BIND 9.9.0b1 is now available

Susan Graves sgraves at
Wed Nov 9 02:33:46 UTC 2011


BIND 9.9.0b1 is the first beta of a development release for BIND 9.


   The latest versions of BIND 9 software can always be found on our web
   site at There you will find
   additional information about each release, source code, and some
   pre-compiled versions for certain operating systems.


   Product support information is available on for paid support options. Free
   support is provided by our user community via a mailing list.
   Information on all public email lists is available at

 BIND 9.9 includes a number of changes from BIND 9.8 and earlier
 releases.  New features include:

    - Inline signing, allowing automatic DNSSEC signing of
      master zones without modification of the zonefile, or 
      "bump in the wire" signing in slaves.
    - NXDOMAIN redirection.
    - New 'rndc flushtree' command clears all data under a given
      name from the DNS cache.
    - New 'rndc sync' command dumps pending changes in a dynamic
      zone to disk without a freeze/thaw cycle.
    - New 'rndc signing' command displays or clears signing status
      records in 'auto-dnssec' zones.
    - NSEC3 parameters for 'auto-dnssec' zones can now be set prior
      to signing, eliminating the need to initially sign with NSEC.
    - Startup time improvements on large authoritative servers.
    - Slave zones are now saved in raw format by default.
    - Several improvements to response policy zones (RPZ).
    - Improved hardware scalability by using multiple threads
      to listen for queries and using finer-grained client locking
    - The 'also-notify' option now takes the same syntax as
      'masters', so it can used named masterlists and TSIG keys.
    - 'dnssec-signzone -D' writes an output file containing only DNSSEC
      data, which can be included by the primary zone file.
    - 'dnssec-signzone -R' forces removal of signatures that are
      not expired but were created by a key which no longer exists.
    - 'dnssec-signzone -X' allows a separate expiration date to
      be specified for DNSKEY signatures from other signatures.
    - New '-L' option to dnssec-keygen, dnssec-settime, and
      dnssec-keyfromlabel sets the default TTL for the key.
    - dnssec-dsfromkey now supports reading from standard input,
      to make it easier to convert DNSKEY to DS.
    - RFC 1918 reverse zones have been added to the empty-zones
      table per RFC 6303.
    - Dynamic updates can now optionally set the zone's SOA serial
      number to the current UNIX time.
    - DLZ modules can now retrieve the source IP address of
      the querying client.
    - 'request-ixfr' option can now be set at the per-zone level.

Please see the file CHANGES for a detailed list of changes in this release.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-announce mailing list