Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
Barring surprises, BIND 9.12.0b2, now available for download, should be the last development beta before the release candidate. If you want to give it a try in time to provide us feedback before our RC code freeze you can find the beta at our Downloads page.
We don’t introduce new features or make major changes to minor releases within a BIND 9 branch. New branches are when we make significant changes to BIND. BIND 9.12.0 will be the first release in the 9.12 series and in the release notes you can find information about the new features, improvements, and fixes that are included in 9.12. Key new features include:
namedcan now continue returning answers whose TTLs have expired when the authoritative server is under attack and unable to respond. Code for this feature was contributed by Akamai.
namedto use an external response policy provider. This allows the same types of policy filtering as standard RPZ, but can reduce the workload for
named, particularly when using large and frequently updated policy zones. It also enables
namedto share response policy providers with other DNS implementations such as Unbound. Thanks to Vernon Schryver and Farsight Security for the contribution.
You should also review the “Features Removed” section as well. Some of these changes could break existing scripts that rely on them. We do make every effort to support backwards compatibility, and we only make this kind of change in a major release. For example, going forward HMAC-MD5 will not be recommended for RNDC keys. For backwards compatibility HMAC-MD5 can still be used, but the default algorithm used by rndc-confgen is now HMAC-SHA256.
The release notes can be found at: ftp://ftp.isc.org/isc/bind9/9.12.0b2/
User input on development releases is an important part of improving our software and we especially appreciate help from those who are willing to test development releases and provide constructive feedback. Thank you especially to those who have provided input during the alpha release period and also to those who will help evaluate the new beta release. Please send feedback to firstname.lastname@example.org.
What's New from ISC