Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
“If we wait for the moment when everything, absolutely everything is ready, we shall never begin.”
― Ivan Turgenev
We rely on the user community for field testing. Please download the 4.4.0 beta version and report the results of your testing to dhcp-bugs at isc dot org. The final 4.4.0 version will be posted in about a month, depending on the results of beta testing.
Many users, packagers and OEM developers have already contributed bug reports, patches, and suggestions for this release. We appreciate these community contributions and have tried to list them all in the release notes.
The 4.4 branch will be supported indefinitely – as long as there is enough financial support from the user community to cover the costs of ongoing maintenance. We released ISC DHCP 4.3.0 in February, 2014. That version was designated as an Extended Support Version, and we have now supported it for four years, as promised. We will be ending support for the 4.3 branch in July 2018, after allowing 6 months for users to migrate to 4.4.0. We will continue to maintain the older 4.1 branch along with the new 4.4 version, because the 4.1 branch has a much smaller footprint, required for some applications.
There are some changes to existing behavior in this version that may not be entirely backwards-compatible. We recommend reading the release notes carefully.
There are four major changes in the 4.4.0 branch. Most of these we have been “saving up” because they are the sort of changes we can only make in a new branch.
We added three new server configuration parameters which influence DDNS conflict resolution:
ddns-dual-stack-mixed-mode – alters DNS conflict resolution behavior to mitigate issues with non-compliant clients in dual-stack environments.
ddns-guard-id-must-match – relaxes the DHCID RR client id matching requirement of DNS conflict resolution.
ddns-other-guard-is-dynamic – alters dual-stack mixed-mode behavior to allow unguarded DNS entries to be overwritten in certain cases.
The server now honors update-static-leases parameter for static DHCPv6 hosts.
We’ve added three command line parameters to dhclient:
prefix-len-hint – directs dhclient to use the given length as the prefix length hint when requesting prefixes.
decline-wait-time – instructs the client to wait the given number of seconds after declining an IPv4 address before issuing a discover.
address-prefix-len – specifies the prefix length passed by dhclient into the client script (via the environment variable ip6_prefixlen) with each IPv6 address. We added this parameter because we have changed the default value from 64 to 128 in order to be compliant with RFC3315bis draft (-09, page 64) and RFC5942, Section 4, point 1.
WARNING: The new default value of 128 may not be backwardly compatible with your environment. If you are operating without a router, such as between VMs on a host, you may find they cannot see each other with a prefix length of 128. In such cases, you’ll need to either provide routing or use the command-line parameter to set the value to 64. Alternatively you may change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN in includes/site.h.
dhclient will now generate a DHCPv6 DECLINE message when the client script indicates a DAD failure.
A configure script, configure.ac+lt, which supports libtool is now provided with the source tar ball. This script can be used to configure ISC DHCP to build with libtool and thus use dynamic shared libraries.
What's New from ISC