BIND 9.10.1b1 Release Notes
| Author: Jeremy Reed Reference Number: AA-01177 Views: 6468 Created: 2014-06-26 12:59 Last Updated: 2014-07-03 13:39
100 Rating/ 1 Voters
BIND 9.10.1b1 is the first development release of BIND 9.10.1.
This document summarizes feature changes since the previous major release, BIND 9.10.0.
Please see the CHANGES
file in the source code release for a complete list of all changes, including bug fixes.
The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/.
There you will find additional information about each release, source
code, and pre-compiled versions for Microsoft Windows operating systems.
support is provided by Internet Systems Consortium, Inc., doing
business as DNSco. Information about paid support options is available
at http://www.dns-co.com/solutions/. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list/.
- A query specially crafted to exploit a defect in EDNS
option processing could cause named to
terminate with an assertion failure, due to a missing
isc_buffer_availablelength() check when formatting packet contents for
logging. For more information, see the security advisory at https://kb.isc.org/article/AA-01166/.
[CVE-2014-3859] [RT #36078]
programming error in the prefetch feature could cause named to crash
with a "REQUIRE" assertion failure in name.c. For more information, see the security advisory at https://kb.isc.org/article/AA-01161/. [CVE-2014-3214] [RT #35899]
- Support for CDS and CDNSKEY resource record types was added. For details see the proposed Informational Internet-Draft "Automating DNSSEC Delegation Trust Maintenance" at http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14. [RT #36333]
- Added version printing options to various BIND utilities. [RT #26057] [RT #10686]
- Optionally allow libseccomp-based (secure computing mode)
system-call filtering on Linux. This sandboxing mechanism may be used to
isolate "named" from various system resources. Use "configure
--enable-seccomp" at build time to enable it. Thank you to Loganaden
Velvindron of AFRINIC for the contribution. [RT #35347]
- When an SPF record exists in a zone but no equivalent TXT record
does, a warning will be issued. The warning for the reverse condition
is no longer issued. See the check-spf option in the documentation for details. [RT #36210]
- Aging of smoothed round-trip time measurements is now limited to no more than once per second, to improve accuracy in selecting the best name server. [RT #32909]
- DNSSEC keys that have been marked active but have no publication date are no longer presumed to be publishable. [RT #35063]
- Disable the GCC 4.9 "delete null pointer check" optimizer option, and
refactor dns_rdataslab_fromrdataset() to separate out the handling of an
rdataset with no records. This fixes problems when using GNU GCC 4.9.0
where its compiler code optimizations may cause crashes in BIND. For more information, see the operational advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
- Fixed a bug that could cause repeated resigning of records in dynamically signed zones. [RT #35273]
- Fixed a bug that could cause an assertion failure after forwarding was disabled. [RT #35979]
- Fixed a bug that caused GeoIP ACLs not to work when referenced indirectly via named or nested ACLs. [RT #35879]
- FIxed a bug that could cause problems with cache cleaning when SIT was enabled. [RT #35858]
- Fixed a bug that caused SERVFAILs when using RPZ on a system configured as a forwarder. [RT #36060]
- Worked around a limitation in Solaris's /dev/poll implementation that could cause named to fail to start when configured to use more sockets than the system could accomodate. [RT #35878]
- Fixed a bug that could cause an assertion failure when inserting and deleting parent and child nodes in a response-policy zone. [RT #36272]
you to everyone who assisted us in making this release possible. If you
would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at http://www.isc.org/donate/.
© 2001-2017 Internet Systems ConsortiumFor assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.