Kea 2.0 - Performance, Stability and Security
We are very proud to announce that we have just posted a new stable branch of Kea, Kea 2.Read post
Dear BIND Users,
At the end of 2017 we announced a new BIND release model. We introduced a published development branch, and established a time-driven cycle of monthly maintenance releases on both development and stable branches. In the process we shortened the interval between new stable branches to 12 months. (Previously we released new stable branches at longer intervals.) We reaffirmed our commitment to extended support versions with 4 years of maintenance, and announced that 9.16 would be our next ESV. We released the 9.12 stable and 9.13 development branches in 2018, followed by 9.14 and 9.15 in 2019, and 9.16 and 9.17 in 2020.
We plan to make a couple of significant changes to our established release model for 2021. We are not yet ready to create a new stable 9.18 branch at the moment. We are still making significant improvements to the current 9.16 branch, so a 9.18 branch would not provide any useful improvements from 9.16.
The chart below shows the adjusted release plan going forward.
During 2019 and 2020 we embarked on some refactoring that was more ambitious than we had attempted previously, replacing BIND’s proprietary network interface with the popular libuv library. This was a project that, we eventually came to realize, required more than a year to complete, and in fact, we are still not done with it. As a result, in BIND 9.16, we currently have both the legacy and the new network interfaces, and depending on the operation and BIND’s role in the DNS (client or server), we use one or the other. For the majority of servers, this hybrid approach runs smoothly, but unfortunately for others it has introduced new points of contention or bottlenecks. We would therefore like to complete the replacement of all legacy networking code before moving into the next development cycle. We need another quarter or so to finish this work.
In addition, we had pledged to backport support for DNS over TLS (DoT) and DNS over HTTPS (DoH) to 9.16. We don’t want a long-lived branch to lack these new transports, but this also means non-trivial changes to 9.16.
The 9.16 version, which should be fully stable and in minimal-changes mode by now, is not yet as quiescent as an ESV would usually be at this point. We are continuing to support 9.11 through Q1 2022. More conservative users may wish to stay on 9.11 until mid 2021, before adopting 9.16.
Finally, the best part about this plan is, since every stable version will now eventually become an ESV, users who wish to stay on one branch for several years will now be able to.
We notified ISC support customers of this planned change in December, to give them a chance to comment. Since we have received no expressions of concern, we have updated the official ISC Software Support Policy (https://kb.isc.org/docs/aa-00896).
We think this change is the best way to support our users. If you have concerns or questions please direct them to me (email below) or if you are on bind-users you may discuss this there.
What's New from ISC