Development release of BIND 10: 20110705

Jeremy C. Reed jreed at isc.org
Tue Jul 5 20:43:57 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is the twelfth development release of the BIND 10 suite. The 
significant new features include:

- - Auth server can sign answers using TSIG and Xfrout supports TSIG
  verification.

- - Many components switched over to use new log framework which uses 
  log4cplus. BIND 10 includes unique log messages with detailed 
  descriptions available in the BIND 10 Messages Manual:
  http://bind10.isc.org/docs/bind10-messages.html

- - Configurable Access Control on incoming queries for the resolver.

BIND 10 is a new DNS suite. While it contains prototype code and
experimental interfaces, both the authoritative and resolver servers
are being used in production. It provides a C++ library for DNS
(with Python wrappers) and several cooperating daemons for providing
authoritative DNS service (with SQLite3 - which supports DNSSEC -
and in-memory backends), forwarding, recursive caching name service,
and statistics reporting.

Documentation is included and also available via the BIND 10
website at http://bind10.isc.org/

The bind10-devel-20110705 source may be downloaded from:

        ftp://ftp.isc.org/isc/bind10/devel-20110705/bind10-devel-20110705.tar.gz

A PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind10/devel-20110705/bind10-devel-20110705.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

Users and developers are encouraged to participate on the BIND 10
mailing lists. Please provide your feedback:

        https://lists.isc.org/mailman/listinfo/bind10-users
        https://lists.isc.org/mailman/listinfo/bind10-dev

Bugs may be reported as tickets via the developers website
(after logging into Trac):

        http://bind10.isc.org/

A summary of the significant changes since the previous release
include (from the ChangeLog):

267.	[func]		tomek
	Added a dummy module for DHCP6. This module does not actually
	do anything at this point, and BIND 10 has no option for
	starting it yet. It is included as a base for further
	development.
	(Trac #990, git 4a590df96a1b1d373e87f1f56edaceccb95f267d)

266.	[func]		Multiple developers
        Convert various error messages, debugging and other output
        to the new logging interface, including for b10-resolver,
        the resolver library, the CC library, b10-auth, b10-cfgmgr,
        b10-xfrin, and b10-xfrout. This includes a lot of new
        documentation describing the new log messages.
        (Trac #738, #739, #742, #746, #759, #761, #762)

265.	[func]*		jinmei
	b10-resolver: Introduced ACL on incoming queries.  By default the
	resolver accepts queries from ::1 and 127.0.0.1 and rejects all
	others.  The ACL can be configured with bindctl via the
	"Resolver/query_acl" parameter.  For example, to accept queries
	from 192.0.2.0/24 (in addition to the default list), do this:
	> config add Resolver/query_acl
	> config set Resolver/query_acl[2]/action "ACCEPT"
	> config set Resolver/query_acl[2]/from "192.0.2.0/24"
	> config commit
	(Trac #999, git e0744372924442ec75809d3964e917680c57a2ce,
	also based on other ACL related work done by stephen and vorner)

264.	[bug]		jerry
	b10-xfrout: fixed a busy loop in its notify-out subthread.  Due to
	the loop, the thread previously woke up every 0.5 seconds throughout
	most of the lifetime of b10-xfrout, wasting the corresponding CPU
	time.
	(Trac #1001, git fb993ba8c52dca4a3a261e319ed095e5af8db15a)

263.	[func]		jelte
	Logging configuration can now also accept a * as a first-level
	name (e.g. '*', or '*.cache'), indicating that every module
	should use that configuration, unless overridden by an explicit
	logging configuration for that module
	(Trac #1004, git 0fad7d4a8557741f953eda9fed1d351a3d9dc5ef)

262.	[func]		stephen
	Add some initial documentation about the logging framework.
	Provide BIND 10 Messages Manual in HTML and DocBook? XML formats.
	This provides all the log message descriptions in a single document.
	A developer tool, tools/system_messages.py (available in git repo),
	was written to generate this.
	(Trac #1012, git 502100d7b9cd9d2300e78826a3bddd024ef38a74)

261.	[func]		stephen
	Add new-style logging messages to b10-auth.
	(Trac #738, git c021505a1a0d6ecb15a8fd1592b94baff6d115f4)

260.	[func]		stephen
	Remove comma between message identification and the message
	text in the new-style logging messages.
	(Trac #1031, git 1c7930a7ba19706d388e4f8dcf2a55a886b74cd2)

259.	[bug]		stephen
	Logging now correctly initialized in b10-auth.  Also, fixed
	bug whereby querying for "version.bind txt ch" would cause
	b10-auth to crash if BIND 10 was started with the "-v" switch.
	(Trac #1022,#1023, git 926a65fa08617be677a93e9e388df0f229b01067)

258.	[build]		jelte
	Now builds and runs with Python 3.2
	(Trac #710, git dae1d2e24f993e1eef9ab429326652f40a006dfb)

257.	[bug]		y-aharen
	Fixed a bug an instance of IntervalTimerImpl may be destructed 
	while deadline_timer is holding the handler. This fix addresses
	occasional failure of IntervalTimerTest.destructIntervalTimer.
	(Trac #957, git e59c215e14b5718f62699ec32514453b983ff603)

256.	[bug]		jerry
	src/bin/xfrin: update xfrin to check TSIG before other part of
	incoming message.
	(Trac #955, git 261450e93af0b0406178e9ef121f81e721e0855c)

255.	[func]		zhang likun
	src/lib/cache:  remove empty code in lib/cache and the corresponding
	suppression rule in	src/cppcheck-suppress.lst.
	(Trac #639, git 4f714bac4547d0a025afd314c309ca5cb603e212)

254.	[bug]		jinmei
	b10-xfrout: failed to send notifies over IPv6 correctly.
	(Trac #964, git 3255c92714737bb461fb67012376788530f16e40)

253.	[func]		jelte
	Add configuration options for logging through the virtual module
	Logging.
	(Trac #736, git 9fa2a95177265905408c51d13c96e752b14a0824)

252.	[func]		stephen
	Add syslog as destination for logging.
	(Trac #976, git 31a30f5485859fd3df2839fc309d836e3206546e)

251.	[bug]*		jinmei
	Make sure bindctl private files are non readable to anyone except
	the owner or users in the same group.  Note that if BIND 10 is run
	with changing the user, this change means that the file owner or
	group will have to be adjusted.  Also note that this change is
	only effective for a fresh install; if these files already exist,
	their permissions must be adjusted by hand (if necessary).
	(Trac #870, git 461fc3cb6ebabc9f3fa5213749956467a14ebfd4)

250.	[bug]		ocean
	src/lib/util/encode, in some conditions, the DecodeNormalizer's
	iterator may reach the end() and when later being dereferenced
	it will cause crash on some platform.
	(Trac #838, git 83e33ec80c0c6485d8b116b13045b3488071770f)

249.	[func]		jerry
	xfrout: add support for TSIG verification.
	(Trac #816, git 3b2040e2af2f8139c1c319a2cbc429035d93f217)

248.	[func]		stephen
	Add file and stderr as destinations for logging.
	(Trac #555, git 38b3546867425bd64dbc5920111a843a3330646b)

247.	[func]		jelte
	Upstream queries from the resolver now set EDNS0 buffer size.
	(Trac #834, git 48e10c2530fe52c9bde6197db07674a851aa0f5d)

246.	[func]		stephen
	Implement logging using log4cplus (http://log4cplus.sourceforge.net)
	(Trac #899, git 31d3f525dc01638aecae460cb4bc2040c9e4df10)

245.	[func]		vorner
	Authoritative server can now sign the answers using TSIG
	(configured in tsig_keys/keys, list of strings like
	"name:<base64-secret>:sha1-hmac"). It doesn't use them for
	ACL yet, only verifies them and signs if the request is signed.
	(Trac #875, git fe5e7003544e4e8f18efa7b466a65f336d8c8e4d)

244.	[func]		stephen
	In unit tests, allow the choice of whether unhandled exceptions are
	caught in the unit test program (and details printed) or allowed to
	propagate to the default exception handler.  See the bind10-dev thread
	https://lists.isc.org/pipermail/bind10-dev/2011-January/001867.html
	for more details.
	(Trac #542, git 1aa773d84cd6431aa1483eb34a7f4204949a610f)

243.	[func]*		feng
	Add optional hmac algorithm SHA224/384/812.
	(Trac #782, git 77d792c9d7c1a3f95d3e6a8b721ac79002cd7db1)

We look forward to your feedback.

  Jeremy C. Reed
  ISC BIND 10 Release Engineer

p.s. The documentation for these new features are in progress.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)

iEYEARECAAYFAk4TdsYACgkQs9Bv5D4YwC1WCACffHMpFly0j+CGlzTZ9civWLUd
/h0An1N82GBGsdt5G6N+rUmNZbpMeewC
=tJnn
-----END PGP SIGNATURE-----



More information about the bind-announce mailing list