This has been fixed. [GL #105]
+ </p>
+ </li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> now rejects excessively large
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.11.4-P1</p></div>
+<div><p class="releaseinfo">BIND Version 9.11.5rc1</p></div>
<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4-P1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.5rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
    | slave | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> (<br>
-     6to4-self | external | krb5-self | krb5-subdomain |<br>
-     ms-self | ms-subdomain | name | self | selfsub |<br>
-     selfwild | subdomain | tcp-self | wildcard | zonesub )<br>
-     [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+     6to4-self | external | krb5-self | krb5-selfsub |<br>
+     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |<br>
+     name | self | selfsub | selfwild | subdomain | tcp-self<br>
+     | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
    | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
-     external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>
-     | name | self | selfsub | selfwild | subdomain | tcp-self |<br>
-     wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+     external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self<br>
+     | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild<br>
+     | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ]<br>
+     <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>nta
- [<span class="optional">( -d | -f | -r | -l <em class="replaceable"><code>duration</code></em>)</span>]
+ [<span class="optional">( -class <em class="replaceable"><code>class</code></em> | -dump | -force | -remove | -lifetime <em class="replaceable"><code>duration</code></em>)</span>]
<em class="replaceable"><code>domain</code></em>
[<span class="optional"><em class="replaceable"><code>view</code></em></span>]
</code></strong></span></dt>
is equivalent to <code class="option">-remove</code>.
</p>
<p>
- If <code class="option">-dump</code> is used, any other arguments
+ If the <code class="option">-dump</code> is used, any other arguments
are ignored, and a list of existing NTAs is printed
(note that this may include NTAs that are expired but
have not yet been cleaned up).
lifetime, regardless of whether data could be
validated if the NTA were not present.
</p>
+ <p>
+ The view class can be specified with <code class="option">-class</code>.
+ The default is class <strong class="userinput"><code>IN</code></strong>, which is
+ the only class for which DNSSEC is currently supported.
+ </p>
<p>
All of these options can be shortened, i.e., to
<code class="option">-l</code>, <code class="option">-r</code>, <code class="option">-d</code>,
- and <code class="option">-f</code>.
+ <code class="option">-f</code>, and <code class="option">-c</code>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional"> on | off </span>] </span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>
<command>sig-signing-type</command> <replaceable>integer</replaceable>;
<command>sig-validity-interval</command> <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
<command>update-check-ksk</command> <replaceable>boolean</replaceable>;
- <command>update-policy</command> ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
+ <command>update-policy</command> ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
<command>zero-no-soa-ttl</command> <replaceable>boolean</replaceable>;
<command>zone-statistics</command> ( full | terse | none | <replaceable>boolean</replaceable> );
};
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.11.4-P1</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.11.5rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
necessary.
</p>
</li>
+<li class="listitem">
+ <p>
+ Two new update policy rule types have been added
+ <span class="command"><strong>krb5-selfsub</strong></span> and <span class="command"><strong>ms-selfsub</strong></span>
+ which allow machines with Kerberos principals to update
+ the name space at or below the machine names identified
+ in the respective principals.
+ </p>
+ </li>
</ul></div>
</div>
matching <span class="command"><strong>cookie-secret</strong></span>.
</p>
</li>
+<li class="listitem">
+ <p>
+ The <span class="command"><strong>rndc nta</strong></span> command could not differentiate
+ between views of the same name but different class; this
+ has been corrected with the addition of a <span class="command"><strong>-class</strong></span>
+ option. [GL #105]
+ </p>
+ </li>
</ul></div>
</div>
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ When a negative trust anchor was added to multiple views
+ using <span class="command"><strong>rndc nta</strong></span>, the text returned via
+ <span class="command"><strong>rndc</strong></span> was incorrectly truncated after the
+ first line, making it appear that only one NTA had been
+ added. This has been fixed. [GL #105]
+ </p>
+ </li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> now rejects excessively large
-Release Notes for BIND Version 9.11.4-P1
+Release Notes for BIND Version 9.11.5rc1
Introduction
security mechanism, and should not be disabled unless absolutely
necessary.
+ * Two new update policy rule types have been added krb5-selfsub and
+ ms-selfsub which allow machines with Kerberos principals to update the
+ name space at or below the machine names identified in the respective
+ principals.
+
Removed Features
* named will now log a warning if the old BIND now can be compiled
Any others are used to accept old server cookies or those generated by
other servers using the matching cookie-secret.
+ * The rndc nta command could not differentiate between views of the same
+ name but different class; this has been corrected with the addition of
+ a -class option. [GL #105]
+
Bug Fixes
+ * When a negative trust anchor was added to multiple views using rndc
+ nta, the text returned via rndc was incorrectly truncated after the
+ first line, making it appear that only one NTA had been added. This
+ has been fixed. [GL #105]
+
* named now rejects excessively large incremental (IXFR) zone transfers
in order to prevent possible corruption of journal files which could
cause named to abort when loading zones. [GL #339]
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
update-check-ksk <boolean>;
- update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
+ update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};
| slave | static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> (
- 6to4-self | external | krb5-self | krb5-subdomain |
- ms-self | ms-subdomain | name | self | selfsub |
- selfwild | subdomain | tcp-self | wildcard | zonesub )
- [ <string> ] <rrtypelist>; ... };
+ 6to4-self | external | krb5-self | krb5-selfsub |
+ krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp-self
+ | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
| static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
- external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
- | name | self | selfsub | selfwild | subdomain | tcp-self |
- wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
+ external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+ | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
+ <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 160
-LIBREVISION = 8
+LIBINTERFACE = 161
+LIBREVISION = 0
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 1103
-LIBREVISION = 1
-LIBAGE = 1
+LIBINTERFACE = 1104
+LIBREVISION = 0
+LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 160
-LIBREVISION = 5
+LIBINTERFACE = 161
+LIBREVISION = 0
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 169
-LIBREVISION = 3
+LIBINTERFACE = 1100
+LIBREVISION = 0
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 160
-LIBREVISION = 3
+LIBINTERFACE = 161
+LIBREVISION = 0
LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 162
-LIBREVISION = 1
-LIBAGE = 2
+LIBINTERFACE = 163
+LIBREVISION = 0
+LIBAGE = 0
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
-LIBINTERFACE = 160
-LIBREVISION = 2
+LIBINTERFACE = 161
+LIBREVISION = 0
LIBAGE = 0
DESCRIPTION="(Extended Support Version)"
MAJORVER=9
MINORVER=11
-PATCHVER=4
-RELEASETYPE=-P
+PATCHVER=5
+RELEASETYPE=rc
RELEASEVER=1
EXTENSIONS=
projects / thirdparty / bind9.git / commitdiff
