Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.
Read post
Maintenance - Plus
One hundred and seventy-eight tickets were resolved with 9.9.10, 9.10.5, 9.10.5-S and 9.11.1.
35 of these were minor features or feature changes and 13 were test items.
We incorporated 15 submitted patches, contributed by:
- Hannes Frederic Sowa - Use IP_PMTUDISC_OMIT if available
- Thomas Anderson - Fixing a build failure problem
- LaMont Jones - “This patch has been kicking around in the Debian tree for quite some time.”
- Tony Finch - No fewer than NINE changes from Tony!
- Stacey Jonathan Marshall - Solaris Software (Allow krb5-config to be used when configuring gssapi)
- Xose Vazquez Perez - Making sure we were aware of the IPv6 address for G.root
- Petr Spacek - From when he was still at RedHat (we were sorry to see him leave!)
The Subscriber Preview edition, 9.10.5-S, included two very significant changes:
EDNS Client-Subnet Identifier (ECS) for caching resolver operations
- Our implementation uses a white-list to identify servers to send client-subnet information to.
- Naturally we also respect the client signalling requesting privacy.
Newly re-written Response Policy Zones (RPZ) engine
- The re-implemented RPZ is 100% backwards compatible with the older RPZ implementation (according to our tests; please let us know if you find any differently!).
- We have eliminated the blocking that could occur when processing large RPZ updates, significantly improving usability for heavily-loaded systems.
- This is the first installment of our 2017 BIND refactoring effort. There is more to come in BIND 9.12.