BIND 9.20 Brings Streamlined Core, Some New Features
Today, ISC is proud to release BIND 9.20.0, our newest stable branch.
Read postMost of our work at ISC falls into one of two major project categories: open source development and network services. We will review our 2014 accomplishments in network services in a separate post.
In 2014 we did a solid job of maintaining our primary open source projects, BIND 9 and ISC DHCP. We fixed more bugs in 2014 than were discovered or reported in 2014, even as we dedicated a lot of resources to addressing the resolver DDOS problem and maintaining our support for standards development.
BIND is the industry reference implementation of the DNS protocols and a significant open source program at ISC. In 2014 we made the difficult decision to cancel work on BIND 10, and re-focus on BIND 9. We have continued maintenance of BIND 9 and added a new feature branch. In 2015 we hope to add more resources to the BIND 9 program, improve our test coverage, and bring out another new feature branch, 18 months after the previous one.
Major accomplishments in 2014
Maintenance
RESOLVED 575 issues in 2014, (not counting those opened before 1/1/2011)*
OPENED 557 new issues in our bug tracker
Security
The Heartbleed vulnerability discovered in OpenSSL had a big impact on the IT community, but did not impact BIND specifically.
We issued 5 CVEs, 3 of which were specific to 9.10:
Codenomicon ran some packet fuzzing test runs on BIND 9.10 for us in the summer of 2014. They ran millions of test cases, and found a vulnerability in “dig” which, on closer inspection, revealed a “packet of death” vulnerability in BIND 9.10.0. ISC issued an operational advisory explaining how to build BIND with gcc 4.9 to avoid the problem.
New feature development
Contributions to DNS standards
ISC engineers invest considerable time and effort working on proposals for Internet standards. Below is a list of documents in process that ISC staff are writing or co-authoring.
ISC DHCP is distributed with most open-source operating systems and is incorporated into many commercial DDI/IPAM applications, as well as embedded devices. The software is mature and full-featured, but challenging to maintain. We are proud to have completed another year of aggressive maintenance, and to have released another feature branch. We added a new developer to the project in 2014. In 2015 we are hoping to taper off our work on ISC DHCP and focus more on Kea, the next-generation DHCP server from ISC.
Major accomplishments in 2014
Maintenance
RESOLVED 167 issues in 2014 (not counting those opened before 1/1/2009)**
OPENED 133 new issues in our bug tracker
We use the Coverity free scanning program for open source programs, and starting in April, 2014, we made it a priority to address our outstanding Coverity errors in the DHCP project. Since then we have reversed the trend, and right now we have a Coverity defect density of 0.09, which is excellent.
We determined that our DHCP client script could be a vector for the Shellshock BASH vulnerability discovered in 2014. We communicated with the operating system packagers (who create these client scripts) about this possibility.
New Feature Development We launched ISC DHCP 4.3.0, which we called our IPv6 “uplift” release. This release added more feature support for IPv6, including access to relay options, on-expiry/on-renew features, and class support. It also added OMAPI subclass control, and implemented the newer standardized DHCID resource record format.
In addition to the 4.3.0 feature release, we added 12 minor features requested by users in releases 4.3.1 and 4.3.2, with selective backporting to earlier releases.
Kea is our under-development next-generation DHCP server, intended to eventually replace the ISC DHCP server. Kea is a server only, and does not currently include a client or relay. Kea is intended to be more easily extended than ISC DHCP, and is designed for dynamic reconfiguration. We are encouraged by the interest in contributing to and deploying Kea that we have seen from the community in 2014. We plan to continue new feature development in 2015, making Kea suitable for datacenter or public wifi deployments.
Major accomplishments in 2014
ISC contributions to DHC standards development
ISC engineers invest considerable time and effort working on proposals for Internet standards. Among the more notable efforts in 2014 are the work on the DHCP proposal RFC3315bis, and the two DHCP privacy drafts. In addition to working on drafts, ISC Senior Software Engineer Tomasz Mrugalski co-chaired the IETF DHC working group in 2014.
In addition, we held 2 webinars and organized a meeting about DNS resolver DDOS mitigation measures at the 90th IETF in Toronto.
* Date chosen to represent “current applicable issues.” We released BIND 9.9.0 in February, 2011.
** Date chosen to represent “current applicable issues.” We released ISC DHCP 4.1.0 in December, 2008.
What's New from ISC