BIND 9.6-ESV-R11b1 is now available

Michael McNally mcnally at
Fri Dec 20 23:29:55 UTC 2013


   BIND 9.6-ESV-R11b1 is the first beta release of BIND 9.6-ESV-R11.

   BIND 9.6-ESV is an Extended Support Version of BIND. The BIND
   9.6-ESV branch will reach its End of Life on January 1, 2014.

   BIND 9.6-ESV-R11 will be our final release version of the 9.6
   releases sequence and there will be no further bug fixes to it
   thereafter.  We recommend that you plan your upgrade to BIND
   9.9.4 or higher.  BIND 9.9 is our current ESV Extended Support
   Version and will be supported for three more years.

   This document summarizes changes from BIND 9.6-ESV-R10 to BIND
   9.6-ESV-R11b1. There was not a previous development release.
   Please see the CHANGES file in the source code release for a
   complete list of all changes.


   The latest versions of BIND 9 software can always be found on
   our web site at There you will
   find additional information about each release, source code, and
   pre-compiled versions for Microsoft Windows operating systems.


   Professional support is provided by DNSco. Information about
   paid support options is available at
   Free support is provided by our user community via a mailing
   list. Information on all public email lists is available at

Security Fixes

   Treat an all zero netmask as invalid when generating the localnets
   acl to work around a bug on the Windows platform. [CVE-2013-6230]
   [RT #34687]

Feature Changes

   Add the ability to specify ndots to "nslookup". [RT #34711]

   Check that EDNS subnet client options are well formed. [RT #34718]

   "named" now preserves the capitalization of names when responding
   to queries. [RT #34737]

   Use separate rate limiting queues for refresh and notify requests.
   [RT #30589]

   Adjust when a master server is deemed unreachable to be less
   aggressive. [RT #27075]

   Create delegations for all "children" of empty zones except
   "forward first". [RT #34826]

   Changed the name of "" developers script (for
   outputting compiler and linker flags) to "bind9-config". [RT #23825]

   Add "dig" option to keep the TCP socket open between successive
   queries (+[no]keepopen).  [RT #34918]

   "named-checkconf -z" now checks zones of type hint as well as
   master. [RT #35046]

   Update config.guess and config.sub to add support for ppc64le
   (powerpc 64-bit Little Endian). [RT #35060]

Bug Fixes

   Fix "host" and "nslookup" so don't need dot after the domain by
   checking ndots when searching. Only continue searching on NXDOMAIN
   responses. [RT #34711]

   Handle changes to sig-validity-interval settings better. [RT #34625]

   Fix bug where journal filename string could be set incorrectly,
   causing garbage in log messages. [RT #34738]

   Address race condition with manual notify requests. [RT #34806]

   Fix Linux compilation issue when libcap-devel is installed. [RT #34838]

   Fix "host" failure if a UDP query timed out. [RT #34870]

   Address bugs in dns_rdata_fromstruct and dns_rdata_tostruct for
   WKS and ISDN types. [RT #34910]

   Fix cast in lex.c which could see 0xff treated as EOF. This fixes
   issue with potential bad data in a database used by DLZ or SDB.
   [RT #34993]

   Fix build issue on newer FreeBSD needing -lhx509 for GSSAPI
   build. [RT #35001]

   Address read after free in server side of lwres_getrrsetbyname.
   [RT #29075]

   Fix "nsupdate" memory leak if "realm" was used multiple times.
   [RT #35073]

   Fix "dig" for cleaning up TCP sockets still waiting on connect().
   [RT #35074]

Thank You

   Thank you to everyone who assisted us in making this release
   possible. If you would like to contribute to ISC to assist us
   in continuing to make quality open source software, please visit
   our donations page at

(c) 2001-2013 Internet Systems Consortium

More information about the bind-announce mailing list