BIND 9.7.0a2 is now available.

        BIND 9.7.0a2 is the second alpha release of BIND 9.7.0.

Overview:

        This is a technology preview of new functionality to be
        included in BIND 9.7.0.  Not all new functionality is in
        place.  APIs and configuration syntax are not yet frozen.

        BIND 9.7 includes a number of changes from BIND 9.6 and earlier
        releases.  Most are intended to simplify DNSSEC configuration.

New features include:

        - Simplified configuration of DNSSEC Lookaside Validation (DLV).
        - Simplified configuration of Dynamic DNS, using the
          "ddns-confgen" command line tool or the "ddns-autoconf"
          zone option.  (As a side effect, this also makes it
          easier to configure automatic zone re-signing.)
        - New named option "attach-cache" that allows multiple views
          to share a single cache.
        - DNS rebinding attack prevention.
        - New default values for dnssec-keygen parameters.
        - Support for RFC 5011 (automated trust anchor maintenance)
        - Smart signing: simplified tools for zone signing and key
          maintenance
        - The "statistics-channels" option is now enabled on Windows

Additional features planned but not included in this alpha release:

        - Fully automatic signing of zones
        - Improved PKCS #11 support with improved documentation
        - Improved and extended libdns library

BIND 9.7.0a2 can be downloaded from:

        ftp://ftp.isc.org/isc/bind9/9.7.0a2/bind-9.7.0a2.tar.gz

The PGP signature of the distribution is at:

        ftp://ftp.isc.org/isc/bind9/9.7.0a2/bind-9.7.0a2.tar.gz.asc
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/bind-9.7.0a2.tar.gz.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/bind-9.7.0a2.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.zip
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.debug.zip

The PGP signature of the binary kit is at:
        
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.zip.sha512.asc
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.debug.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.debug.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.0a2/BIND9.7.0a2.debug.zip.sha512.asc

Changes since previous alpha (9.7.0a1):

        --- 9.7.0a2 released ---

2644.   [bug]           Change #2628 caused a regression on some systems;
                        named was unable to write the PID file and would
                        fail on startup. [RT #20001]

2643.   [bug]           Stub zones interacted badly with NSEC3 support.
                        [RT #19777]

2642.   [bug]           nsupdate could dump core on solaris when reading
                        improperly formatted key files.  [RT #20015]

2641.   [bug]           Fixed an error in parsing update-policy syntax,
                        added a regression test to check it. [RT #20007]

2640.   [security]      A specially crafted update packet will cause named
                        to exit. [RT #20000]

2639.   [bug]           Silence compiler warnings in gssapi code. [RT #19954]

2638.   [bug]           Install arpaname. [RT #19957]

2637.   [func]          Rationalize dnssec-signzone's signwithkey() calling.
                        [RT #19959]

2636.   [func]          Simplify zone signing and key maintenance with the
                        dnssec-* tools.  Major changes:
                        - all dnssec-* tools now take a -K option to
                          specify a directory in which key files will be
                          stored
                        - DNSSEC can now store metadata indicating when
                          they are scheduled to be published, activated,
                          revoked or removed; these values can be set by
                          dnssec-keygen or overwritten by the new
                          dnssec-settime command
                        - dnssec-signzone -S (for "smart") option reads key
                          metadata and uses it to determine automatically
                          which keys to publish to the zone, use for
                          signing, revoke, or remove from the zone
                        [RT #19816]

2635.   [bug]           isc_inet_ntop() incorrectly handled 0.0/16 addresses.
                        [RT #19716]

2634.   [port]          win32: Add support for libxml2, enable
                        statschannel. [RT #19773]

2633.   [bug]           Handle 15 bit rand() functions. [RT #19783]

2632.   [func]          util/kit.sh: warn if documentation appears to be out of
                        date.  [RT #19922]

2631.   [bug]           Handle "//", "/./" and "/../" in mkdirpath().
                        [RT #19926 ]

2630.   [func]          Improved syntax for DDNS autoconfiguration:  use
                        "update-policy local;" to switch on local DDNS in a
                        zone.  [RT #19875]

2629.   [port]          Check for seteuid()/setegid(), use setresuid()/
                        setresgid() if not present. [RT #19932]
                        
2628.   [port]          linux: Allow /var/run/named/named.pid to be opened 
                        at startup with reduced capabilities in operation.
                        [RT #19884]

2627.   [bug]           Named aborted if the same key was included in
                        trusted-keys more than once. [RT #19918]

2626.   [bug]           Multiple trusted-keys could trigger an assertion
                        failure. [RT #19914]

2625.   [bug]           Missing UNLOCK in rbtdb.c. [RT #19865]

2624.   [func]          'named-checkconf -p' will print out the parsed
                        configuration. [RT #18871]

2623.   [bug]           Named started seaches for DS non-optimally. [RT #19915]

2622.   [bug]           Printing of named.conf grammar was broken. [RT #19919]
 
2621.   [doc]           Made copyright boilterplate consistent.  [RT #19833]

2620.   [bug]           Delay thawing the zone until the reload of it has
                        completed successfully.  [RT #19750]

2619.   [func]          Add support for RFC 5011, automatic trust anchor
                        maintenance.  The new "managed-keys" statement can
                        be used in place of "trusted-keys" for zones which
                        support this protocol.  (Note: this syntax is
                        expected to change prior to 9.7.0 final.) [RT #19248]

2618.   [bug]           The sdb and sdlz db_interator_seek() methods could
                        loop infinitely. [RT #19847]

2617.   [bug]           ifconfig.sh failed to emit an error message when
                        run from the wrong location. [RT #19375]

2616.   [bug]           'host' used the nameservers from resolv.conf even
                        when a explicit nameserver was specified. [RT #19852]

2615.   [bug]           "__attribute__((unused))" was in the wrong place
                        for ia64 gcc builds. [RT #19854]

2614.   [port]          win32: 'named -v' should automatically be executed
                        in the foreground. [RT #19844]

2613.   [placeholder]

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to