Transition from BIND 9.9 to 9.10

[Mark Andrews]

In message <4D7A2547-32B0-4DFB-8042-2DB33C62853A at utk.edu>, "King, Harold Clyde 
(Hal)" writes:
> I have not found any problems so far on my test machines, but I was wondering
>  what changes there are to look forward to in moving from 9.9 to 9.10? 

9.10 and 9.11 are drop in replacements.  Basically all updates are
drop in replacements.

9.11 adds DNS COOKIE options to the out going requests.  This exposes
stupid firewall configurations and some broken handling of EDNS
queries.  https://ednscomp.isc.org/compliance/summary.html contain
graphs of how different populations of servers behave to different
EDNS extensions being used.  For the most part it just results in
additional queries being made as named falls back to plain DNS
queries when some of this misbehaviour is detected.  Echoing of the
option is currently ignored.

If the broken servers are also serving signed zones then lookups
will fail as responses to plain DNS queries do not contain RRSIGs.
Manual intervention is required to work with these servers but the
population of such servers is small.  I've got six entries in
named.conf.

e.g.
	server 117.56.91.234 { send-cookie false; };
	server 199.252/16 { send-cookie false; };

Unknown EDNS options are supposed to be ignored.

Mark

> -- 
> Hal King  - hck at utk.edu
> Systems Administrator
> Office of Information Technology
> Shared Systems Services
> 
> The University of Tennessee
> 103C5 Kingston Pike Building
> 2309 Kingston Pk. Knoxville, TN 37996
> Phone : 974-1599
> Helpdesk 24/7 : 974-9900
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org