On Wed, 29 Jul 2009, Sandy Mackenzie wrote: > Any known gotcha's for this upgrade?
The significant 9.6.0 changes are listed at https://www.isc.org/software/bind/new-features/9.6 The BIND 9.6.1 minor release has numerous improvements especially in portability, documentation, and DNSSEC. The release also includes the recent security fixes: correctly check the OpenSSL DSA_do_verify() and EVP_VerifyFinal() function results; and handling unknown algorithms in the DNSSEC lookaside validation. (Note that the BIND 9.6.0 version was not susceptible to the reported cases because it already had NSEC3 algorithm support.) The behavior of default "allow-query-cache" option has now changed to also possibly be affected by "recursion no;". If the "allow-query-cache" option is not set, then the default for which hosts are allowed to get answers from the cache is determined by other configurations in the following order: 1) The "allow-recursion" ACL, if configured. 2) A "recursion no;" configuration implies "none;". 3) The "allow-query" ACL, if configured. 4) Barring all of the above, the final default is "{ localnets; localhost }". So in other words, if you have defined "recursion no;" and have not defined the "allow-query-cache", "allow-recursion", and "allow-query" ACLs, then the default will be "allow-query-cache { none; }" and clients will not have access to the cache. This is a change from 9.3.6, 9.4.3, 9.5.1, and 9.6.0. For more details, see the ARM. The contrib/zkt was updated to version 0.98. BIND 9.6.1 introduces a new logging category called "query-errors" which provides detailed internal information about query failures, such server failures. (This is documented in the ARM.) Also new experimental new statistics counters were added, including for socket I/O events and query RTT (round trip time) histograms. And a "bind.keys" file is included in the source tree which contains the recent dlv.isc.org trust anchor for the administrator's convenience. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users