ISC BIND 9.8.1b3 provides startup-performance improvements

ISC BIND 9.8.1b3 is now available.

BIND 9.8.1b3 is the third beta release of BIND 9.8.
This document summarizes changes from BIND 9.8.0 to BIND 9.8.1b3.  Please see the CHANGES file in the source code release for a complete list of all changes.

Download
The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/all. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems.

Support
Product support information is available on http://www.isc.org/services/support for paid support options.

Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo.

New Features

Added a new include file with function typedefs for the DLZ “dlopen” driver. [RT #23629]

Added a tool able to generate malformed packets to allow testing of how named handles them. [RT #24096]

Security Fixes

  • If named is configured with a response policy zone (RPZ) and a query of type RRSIG is received for a name configured for RRset replacement in that RPZ, it will trigger an INSIST and crash the server. RRSIG. [RT #24280]
  • named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650]  [CVE-2011-1910]
  • Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type independant. [RT #24715]
  • Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause named to crash. Now logs that DNAME is not supported. [RT #24766]
  • Change #2912 populated the message section in replies to UPDATE requests, which some Windows clients wanted. This exposed a latent bug that allowed the response message to crash named. With this fix, change 2912 has been reduced to copy only the zone section to the reply. A more complete fix for the latent bug will be released later. [RT #24777]

Feature Changes

Improved the startup time for an authoritative server with a large number of zones by making the zone task table of variable size rather than fixed size. This means that authoritative servers with lots of zones will be serving that zone data much sooner. [RT #24406]

Merged in the NetBSD ATF test framework (currently version 0.12) for development of future unit tests. Use configure –with-atf to build ATF internally or configure –with-atf=prefix to use an external copy. [RT #23209]

Added more verbose error reporting from DLZ LDAP. [RT #23402] The DLZ “dlopen” driver is now built by default, no longer requiring a configure option. To disable it, use “configure–without-dlopen”. (Note: driver not supported on win32.) [RT#23467]

Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]

Make –with-gssapi default for ./configure. [RT #23738]

Bug Fixes
Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to  make quality open source software, please visit our donations page at  http://www.isc.org/supportisc.


Evan Hunt — each@isc.org
Internet Systems Consortium, Inc.

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

What is 3 + 4 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)