CHANGES, release note, README

(cherry picked from commit 8854e284fd056349f7c2a748baa7990c5ccddb59)

diff --git a/CHANGES b/CHANGES
index 42a051f3f5370b502706a311bbd36e20b628a1eb..83db35a8296ac1b5bb63eeda7bc39cabb5ee9733 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,13 @@
+5258.  [func]          Added support for the GeoIP2 API from MaxMind,
+                       when BIND is compiled using "configure --with-geoip2".
+                       The legacy GeoIP API can be enabled by using
+                       "configure --with-geoip" instead. These options
+                       cannot be used together.
+
+                       Certain geoip ACL settings that were available with
+                       legacy GeoIP are not available when using GeoIP2.
+                       See the ARM for details. [GL #182]
+
 5257.  [bug]           Some statistics data was not being displayed.
                        Add shading to the zone tables. [GL #1030]
 

diff --git a/README b/README
index 7796a709a4ce8bef51c69290de038c92b5fae146..eeffb97d95fd562f61685fb3d32a27eea73d3403 100644 (file)
--- a/README
+++ b/README
@@ -159,6 +159,11 @@ BIND 9.14.3
 BIND 9.14.3 is a maintenance release, and addresses the security
 vulnerability disclosed in CVE-2019-6471.
 
+BIND 9.14.4
+
+BIND 9.14.4 is a maintenance release, and also adds support for the new
+MaxMind GeoIP2 geolocation API when built with configure --with-geoip2.
+
 Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
@@ -188,7 +193,7 @@ make depend. If you're using Emacs, you might find make tags helpful.
 Several environment variables that can be set before running configure
 will affect compilation:
 
-   Variable                            Description
+Variable       Description
 CC             The C compiler to use. configure tries to figure out the
                right one for supported systems.
                C compiler flags. Defaults to include -g and/or -O2 as
@@ -340,7 +345,7 @@ development BIND 9 is included in the file CHANGES, with the most recent
 changes listed first. Change notes include tags indicating the category of
 the change that was made; these categories are:
 
-   Category                            Description
+Category       Description
 [func]         New feature
 [bug]          General bug fix
 [security]     Fix for a significant security flaw
@@ -391,23 +396,21 @@ Acknowledgments
   * The original development of BIND 9 was underwritten by the following
     organizations:
 
-      Sun Microsystems, Inc.
-      Hewlett Packard
-      Compaq Computer Corporation
-      IBM
-      Process Software Corporation
-      Silicon Graphics, Inc.
-      Network Associates, Inc.
-      U.S. Defense Information Systems Agency
-      USENIX Association
-      Stichting NLnet - NLnet Foundation
-      Nominum, Inc.
+    Sun Microsystems, Inc.
+    Hewlett Packard
+    Compaq Computer Corporation
+    IBM
+    Process Software Corporation
+    Silicon Graphics, Inc.
+    Network Associates, Inc.
+    U.S. Defense Information Systems Agency
+    USENIX Association
+    Stichting NLnet - NLnet Foundation
+    Nominum, Inc.
 
   * This product includes software developed by the OpenSSL Project for
     use in the OpenSSL Toolkit. http://www.OpenSSL.org/
-
   * This product includes cryptographic software written by Eric Young
     (eay@cryptsoft.com)
-
   * This product includes software written by Tim Hudson
     (tjh@cryptsoft.com)

diff --git a/README.md b/README.md
index 633fc4546d5475a245b62925446b66235a458128..cb4177caaa8a14d26cd97f6e954b8353ec4512a9 100644 (file)
--- a/README.md
+++ b/README.md
@@ -174,6 +174,12 @@ BIND 9.14.2 is a maintenance release.
 BIND 9.14.3 is a maintenance release, and addresses the security
 vulnerability disclosed in CVE-2019-6471.
 
+#### BIND 9.14.4
+
+BIND 9.14.4 is a maintenance release, and also adds support for
+the new MaxMind GeoIP2 geolocation API when built with
+`configure --with-geoip2`.
+
 ### <a name="build"/> Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 924356ee92fc3c25b7a1ac65da37080b6b3755bb..03653ec363b9408ef4dd6de689c259b5807cc721 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -99,6 +99,35 @@
 
   <section xml:id="relnotes_features"><info><title>New Features</title></info>
     <itemizedlist>
+      <listitem>
+       <para>
+         The new GeoIP2 API from MaxMind is now supported when BIND
+         is compiled using <command>configure --with-geoip2</command>.
+         The legacy GeoIP API can be used by compiling with
+         <command>configure --with-geoip</command> instead.  (Note that
+         the databases for the legacy API are no longer maintained by
+         MaxMind.)
+       </para>
+       <para>
+         The default path to the GeoIP2 databases will be set based
+         on the location of the <command>libmaxminddb</command> library;
+         for example, if it is in <filename>/usr/local/lib</filename>,
+         then the default path will be
+         <filename>/usr/local/share/GeoIP</filename>.
+         This value can be overridden in <filename>named.conf</filename>
+         using the <command>geoip-directory</command> option.
+       </para>
+       <para>
+         Some <command>geoip</command> ACL settings that were available with
+         legacy GeoIP, including searches for <command>netspeed</command>,
+         <command>org</command>, and three-letter ISO country codes, will
+         no longer work when using GeoIP2. Supported GeoIP2 database
+         types are <command>country</command>, <command>city</command>,
+         <command>domain</command>, <command>isp</command>, and
+         <command>as</command>. All of the databases support both IPv4
+         and IPv6 lookups. [GL #182]
+       </para>
+      </listitem>
       <listitem>
        <para>
          Two new metrics have been added to the