Stichting NLnet - NLnet Foundation
Nominum, Inc.
+ For a summary of functional enhancements in previous
+ releases, see the HISTORY file.
+
+ For a detailed list of user-visible changes from
+ previous releases, see the CHANGES file.
+
BIND 9.7.0
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
- Smart signing: simplified tools for zone signing and key
maintenance.
- The "statistics-channels" option is now available on Windows.
- - A new DNSSEC-aware libdns API for use by non-BIND9 applications
- - On some platforms, named and other binaries can now print out
- a stack backtrace on assertion failure, to aid in debugging.
- - A "tools only" installation mode on Windows, which only installs
- dig, host, nslookup and nsupdate.
- - Improved PKCS#11 support, including Keyper support and explicit
- OpenSSL engine selection.
-
- Known issues in this release:
-
- - In rare cases, DNSSEC validation can leak memory. When this
- happens, it will cause an assertion failure when named exits,
- but is otherwise harmless. A fix exists, but was too late for
- this release; it will be included in BIND 9.7.1.
-
- Compatibility notes:
-
- - If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
- ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
- you should ensure that all changes that are in progress have
- completed prior to upgrading to BIND 9.7. BIND 9.7 implements
- those features in a way which is not backwards compatible.
-
- - Prior releases had a bug which caused HMAC-SHA* keys with long
- secrets to be used incorrectly. Fixing this bug means that older
- versions of BIND 9 may fail to interoperate with this version
- when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
- tool will convert a key with a long secret into a form that works
- correctly with all versions of BIND 9. See the "isc-hmac-fixup"
- man page for additional details.
-
- - Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
- It is possible for the new key ID to collide with that of a
- different key. Newly generated keys will not have this problem,
- as "dnssec-keygen" looks for potential collisions before
- generating keys, but exercise caution if using key revokation
- with keys that were generated by older versions of BIND 9.
- See the Administrator's Reference Manual, section 4.10 ("Dynamic
- Trust Anchor Management") for more details.
-
- - A bug was fixed in which a key's scheduled inactivity date was
- stored incorectly. Users who participated in the 9.7.0 BETA
- test and had DNSSEC keys with scheduled inactivity dates will
- need to reset those keys' dates using "dnssec-settime -I".
+ - A new DNSSEC-aware libdns API for use by non-BIND9 applications
+ - On some platforms, named and other binaries can now print out
+ a stack backtrace on assertion failure, to aid in debugging.
+ - A "tools only" installation mode on Windows, which only installs
+ dig, host, nslookup and nsupdate.
+ - Improved PKCS#11 support, including Keyper support and explicit
+ OpenSSL engine selection.
+
+ Known issues in this release:
+
+ - In rare cases, DNSSEC validation can leak memory. When this
+ happens, it will cause an assertion failure when named exits,
+ but is otherwise harmless. A fix exists, but was too late for
+ this release; it will be included in BIND 9.7.1.
+
+ Compatibility notes:
+
+ - If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
+ ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
+ you should ensure that all changes that are in progress have
+ completed prior to upgrading to BIND 9.7. BIND 9.7 implements
+ those features in a way which is not backwards compatible.
+
+ - Prior releases had a bug which caused HMAC-SHA* keys with long
+ secrets to be used incorrectly. Fixing this bug means that older
+ versions of BIND 9 may fail to interoperate with this version
+ when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
+ tool will convert a key with a long secret into a form that works
+ correctly with all versions of BIND 9. See the "isc-hmac-fixup"
+ man page for additional details.
+
+ - Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
+ It is possible for the new key ID to collide with that of a
+ different key. Newly generated keys will not have this problem,
+ as "dnssec-keygen" looks for potential collisions before
+ generating keys, but exercise caution if using key revokation
+ with keys that were generated by older versions of BIND 9. See
+ the Administrator's Reference Manual, section 4.10 ("Dynamic
+ Trust Anchor Management") for more details.
+
+ - A bug was fixed in which a key's scheduled inactivity date was
+ stored incorectly. Users who participated in the 9.7.0 BETA test
+ and had DNSSEC keys with scheduled inactivity dates will need to
+ reset those keys' dates using "dnssec-settime -I".
Building
Ubuntu 7.04, 7.10
Windows XP/2003/2008
- NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
- Windows, including Windows NT and Windows 2000, are no longer
- supported.
+ NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
+ Windows, including Windows NT and Windows 2000, are no longer
+ supported.
We have recent reports from the user community that a supported
version of BIND will build and run on the following systems:
on the configure command line. The default is operating
system dependent.
- Support for the "fixed" rrset-order option can be enabled
- or disabled by specifying "--enable-fixed-rrset" or
- "--disable-fixed-rrset" on the configure command line.
- The default is "disabled", to reduce memory footprint.
+ Support for the "fixed" rrset-order option can be enabled
+ or disabled by specifying "--enable-fixed-rrset" or
+ "--disable-fixed-rrset" on the configure command line.
+ The default is "disabled", to reduce memory footprint.
If your operating system has integrated support for IPv6, it
will be used automatically. If you have installed KAME IPv6
Frequently asked questions and their answers can be found in
FAQ.
- Additional information on various subjects can be found
- in the other README files.
+ Additional information on various subjects can be found
+ in the other README files.
Bug Reports and Mailing Lists
projects / thirdparty / bind9.git / commitdiff
