BIND Updates, April 2017

Maintenance - Plus

One hundred and seventy-eight tickets were resolved with 9.9.10, 9.10.5, 9.10.5-S and 9.11.1.

35 of these were minor features or feature changes and 13 were test items.

We incorporated 15 submitted patches, contributed by:

  • Hannes Frederic Sowa (Use IP_PMTUDISC_OMIT if available)
  • Thomas Anderson (fixing a build failure problem)
  • LaMont Jones “This patch has been kicking around in the Debian tree for quite some time.”
  • Tony Finch (no fewer than NINE changes from Tony!)
  • Stacey Jonathan Marshall – Solaris Software (Allow krb5-config to be used when configuring gssapi.)
  • Xose Vazquez Perez – making sure we were aware of the IPv6 address for G.root
  • Petr Spacek – from when he was still at RedHat (we were sorry to see him leave!)


The Subscriber Preview edition, 9.10.5-S included two very significant changes:

  • EDNS Client-Subnet Identifier (ECS) for caching resolver operations
    • Our implementation uses a white-list to identify servers to send client-subnet information to
    • Naturally we also respect the client signalling requesting privacy
    • Because this is not yet available in our open source, we have a link HERE to the relevant section of the ARM for this new feature
  • Newly re-written Response Policy Zones (RPZ) engine
    • The re-implemented RPZ is 100% backwards compatible with the older RPZ implementation (according to our tests, please let ys know if you find any differently!)
    • We have eliminated the blocking that could occur when processing large RPZ updates, significantly improving usability for heavily-loaded systems.
    • This is the first installment of our 2017 BIND refactoring effort. There is more to come in BIND 9.12.


Last modified: August 3, 2017 at 4:53 pm