Development release of BIND 10: 20110705
Jeremy C. Reed
jreed at isc.org
Tue Jul 5 20:43:57 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
This is the twelfth development release of the BIND 10 suite. The
significant new features include:
- - Auth server can sign answers using TSIG and Xfrout supports TSIG
- - Many components switched over to use new log framework which uses
log4cplus. BIND 10 includes unique log messages with detailed
descriptions available in the BIND 10 Messages Manual:
- - Configurable Access Control on incoming queries for the resolver.
BIND 10 is a new DNS suite. While it contains prototype code and
experimental interfaces, both the authoritative and resolver servers
are being used in production. It provides a C++ library for DNS
(with Python wrappers) and several cooperating daemons for providing
authoritative DNS service (with SQLite3 - which supports DNSSEC -
and in-memory backends), forwarding, recursive caching name service,
and statistics reporting.
Documentation is included and also available via the BIND 10
website at http://bind10.isc.org/
The bind10-devel-20110705 source may be downloaded from:
A PGP signature of the distribution is at
The signature was generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp
Users and developers are encouraged to participate on the BIND 10
mailing lists. Please provide your feedback:
Bugs may be reported as tickets via the developers website
(after logging into Trac):
A summary of the significant changes since the previous release
include (from the ChangeLog):
267. [func] tomek
Added a dummy module for DHCP6. This module does not actually
do anything at this point, and BIND 10 has no option for
starting it yet. It is included as a base for further
(Trac #990, git 4a590df96a1b1d373e87f1f56edaceccb95f267d)
266. [func] Multiple developers
Convert various error messages, debugging and other output
to the new logging interface, including for b10-resolver,
the resolver library, the CC library, b10-auth, b10-cfgmgr,
b10-xfrin, and b10-xfrout. This includes a lot of new
documentation describing the new log messages.
(Trac #738, #739, #742, #746, #759, #761, #762)
265. [func]* jinmei
b10-resolver: Introduced ACL on incoming queries. By default the
resolver accepts queries from ::1 and 127.0.0.1 and rejects all
others. The ACL can be configured with bindctl via the
"Resolver/query_acl" parameter. For example, to accept queries
from 192.0.2.0/24 (in addition to the default list), do this:
> config add Resolver/query_acl
> config set Resolver/query_acl/action "ACCEPT"
> config set Resolver/query_acl/from "192.0.2.0/24"
> config commit
(Trac #999, git e0744372924442ec75809d3964e917680c57a2ce,
also based on other ACL related work done by stephen and vorner)
264. [bug] jerry
b10-xfrout: fixed a busy loop in its notify-out subthread. Due to
the loop, the thread previously woke up every 0.5 seconds throughout
most of the lifetime of b10-xfrout, wasting the corresponding CPU
(Trac #1001, git fb993ba8c52dca4a3a261e319ed095e5af8db15a)
263. [func] jelte
Logging configuration can now also accept a * as a first-level
name (e.g. '*', or '*.cache'), indicating that every module
should use that configuration, unless overridden by an explicit
logging configuration for that module
(Trac #1004, git 0fad7d4a8557741f953eda9fed1d351a3d9dc5ef)
262. [func] stephen
Add some initial documentation about the logging framework.
Provide BIND 10 Messages Manual in HTML and DocBook? XML formats.
This provides all the log message descriptions in a single document.
A developer tool, tools/system_messages.py (available in git repo),
was written to generate this.
(Trac #1012, git 502100d7b9cd9d2300e78826a3bddd024ef38a74)
261. [func] stephen
Add new-style logging messages to b10-auth.
(Trac #738, git c021505a1a0d6ecb15a8fd1592b94baff6d115f4)
260. [func] stephen
Remove comma between message identification and the message
text in the new-style logging messages.
(Trac #1031, git 1c7930a7ba19706d388e4f8dcf2a55a886b74cd2)
259. [bug] stephen
Logging now correctly initialized in b10-auth. Also, fixed
bug whereby querying for "version.bind txt ch" would cause
b10-auth to crash if BIND 10 was started with the "-v" switch.
(Trac #1022,#1023, git 926a65fa08617be677a93e9e388df0f229b01067)
258. [build] jelte
Now builds and runs with Python 3.2
(Trac #710, git dae1d2e24f993e1eef9ab429326652f40a006dfb)
257. [bug] y-aharen
Fixed a bug an instance of IntervalTimerImpl may be destructed
while deadline_timer is holding the handler. This fix addresses
occasional failure of IntervalTimerTest.destructIntervalTimer.
(Trac #957, git e59c215e14b5718f62699ec32514453b983ff603)
256. [bug] jerry
src/bin/xfrin: update xfrin to check TSIG before other part of
(Trac #955, git 261450e93af0b0406178e9ef121f81e721e0855c)
255. [func] zhang likun
src/lib/cache: remove empty code in lib/cache and the corresponding
suppression rule in src/cppcheck-suppress.lst.
(Trac #639, git 4f714bac4547d0a025afd314c309ca5cb603e212)
254. [bug] jinmei
b10-xfrout: failed to send notifies over IPv6 correctly.
(Trac #964, git 3255c92714737bb461fb67012376788530f16e40)
253. [func] jelte
Add configuration options for logging through the virtual module
(Trac #736, git 9fa2a95177265905408c51d13c96e752b14a0824)
252. [func] stephen
Add syslog as destination for logging.
(Trac #976, git 31a30f5485859fd3df2839fc309d836e3206546e)
251. [bug]* jinmei
Make sure bindctl private files are non readable to anyone except
the owner or users in the same group. Note that if BIND 10 is run
with changing the user, this change means that the file owner or
group will have to be adjusted. Also note that this change is
only effective for a fresh install; if these files already exist,
their permissions must be adjusted by hand (if necessary).
(Trac #870, git 461fc3cb6ebabc9f3fa5213749956467a14ebfd4)
250. [bug] ocean
src/lib/util/encode, in some conditions, the DecodeNormalizer's
iterator may reach the end() and when later being dereferenced
it will cause crash on some platform.
(Trac #838, git 83e33ec80c0c6485d8b116b13045b3488071770f)
249. [func] jerry
xfrout: add support for TSIG verification.
(Trac #816, git 3b2040e2af2f8139c1c319a2cbc429035d93f217)
248. [func] stephen
Add file and stderr as destinations for logging.
(Trac #555, git 38b3546867425bd64dbc5920111a843a3330646b)
247. [func] jelte
Upstream queries from the resolver now set EDNS0 buffer size.
(Trac #834, git 48e10c2530fe52c9bde6197db07674a851aa0f5d)
246. [func] stephen
Implement logging using log4cplus (http://log4cplus.sourceforge.net)
(Trac #899, git 31d3f525dc01638aecae460cb4bc2040c9e4df10)
245. [func] vorner
Authoritative server can now sign the answers using TSIG
(configured in tsig_keys/keys, list of strings like
"name:<base64-secret>:sha1-hmac"). It doesn't use them for
ACL yet, only verifies them and signs if the request is signed.
(Trac #875, git fe5e7003544e4e8f18efa7b466a65f336d8c8e4d)
244. [func] stephen
In unit tests, allow the choice of whether unhandled exceptions are
caught in the unit test program (and details printed) or allowed to
propagate to the default exception handler. See the bind10-dev thread
for more details.
(Trac #542, git 1aa773d84cd6431aa1483eb34a7f4204949a610f)
243. [func]* feng
Add optional hmac algorithm SHA224/384/812.
(Trac #782, git 77d792c9d7c1a3f95d3e6a8b721ac79002cd7db1)
We look forward to your feedback.
Jeremy C. Reed
ISC BIND 10 Release Engineer
p.s. The documentation for these new features are in progress.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
-----END PGP SIGNATURE-----
More information about the bind-announce