BIND 9.3.0rc3 is now available.
Mark_Andrews at isc.org
Tue Aug 17 01:54:44 UTC 2004
BIND 9.3.0rc3 is now available.
BIND 9.3.0rc3 is a release candidate for BIND 9.3.
BIND 9.3.0 has a number of new features over 9.2,
DNSSEC is now DS based.
DNSSEC lookaside validation (experimental).
check-names is now implemented.
rrset-order in more complete.
IPv4/IPv6 transition support, dual-stack-servers.
IXFR deltas can now be generated when loading master files,
It is now possible to specify the size of a journal, max-journal-size.
It is now possible to define a named set of master servers to be
used in masters clause, masters.
The advertised EDNS UDP size can now be set, edns-udp-size.
allow-v6-synthesis has been obsoleted.
* Zones containing MD and MF will now be rejected.
* dig, nslookup name. now report "Not Implemented" as
NOTIMP rather than NOTIMPL. This will have impact on scripts
that are looking for NOTIMPL.
libbind: corresponds to that from BIND 8.4.5.
NOTE: If you specified max-journal-size with a BIND 9.3.0 beta (upto beta 3)
you may need to remove the journal. The journal compaction could leave the
NOTE: If you created TSIG keys using a BIND 9.3.0 beta dnsssec-keygen you
will need to change the key type to KEY from DNSKEY in the .key file.
NOTE: If you created keys for SIG(0) using a BIND 9.3.0 beta dnsssec-keygen
you may need to replace them if you didn't use 'dnssec-keygen -k' to create
KEY records rather than DNSKEY records.
BIND 9.3.0rc3 can be downloaded from
The PGP signature of the distribution is at
The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2004.txt>.
A binary kit for Windows NT 4.0 and Windows 2000 is at
The PGP signature of the binary kit for Windows NT 4.0 and Windows 2000 is at
The top of CHANGES contains:
--- 9.3.0rc3 released ---
1696. [bug] dnssec-signzone failed to clean out nodes that
consisted of only NSEC and RRSIG records.
1695. [bug] DS records when forwarding require special handling.
1694. [bug] Report if the builtin views of "_default" / "_bind"
are defined in named.conf. [RT #12023]
1693. [bug] max-journal-size was not effective for master zones
with ixfr-from-differences set. [RT# 12024]
1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
/usr/lib. [RT #11971]
1691. [bug] sdb's attachversion was not complete. [RT #11990]
1690. [bug] Delay detaching view from the client until UPDATE
processing completes when shutting down. [RT #11714]
1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
contained gratuitous semicolons. [RT #11707]
1688. [bug] LDFLAGS was not supported.
1687. [bug] Race condition in dispatch. [RT #10272]
1686. [bug] Named sent a extraneous NOTIFY when it received a
redundant UPDATE request. [RT #11943]
--- 9.3.0rc2 released ---
1685. [bug] Change #1679 loop tests weren't quite right.
1683. [bug] dig +sigchase could leak memory. [RT #11445]
1682. [port] Update configure test for (long long) printf format.
1681. [bug] Only set SO_REUSEADDR when a port is specified in
isc_socket_bind(). [RT #11742]
1679. [bug] When there was a single nameserver with multiple
addresses for a zone not all addresses were tried.
1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
1675. [bug] named would sometimes add extra NSEC records to
the authority section.
1674. [port] linux: increase buffer size used to scan
1673. [port] linux: issue a error messages if IPv6 interface
1672. [cleanup] Tests which only function in a threaded build
now return R:THREADONLY (rather than R:UNTESTED)
in a non-threaded build.
1671. [contrib] queryperf: add NAPTR to the list of known types.
1670. [func] Log UPDATE requests to slave zones without an acl as
"disabled" at debug level 3. [RT# 11657]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
1667. [port] linux: not all versions have IF_NAMESIZE.
1666. [bug] The optional port on hostnames in dual-stack-servers
was being ignored.
1663. [func] Look for OpenSSL by default.
1661. [bug] Restore dns_name_concatenate() call in
adb.c:set_target(). [RT #11582]
1660. [bug] win32: connection_reset_fix() was being called
unconditionally. [RT #11595]
--- 9.3.0rc1 released ---
1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
1662. [bug] Change #1658 failed to change one use of 'type'
1659. [cleanup] Cleanup some messages that were referring to KEY vs
DNSKEY, NXT vs NSEC and SIG vs RRSIG.
1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
and DH. Tighten which options apply to KEY and
1657. [doc] ARM: document query log output.
1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
DNSKEY and RRSIG. [RT #11542]
1655. [bug] Logging multiple versions w/o a size was broken.
1654. [bug] isc_result_totext() contained array bounds read
1653. [func] Add key type checking to dst_key_fromfilename(),
DST_TYPE_KEY should be used to read TSIG, TKEY and
1652. [bug] TKEY still uses KEY.
1651. [bug] dig: process multiple dash options.
1650. [bug] dig, nslookup: flush standard out after each command.
1649. [bug] Silence "unexpected non-minimal diff" message.
1648. [func] Update dnssec-lookaside named.conf syntax to support
multiple dnssec-lookaside namespaces (not yet
1647. [bug] It was possible trigger a INSIST when chasing a DS
record that required walking back over a empty node.
1646. [bug] win32: logging file versions didn't work with
non-UNC filenames. [RT#11486]
1645. [bug] named could trigger a REQUIRE failure if multiple
masters with keys are specified.
1644. [bug] Update the journal modification time after a
sucessfull refresh query. [RT #11436]
1643. [bug] dns_db_closeversion() could leak memory / node
references. [RT #11163]
1642. [port] Support OpenSSL implementations which don't have
DSA support. [RT #11360]
1641. [bug] Update the check-names description in ARM. [RT #11389]
--- 9.3.0beta4 released ---
1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
incorrectly closing the socket. [RT #11291]
1639. [func] Initial dlv system test.
1638. [bug] "ixfr-from-differences" could generate a REQUIRE
failure if the journal open failed. [RT #11347]
1637. [bug] Node reference leak on error in addnoqname().
1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
a error had occured. The database version no longer
matched the version of the database that was dumped.
1635. [bug] Memory leak on error in query_addds().
1634. [bug] named didn't supply a useful error message when it
detected duplicate views. [RT #11208]
1633. [bug] named should return NOTIMP to update requests to a
slaves without a allow-update-forwarding acl specified.
1632. [bug] nsupdate failed to send prerequisite only UPDATE
messages. [RT #11288]
1631. [bug] dns_journal_compact() could sometimes corrupt the
journal. [RT #11124]
1630. [contrib] queryperf: add support for IPv6 transport.
1629. [func] dig now supports IPv6 scoped addresses with the
extended format in the local-server part. [RT #8753]
1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
1627. [bug] win32: sockets were not being closed when the
last external reference was removed. [RT# 11179]
1626. [bug] --enable-getifaddrs was broken. [RT#11259]
1625. [bug] named failed to load/transfer RFC2535 signed zones
which contained CNAMES. [RT# 11237]
1606. [bug] DLV insecurity proof was failing.
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
--- 9.3.0beta3 released ---
1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
1623. [bug] A serial number of zero was being displayed in the
"sending notifies" log message when also-notify was
used. [RT #11177]
1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
available, and suppress wildcard binding if not.
1621. [bug] match-destinations did not work for IPv6 TCP queries.
1620. [func] When loading a zone report if it is signed. [RT #11149]
1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
1618. [bug] Fencepost errors in dns_name_ishostname() and
dns_name_ismailbox() could trigger a INSIST().
1617. [port] win32: VC++ 6.0 support.
1616. [compat] Ensure that named's version is visible in the core
dump. [RT #11127]
1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
it is defined.
1614. [port] win32: silence resource limit messages. [RT# 11101]
1613. [bug] Builds would fail on machines w/o a if_nametoindex().
Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
1612. [bug] check-names at the option/view level could trigger
an INSIST. [RT# 11116]
1611. [bug] solaris: IPv6 interface scanning failed to cope with
no active IPv6 interfaces.
1610. [bug] On dual stack machines "dig -b" failed to set the
address type to be looked up with "@server".
1600. [bug] Duplicate zone pre-load checks were not case
1599. [bug] Fix memory leak on error path when checking named.conf.
1598. [func] Specify that certain parts of the namespace must
be secure (dnssec-must-be-secure).
--- 9.3.0beta2 released ---
1609. [func] dig now has support to chase DNSSEC signature chains.
Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
1608. [func] dig and host now accept -4/-6 to select IP transport
to use when making queries.
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
1603. [bug] nsupdate: set interactive based on isatty().
1602. [bug] Logging to a file failed unless a size was specified.
1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
1594. [bug] 'rndc dumpdb' could prevent named from answering
queries while the dump was in progress. [RT #10565]
1593. [bug] rndc should return "unknown command" to unknown
commands. [RT# 10642]
--- 9.3.0beta1 released ---
More information about the bind-announce