Knowledge Base ISC Main Website Ask a Question/Contact ISC
BIND 9.6-ESV-R8rc1 Release Notes
Author: ISC Support Reference Number: AA-00782 Views: 528 Created: 2012-09-05 18:55 Last Updated: 2012-09-05 21:59 0 Rating/ Voters

Introduction

BIND 9.6-ESV-R8rc1 is the first release candidate of BIND 9.6-ESV-R8.

BIND 9.6-ESV is an Extended Support Version of BIND.

This document summarizes changes from BIND 9.6-ESV-R7 to BIND 9.6-ESV-R8rc1.  Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/all. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems.

Support

Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo.

Security Fixes
  • Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817]  [RT #30025] 
  • A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644]
New Features

None

Feature Changes
  • Improves OpenSSL error logging [RT #29932]
  • nslookup now returns a nonzero exit code when it is unable to get an answer.  [RT #29492]
Bug Fixes
  • The configure script now supports and detects libxml2-2.8.x correctly [RT #30440]
  • The host command should no longer assert on some architectures and builds while handling the time values used with the -w (wait forever) option.  [RT #18723]
  • Invalid zero settings for max-retry-time, min-retry-time, max-refresh-time, min-refresh-time will now be detected during parsing of named.conf and an error emitted instead of triggering an assertion failure on startup.  [RT #27730] 
  • Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() which are employed on Itanium systems to speed up lock management by making use of atomic operations.  Without the syntax correction it is possible that concurrent access to the same structures could accidentally occur with unpredictable results.  [RT #25181]
  • Removes spurious newlines from log messages in zone.c [RT #30675]
  • When built with readline support (i.e. on a system with readline installed) nsupdate no longer terminates unexpectedly in interactive mode. [RT #29550] 
  • Ensures that servers are expired from the ADB cache when the timeout limit is reached so that their learned attributes can be refreshed.  Prior to this change, servers that were frequently queried might never have their entries removed and reinitialized.  This is of particular importance to DNSSEC-validating recursive servers that might erroneously set "no-edns" for an authoritative server following a period of intermittent connectivity. [RT #29856]
  • Adds additional resilience to a previous security change (3218) by preventing RRSIG data from being added to cache when a pseudo-record matching the covering type and proving non-existence exists at a higher trust level. The earlier change prevented this inconsistent data from being retrieved from cache in response to client queries  - with this additional change, the RRSIG records are no longer inserted into cache at all. [RT #26809]
  • The tests on random jitter values that are used when handling zone refreshes have been relaxed. Prior to this change named could terminate unexpectedly when processing stub zones. [RT# 29821]
  • Fixes the defect introduced by change #3314 that was causing failures when saving stub zones to disk (resulting in excessive CPU usage in some cases).  [RT #29952]
  • It is now possible to using multiple control keys again - this functionality was inadvertently broken by change #3924 (RT #28265) which addressed a memory leak. [RT #29694]
  • Setting resolver-query-timeout too low could cause named problems recovering after a loss of connectivity.  [RT #29623]
  • Reduces the potential build-up of stale RRsets in cache on a busy recursive nameserver by re-using cached DS and RRSIG rrsets when possible [RT #29446]
  • Upper-case/lower-case handling of RRSIG signer-names is now handled consistently: RRSIG records are generated with the signer-name in lower case. They are accepted with any case, but if they fail to validate, we try again in lower case. [RT #27451]
Thank You

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/supportisc.

© 2001-2014 Internet Systems Consortium

Feedback
  • Please help us to improve the content of our knowledge base by letting us know how we can improve this article or by submitting suggestions for other articles you'd like to see created. Information on how to obtain further help on our products or services can be found on our main website.' If you have a technical question or problem on which you'd like help, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu