BIND 9.10.0a1 Release Notes

AA-01072

BIND 9.10.0a1 is the first alpha development release of BIND 9.10, a new branch of BIND 9.

BIND 9.10 includes a number of changes from BIND 9.9 and earlier releases. New features include:

  • DNS Response-rate limiting (DNS RRL) blunts the impact of reflection and amplification attacks by rate-limiting substantially-identical responses.
  • New "map" zone format for faster loading. The new zone file format "map" is an image of a zone database that can be loaded directly into memory, allowing much faster zone loading.
  • RPZ performance improvements.  Up to 32 response-policy zones can be configured with minimal performance loss.
  • New RPZ client-IP triggers and drop policies (RPZ2). RPZ responses can be configured on the basis of the client IP address; this can be used, for example, to blacklist misbehaving recursive or stub resolvers.
  • ACLs can now be specified based on geographic location using the MaxMind GeoIP databases.
  • Support for setting Differentiated Services Code Point (DSCP) values in 'named' if supported by the underlying OS. DSCP is used for prioritizing outbound traffic.
  • Multiple DLZ databases can now be configured.  Individual zones can be configured to be served from a specific DLZ database.  DLZ databases now serve zones of type "master" and "redirect".
  • New XML schema (version 3) for the statistics channel includes many new statistics and uses a flattened XML tree for faster parsing.
  • New stylesheet, based on the Google Charts API, displays XML statistics in charts and graphs on javascript-enabled browsers.
  • The statistics channel can now provide data in JSON format as well as XML.
  • The internal and export versions of the BIND libraries (libisc, libdns, etc) have been unified so that external library clients can use the same libraries as BIND itself.
  • New 'dnssec-coverage' tool to check DNSSEC key coverage for a zone and report if a lapse in signing coverage has been inadvertently scheduled.
  • New 'dnssec-importkey' tool for importing externally generated DNSKEY records into the DNSKEY management framework.
  • New 'dnssec-checkds' tool for checking the correctness of a zone's DS and DLV records.
  • Signing algorithm flexibility and other improvements for the "rndc" control channel.
  • "rndc zonestatus" reports information about a specified zone.
  • 'named-checkzone' and 'named-compilezone' can now read journal files, allowing them to process dynamic zones.
  • "named" now listens on IPv6 as well as IPv4 interfaces by default.
  • New 'named-rrchecker' tool to verify the syntactic correctness of individual resource records.

Please see the file CHANGES for a detailed list of the many changes in this release.

Download

The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems.

Support

Professional support is provided by DNSco. Information about paid support options is available at http://www.dns-co.com/solutions/. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list/.

Thank You

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/donate/.