BIND 9.7.2b1 is now available.
Mark Andrews
marka at isc.org
Fri Jul 23 00:33:17 UTC 2010
BIND 9.7.2b1 is now available.
BIND 9.7.2b1 is a beta version of the maintenance release for
BIND 9.7.
BIND 9.7.2b1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz
http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc
The signature was generated with the ISC public key, which is
available at <https://www.isc.org/about/openpgp>.
A binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip
The PGP signature of the binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc
http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc
Changes since 9.7.0.
--- 9.7.2b1 released ---
2931. [bug] Temporarily and partially disable change 2864
because it would cause inifinite attempts of RRSIG
queries. This is an urgent care fix; we'll
revisit the issue and complete the fix later.
[RT #21710]
2930. [experimental] New "rndc addzone" and "rndc delzone" commads
allow dynamic addition and deletion of zones.
To enable this feature, specify a "new-zone-file"
option at the view or options level in named.conf.
Zone configuration information for the new zones
will be written into that file. To make the new
zones persist after a restart, "include" the file
into named.conf in the appropriate view. (Note:
This feature is not yet documented, and its syntax
is expected to change.) [RT #19447]
2929. [bug] Improved handling of GSS security contexts:
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
- added new "realm" keyword in nsupdate
- limited lifetime of generated keys to 1 hour
or the lifetime of the context (whichever is
smaller)
[RT #19737]
2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
2924. [func] 'rndc secroots' dump a combined summary of the
current managed keys combined with trusted keys.
[RT #20904]
2923. [bug] 'dig +trace' could drop core after "connection
timeout". [RT #21514]
2922. [contrib] Update zkt to version 1.0.
2921. [bug] The resolver could attempt to destroy a fetch context
too soon. [RT #19878]
2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
to IPv4 clients. New acl 'filter-aaaa' (default any).
2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
[RT #20840]
2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
2917. [func] Virtual time test framework. [RT #20801]
2916. [func] Add framework to use IPv6 in tests.
fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
2915. [cleanup] Be smarter about which objects we attempt to compile
based on configure options. [RT #21444]
2914. [bug] Make the "autosign" system test more portable.
[RT #20997]
2913. [func] Add pkcs#11 system tests. [RT #20784]
2912. [func] Windows clients don't like UPDATE responses that clear
the zone section. [RT #20986]
2911. [bug] dnssec-signzone didn't handle out of zone records well.
[RT #21367]
2910. [func] Sanity check Kerberos credentials. [RT #20986]
--- 9.7.1 released ---
--- 9.7.1rc1 released ---
2909. [bug] named-checkconf -p could die if "update-policy local;"
was specified in named.conf. [RT #21416]
2908. [bug] It was possible for re-signing to stop after removing
a DNSKEY. [RT #21384]
2907. [bug] The export version of libdns had undefined references.
[RT #21444]
2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
2903. [bug] managed-keys-directory missing from namedconf.c.
[RT #21370]
--- 9.7.1b1 released ---
2902. [func] Add regression test for change 2897. [RT #21040]
2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]
2899. [port] win32: Support linking against OpenSSL 1.0.0.
2898. [bug] nslookup leaked memory when -domain=value was
specified. [RT #21301]
2897. [bug] NSEC3 chains could be left behind when transitioning
to insecure. [RT #21040]
2896. [bug] "rndc sign" failed to properly update the zone
when adding a DNSKEY for publication only. [RT #21045]
2895. [func] genrandom: add support for the generation of multiple
files. [RT #20917]
2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
2893. [bug] Improve managed keys support. New named.conf option
managed-keys-directory. [RT #20924]
2892. [bug] Handle REVOKED keys better. [RT #20961]
2891. [maint] Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]
2889. [bug] Elements of the grammar where not properly reported.
[RT #21046]
2888. [bug] Only the first EDNS option was displayed. [RT #21273]
2887. [bug] Report the keytag times in UTC in the .key file,
local time is presented as a comment within the
comment. [RT #21223]
2886. [bug] ctime() is not thread safe. [RT #21223]
2885. [bug] Improve -fno-strict-aliasing support probing in
configure. [RT #21080]
2884. [bug] Insufficient valadation in dns_name_getlabelsequence().
[RT #21283]
2883. [bug] 'dig +short' failed to handle really large datasets.
[RT #21113]
2882. [bug] Remove memory context from list of active contexts
before clearing 'magic'. [RT #21274]
2881. [bug] Reduce the amount of time the rbtdb write lock
is held when closing a version. [RT #21198]
2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
consistent. [RT #21078]
2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
[RT #21106]
2878. [func] Incrementally write the master file after performing
a AXFR. [RT #21010]
2877. [bug] The validator failed to skip obviously mismatching
RRSIGs. [RT #21138]
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
2875. [bug] dns_time64_fromtext() could accept non digits.
[RT #21033]
2874. [bug] Cache lack of EDNS support only after the server
successfully responds to the query using plain DNS.
[RT #20930]
2873. [bug] Canceling a dynamic update via the dns/client module
could trigger an assertion failure. [RT #21133]
2872. [bug] Modify dns/client.c:dns_client_createx() to only
require one of IPv4 or IPv6 rather than both.
[RT #21122]
2871. [bug] Type mismatch in mem_api.c between the definition and
the header file, causing build failure with
--enable-exportlib. [RT #21138]
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]
2868. [cleanup] Run "make clean" at the end of configure to ensure
any changes made by configure are integrated.
Use --with-make-clean=no to disable. [RT #20994]
2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
don't like it. [RT #20986]
2866. [bug] Windows does not like the TSIG name being compressed.
[RT #20986]
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
[RT #21050]
2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
[RT #21056]
2862. [bug] nsupdate didn't default to the parent zone when
updating DS records. [RT #20896]
2861. [doc] dnssec-settime man pages didn't correctly document the
inactivation time. [RT #21039]
2860. [bug] named-checkconf's usage was out of date. [RT #21039]
2859. [bug] When cancelling validation it was possible to leak
memory. [RT #20800]
2858. [bug] RTT estimates were not being adjusted on ICMP errors.
[RT #20772]
2857. [bug] named-checkconf did not fail on a bad trusted key.
[RT #20705]
2856. [bug] The size of a memory allocation was not always properly
recorded. [RT #20927]
2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
2851. [doc] nslookup.1, removed <informalexample> from the docbook
source as it produced bad nroff. [RT #21007]
2850. [bug] If isc_heap_insert() failed due to memory shortage
the heap would have corrupted entries. [RT #20951]
--- 9.7.0 released ---
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list