Re: Concerns/warnings in upgrading from 9.9 to 9.11?

Tue, 09 Jan 2018 11:00:07 -0800 

On Tue, 9 Jan 2018, Oscar Ricardo Silva wrote:
I currently run 9.9.9-P4 on recursive caching servers and with the announcement that 9.9 and 9.10 are approaching end of maintenance, I've decided it's time to move to 9.11. 


Are there any issues, warnings, concerns in upgrading? Changes that need to 
be made to named.conf? I know there are new features but I'm more concerned 
about an in-place upgrade with no change to the current build process or 
configuration.


I've not actually run 9.11 in full deployment because we couldn't tolerate
the number of names which were rendered unresolvable due to the more
strenuous EDNS checking introduced in 9.11 (apparently as part of the COOKIE
features).  The problem is in the other broken servers rather than in BIND,
but the practical effect that names couldn't be resolved prompted us to stay
with 9.10 so far.  The use of the relatively recent "send-cookie no;" option
seems to work around that problem, providing a way for us to run 9.11 here.
However, at this point I'm planning to skip 9.11 & go with 9.12 when it gets
released for real (assuming my testing continues to yield favorable results).

Some of the good things in BIND 9.11 (some introduced in 9.10 & some in 9.11)
are:
   o  IPv6 is enabled by default, including listening
   o  response rate-limited (RRL) is built-in by default; that doesn't apply
      to purely recursive servers, but it's very nice
   o  the "in-view" method allowing a zone to be shared among views
   o  DNSTAP
   o  general DNSSEC improvements

The main things I'm after in 9.12 are:
   o  named-handled rotation of DNSTAP output files;  based on my testing
      that's broken for multi-threaded use in 9.12.0rc1 because the
      rolling of the file(s) seems to be done simultaneously by multiple
      threads with no coordination, but I hope to see it fixed in the real
      9.12 release
   o  configuration of the COOKIE secret, required for anycast servers;
      that's broken in 9.11 but seems to work correctly in 9.12

________________________________________________________________________
Jay Ford, Network Engineering, University of Iowa
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to