ISC BIND 9.8.1b3 Provides Startup-Performance Improvements

ISC BIND 9.8.1b3 is now available. BIND 9.8.1b3 is the third beta release of BIND 9.8.

This document summarizes changes from BIND 9.8.0 to BIND 9.8.1b3. Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest versions of BIND 9 software can always be found on our website at https://www.isc.org/download. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems.

Support Product support information is available on https://www.isc.org/support.

Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo.

New Features

Added a new include file with function typedefs for the DLZ “dlopen” driver. [RT #23629]

Added a tool able to generate malformed packets to allow testing of how named handles them. [RT #24096]

Security Fixes

  • If `named` is configured with a response policy zone (RPZ) and a query of type RRSIG is received for a name configured for RRset replacement in that RPZ, it will trigger an INSIST and crash the server. RRSIG. [RT #24280]
  • `named`, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause `named` to crash. [RT #24650] [CVE-2011-1910]
  • Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause `named` to crash. Fix is query-type independent. [RT #24715]
  • Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause `named` to crash. Now logs that DNAME is not supported. [RT #24766]
  • Change #2912 populated the message section in replies to UPDATE requests, which some Windows clients wanted. This exposed a latent bug that allowed the response message to crash `named`. With this fix, change 2912 has been reduced to copy only the zone section to the reply. A more complete fix for the latent bug will be released later. [RT #24777]

Feature Changes

Improved the startup time for an authoritative server with a large number of zones by making the zone task table of variable size rather than fixed size. This means that authoritative servers with lots of zones will be serving that zone data much sooner. [RT #24406]

Merged in the NetBSD ATF test framework (currently version 0.12) for development of future unit tests. Use configure –with-atf to build ATF internally or configure –with-atf=prefix to use an external copy. [RT #23209]

Added more verbose error reporting from DLZ LDAP. [RT #23402]

The DLZ “dlopen” driver is now built by default, no longer requiring a configure option. To disable it, use “configure–without-dlopen”. (Note: driver not supported on win32.) [RT#23467]

Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]

Make –with-gssapi default for ./configure. [RT #23738]

Bug Fixes

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at https://www.isc.org/donate.

Recent Posts

What's New from ISC

Happy holidays from ISC!

ISC is fortunate to have staff members in so many different countries around the world: our software development benefits from all the different perspectives - and we benefit personally!

Read post