Development release of BIND 10: bind10-devel-20120119

Jeremy C. Reed jreed at
Thu Jan 19 14:09:21 UTC 2012

Hash: SHA1

	Development release of BIND 10: bind10-devel-20120119

Welcome to the sixteenth development release of BIND 10.

BIND 10 provides a C++ library for DNS (with python wrappers) and
several cooperating daemons for providing authoritative DNS service
(with SQLite3 which supports DNSSEC and in-memory backends),
DNS forwarding, and recursive name service. While it contains prototype
code and experimental interfaces, both the authoritative and resolver
servers are being used in production. It also provides experimental
DHCPv4 and DHCPv6 servers and a C++ library for DHCP.

Documentation is included and also available via the BIND 10
website at

The bind10-devel-20120119 source may be downloaded from:

A PGP signature of the distribution is at

The signature was generated with the ISC public key, which is
available at

Users and developers are encouraged to participate on the BIND 10
mailing lists. Please provide your feedback:

Bugs may be reported as tickets via the developers website
(after logging into Trac):

A summary of the significant changes since the previous release
include (from the ChangeLog):

363.	[func]		jelte
	Added dummy DDNS module b10-ddns. Currently it does not
	provide any functionality, but it is a skeleton implementation
	that will be expanded later.
	(Trac #1451, git b0d0bf39fbdc29a7879315f9b8e6d602ef3afb1b)

362.	[func]*		vorner
	Due to the socket creator changes, b10-auth and b10-resolver
	are no longer needed to start as root. They are started as
	the user they should be running, so they no longer have
	the -u flag for switching the user after initialization.
	Note: this change broke backward compatibility to boss component
	configuration.  If your b10-config.db contains "setuid" for
	Boss.components, you'll need to remove that entry by hand before
	starting BIND 10.
	(Trac #1508-#1510, git edc5b3c12eb45437361484c843794416ad86bb00)

361.	[func]		vorner,jelte,jinmei
	The socket creator is now used to provide sockets. It means you can
	reconfigure the ports and addresses at runtime even when the rest
	of the bind10 runs as non root user.
	(Trac #805,#1522, git 1830215f884e3b5efda52bd4dbb120bdca863a6a)

360.	[bug]		vorner
	Fixed problem where bindctl crashed when a duplicate non-string
	item was added  to a list.  This error is now properly reported.
	(Trac #1515, git a3cf5322a73e8a97b388c6f8025b92957e5d8986)

359.	[bug]		kevin
	Corrected SOA serial check in xfrout.  It now compares the SOA
	serial of an IXFR query with that of the server based serial
	number arithmetic, and replies with a single SOA record of the
	server's current version if the former is equal to or newer
	than the latter.
	(Trac #1462, git ceeb87f6d539c413ebdc66e4cf718e7eb8559c45)

358.	[bug]		jinmei
	b10-resolver ignored default configuration parameters if listen_on
	failed (this can easily happen especially for a test environment
	where the run time user doesn't have root privilege), and even if
	listen_on was updated later the resolver wouldn't work correctly
	unless it's fully restarted (for example, all queries would be
	rejected due to an empty ACL).
	(Trac #1424, git 2cba8cb83cde4f34842898a848c0b1182bc20597)

357.	[bug]		jinmei
	ZoneFinder::find() for database based data sources didn't
	correctly identify out-of-zone query name and could return a
	confusing result such as NXRRSET.  It now returns NXDOMAIN with an
	empty RRset.  Note: we should rather throw an exception in such a
	case, which should be revisited later (see Trac #1536).
	(Trac #1430, git b35797ba1a49c78246abc8f2387901f9690b328d)

356.	[doc]		tomek
	BIND10 Guide updated. It now describes DHCPv4 and DHCPv6
	components, including their overview, usage, supported standard
	and limitations. libdhcp++ is also described.
	(Trac #1367, git 3758ab360efe1cdf616636b76f2e0fb41f2a62a0)

355.	[bug]		jinmei
	Python xfrin.diff module incorrectly combined RRSIGs of different
	type covered, possibly merging different TTLs.  As a result a
	secondary server could store different RRSIGs than those at the
	primary server if it gets these records via IXFR.
	(Trac #1502, git 57b06f8cb6681f591fa63f25a053eb6f422896ef)

354.	[func]		tomek
	dhcp4: Support for DISCOVER and OFFER implemented. b10-dhcp4 is
	now able to offer hardcoded leases to DHCPv4 clients.
	dhcp6: Code refactored to use the same approach as dhcp4.
	(Trac #1230, git aac05f566c49daad4d3de35550cfaff31c124513)

353.	[func]		tomek
	libdhcp++: Interface detection in Linux implemented. libdhcp++
	is now able (on Linux systems) to detect available network
	interfaces, its link-layer addresses, flags and configured
	IPv4 and IPv6 addresses. Interface detection on other
	systems is planned.
	(Trac #1237, git 8a040737426aece7cc92a795f2b712d7c3407513)

352.	[func]		tomek
	libdhcp++: Transmission and reception of DHCPv4 packets is now
	implemented. Low-level hacks are not implemented for transmission
	to hosts that don't have IPv4 address yet, so currently the code
	is usable for communication with relays only, not hosts on the
	same link.
	(Trac #1239, #1240, git f382050248b5b7ed1881b086d89be2d9dd8fe385)

351.	[func]		fdupont
	Alpha version of DHCP benchmarking tool added.  "perfdhcp" is able to
	test both IPv4 and IPv6 servers: it can time the four-packet exchange
	(DORA and SARR) as well as time the initial two-packet exchange (DO
	and SA).  More information can be obtained by invoking the utility
	(in tests/tools/perfdhcp) with the "-h" flag.
	(Trac #1450, git 85083a76107ba2236732b45524ce7018eefbaf90)

350.	[func]*		vorner
	The target parameter of ZoneFinder::find is no longer present, as the
	interface was awkward. To get all the RRsets of a single domain, use
	the new findAll method (the same applies to python version, the method
	is named find_all).
	(Trac #1483,#1484, git 0020456f8d118c9f3fd6fc585757c822b79a96f6)

349.	[bug]		dvv
	resolver: If an upstream server responds with FORMERR to an EDNS
	query, try querying it without EDNS.
	(Trac #1386, git 99ad0292af284a246fff20b3702fbd7902c45418)

348.	[bug]		stephen
	By default the logging output stream is now flushed after each write.
	This fixes a problem seen on some systems where the log output from
	different processes was jumbled up.  Flushing can be disabled by
	setting the appropriate option in the logging configuration.
	(Trac #1405, git 2f0aa20b44604b671e6bde78815db39381e563bf)

347.	[bug]		jelte
	Fixed a bug where adding Zonemgr/secondary_zones without explicitly
	setting the class value of the added zone resulted in a cryptic
	error in bindctl ("Error: class"). It will now correctly default to
	IN if not set. This also adds better checks on the name and class
	values, and better errors if they are bad.
	(Trac #1414, git 7b122af8489acf0f28f935a19eca2c5509a3677f)

346.	[build]*		jreed
	Renamed libdhcp to libdhcp++.
	(Trac #1446, git d394e64f4c44f16027b1e62b4ac34e054b49221d)

345.	[func]		tomek
	dhcp4: Dummy DHCPv4 component implemented. Currently it does
	nothing useful, except providing skeleton implementation that can
	be expanded in the future.
	(Trac #992, git d6e33479365c8f8f62ef2b9aa5548efe6b194601)

344.	[func]		y-aharen
	src/lib/statistics: Added statistics counter library for entire server
	items and per zone items. Also, modified b10-auth to use it. It is
	also intended to use in the other modules such as b10-resolver.
	(Trac #510, git afddaf4c5718c2a0cc31f2eee79c4e0cc625499f)

343.	[func]		jelte
	Added IXFR-out system tests, based on the first two test sets of
	(Trac #1314, git 1655bed624866a766311a01214597db01b4c7cec)

342.	[bug]		stephen
	In the resolver, a FORMERR received from an upstream nameserver
	now results in a SERVFAIL being returned as a response to the original
	query.  Additional debug messages added to distinguish between
	different errors in packets received from upstream nameservers.
	(Trac #1383, git 9b2b249d23576c999a65d8c338e008cabe45f0c9)

341.	[func]		tomek
	libdhcp++: Support for handling both IPv4 and IPv6 added.
	Also added support for binding IPv4 sockets.
	(Trac #1238, git 86a4ce45115dab4d3978c36dd2dbe07edcac02ac)

340.	[build]		jelte
	Fixed several linker issues related to recent gcc versions, botan
	and gtest.
	(Trac #1442, git 91fb141bfb3aadfdf96f13e157a26636f6e9f9e3)

339.	[bug]		jinmei
	libxfr, used by b10-auth to share TCP sockets with b10-xfrout,
	incorrectly propagated ASIO specific exceptions to the application
	if the given file name was too long.  This could lead to
	unexpected shut down of b10-auth.
	(Trac #1387, git a5e9d9176e9c60ef20c0f5ef59eeb6838ed47ab2)

338.	[bug]		jinmei
	b10-xfrin didn't check SOA serials of SOA and IXFR responses,
	which resulted in unnecessary transfer or unexpected IXFR
	timeouts (these issues were not overlooked but deferred to be
	fixed until #1278 was completed).  Validation on responses to SOA
	queries were tightened, too.
	(Trac #1299, git 6ff03bb9d631023175df99248e8cc0cda586c30a)

337.	[func]		tomek
	libdhcp++: Support for DHCPv4 option that can store a single
	address or a list of IPv4 addresses added. Support for END option
	(Trac #1350, git cc20ff993da1ddb1c6e8a98370438b45a2be9e0a)

336.	[func]		jelte
	libdns++ (and its python wrapper) now includes a class Serial, for 
	SOA SERIAL comparison and addition. Operations on instances of this 
	class follow the specification from RFC 1982. 
	Rdata::SOA::getSerial() now returns values of this type (and not 
	(Trac #1278, git 2ae72d76c74f61a67590722c73ebbf631388acbd)

335.	[bug]*		jelte
	The DataSourceClientContainer class that dynamically loads 
	datasource backend libraries no longer provides just a .so file name 
	to its call to dlopen(), but passes it an absolute path. This means 
	that it is no longer an system implementation detail that depends on 
	[DY]LD_LIBRARY_PATH which file is chosen, should there be multiple 
	options (for instance, when test-running a new build while a 
	different version is installed).
	These loadable libraries are also no longer installed in the default 
	library path, but in a subdirectory of the libexec directory of the 
	target ($prefix/libexec/[version]/backends).
	This also removes the need to handle b10-xfin and b10-xfrout as 
	'special' hardcoded components, and they are now started as regular 
	components as dictated by the configuration of the boss process.
	(Trac #1292, git 83ce13c2d85068a1bec015361e4ef8c35590a5d0)

334.	[bug]		jinmei
	b10-xfrout could potentially create an overflow response message
	(exceeding the 64KB max) or could create unnecessarily small
	messages.  The former was actually unlikely to happen due to the
	effect of name compression, and the latter was marginal and at least
	shouldn't cause an interoperability problem, but these were still
	potential problems and were fixed.
	(Trac #1389, git 3fdce88046bdad392bd89ea656ec4ac3c858ca2f)

333.	[bug]		dvv
	Solaris needs "-z now" to force non-lazy binding and prevent
	g++ static initialization code from deadlocking.
	(Trac #1439, git c789138250b33b6b08262425a08a2a0469d90433)

332.	[bug]		vorner
	C++ exceptions in the isc.dns.Rdata wrapper are now converted
	to python ones instead of just aborting the interpreter.
	(Trac #1407, git 5b64e839be2906b8950f5b1e42a3fadd72fca033)

Please let us know about your experiences with using BIND 10.

Jeremy C. Reed
ISC Release Engineer

Version: GnuPG v1.4.9 (NetBSD)


More information about the bind-announce mailing list