Knowledge Base ISC Main Website Ask a Question/Contact ISC
BIND 9.6-ESV-R11-W1 Release Notes
Author: Michael McNally Reference Number: AA-01136 Views: 522 Created: 2014-02-12 22:49 Last Updated: 2014-02-12 22:49 0 Rating/ Voters
Introduction

BIND 9.6-ESV-R11-W1 is the latest and final production release of BIND 9.6.  The -W1 suffix in the version name indicates that this a special out-of-cycle release to correct a defect that is specific to the Windows platform only.  Please see the release note for #35288 for specific details.

BIND 9.6-ESV is an Extended Support Version of BIND. The BIND 9.6-ESV branch has reached its End of Life. There will be no further bug fixes to it of any kind and BIND 9.6-ESV-R11-W1 is our final release version of the 9.6 releases. We recommend that you plan your upgrade to BIND 9.9.5 or higher.  BIND 9.9 is our current ESV Extended Support Version and will be supported for three more years. 

This document summarizes changes from BIND 9.6-ESV-R10 to BIND 9.6-ESV-R11-W1. Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems.

Support

Professional support is provided by DNSco. Information about paid support options is available at http://www.dns-co.com/solutions/. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list/.

Security Fixes
  • Treat an all zero netmask as invalid when generating the localnets acl to work around a bug on the Windows platform. [CVE-2013-6230] [RT #34687]
  • Fix crashes when serving some NSEC3 signed zones. memcpy was incorrectly called with overlapping ranges, resulting in malformed names being generated on some platforms. This could cause INSIST failures. (CVE 2014-0591) [RT #35120]
Feature Changes
  • Add the ability to specify ndots to "nslookup". [RT #34711]
  • Check that EDNS subnet client options are well formed. [RT #34718]
  • "named" now preserves the capitalization of names when responding to queries. [RT #34737]
  • Use separate rate limiting queues for refresh and notify requests. [RT #30589]
  • Adjust when a master server is deemed unreachable to be less aggressive. [RT #27075]
  • Create delegations for all "children" of empty zones except "forward first". [RT #34826]
  • Changed the name of "isc-config.sh" developers script (for outputting compiler and linker flags) to "bind9-config". [RT #23825]
  • Add "dig" option to keep the TCP socket open between successive queries (+[no]keepopen).  [RT #34918]
  • "named-checkconf -z" now checks zones of type hint as well as master. [RT #35046]
  • Update config.guess and config.sub to add support for ppc64le (powerpc 64-bit Little Endian). [RT #35060]
  • "named" can now accept integer timestamps in RRSIG records. [RT #35185]
Bug Fixes
  • Fix a bug that prevented the dig, nslookup, and host utilities from exiting properly after completing a UDP query.  [RT #35288]
  • Fix "host" and "nslookup" so don't need dot after the domain by checking ndots when searching. Only continue searching on NXDOMAIN responses. [RT #34711]
  • Handle changes to sig-validity-interval settings better. [RT #34625]
  • Fix bug where journal filename string could be set incorrectly, causing garbage in log messages. [RT #34738]
  • Address race condition with manual notify requests. [RT #34806]
  • Fix Linux compilation issue when libcap-devel is installed. [RT #34838]
  • Fix "host" failure if a UDP query timed out. [RT #34870]
  • Address bugs in dns_rdata_fromstruct and dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
  • Fix cast in lex.c which could see 0xff treated as EOF. This fixes issue with potential bad data in a database used by DLZ or SDB.  [RT #34993]
  • Fix build issue on newer FreeBSD needing -lhx509 for GSSAPI build. [RT #35001]
  • Address read after free in server side of lwres_getrrsetbyname. [RT #29075]
  • Fix "nsupdate" memory leak if "realm" was used multiple times. [RT #35073]
  • Fix "dig" for cleaning up TCP sockets still waiting on connect(). [RT #35074]
  • Fix crashes in RBTDB implementation. Two calls to dns_db_getoriginnode were fatal if there was no data at the node. [RT #35080]
  • Fix "dig" so it can handle AXFR style IXFR responses which span multiple messages. [RT #35137]
  • Fix a "host" tool problem with converting UTF-8 textname to IDN encoding by handling "." as a search list element when IDN support is enabled. [RT #35133]
  • Fix "queryperf" to prevent a possible integer overflow when printing results. [RT #35182]
  • Fix a bug which could cause a crash when running "rndc reconfig" or "rndc reload" after configuration is changed from regular zones to automatic empty zones. [RT #35177]
Thank You

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/donate/.

© 2001-2014 Internet Systems Consortium

Feedback
  • Please help us to improve the content of our knowledge base by letting us know how we can improve this article or by submitting suggestions for other articles you'd like to see created. Information on how to obtain further help on our products or services can be found on our main website.' If you have a technical question or problem on which you'd like help, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu