BIND 9 Updates, April 2017

Maintenance - Plus

One hundred and seventy-eight tickets were resolved with 9.9.10, 9.10.5, 9.10.5-S and 9.11.1.

35 of these were minor features or feature changes and 13 were test items.

We incorporated 15 submitted patches, contributed by:

  • Hannes Frederic Sowa - Use IP_PMTUDISC_OMIT if available
  • Thomas Anderson - Fixing a build failure problem
  • LaMont Jones - “This patch has been kicking around in the Debian tree for quite some time.”
  • Tony Finch - No fewer than NINE changes from Tony!
  • Stacey Jonathan Marshall - Solaris Software (Allow krb5-config to be used when configuring gssapi)
  • Xose Vazquez Perez - Making sure we were aware of the IPv6 address for G.root
  • Petr Spacek - From when he was still at RedHat (we were sorry to see him leave!)

The Subscriber Preview edition, 9.10.5-S, included two very significant changes:

  • EDNS Client-Subnet Identifier (ECS) for caching resolver operations

    • Our implementation uses a white-list to identify servers to send client-subnet information to.
    • Naturally we also respect the client signalling requesting privacy.
  • Newly re-written Response Policy Zones (RPZ) engine

    • The re-implemented RPZ is 100% backwards compatible with the older RPZ implementation (according to our tests; please let us know if you find any differently!).
    • We have eliminated the blocking that could occur when processing large RPZ updates, significantly improving usability for heavily-loaded systems.
    • This is the first installment of our 2017 BIND refactoring effort. There is more to come in BIND 9.12.