+ --- 9.14.4 released ---
+
5260. [bug] dnstap-read was producing malformed output for large
packets. [GL #1093]
Several environment variables that can be set before running configure
will affect compilation:
-Variable Description
+ Variable Description
CC The C compiler to use. configure tries to figure out the
right one for supported systems.
C compiler flags. Defaults to include -g and/or -O2 as
changes listed first. Change notes include tags indicating the category of
the change that was made; these categories are:
-Category Description
+ Category Description
[func] New feature
[bug] General bug fix
[security] Fix for a significant security flaw
* The original development of BIND 9 was underwritten by the following
organizations:
- Sun Microsystems, Inc.
- Hewlett Packard
- Compaq Computer Corporation
- IBM
- Process Software Corporation
- Silicon Graphics, Inc.
- Network Associates, Inc.
- U.S. Defense Information Systems Agency
- USENIX Association
- Stichting NLnet - NLnet Foundation
- Nominum, Inc.
+ Sun Microsystems, Inc.
+ Hewlett Packard
+ Compaq Computer Corporation
+ IBM
+ Process Software Corporation
+ Silicon Graphics, Inc.
+ Network Associates, Inc.
+ U.S. Defense Information Systems Agency
+ USENIX Association
+ Stichting NLnet - NLnet Foundation
+ Nominum, Inc.
* This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit. http://www.OpenSSL.org/
+
* This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com)
+
* This product includes software written by Tim Hudson
(tjh@cryptsoft.com)
.RS 4
List the names of all TSIG keys currently configured for use by
\fBnamed\fR
-in each view\&. The list both statically configured keys and dynamic TKEY\-negotiated keys\&.
+in each view\&. The list includes both statically configured keys and dynamic TKEY\-negotiated keys\&.
.RE
.PP
\fBvalidation ( on | off | status ) \fR\fB[\fIview \&.\&.\&.\fR]\fR\fB \fR
<p>
List the names of all TSIG keys currently configured
for use by <span class="command"><strong>named</strong></span> in each view. The
- list both statically configured keys and dynamic
+ list includes both statically configured keys and dynamic
TKEY-negotiated keys.
</p>
</dd>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
<dt><span class="term"><span class="command"><strong>geoip-directory</strong></span></span></dt>
<dd>
<p>
- Specifies the directory containing GeoIP
- <code class="filename">.dat</code> database files for GeoIP
- initialization. By default, this option is unset
- and the GeoIP support will use libGeoIP's
- built-in directory.
- (For details, see <a class="xref" href="Bv9ARM.ch05.html#acl" title="acl Statement Definition and Usage">the section called “<span class="command"><strong>acl</strong></span> Statement Definition and
- Usage”</a> about the
- <span class="command"><strong>geoip</strong></span> ACL.)
+ When <span class="command"><strong>named</strong></span> is compiled using the
+ MaxMind GeoIP2 geolocation API, or the legacy GeoIP API,
+ this specifies the directory containing GeoIP
+ database files. By default, the option is set based on
+ the prefix used to build the <span class="command"><strong>libmaxminddb</strong></span>
+ module: for example, if the library is installed in
+ <code class="filename">/usr/local/lib</code>, then the default
+ <span class="command"><strong>geoip-directory</strong></span> will be
+ <code class="filename">/usr/local/share/GeoIP</code>. On Windows,
+ the default is the <span class="command"><strong>named</strong></span> working
+ directory. See <a class="xref" href="Bv9ARM.ch05.html#acl" title="acl Statement Definition and Usage">the section called “<span class="command"><strong>acl</strong></span> Statement Definition and
+ Usage”</a> for details about
+ <span class="command"><strong>geoip</strong></span> ACLs.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>key-directory</strong></span></span></dt>
<span class="command"><strong>zone-statistics terse</strong></span> or
<span class="command"><strong>zone-statistics none</strong></span>
in the <span class="command"><strong>zone</strong></span> statement).
+ These include, for example, DNSSEC signing operations
+ and the number of authoritative answers per query type.
The default is <strong class="userinput"><code>terse</code></strong>, providing
minimal statistics on zones (including name and
current serial number, but not query type
<acronym class="acronym">BIND</acronym> 8 statistics, if applicable.
</p>
+ <p>
+ Note: BIND statistics counters are signed 64-bit values on
+ all platforms except one: 32-bit Windows, where they are
+ signed 32-bit values. Given that 32-bit values have a
+ vastly smaller range than 64-bit values, BIND statistics
+ counters in 32-bit Windows builds overflow significantly
+ more quickly than on all other platforms.
+ </p>
+
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="stats_counters"></a>Name Server Statistics Counters</h4></div></div></div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
to search for a match. Available fields are "country",
"region", "city", "continent", "postal" (postal code),
"metro" (metro code), "area" (area code), "tz" (timezone),
- "isp", "org", "asnum", "domain" and "netspeed".
+ "isp", "asnum", and "domain".
</p>
<p>
<em class="replaceable"><code>value</code></em> is the value to search
for within the database. A string may be quoted if it
- contains spaces or other special characters. If this is
- an "asnum" search, then the leading "ASNNNN" string can be
- used, otherwise the full description must be used (e.g.
- "ASNNNN Example Company Name"). If this is a "country"
- search and the string is two characters long, then it must
- be a standard ISO-3166-1 two-letter country code, and if it
- is three characters long then it must be an ISO-3166-1
- three-letter country code; otherwise it is the full name
- of the country. Similarly, if this is a "region" search
- and the string is two characters long, then it must be a
- standard two-letter state or province abbreviation;
- otherwise it is the full name of the state or province.
+ contains spaces or other special characters. An "asnum"
+ search for autonomous system number can be specified using
+ the string "ASNNNN" or the integer NNNN.
+ When "country" search is specified with a string is two
+ characters long, then it must be a standard ISO-3166-1
+ two-letter country code; otherwise it is interpreted as
+ the full name of the country. Similarly, if this is a
+ "region" search and the string is two characters long,
+ then it treated as a standard two-letter state or province
+ abbreviation; otherwise it treated as the full name of the
+ state or province.
</p>
<p>
The <em class="replaceable"><code>database</code></em> field indicates which
GeoIP database to search for a match. In most cases this is
unnecessary, because most search fields can only be found in
- a single database. However, searches for country can be
- answered from the "city", "region", or "country" databases,
- and searches for region (i.e., state or province) can be
- answered from the "city" or "region" databases. For these
- search types, specifying a <em class="replaceable"><code>database</code></em>
+ a single database. However, searches for "continent" or "country"
+ can be answered from either the "city" or "country" databases,
+ so for these search types, specifying a
+ <em class="replaceable"><code>database</code></em>
will force the query to be answered from that database and no
other. If <em class="replaceable"><code>database</code></em> is not
specified, then these queries will be answered from the "city",
- database if it is installed, or the "region" database if it is
- installed, or the "country" database, in that order.
+ database if it is installed, or the "country" database if it
+ is installed, in that order. Valid database names are
+ "country", "city", "asnum", "isp", and "domain". (If using
+ the legacy GeoIP API, "netspeed" and "org" databases are also
+ available.)
</p>
<p>
Some example GeoIP ACLs:
</p>
<pre class="programlisting">geoip country US;
-geoip country JAP;
+geoip country JP;
geoip db country country Canada;
-geoip db region region WA;
+geoip region WA;
geoip city "San Francisco";
geoip region Oklahoma;
geoip postal 95062;
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.4</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_platforms">Supported Platforms</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_license">License</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#end_of_life">End of Life</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.14.3</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.14.4</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_platforms"></a>Supported Platforms</h3></div></div></div>
<p>
Since 9.12, BIND has undergone substantial code refactoring and
- cleanup, and some very old code has been removed that was needed
- to support legacy platforms which are no longer supported by their
- vendors and for which ISC is no longer able to perform quality
- assurance testing. Specifically, workarounds for old versions of
- UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX have been
- removed.
+ cleanup, and some very old code has been removed that supported
+ obsolete operating systems and operating systems for which ISC is
+ no longer able to perform quality assurance testing. Specifically,
+ workarounds for UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster
+ and IRIX have been removed.
</p>
<p>
On UNIX-like systems, BIND now requires support for POSIX.1c
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ The new GeoIP2 API from MaxMind is now supported when BIND
+ is compiled using <span class="command"><strong>configure --with-geoip2</strong></span>.
+ The legacy GeoIP API can be used by compiling with
+ <span class="command"><strong>configure --with-geoip</strong></span> instead. (Note that
+ the databases for the legacy API are no longer maintained by
+ MaxMind.)
+ </p>
+ <p>
+ The default path to the GeoIP2 databases will be set based
+ on the location of the <span class="command"><strong>libmaxminddb</strong></span> library;
+ for example, if it is in <code class="filename">/usr/local/lib</code>,
+ then the default path will be
+ <code class="filename">/usr/local/share/GeoIP</code>.
+ This value can be overridden in <code class="filename">named.conf</code>
+ using the <span class="command"><strong>geoip-directory</strong></span> option.
+ </p>
+ <p>
+ Some <span class="command"><strong>geoip</strong></span> ACL settings that were available with
+ legacy GeoIP, including searches for <span class="command"><strong>netspeed</strong></span>,
+ <span class="command"><strong>org</strong></span>, and three-letter ISO country codes, will
+ no longer work when using GeoIP2. Supported GeoIP2 database
+ types are <span class="command"><strong>country</strong></span>, <span class="command"><strong>city</strong></span>,
+ <span class="command"><strong>domain</strong></span>, <span class="command"><strong>isp</strong></span>, and
+ <span class="command"><strong>as</strong></span>. All of the databases support both IPv4
+ and IPv6 lookups. [GL #182]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Two new metrics have been added to the
+ <span class="command"><strong>statistics-channel</strong></span> to report DNSSEC
+ signing operations. For each key in each zone, the
+ <span class="command"><strong>dnssec-sign</strong></span> counter indicates the total
+ number of signatures <span class="command"><strong>named</strong></span> has generated
+ using that key since server startup, and the
+ <span class="command"><strong>dnssec-refresh</strong></span> counter indicates how
+ many of those signatures were refreshed during zone
+ maintenance, as opposed to having been generated
+ as a result of a zone update. [GL #513]
+ </p>
+ </li>
+</ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
<p>
When <span class="command"><strong>qname-minimization</strong></span> was set to
<span class="command"><strong>relaxed</strong></span>, some improperly configured domains
minimal queries in order to reduce the likelihood of encountering
the problem. [GL #1055]
</p>
- </li></ul></div>
+ </li>
+<li class="listitem">
+ <p>
+ Glue address records were not being returned in responses
+ to root priming queries; this has been corrected. [GL #1092]
+ </p>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License</h3></div></div></div>
<p>
- BIND is open source software licenced under the terms of the Mozilla
+ BIND is open source software licensed under the terms of the Mozilla
Public License, version 2.0 (see the <code class="filename">LICENSE</code>
file for the full text).
</p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.14.3</p></div>
+<div><p class="releaseinfo">BIND Version 9.14.4</p></div>
<div><p class="copyright">Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.4</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_platforms">Supported Platforms</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_license">License</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#end_of_life">End of Life</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
<p>
List the names of all TSIG keys currently configured
for use by <span class="command"><strong>named</strong></span> in each view. The
- list both statically configured keys and dynamic
+ list includes both statically configured keys and dynamic
TKEY-negotiated keys.
</p>
</dd>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.3 (Stable Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.4 (Stable Release)</p>
</body>
</html>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.14.3</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.14.4</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_platforms"></a>Supported Platforms</h3></div></div></div>
<p>
Since 9.12, BIND has undergone substantial code refactoring and
- cleanup, and some very old code has been removed that was needed
- to support legacy platforms which are no longer supported by their
- vendors and for which ISC is no longer able to perform quality
- assurance testing. Specifically, workarounds for old versions of
- UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX have been
- removed.
+ cleanup, and some very old code has been removed that supported
+ obsolete operating systems and operating systems for which ISC is
+ no longer able to perform quality assurance testing. Specifically,
+ workarounds for UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster
+ and IRIX have been removed.
</p>
<p>
On UNIX-like systems, BIND now requires support for POSIX.1c
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ The new GeoIP2 API from MaxMind is now supported when BIND
+ is compiled using <span class="command"><strong>configure --with-geoip2</strong></span>.
+ The legacy GeoIP API can be used by compiling with
+ <span class="command"><strong>configure --with-geoip</strong></span> instead. (Note that
+ the databases for the legacy API are no longer maintained by
+ MaxMind.)
+ </p>
+ <p>
+ The default path to the GeoIP2 databases will be set based
+ on the location of the <span class="command"><strong>libmaxminddb</strong></span> library;
+ for example, if it is in <code class="filename">/usr/local/lib</code>,
+ then the default path will be
+ <code class="filename">/usr/local/share/GeoIP</code>.
+ This value can be overridden in <code class="filename">named.conf</code>
+ using the <span class="command"><strong>geoip-directory</strong></span> option.
+ </p>
+ <p>
+ Some <span class="command"><strong>geoip</strong></span> ACL settings that were available with
+ legacy GeoIP, including searches for <span class="command"><strong>netspeed</strong></span>,
+ <span class="command"><strong>org</strong></span>, and three-letter ISO country codes, will
+ no longer work when using GeoIP2. Supported GeoIP2 database
+ types are <span class="command"><strong>country</strong></span>, <span class="command"><strong>city</strong></span>,
+ <span class="command"><strong>domain</strong></span>, <span class="command"><strong>isp</strong></span>, and
+ <span class="command"><strong>as</strong></span>. All of the databases support both IPv4
+ and IPv6 lookups. [GL #182]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Two new metrics have been added to the
+ <span class="command"><strong>statistics-channel</strong></span> to report DNSSEC
+ signing operations. For each key in each zone, the
+ <span class="command"><strong>dnssec-sign</strong></span> counter indicates the total
+ number of signatures <span class="command"><strong>named</strong></span> has generated
+ using that key since server startup, and the
+ <span class="command"><strong>dnssec-refresh</strong></span> counter indicates how
+ many of those signatures were refreshed during zone
+ maintenance, as opposed to having been generated
+ as a result of a zone update. [GL #513]
+ </p>
+ </li>
+</ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
<p>
When <span class="command"><strong>qname-minimization</strong></span> was set to
<span class="command"><strong>relaxed</strong></span>, some improperly configured domains
minimal queries in order to reduce the likelihood of encountering
the problem. [GL #1055]
</p>
- </li></ul></div>
+ </li>
+<li class="listitem">
+ <p>
+ Glue address records were not being returned in responses
+ to root priming queries; this has been corrected. [GL #1092]
+ </p>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License</h3></div></div></div>
<p>
- BIND is open source software licenced under the terms of the Mozilla
+ BIND is open source software licensed under the terms of the Mozilla
Public License, version 2.0 (see the <code class="filename">LICENSE</code>
file for the full text).
</p>
-Release Notes for BIND Version 9.14.3
+Release Notes for BIND Version 9.14.4
Introduction
Supported Platforms
Since 9.12, BIND has undergone substantial code refactoring and cleanup,
-and some very old code has been removed that was needed to support legacy
-platforms which are no longer supported by their vendors and for which ISC
-is no longer able to perform quality assurance testing. Specifically,
-workarounds for old versions of UnixWare, BSD/OS, AIX, Tru64, SunOS,
-TruCluster and IRIX have been removed.
+and some very old code has been removed that supported obsolete operating
+systems and operating systems for which ISC is no longer able to perform
+quality assurance testing. Specifically, workarounds for UnixWare, BSD/OS,
+AIX, Tru64, SunOS, TruCluster and IRIX have been removed.
On UNIX-like systems, BIND now requires support for POSIX.1c threads (IEEE
Std 1003.1c-1995), the Advanced Sockets API for IPv6 (RFC 3542), and
number of incoming packets were being rejected. This flaw is disclosed
in CVE-2019-6471. [GL #942]
+New Features
+
+ * The new GeoIP2 API from MaxMind is now supported when BIND is compiled
+ using configure --with-geoip2. The legacy GeoIP API can be used by
+ compiling with configure --with-geoip instead. (Note that the
+ databases for the legacy API are no longer maintained by MaxMind.)
+
+ The default path to the GeoIP2 databases will be set based on the
+ location of the libmaxminddb library; for example, if it is in /usr/
+ local/lib, then the default path will be /usr/local/share/GeoIP. This
+ value can be overridden in named.conf using the geoip-directory
+ option.
+
+ Some geoip ACL settings that were available with legacy GeoIP,
+ including searches for netspeed, org, and three-letter ISO country
+ codes, will no longer work when using GeoIP2. Supported GeoIP2
+ database types are country, city, domain, isp, and as. All of the
+ databases support both IPv4 and IPv6 lookups. [GL #182]
+
+ * Two new metrics have been added to the statistics-channel to report
+ DNSSEC signing operations. For each key in each zone, the dnssec-sign
+ counter indicates the total number of signatures named has generated
+ using that key since server startup, and the dnssec-refresh counter
+ indicates how many of those signatures were refreshed during zone
+ maintenance, as opposed to having been generated as a result of a zone
+ update. [GL #513]
+
Bug Fixes
* When qname-minimization was set to relaxed, some improperly configured
minimal queries in order to reduce the likelihood of encountering the
problem. [GL #1055]
+ * Glue address records were not being returned in responses to root
+ priming queries; this has been corrected. [GL #1092]
+
License
-BIND is open source software licenced under the terms of the Mozilla
+BIND is open source software licensed under the terms of the Mozilla
Public License, version 2.0 (see the LICENSE file for the full text).
The license requires that if you make changes to BIND and distribute them
# 9.12: 1200-1299
# 9.13/9.14: 1300-1499
LIBINTERFACE = 1309
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 0
DESCRIPTION="(Stable Release)"
MAJORVER=9
MINORVER=14
-PATCHVER=3
+PATCHVER=4
RELEASETYPE=
RELEASEVER=
EXTENSIONS=
projects / thirdparty / bind9.git / commitdiff
