BIND 9.7.2b1 is now available.

        BIND 9.7.2b1 is a beta version of the maintenance release for
        BIND 9.7.

BIND 9.7.2b1 can be downloaded from

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz
        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz

The PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc

        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at <https://www.isc.org/about/openpgp>.

A binary kit for Windows XP and Window 2003 is at

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip

The PGP signature of the binary kit for Windows XP and Window 2003 is at
        
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc

        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc

        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc

Changes since 9.7.0.

        --- 9.7.2b1 released ---

2931.   [bug]           Temporarily and partially disable change 2864
                        because it would cause inifinite attempts of RRSIG
                        queries.  This is an urgent care fix; we'll
                        revisit the issue and complete the fix later.
                        [RT #21710]


2930.   [experimental]  New "rndc addzone" and "rndc delzone" commads
                        allow dynamic addition and deletion of zones.
                        To enable this feature, specify a "new-zone-file"
                        option at the view or options level in named.conf.
                        Zone configuration information for the new zones
                        will be written into that file.  To make the new
                        zones persist after a restart, "include" the file
                        into named.conf in the appropriate view.  (Note:
                        This feature is not yet documented, and its syntax
                        is expected to change.) [RT #19447]

2929.   [bug]           Improved handling of GSS security contexts: 
                         - added LRU expiration for generated TSIGs
                         - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
                         - limited lifetime of generated keys to 1 hour
                           or the lifetime of the context (whichever is
                           smaller)
                        [RT #19737]

2925.   [bug]           Named failed to accept uncachable negative responses
                        from insecure zones. [RT# 21555]

2924.   [func]          'rndc  secroots'  dump a combined summary of the
                        current managed keys combined with trusted keys.
                        [RT #20904]

2923.   [bug]           'dig +trace' could drop core after "connection
                        timeout". [RT #21514]

2922.   [contrib]       Update zkt to version 1.0.

2921.   [bug]           The resolver could attempt to destroy a fetch context
                        too soon.  [RT #19878]

2920.   [func]          Allow 'filter-aaaa-on-v4' to be applied selectively
                        to IPv4 clients.  New acl 'filter-aaaa' (default any).

2919.   [func]          Add autosign-ksk and autosign-zsk virtual time tests.
                        [RT #20840]

2918.   [maint]         Add AAAA address for I.ROOT-SERVERS.NET.

2917.   [func]          Virtual time test framework. [RT #20801]

2916.   [func]          Add framework to use IPv6 in tests.
                        fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7

2915.   [cleanup]       Be smarter about which objects we attempt to compile
                        based on configure options. [RT #21444]

2914.   [bug]           Make the "autosign" system test more portable.
                        [RT #20997]

2913.   [func]          Add pkcs#11 system tests. [RT #20784]

2912.   [func]          Windows clients don't like UPDATE responses that clear
                        the zone section. [RT #20986]

2911.   [bug]           dnssec-signzone didn't handle out of zone records well.
                        [RT #21367]

2910.   [func]          Sanity check Kerberos credentials. [RT #20986]

        --- 9.7.1 released ---

        --- 9.7.1rc1 released ---

2909.   [bug]           named-checkconf -p could die if "update-policy local;"
                        was specified in named.conf. [RT #21416]

2908.   [bug]           It was possible for re-signing to stop after removing
                        a DNSKEY. [RT #21384]

2907.   [bug]           The export version of libdns had undefined references.
                        [RT #21444]

2906.   [bug]           Address RFC 5011 implementation issues. [RT #20903]

2905.   [port]          aix: set use_atomic=yes with native compiler.
                        [RT #21402]

2904.   [bug]           When using DLV, sub-zones of the zones in the DLV,
                        could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]

2903.   [bug]           managed-keys-directory missing from namedconf.c.
                        [RT #21370]

        --- 9.7.1b1 released ---

2902.   [func]          Add regression test for change 2897. [RT #21040]

2901.   [port]          Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

2900.   [bug]           The placeholder negative caching element was not
                        properly constructed triggering a INSIST in 
                        dns_ncache_towire(). [RT #21346]
                        
2899.   [port]          win32: Support linking against OpenSSL 1.0.0.

2898.   [bug]           nslookup leaked memory when -domain=value was 
                        specified. [RT #21301]

2897.   [bug]           NSEC3 chains could be left behind when transitioning
                        to insecure. [RT #21040]
                        
2896.   [bug]           "rndc sign" failed to properly update the zone
                        when adding a DNSKEY for publication only. [RT #21045]

2895.   [func]          genrandom: add support for the generation of multiple
                        files.  [RT #20917]

2894.   [contrib]       DLZ LDAP support now use '$' not '%'. [RT #21294]

2893.   [bug]           Improve managed keys support.  New named.conf option
                        managed-keys-directory. [RT #20924]

2892.   [bug]           Handle REVOKED keys better. [RT #20961]

2891.   [maint]         Update empty-zones list to match
                        draft-ietf-dnsop-default-local-zones-13. [RT# 21099]

2890.   [bug]           Handle the introduction of new trusted-keys and
                        DS, DLV RRsets better. [RT #21097]

2889.   [bug]           Elements of the grammar where not properly reported.
                        [RT #21046]

2888.   [bug]           Only the first EDNS option was displayed. [RT #21273]

2887.   [bug]           Report the keytag times in UTC in the .key file,
                        local time is presented as a comment within the
                        comment.  [RT #21223]

2886.   [bug]           ctime() is not thread safe. [RT #21223]

2885.   [bug]           Improve -fno-strict-aliasing support probing in
                        configure. [RT #21080]

2884.   [bug]           Insufficient valadation in dns_name_getlabelsequence().
                        [RT #21283]

2883.   [bug]           'dig +short' failed to handle really large datasets.
                        [RT #21113]

2882.   [bug]           Remove memory context from list of active contexts
                        before clearing 'magic'. [RT #21274]

2881.   [bug]           Reduce the amount of time the rbtdb write lock
                        is held when closing a version. [RT #21198]

2880.   [cleanup]       Make the output of dnssec-keygen and dnssec-revoke
                        consistent. [RT #21078]

2879.   [contrib]       DLZ bdbhpt driver fails to close correct cursor.
                        [RT #21106]

2878.   [func]          Incrementally write the master file after performing
                        a AXFR.  [RT #21010]

2877.   [bug]           The validator failed to skip obviously mismatching
                        RRSIGs. [RT #21138]

2876.   [bug]           Named could return SERVFAIL for negative responses
                        from unsigned zones. [RT #21131]

2875.   [bug]           dns_time64_fromtext() could accept non digits.
                        [RT #21033]

2874.   [bug]           Cache lack of EDNS support only after the server
                        successfully responds to the query using plain DNS.
                        [RT #20930]

2873.   [bug]           Canceling a dynamic update via the dns/client module
                        could trigger an assertion failure. [RT #21133]

2872.   [bug]           Modify dns/client.c:dns_client_createx() to only
                        require one of IPv4 or IPv6 rather than both.
                        [RT #21122]

2871.   [bug]           Type mismatch in mem_api.c between the definition and
                        the header file, causing build failure with
                        --enable-exportlib. [RT #21138]

2870.   [maint]         Add AAAA address for L.ROOT-SERVERS.NET.

2869.   [bug]           Fix arguments to dns_keytable_findnextkeynode() call.
                        [RT #20877]

2868.   [cleanup]       Run "make clean" at the end of configure to ensure
                        any changes made by configure are integrated.
                        Use --with-make-clean=no to disable.  [RT #20994]

2867.   [bug]           Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
                        don't like it.  [RT #20986]

2866.   [bug]           Windows does not like the TSIG name being compressed.
                        [RT #20986]

2865.   [bug]           memset to zero event.data.  [RT #20986]

2864.   [bug]           Direct SIG/RRSIG queries were not handled correctly.
                        [RT #21050]

2863.   [port]          linux: disable IPv6 PMTUD and use network minimum MTU.
                        [RT #21056]

2862.   [bug]           nsupdate didn't default to the parent zone when
                        updating DS records. [RT #20896]

2861.   [doc]           dnssec-settime man pages didn't correctly document the
                        inactivation time. [RT #21039]

2860.   [bug]           named-checkconf's usage was out of date. [RT #21039]

2859.   [bug]           When cancelling validation it was possible to leak
                        memory. [RT #20800]

2858.   [bug]           RTT estimates were not being adjusted on ICMP errors.
                        [RT #20772]

2857.   [bug]           named-checkconf did not fail on a bad trusted key.
                        [RT #20705]

2856.   [bug]           The size of a memory allocation was not always properly
                        recorded. [RT #20927]

2853.   [bug]           add_sigs() could run out of scratch space. [RT #21015]

2852.   [bug]           Handle broken DNSSEC trust chains better. [RT #15619]

2851.   [doc]           nslookup.1, removed <informalexample> from the docbook
                        source as it produced bad nroff.  [RT #21007]

2850.   [bug]           If isc_heap_insert() failed due to memory shortage
                        the heap would have corrupted entries. [RT #20951]

        --- 9.7.0 released ---
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:  +61 2 9871 4742                  INTERNET: ma...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to