<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
- <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2544246"></a>Introduction</h2></div></div></div>
+ <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2549151"></a>Introduction</h2></div></div></div>
<p>
- BIND 9.7.3rc1 is the first release candidate of BIND 9.7.3.
+ BIND 9.7.3 is the current release of BIND 9.7.
</p>
<p>
This document summarizes changes from BIND 9.7.1 to BIND 9.7.3.
</p>
</div>
- <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3410748"></a>Download</h2></div></div></div>
+ <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3415638"></a>Download</h2></div></div></div>
<p>
The latest development version of BIND 9 software can always be found
</p>
</div>
- <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3410781"></a>Support</h2></div></div></div>
+ <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3415690"></a>Support</h2></div></div></div>
<p>Product support information is available on
<a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
</p>
</div>
- <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3410737"></a>New Features</h2></div></div></div>
+ <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3415627"></a>New Features</h2></div></div></div>
- <div class="section" title="9.7.2"><div class="titlepage"><div><div><h3 class="title"><a id="id2544289"></a>9.7.2</h3></div></div></div>
+ <div class="section" title="9.7.2"><div class="titlepage"><div><div><h3 class="title"><a id="id3415698"></a>9.7.2</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Zones may be dynamically added and removed with the
</div>
</div>
- <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3410878"></a>Feature Changes</h2></div></div></div>
+ <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3415770"></a>Feature Changes</h2></div></div></div>
- <div class="section" title="9.7.2"><div class="titlepage"><div><div><h3 class="title"><a id="id3410884"></a>9.7.2</h3></div></div></div>
+ <div class="section" title="9.7.2"><div class="titlepage"><div><div><h3 class="title"><a id="id3415775"></a>9.7.2</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Documentation improvements
</div>
</div>
- <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3410914"></a>Security Fixes</h2></div></div></div>
+ <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3415805"></a>Security Fixes</h2></div></div></div>
- <div class="section" title="9.7.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3410920"></a>9.7.2-P3</h3></div></div></div>
+ <div class="section" title="9.7.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3415810"></a>9.7.2-P3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Adding a NO DATA signed negative response to cache failed to clear
</p>
</li></ul></div>
</div>
- <div class="section" title="9.7.2-P2"><div class="titlepage"><div><div><h3 class="title"><a id="id3410972"></a>9.7.2-P2</h3></div></div></div>
+ <div class="section" title="9.7.2-P2"><div class="titlepage"><div><div><h3 class="title"><a id="id3415862"></a>9.7.2-P2</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
A flaw where the wrong ACL was applied was fixed. This flaw
disallowed it.
</li></ul></div>
</div>
- <div class="section" title="9.7.2-P1"><div class="titlepage"><div><div><h3 class="title"><a id="id3410987"></a>9.7.2-P1</h3></div></div></div>
+ <div class="section" title="9.7.2-P1"><div class="titlepage"><div><div><h3 class="title"><a id="id3415878"></a>9.7.2-P1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
If BIND, acting as a DNSSEC validating server, has two or more trust
</div>
</div>
- <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3411007"></a>Bug Fixes</h2></div></div></div>
+ <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3415898"></a>Bug Fixes</h2></div></div></div>
- <div class="section" title="9.7.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3411014"></a>9.7.3</h3></div></div></div>
+ <div class="section" title="9.7.3"><div class="titlepage"><div><div><h3 class="title"><a id="id3415904"></a>9.7.3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
BIND now builds with threads disabled in versions of NetBSD earlier
command has been issued, other inbound TCP requests can cause named
to hang and never complete shutdown. [RT #22108]
</li><li class="listitem">
+ After an "rndc reconfig", the refresh timer for managed-keys is ignored, resulting in managed-keys
+ not being refreshed until named is restarted. [RT #22296]
+ </li><li class="listitem">
An NSEC3PARAM record placed inside a zone which is not properly
signed with NSEC3 could cause named to crash, if changed via dynamic
update. [RT #22363]
for a TCP DoS attack. Until there is a kernel fix, ISC is disabling
SO_ACCEPTFILTER support in BIND. [RT #22589]
</li><li class="listitem">
+When signing records, named didn't filter out any TTL changes
+to DNSKEY records. This resulted in an incomplete key set. TTL
+changes are now dealt with before signing.
+[RT #22590]
+ </li><li class="listitem">
Corrected a defect where a combination of dynamic updates and zone transfers incorrectly locked the in-memory zone database, causing
named to freeze. [RT #22614]
</li><li class="listitem">
DST key reference counts can now be incremented via dst_key_attach.
[RT #22672]
</li><li class="listitem">
+The IN6_IS_ADDR_LINKLOCAL and
+IN6_IS_ADDR_SITELOCAL macros in win32 were updated/corrected
+per current Windows OS. [RT #22724]
+ </li><li class="listitem">
"dnssec-settime -S" no longer tests prepublication interval validity
when the interval is set to 0. [RT #22761]
</li><li class="listitem">
the host prinicipal, make krb5-self updates fail. [RT #22770]
</li><li class="listitem">
named failed to preserve the case of domain names in RDATA which is not compressible when writing master files. [RT #22863]
+ </li><li class="listitem">
+The man page for dnssec-keyfromlabel incorrectly had "-U" rather
+than the correct option "-I". [RT #22887]
+ </li><li class="listitem">
+The "rndc" command usage statement was missing the "-b" option.
+[RT #22937]
+ </li><li class="listitem">
+There was a bug in how the clients-per-query code worked with some
+query patterns. This could result, in rare circumstances, in having all
+the client query slots filled with queries for the same DNS label,
+essentially ignoring the max-clients-per-query setting.
+[RT #22972]
+ </li><li class="listitem">
+The secure zone update feature in named is based on the zone
+being signed and configured for dynamic updates. A bug in the ACL
+processing for "allow-update { none; };" resulted in a zone that is
+supposed to be static being treated as a dynamic zone. Thus, name
+would try to sign/re-sign that zone erroneously. [RT #23120]
</li></ul></div>
</div>
- <div class="section" title="9.7.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3411116"></a>9.7.2-P3</h3></div></div></div>
+ <div class="section" title="9.7.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id3415913"></a>9.7.2-P3</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Microsoft changed the behavior of sockets between NT/XP based
[RT #22434]
</li></ul></div>
</div>
- <div class="section" title="9.7.2-P1"><div class="titlepage"><div><div><h3 class="title"><a id="id3411144"></a>9.7.2-P1</h3></div></div></div>
+ <div class="section" title="9.7.2-P1"><div class="titlepage"><div><div><h3 class="title"><a id="id3416078"></a>9.7.2-P1</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
A bug, introduced in BIND 9.7.2, caused named to fail to start
9.7.2-P1.
</li></ul></div>
</div>
- <div class="section" title="9.7.2"><div class="titlepage"><div><div><h3 class="title"><a id="id3411168"></a>9.7.2</h3></div></div></div>
+ <div class="section" title="9.7.2"><div class="titlepage"><div><div><h3 class="title"><a id="id3416105"></a>9.7.2</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
Removed a warning message when running BIND 9 under Windows
</div>
</div>
- <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3411207"></a>Known issues in this release</h2></div></div></div>
+ <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3416145"></a>Known issues in this release</h2></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
<p>
</li></ul></div>
</div>
- <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3411252"></a>Thank You</h2></div></div></div>
+ <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3416192"></a>Thank You</h2></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
Introduction
- BIND 9.7.3rc1 is the first release candidate of BIND 9.7.3.
+ BIND 9.7.3 is the current release of BIND 9.7.
This document summarizes changes from BIND 9.7.1 to BIND 9.7.3. Please
see the CHANGES file in the source code release for a complete list of
* If named is running as a threaded application, after an "rndc stop"
command has been issued, other inbound TCP requests can cause named
to hang and never complete shutdown. [RT #22108]
+ * After an "rndc reconfig", the refresh timer for managed-keys is
+ ignored, resulting in managed-keys not being refreshed until named
+ is restarted. [RT #22296]
* An NSEC3PARAM record placed inside a zone which is not properly
signed with NSEC3 could cause named to crash, if changed via
dynamic update. [RT #22363]
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
+ * When signing records, named didn't filter out any TTL changes to
+ DNSKEY records. This resulted in an incomplete key set. TTL changes
+ are now dealt with before signing. [RT #22590]
* Corrected a defect where a combination of dynamic updates and zone
transfers incorrectly locked the in-memory zone database, causing
named to freeze. [RT #22614]
[RT #22645]
* DST key reference counts can now be incremented via dst_key_attach.
[RT #22672]
+ * The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32
+ were updated/corrected per current Windows OS. [RT #22724]
* "dnssec-settime -S" no longer tests prepublication interval
validity when the interval is set to 0. [RT #22761]
* isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
the host prinicipal, make krb5-self updates fail. [RT #22770]
* named failed to preserve the case of domain names in RDATA which is
not compressible when writing master files. [RT #22863]
+ * The man page for dnssec-keyfromlabel incorrectly had "-U" rather
+ than the correct option "-I". [RT #22887]
+ * The "rndc" command usage statement was missing the "-b" option. [RT
+ #22937]
+ * There was a bug in how the clients-per-query code worked with some
+ query patterns. This could result, in rare circumstances, in having
+ all the client query slots filled with queries for the same DNS
+ label, essentially ignoring the max-clients-per-query setting. [RT
+ #22972]
+ * The secure zone update feature in named is based on the zone being
+ signed and configured for dynamic updates. A bug in the ACL
+ processing for "allow-update { none; };" resulted in a zone that is
+ supposed to be static being treated as a dynamic zone. Thus, name
+ would try to sign/re-sign that zone erroneously. [RT #23120]
9.7.2-P3
projects / thirdparty / bind9.git / commitdiff
