BIND 9 Updates, April 2017

Maintenance - Plus

One hundred and seventy-eight tickets were resolved with 9.9.10, 9.10.5, 9.10.5-S and 9.11.1.

35 of these were minor features or feature changes and 13 were test items.

We incorporated 15 submitted patches, contributed by:

  • Hannes Frederic Sowa - Use IP_PMTUDISC_OMIT if available
  • Thomas Anderson - Fixing a build failure problem
  • LaMont Jones - “This patch has been kicking around in the Debian tree for quite some time.”
  • Tony Finch - No fewer than NINE changes from Tony!
  • Stacey Jonathan Marshall - Solaris Software (Allow krb5-config to be used when configuring gssapi)
  • Xose Vazquez Perez - Making sure we were aware of the IPv6 address for G.root
  • Petr Spacek - From when he was still at RedHat (we were sorry to see him leave!)

The Subscriber Preview edition, 9.10.5-S, included two very significant changes:

  • EDNS Client-Subnet Identifier (ECS) for caching resolver operations

    • Our implementation uses a white-list to identify servers to send client-subnet information to.
    • Naturally we also respect the client signalling requesting privacy.
  • Newly re-written Response Policy Zones (RPZ) engine

    • The re-implemented RPZ is 100% backwards compatible with the older RPZ implementation (according to our tests; please let us know if you find any differently!).
    • We have eliminated the blocking that could occur when processing large RPZ updates, significantly improving usability for heavily-loaded systems.
    • This is the first installment of our 2017 BIND refactoring effort. There is more to come in BIND 9.12.

Recent Posts

What's New from ISC

Encrypted DNS: Why all the drama about DOH?

Two years ago, interest in DNS Encryption was lukewarm… In May of 2018, ISC did a survey asking our users about their interest in deploying various DNS privacy measures, including both QNAME minimization and encryption (DNS over HTTP or DoH and DNS over TLS or DoT).

Read post