BIND 9.7.1b1 is now available.

Mark Andrews marka at
Tue May 25 15:06:36 UTC 2010

		BIND 9.7.1b1 is now available.

	BIND 9.7.1b1 is a beta version of the maintenance release for
	BIND 9.7.  The managed-keys-directory option is known to be
	broken and a patch (namedconf.c.patch) is available.

BIND 9.7.1b1 can be downloaded from

The PGP signature of the distribution is at

The signature was generated with the ISC public key, which is
available at <>.

A binary kit for Windows XP and Window 2003 is at

The PGP signature of the binary kit for Windows XP and Window 2003 is at


Changes since 9.7.0.

	--- 9.7.1b1 released ---

2902.	[func]		Add regression test for change 2897. [RT #21040]

2901.	[port]		Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

2900.	[bug]		The placeholder negative caching element was not
			properly constructed triggering a INSIST in 
			dns_ncache_towire(). [RT #21346]
2899.	[port]		win32: Support linking against OpenSSL 1.0.0.

2898.	[bug]		nslookup leaked memory when -domain=value was 
			specified. [RT #21301]

2897.	[bug]		NSEC3 chains could be left behind when transitioning
			to insecure. [RT #21040]
2896.	[bug]		"rndc sign" failed to properly update the zone
			when adding a DNSKEY for publication only. [RT #21045]

2895.	[func]		genrandom: add support for the generation of multiple
			files.  [RT #20917]

2894.	[contrib]	DLZ LDAP support now use '$' not '%'. [RT #21294]

2893.	[bug]		Improve managed keys support.  New named.conf option
			managed-keys-directory. [RT #20924]

2892.	[bug]		Handle REVOKED keys better. [RT #20961]

2891.	[maint]		Update empty-zones list to match
			draft-ietf-dnsop-default-local-zones-13. [RT# 21099]

2890.	[bug]		Handle the introduction of new trusted-keys and
			DS, DLV RRsets better. [RT #21097]

2889.	[bug]		Elements of the grammar where not properly reported.
			[RT #21046]

2888.	[bug]		Only the first EDNS option was displayed. [RT #21273]

2887.	[bug]		Report the keytag times in UTC in the .key file,
			local time is presented as a comment within the
			comment.  [RT #21223]

2886.	[bug]		ctime() is not thread safe. [RT #21223]

2885.	[bug]		Improve -fno-strict-aliasing support probing in
			configure. [RT #21080]

2884.	[bug]		Insufficient valadation in dns_name_getlabelsequence().
			[RT #21283]

2883.	[bug]		'dig +short' failed to handle really large datasets.
			[RT #21113]

2882.	[bug]		Remove memory context from list of active contexts
			before clearing 'magic'. [RT #21274]

2881.	[bug]		Reduce the amount of time the rbtdb write lock
			is held when closing a version. [RT #21198]

2880.	[cleanup]	Make the output of dnssec-keygen and dnssec-revoke
			consistent. [RT #21078]

2879.	[contrib]	DLZ bdbhpt driver fails to close correct cursor.
			[RT #21106]

2878.	[func]		Incrementally write the master file after performing
			a AXFR.  [RT #21010]

2877.	[bug]		The validator failed to skip obviously mismatching
			RRSIGs. [RT #21138]

2876.	[bug]		Named could return SERVFAIL for negative responses
			from unsigned zones. [RT #21131]

2875.	[bug]		dns_time64_fromtext() could accept non digits.
			[RT #21033]

2874.	[bug]		Cache lack of EDNS support only after the server
			successfully responds to the query using plain DNS.
			[RT #20930]

2873.	[bug]		Canceling a dynamic update via the dns/client module
			could trigger an assertion failure. [RT #21133]

2872.	[bug]		Modify dns/client.c:dns_client_createx() to only
			require one of IPv4 or IPv6 rather than both.
			[RT #21122]

2871.	[bug]		Type mismatch in mem_api.c between the definition and
			the header file, causing build failure with
			--enable-exportlib. [RT #21138]

2870.	[maint]		Add AAAA address for L.ROOT-SERVERS.NET.

2869.	[bug]		Fix arguments to dns_keytable_findnextkeynode() call.
			[RT #20877]

2868.	[cleanup]	Run "make clean" at the end of configure to ensure
			any changes made by configure are integrated.
			Use --with-make-clean=no to disable.  [RT #20994]

2867.	[bug]		Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
			don't like it.  [RT #20986]

2866.	[bug]		Windows does not like the TSIG name being compressed.
			[RT #20986]

2865.	[bug]		memset to zero  [RT #20986]

2864.	[bug]		Direct SIG/RRSIG queries were not handled correctly.
			[RT #21050]

2863.	[port]		linux: disable IPv6 PMTUD and use network minimum MTU.
			[RT #21056]

2862.	[bug]		nsupdate didn't default to the parent zone when
			updating DS records. [RT #20896]

2861.	[doc]		dnssec-settime man pages didn't correctly document the
			inactivation time. [RT #21039]

2860.	[bug]		named-checkconf's usage was out of date. [RT #21039]

2859.	[bug]		When cancelling validation it was possible to leak
			memory. [RT #20800]

2858.	[bug]		RTT estimates were not being adjusted on ICMP errors.
			[RT #20772]

2857.	[bug]		named-checkconf did not fail on a bad trusted key.
			[RT #20705]

2856.	[bug]		The size of a memory allocation was not always properly
			recorded. [RT #20927]

2853.	[bug]		add_sigs() could run out of scratch space. [RT #21015]

2852.	[bug]		Handle broken DNSSEC trust chains better. [RT #15619]

2851.	[doc]		nslookup.1, removed <informalexample> from the docbook
			source as it produced bad nroff.  [RT #21007]

2850.	[bug]		If isc_heap_insert() failed due to memory shortage
			the heap would have corrupted entries. [RT #20951]

	--- 9.7.0 released ---
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka at

More information about the bind-announce mailing list