Re: Updating to 9.14

2019-05-15 Thread Mark Andrews 


> On 16 May 2019, at 5:11 am, @lbutlr  wrote:
> 
> Currently running latest release of Bind 9.12, which is now EOLed and want to 
> move to 9.14. I was looking on google for 
> 
> update "bind9.12" "bind 9.14"
> 
> But did not find anything of use. I did find the 9.14 announcement, but there 
> isn't a link there to release notes. I know there has been at least one 
> significant change in the named.conf file.
> 
> 
> 
> Other than the “allow-update” and “allow-update-forwarding” issue which does 
> not affect me, what other configuration issues am I going to hit?

Below are all the changes between 9.12 and 9.14.  Most of these are cosmetic,
new/extended features.  doc/misc/options is automatically generated from the
parser so it reflects what reality.  It’s also a good way to find the option
name when you forget it.

filter- is now a plugin module.

diff --git a/doc/misc/options b/doc/misc/options
index 0544b388f1..c692ed2ec9 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -93,13 +93,14 @@ options {
 [ dscp  ] { (  |  [ port
  ] |  [ port  ] ) [ key
  ]; ... } ] [ zone-directory  ] [
-in-memory  ] [ min-update-interval  ]; ... };
+in-memory  ] [ min-update-interval  ]; ... };
 check-dup-records ( fail | warn | ignore );
 check-integrity ;
 check-mx ( fail | warn | ignore );
 check-mx-cname ( fail | warn | ignore );
-check-names ( master | slave | response
-) ( fail | warn | ignore ); // may occur multiple times
+check-names ( primary | master |
+secondary | slave | response ) (
+fail | warn | ignore ); // may occur multiple times
 check-sibling ;
 check-spf ( warn | ignore );
 check-srv-cname ( fail | warn | ignore );
@@ -110,11 +111,11 @@ options {
 cookie-secret ; // may occur multiple times
 coresize ( default | unlimited |  );
 datasize ( default | unlimited |  );
-deallocate-on-exit ; // obsolete
+deallocate-on-exit ; // ancient
 deny-answer-addresses { ; ... } [
-except-from { ; ... } ];
-deny-answer-aliases { ; ... } [ except-from {
-; ... } ];
+except-from { ; ... } ];
+deny-answer-aliases { ; ... } [ except-from { ; ...
+} ];
 dialup ( notify | notify-passive | passive | refresh |  );
 directory ;
 disable-algorithms  { ;
@@ -132,6 +133,7 @@ options {
 }; // may occur multiple times
 dns64-contact ;
 dns64-server ;
+dnskey-sig-validity ;
 dnsrps-enable ; // not configured
 dnsrps-options {  }; // not configured
 dnssec-accept-expired ;
@@ -145,7 +147,8 @@ options {
 dnssec-update-mode ( maintain | no-resign );
 dnssec-validation ( yes | no | auto );
 dnstap { ( all | auth | client | forwarder |
-resolver ) [ ( query | response ) ]; ... }; // not configured
+resolver | update ) [ ( query | response ) ];
+... }; // not configured
 dnstap-identity (  | none |
 hostname ); // not configured
 dnstap-output ( file | unix )  [
@@ -163,15 +166,15 @@ options {
 empty-contact ;
 empty-server ;
 empty-zones-enable ;
-fake-iquery ; // obsolete
-fetch-glue ; // obsolete
+fake-iquery ; // ancient
+fetch-glue ; // ancient
 fetch-quota-params;
 fetches-per-server  [ ( drop | fail ) ];
 fetches-per-zone  [ ( drop | fail ) ];
 files ( default | unlimited |  );
-filter- { ; ... };
-filter--on-v4 ( break-dnssec |  );
-filter--on-v6 ( break-dnssec |  );
+filter- { ; ... }; // obsolete
+filter--on-v4 ; // obsolete
+filter--on-v6 ; // obsolete
 flush-zones-on-shutdown ;
 forward ( first | only );
 forwarders [ port  ] [ dscp  ] { ( 
@@ -182,18 +185,19 @@ options {
 fstrm-set-output-notify-threshold ; // not configured
 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
 fstrm-set-output-queue-size ; // not configured
-fstrm-set-reopen-interval ; // not configured
+fstrm-set-reopen-interval ; // not configured
 geoip-directory (  | none ); // not configured
-geoip-use-ecs ; // not configured
+geoip-use-ecs ; // obsolete
 glue-cache ;
-has-old-clients ; // obsolete
+has-old-clients ; // ancient
 heartbeat-interval ;
-host-statistics ; // not implemented
-host-statistics-max ; // not implemented
+host-statistics ; // ancient
+host-statistics-max ; // ancient
 hostname (  | none );
 inline-signing ;
-interface-interval ;
-ixfr-from-differences ( master | slave |  );
+

Updating to 9.14

2019-05-15 Thread @lbutlr 
Currently running latest release of Bind 9.12, which is now EOLed and want to 
move to 9.14. I was looking on google for 

update "bind9.12" "bind 9.14"

But did not find anything of use. I did find the 9.14 announcement, but there 
isn't a link there to release notes. I know there has been at least one 
significant change in the named.conf file.



Other than the “allow-update” and “allow-update-forwarding” issue which does 
not affect me, what other configuration issues am I going to hit?

I am still OpenSSL 1.0.2r, do I need to move to OpenSSL 1.1.1? I mean, I am 
probably going to do that anyway, RSN, but this would be an excuse to do it now.

-- 
Forgive your enemies, but remember their names.




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users