BIND 9.7.2b1 is now available. BIND 9.7.2b1 is a beta version of the maintenance release for BIND 9.7.
BIND 9.7.2b1 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at <https://www.isc.org/about/openpgp>. A binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip The PGP signature of the binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc Changes since 9.7.0. --- 9.7.2b1 released --- 2931. [bug] Temporarily and partially disable change 2864 because it would cause inifinite attempts of RRSIG queries. This is an urgent care fix; we'll revisit the issue and complete the fix later. [RT #21710] 2930. [experimental] New "rndc addzone" and "rndc delzone" commads allow dynamic addition and deletion of zones. To enable this feature, specify a "new-zone-file" option at the view or options level in named.conf. Zone configuration information for the new zones will be written into that file. To make the new zones persist after a restart, "include" the file into named.conf in the appropriate view. (Note: This feature is not yet documented, and its syntax is expected to change.) [RT #19447] 2929. [bug] Improved handling of GSS security contexts: - added LRU expiration for generated TSIGs - added the ability to use a non-default realm - added new "realm" keyword in nsupdate - limited lifetime of generated keys to 1 hour or the lifetime of the context (whichever is smaller) [RT #19737] 2925. [bug] Named failed to accept uncachable negative responses from insecure zones. [RT# 21555] 2924. [func] 'rndc secroots' dump a combined summary of the current managed keys combined with trusted keys. [RT #20904] 2923. [bug] 'dig +trace' could drop core after "connection timeout". [RT #21514] 2922. [contrib] Update zkt to version 1.0. 2921. [bug] The resolver could attempt to destroy a fetch context too soon. [RT #19878] 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively to IPv4 clients. New acl 'filter-aaaa' (default any). 2919. [func] Add autosign-ksk and autosign-zsk virtual time tests. [RT #20840] 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET. 2917. [func] Virtual time test framework. [RT #20801] 2916. [func] Add framework to use IPv6 in tests. fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7 2915. [cleanup] Be smarter about which objects we attempt to compile based on configure options. [RT #21444] 2914. [bug] Make the "autosign" system test more portable. [RT #20997] 2913. [func] Add pkcs#11 system tests. [RT #20784] 2912. [func] Windows clients don't like UPDATE responses that clear the zone section. [RT #20986] 2911. [bug] dnssec-signzone didn't handle out of zone records well. [RT #21367] 2910. [func] Sanity check Kerberos credentials. [RT #20986] --- 9.7.1 released --- --- 9.7.1rc1 released --- 2909. [bug] named-checkconf -p could die if "update-policy local;" was specified in named.conf. [RT #21416] 2908. [bug] It was possible for re-signing to stop after removing a DNSKEY. [RT #21384] 2907. [bug] The export version of libdns had undefined references. [RT #21444] 2906. [bug] Address RFC 5011 implementation issues. [RT #20903] 2905. [port] aix: set use_atomic=yes with native compiler. [RT #21402] 2904. [bug] When using DLV, sub-zones of the zones in the DLV, could be incorrectly marked as insecure instead of secure leading to negative proofs failing. This was a unintended outcome from change 2890. [RT# 21392] 2903. [bug] managed-keys-directory missing from namedconf.c. [RT #21370] --- 9.7.1b1 released --- 2902. [func] Add regression test for change 2897. [RT #21040] 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316] 2900. [bug] The placeholder negative caching element was not properly constructed triggering a INSIST in dns_ncache_towire(). [RT #21346] 2899. [port] win32: Support linking against OpenSSL 1.0.0. 2898. [bug] nslookup leaked memory when -domain=value was specified. [RT #21301] 2897. [bug] NSEC3 chains could be left behind when transitioning to insecure. [RT #21040] 2896. [bug] "rndc sign" failed to properly update the zone when adding a DNSKEY for publication only. [RT #21045] 2895. [func] genrandom: add support for the generation of multiple files. [RT #20917] 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294] 2893. [bug] Improve managed keys support. New named.conf option managed-keys-directory. [RT #20924] 2892. [bug] Handle REVOKED keys better. [RT #20961] 2891. [maint] Update empty-zones list to match draft-ietf-dnsop-default-local-zones-13. [RT# 21099] 2890. [bug] Handle the introduction of new trusted-keys and DS, DLV RRsets better. [RT #21097] 2889. [bug] Elements of the grammar where not properly reported. [RT #21046] 2888. [bug] Only the first EDNS option was displayed. [RT #21273] 2887. [bug] Report the keytag times in UTC in the .key file, local time is presented as a comment within the comment. [RT #21223] 2886. [bug] ctime() is not thread safe. [RT #21223] 2885. [bug] Improve -fno-strict-aliasing support probing in configure. [RT #21080] 2884. [bug] Insufficient valadation in dns_name_getlabelsequence(). [RT #21283] 2883. [bug] 'dig +short' failed to handle really large datasets. [RT #21113] 2882. [bug] Remove memory context from list of active contexts before clearing 'magic'. [RT #21274] 2881. [bug] Reduce the amount of time the rbtdb write lock is held when closing a version. [RT #21198] 2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke consistent. [RT #21078] 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor. [RT #21106] 2878. [func] Incrementally write the master file after performing a AXFR. [RT #21010] 2877. [bug] The validator failed to skip obviously mismatching RRSIGs. [RT #21138] 2876. [bug] Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] 2875. [bug] dns_time64_fromtext() could accept non digits. [RT #21033] 2874. [bug] Cache lack of EDNS support only after the server successfully responds to the query using plain DNS. [RT #20930] 2873. [bug] Canceling a dynamic update via the dns/client module could trigger an assertion failure. [RT #21133] 2872. [bug] Modify dns/client.c:dns_client_createx() to only require one of IPv4 or IPv6 rather than both. [RT #21122] 2871. [bug] Type mismatch in mem_api.c between the definition and the header file, causing build failure with --enable-exportlib. [RT #21138] 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET. 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. [RT #20877] 2868. [cleanup] Run "make clean" at the end of configure to ensure any changes made by configure are integrated. Use --with-make-clean=no to disable. [RT #20994] 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers don't like it. [RT #20986] 2866. [bug] Windows does not like the TSIG name being compressed. [RT #20986] 2865. [bug] memset to zero event.data. [RT #20986] 2864. [bug] Direct SIG/RRSIG queries were not handled correctly. [RT #21050] 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU. [RT #21056] 2862. [bug] nsupdate didn't default to the parent zone when updating DS records. [RT #20896] 2861. [doc] dnssec-settime man pages didn't correctly document the inactivation time. [RT #21039] 2860. [bug] named-checkconf's usage was out of date. [RT #21039] 2859. [bug] When cancelling validation it was possible to leak memory. [RT #20800] 2858. [bug] RTT estimates were not being adjusted on ICMP errors. [RT #20772] 2857. [bug] named-checkconf did not fail on a bad trusted key. [RT #20705] 2856. [bug] The size of a memory allocation was not always properly recorded. [RT #20927] 2853. [bug] add_sigs() could run out of scratch space. [RT #21015] 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2851. [doc] nslookup.1, removed <informalexample> from the docbook source as it produced bad nroff. [RT #21007] 2850. [bug] If isc_heap_insert() failed due to memory shortage the heap would have corrupted entries. [RT #20951] --- 9.7.0 released --- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users