Development release of BIND 10: bind10-devel-20120119
Jeremy C. Reed
jreed at isc.org
Thu Jan 19 14:09:21 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Development release of BIND 10: bind10-devel-20120119
Welcome to the sixteenth development release of BIND 10.
BIND 10 provides a C++ library for DNS (with python wrappers) and
several cooperating daemons for providing authoritative DNS service
(with SQLite3 which supports DNSSEC and in-memory backends),
DNS forwarding, and recursive name service. While it contains prototype
code and experimental interfaces, both the authoritative and resolver
servers are being used in production. It also provides experimental
DHCPv4 and DHCPv6 servers and a C++ library for DHCP.
Documentation is included and also available via the BIND 10
website at http://bind10.isc.org/
The bind10-devel-20120119 source may be downloaded from:
A PGP signature of the distribution is at
The signature was generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp
Users and developers are encouraged to participate on the BIND 10
mailing lists. Please provide your feedback:
Bugs may be reported as tickets via the developers website
(after logging into Trac):
A summary of the significant changes since the previous release
include (from the ChangeLog):
363. [func] jelte
Added dummy DDNS module b10-ddns. Currently it does not
provide any functionality, but it is a skeleton implementation
that will be expanded later.
(Trac #1451, git b0d0bf39fbdc29a7879315f9b8e6d602ef3afb1b)
362. [func]* vorner
Due to the socket creator changes, b10-auth and b10-resolver
are no longer needed to start as root. They are started as
the user they should be running, so they no longer have
the -u flag for switching the user after initialization.
Note: this change broke backward compatibility to boss component
configuration. If your b10-config.db contains "setuid" for
Boss.components, you'll need to remove that entry by hand before
starting BIND 10.
(Trac #1508-#1510, git edc5b3c12eb45437361484c843794416ad86bb00)
361. [func] vorner,jelte,jinmei
The socket creator is now used to provide sockets. It means you can
reconfigure the ports and addresses at runtime even when the rest
of the bind10 runs as non root user.
(Trac #805,#1522, git 1830215f884e3b5efda52bd4dbb120bdca863a6a)
360. [bug] vorner
Fixed problem where bindctl crashed when a duplicate non-string
item was added to a list. This error is now properly reported.
(Trac #1515, git a3cf5322a73e8a97b388c6f8025b92957e5d8986)
359. [bug] kevin
Corrected SOA serial check in xfrout. It now compares the SOA
serial of an IXFR query with that of the server based serial
number arithmetic, and replies with a single SOA record of the
server's current version if the former is equal to or newer
than the latter.
(Trac #1462, git ceeb87f6d539c413ebdc66e4cf718e7eb8559c45)
358. [bug] jinmei
b10-resolver ignored default configuration parameters if listen_on
failed (this can easily happen especially for a test environment
where the run time user doesn't have root privilege), and even if
listen_on was updated later the resolver wouldn't work correctly
unless it's fully restarted (for example, all queries would be
rejected due to an empty ACL).
(Trac #1424, git 2cba8cb83cde4f34842898a848c0b1182bc20597)
357. [bug] jinmei
ZoneFinder::find() for database based data sources didn't
correctly identify out-of-zone query name and could return a
confusing result such as NXRRSET. It now returns NXDOMAIN with an
empty RRset. Note: we should rather throw an exception in such a
case, which should be revisited later (see Trac #1536).
(Trac #1430, git b35797ba1a49c78246abc8f2387901f9690b328d)
356. [doc] tomek
BIND10 Guide updated. It now describes DHCPv4 and DHCPv6
components, including their overview, usage, supported standard
and limitations. libdhcp++ is also described.
(Trac #1367, git 3758ab360efe1cdf616636b76f2e0fb41f2a62a0)
355. [bug] jinmei
Python xfrin.diff module incorrectly combined RRSIGs of different
type covered, possibly merging different TTLs. As a result a
secondary server could store different RRSIGs than those at the
primary server if it gets these records via IXFR.
(Trac #1502, git 57b06f8cb6681f591fa63f25a053eb6f422896ef)
354. [func] tomek
dhcp4: Support for DISCOVER and OFFER implemented. b10-dhcp4 is
now able to offer hardcoded leases to DHCPv4 clients.
dhcp6: Code refactored to use the same approach as dhcp4.
(Trac #1230, git aac05f566c49daad4d3de35550cfaff31c124513)
353. [func] tomek
libdhcp++: Interface detection in Linux implemented. libdhcp++
is now able (on Linux systems) to detect available network
interfaces, its link-layer addresses, flags and configured
IPv4 and IPv6 addresses. Interface detection on other
systems is planned.
(Trac #1237, git 8a040737426aece7cc92a795f2b712d7c3407513)
352. [func] tomek
libdhcp++: Transmission and reception of DHCPv4 packets is now
implemented. Low-level hacks are not implemented for transmission
to hosts that don't have IPv4 address yet, so currently the code
is usable for communication with relays only, not hosts on the
(Trac #1239, #1240, git f382050248b5b7ed1881b086d89be2d9dd8fe385)
351. [func] fdupont
Alpha version of DHCP benchmarking tool added. "perfdhcp" is able to
test both IPv4 and IPv6 servers: it can time the four-packet exchange
(DORA and SARR) as well as time the initial two-packet exchange (DO
and SA). More information can be obtained by invoking the utility
(in tests/tools/perfdhcp) with the "-h" flag.
(Trac #1450, git 85083a76107ba2236732b45524ce7018eefbaf90)
350. [func]* vorner
The target parameter of ZoneFinder::find is no longer present, as the
interface was awkward. To get all the RRsets of a single domain, use
the new findAll method (the same applies to python version, the method
is named find_all).
(Trac #1483,#1484, git 0020456f8d118c9f3fd6fc585757c822b79a96f6)
349. [bug] dvv
resolver: If an upstream server responds with FORMERR to an EDNS
query, try querying it without EDNS.
(Trac #1386, git 99ad0292af284a246fff20b3702fbd7902c45418)
348. [bug] stephen
By default the logging output stream is now flushed after each write.
This fixes a problem seen on some systems where the log output from
different processes was jumbled up. Flushing can be disabled by
setting the appropriate option in the logging configuration.
(Trac #1405, git 2f0aa20b44604b671e6bde78815db39381e563bf)
347. [bug] jelte
Fixed a bug where adding Zonemgr/secondary_zones without explicitly
setting the class value of the added zone resulted in a cryptic
error in bindctl ("Error: class"). It will now correctly default to
IN if not set. This also adds better checks on the name and class
values, and better errors if they are bad.
(Trac #1414, git 7b122af8489acf0f28f935a19eca2c5509a3677f)
346. [build]* jreed
Renamed libdhcp to libdhcp++.
(Trac #1446, git d394e64f4c44f16027b1e62b4ac34e054b49221d)
345. [func] tomek
dhcp4: Dummy DHCPv4 component implemented. Currently it does
nothing useful, except providing skeleton implementation that can
be expanded in the future.
(Trac #992, git d6e33479365c8f8f62ef2b9aa5548efe6b194601)
344. [func] y-aharen
src/lib/statistics: Added statistics counter library for entire server
items and per zone items. Also, modified b10-auth to use it. It is
also intended to use in the other modules such as b10-resolver.
(Trac #510, git afddaf4c5718c2a0cc31f2eee79c4e0cc625499f)
343. [func] jelte
Added IXFR-out system tests, based on the first two test sets of
(Trac #1314, git 1655bed624866a766311a01214597db01b4c7cec)
342. [bug] stephen
In the resolver, a FORMERR received from an upstream nameserver
now results in a SERVFAIL being returned as a response to the original
query. Additional debug messages added to distinguish between
different errors in packets received from upstream nameservers.
(Trac #1383, git 9b2b249d23576c999a65d8c338e008cabe45f0c9)
341. [func] tomek
libdhcp++: Support for handling both IPv4 and IPv6 added.
Also added support for binding IPv4 sockets.
(Trac #1238, git 86a4ce45115dab4d3978c36dd2dbe07edcac02ac)
340. [build] jelte
Fixed several linker issues related to recent gcc versions, botan
(Trac #1442, git 91fb141bfb3aadfdf96f13e157a26636f6e9f9e3)
339. [bug] jinmei
libxfr, used by b10-auth to share TCP sockets with b10-xfrout,
incorrectly propagated ASIO specific exceptions to the application
if the given file name was too long. This could lead to
unexpected shut down of b10-auth.
(Trac #1387, git a5e9d9176e9c60ef20c0f5ef59eeb6838ed47ab2)
338. [bug] jinmei
b10-xfrin didn't check SOA serials of SOA and IXFR responses,
which resulted in unnecessary transfer or unexpected IXFR
timeouts (these issues were not overlooked but deferred to be
fixed until #1278 was completed). Validation on responses to SOA
queries were tightened, too.
(Trac #1299, git 6ff03bb9d631023175df99248e8cc0cda586c30a)
337. [func] tomek
libdhcp++: Support for DHCPv4 option that can store a single
address or a list of IPv4 addresses added. Support for END option
(Trac #1350, git cc20ff993da1ddb1c6e8a98370438b45a2be9e0a)
336. [func] jelte
libdns++ (and its python wrapper) now includes a class Serial, for
SOA SERIAL comparison and addition. Operations on instances of this
class follow the specification from RFC 1982.
Rdata::SOA::getSerial() now returns values of this type (and not
(Trac #1278, git 2ae72d76c74f61a67590722c73ebbf631388acbd)
335. [bug]* jelte
The DataSourceClientContainer class that dynamically loads
datasource backend libraries no longer provides just a .so file name
to its call to dlopen(), but passes it an absolute path. This means
that it is no longer an system implementation detail that depends on
[DY]LD_LIBRARY_PATH which file is chosen, should there be multiple
options (for instance, when test-running a new build while a
different version is installed).
These loadable libraries are also no longer installed in the default
library path, but in a subdirectory of the libexec directory of the
This also removes the need to handle b10-xfin and b10-xfrout as
'special' hardcoded components, and they are now started as regular
components as dictated by the configuration of the boss process.
(Trac #1292, git 83ce13c2d85068a1bec015361e4ef8c35590a5d0)
334. [bug] jinmei
b10-xfrout could potentially create an overflow response message
(exceeding the 64KB max) or could create unnecessarily small
messages. The former was actually unlikely to happen due to the
effect of name compression, and the latter was marginal and at least
shouldn't cause an interoperability problem, but these were still
potential problems and were fixed.
(Trac #1389, git 3fdce88046bdad392bd89ea656ec4ac3c858ca2f)
333. [bug] dvv
Solaris needs "-z now" to force non-lazy binding and prevent
g++ static initialization code from deadlocking.
(Trac #1439, git c789138250b33b6b08262425a08a2a0469d90433)
332. [bug] vorner
C++ exceptions in the isc.dns.Rdata wrapper are now converted
to python ones instead of just aborting the interpreter.
(Trac #1407, git 5b64e839be2906b8950f5b1e42a3fadd72fca033)
Please let us know about your experiences with using BIND 10.
Jeremy C. Reed
ISC Release Engineer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
-----END PGP SIGNATURE-----
More information about the bind-announce