Knowledge Base ISC Main Website Ask a Question/Contact ISC
BIND 9.10.1b1 Release Notes
Author: Jeremy Reed Reference Number: AA-01177 Views: 2544 Created: 2014-06-26 12:59 Last Updated: 2014-07-03 13:39 100 Rating/ 1 Voters
Introduction

BIND 9.10.1b1 is the first development release of BIND 9.10.1. 

This document summarizes feature changes since the previous major release, BIND 9.10.0. 

Please see the CHANGES file in the source code release for a complete list of all changes, including bug fixes.

Download

The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems.

Support

Professional support is provided by Internet Systems Consortium, Inc., doing business as DNSco.  Information about paid support options is available at http://www.dns-co.com/solutions/.  Free support is provided by our user community via a mailing list.  Information on all public email lists is available at https://www.isc.org/community/mailing-list/.

Security Fixes
  • A query specially crafted to exploit a defect in EDNS option processing could cause named to terminate with an assertion failure, due to a missing isc_buffer_availablelength() check when formatting packet contents for logging. For more information, see the security advisory at https://kb.isc.org/article/AA-01166/. [CVE-2014-3859] [RT #36078]
  • A programming error in the prefetch feature could cause named to crash with a "REQUIRE" assertion failure in name.c. For more information, see the security advisory at https://kb.isc.org/article/AA-01161/. [CVE-2014-3214] [RT #35899]
New Features
  • Support for CDS and CDNSKEY resource record types was added. For details see the proposed Informational Internet-Draft "Automating DNSSEC Delegation Trust Maintenance" at http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14. [RT #36333]
  • Added version printing options to various BIND utilities. [RT #26057] [RT #10686]
  • Optionally allow libseccomp-based (secure computing mode) system-call filtering on Linux. This sandboxing mechanism may be used to isolate "named" from various system resources. Use "configure --enable-seccomp" at build time to enable it.  Thank you to Loganaden Velvindron of AFRINIC for the contribution. [RT #35347]
Feature Changes
  • When an SPF record exists in a zone but no equivalent TXT record does, a warning will be issued.  The warning for the reverse condition is no longer issued. See the check-spf option in the documentation for details. [RT #36210]
  • Aging of smoothed round-trip time measurements is now limited to no more than once per second, to improve accuracy in selecting the best name server. [RT #32909]
  • DNSSEC keys that have been marked active but have no publication date are no longer presumed to be publishable. [RT #35063]
Bug Fixes
  • Disable the GCC 4.9 "delete null pointer check" optimizer option, and refactor dns_rdataslab_fromrdataset() to separate out the handling of an rdataset with no records. This fixes problems when using GNU GCC 4.9.0 where its compiler code optimizations may cause crashes in BIND. For more information, see the operational advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
  • Fixed a bug that could cause repeated resigning of records in dynamically signed zones. [RT #35273]
  • Fixed a bug that could cause an assertion failure after forwarding was disabled. [RT #35979]
  • Fixed a bug that caused GeoIP ACLs not to work when referenced indirectly via named or nested ACLs. [RT #35879]
  • FIxed a bug that could cause problems with cache cleaning when SIT was enabled. [RT #35858]
  • Fixed a bug that caused SERVFAILs when using RPZ on a system configured as a forwarder. [RT #36060]
  • Worked around a limitation in Solaris's /dev/poll implementation that could cause named to fail to start when configured to use more sockets than the system could accomodate. [RT #35878]
  • Fixed a bug that could cause an assertion failure when inserting and deleting parent and child nodes in a response-policy zone. [RT #36272]
Thank You

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/donate/.


© 2001-2015 Internet Systems Consortium

Please help us to improve the content of our knowledge base by letting us know below how we can improve this article.

If you have a technical question or problem on which you'd like help, please don't submit it here as article feedback.

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu