Knowledge Base ISC Main Website Ask a Question/Contact ISC
 Featured
BIND9 Significant Features Matrix
Author: Cathy Almond Reference Number: AA-01310 Views: 12192 Created: 2015-10-20 13:07 Last Updated: 2017-06-02 18:27 100 Rating/ 2 Voters

The "S" (stable preview) editions and the other release branches of BIND differ in a number of ways. This table lists the major feature differences for current main supported versions of BIND, (with some provisional but incomplete insight into our future release plans where features overlap with already-released branches).

Feature9.99.9 S (stable preview)
9.109.10 S 9.11
Automatic interface scanning

all allall
Case-sensitive name compression9.9.59.9.5-S1all allall
Crypto: Native PKCS#11

allallall
DDOS Mitigation: DNS COOKIE (previously called SIT)

all (with --enable-sit); code point updated to COOKIE in 9.10.3 allall
DDOS Mitigation: Faster RPZ and new triggers
allall allall
DDOS Mitigation: Fetch limits (DDoS mitigation for recursiveservers)9.9.8 (with --enable-fetchlimit)9.9.6-S1 (revised 9.9.8-S1)9.10.3 (with --enable-fetchlimit) allall
DDOS Mitigation: Minimal response to 'any' queries


 all
DDOS Mitigation: Multiple response rate limiters for different domains
9.9.5-S1
 all
DDOS Mitigation: Response rate limiting (RRL)9.9.4 (with --enable-rrl)allall allall
DDOS Mitigation: SERVFAIL caching
9.9.6-S1
 allall
DDOS Mitigation: Size & ratio controls for response rate limiters
9.9.5-S1
 all
DNSSEC: Automatic creation of CDS, CDSKEY records


 all
DNSSEC: Negative trust anchors
9.9.6-S1
 allall

EDNS Client-Subnet (ECS) for resolvers

    all 
EDNS Client-Subnet (ECS) option support for authoritative servers


 all
EDNS EXPIRE option (server side)   all (with experimental code point);
EXPIRE code point finalized in 9.10.1
 all all
EDNS EXPIRE option (client side)     all
EDNSImproved EDNS fallback processing

all allall
GeoIP support
allall allall
Management: Detailed statistics counters
allall allall
Management: DNSTAP query/response logging
9.9.8-S5
 allall
Management: automatic DNSTAP file rolling  9.9.9-S1  all 
Management: timestamp suffix option for rolled log files
and DNSTAP files
    all 
Management: JSON statistics
allall allall
Management: New XML statistics schema9.9.3all (with --enable-newstats)all allall
Management: Squelch duplicate named servers


 all
Management: Traffic size statistics (per RSSAC02)



all
nxdomain-redirect option
9.9.8-S1
 allall
Performance: EDNS TCP keepalive support    all 
Performance: Fast "map" format zone files

all allall
Performance: Large server tuning
allall allall
Performance: mutex locking fixes (resolver)     all all
Performance: Pipelined TCP queries (server side)


 allall
Performance: TCP connection sharing for update forwarding    all
Performance: Separate rate limiting for startup NOTIFY messages
9.9.7-S1
 allall
Provisioning: Catalog zones


 all
Provisioning: Dynamic DB (DynDB) support


 all
Provisioning: in-view zone option

all allall
Resolver: Cache prefetch

all allall
Resolver: Prefer IPv6 when querying authoritative servers
9.9.8-S5
 allall
RNDC: "showzone", "modzone", faster "delzone"
9.9.8-S5
 allall
RNDC: Python module


 all
RNDC: read-only option
9.9.9-S1
 allall
RNDC: zone status reporting

all allall
RPZ: refactored RPZ    all 


New utilities that have been introduced in each branch

Utility9.99.9 S (stable preview)
9.109.10 S 9.11
 delv  all allall
 dnssec-importkey9.9.59.9.5-S1all allall
 dnssec-checkds9.9.2allall allall
 dnssec-coverage9.9.3allall allall
 dnssec-keymgr     all
 dnssec-verify9.9.2allall allall
 dnstap-read     all
 mdig     all
 named-rrchecker   all all all
 tsig-keygen  all allall


Notes:

  • "all" indicates that this feature was (or will be) introduced in the first public release of this branch
  • version numbers indicate that this feature was (or will be) introduced in the specified version, not in the first public release of the branch
  • DNS COOKIE support was introduced in 9.10 as an experimental feature using the name SIT (server identity token).  It can be enabled with --enable-sit in all unix/linux builds and is on by default in Windows.  In 9.11 the name was changed to COOKIE and the feature is enabled by default in all builds.


© 2001-2017 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Quick Jump Menu