Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#11848 closed enhancement (fixed)

bind9 bind 9.14.0

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Bruce Dubbs, 6 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 6 years ago

BIND 9.14.0 is the first release from a new stable branch of BIND 9, incorporating all changes from the 9.13 development branch, updating the most recent stable branch, 9.12. These changes include:

  • A new "plugin" mechanism has been added to allow query functionality to be extended using dynamically loadable libraries. The "filter-aaaa" feature has been removed from named and is now implemented as a plugin.
  • QNAME minimization, as described in RFC 7816, is now supported.
  • Socket and task code has been refactored to improve performance on most modern machines.
  • "Root key sentinel" support, enabling validating resolvers to indicate via a special query which trust anchors are configured for the root zone.
  • Secondary zones can now be configured as "mirror" zones; their contents are transferred in as with traditional slave zones, but are subject to DNSSEC validation and are not treated as authoritative data when answering. This makes it easier to configure a local copy of the root zone as described in RFC 7706.
  • The "validate-except" option allows configuration of domains below which DNSSEC validation should not be performed.
  • The default value of "dnssec-validation" is now "auto".
  • IDNA2008 is now supported when linking with libidn2.
  • "named -V" now outputs the default paths for files used by named and other tools.

In addition, workarounds that were formerly in place to enable resolution of domains whose authoritative servers did not respond to EDNS queries have been removed. See https://dnsflagday.net(https://dnsflagday.net) for more details.

Cryptographic support has been modernized. BIND now uses the best available pseudo-random number generator for the platform on which it's built. Very old versions of OpenSSL are no longer supported. Cryptography is now mandatory: building BIND without DNSSEC is no longer supported.

Special code to support certain legacy operating systems has also been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details of supported platforms. In addition to OpenSSL, BIND now requires support for IPv6, threads, and standard atomic operations provided by the C compiler. Non-threaded builds are no longer supported.

comment:3 by Bruce Dubbs, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21376.

comment:4 by Bruce Dubbs, 6 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.