BIND 9.8.6b1 is now available

Michael McNally mcnally at
Fri Jul 12 23:45:50 UTC 2013


    BIND 9.8.6b1 is the first beta release of BIND 9.8.6.

    This document summarizes changes from BIND 9.8.5 to BIND 9.8.6b1.
    Please see the CHANGES file in the source code release for a
    complete list of all changes.


    The latest versions of BIND 9 software can always be found on
    our web site at There you
    will find additional information about each release, source
    code, and pre-compiled versions for Microsoft Windows operating


    Product support information is available on for paid support options.
    Free support is provided by our user community via a mailing
    list. Information on all public email lists is available at

Security Fixes

    Prevents exploitation of a runtime_check which can crash named
    when satisfying a recursive query for particular malformed
    zones.  (CVE-2013-3919) [RT #33690]

Feature Changes

    Addressed compatibility issues with newer versions of Microsoft
    Visual Studio. [RT #33916]

    Improved the 'rndc' man page. [RT #33506]

    'named -g' now no longer works with an invalid logging
    configuration. [RT #33473]

    The default (and minimum) value for tcp-listen-queue is now 10
    instead of 3.  This is a subtle control setting (not applicable
    to all OS environments).  When there is a high rate of inbound
    TCP connections, it controls how many connections can be queued
    before they are accepted by named.  Once this limit is exceeded,
    new TCP connections will be rejected.  Note however that a value
    of 10 does not imply a strict limit of 10 queued TCP connections
    - the impact of changing this configuration setting will be
    OS-dependent.  Larger values for tcp-listen queue will permit
    more pending tcp connections, which may be needed where there
    is a high rate of TCP-based traffic (for example in a dynamic
    environment where there are frequent zone updates and transfers).
    For most production servers the new default value of 10 should
    be adequate.  [RT #33029]

    Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
    with PKCS#11. [RT #33463]

    Added logging messages on slave servers when they forward DDNS
    updates to a master. [RT #33240]

Bug Fixes

    The build of BIND now installs isc/stat.h so that it's available
    to /isc/file.h when building other applications that reference
    these header files - for example dnsperf (see Debian bug ticket
    #692467).  [RT #33056]

    Better handle failures building XML for stats channel responses.
    [RT #33706]

    Fixed a memory leak in GSS-API processing. [RT #33574]

    Fixed an acache-related race condition that could cause a crash.
    [RT #33602]

    rndc now properly fails when given an invalid '-c' argument. [RT #33571]

    Fixed an issue with the handling of zero TTL records that could
    cause improper SERVFAILs. [RT #33411]

    Fixed a crash-on-shutdown race condition with DNSSEC validation.
    [RT #33573]

    Corrected the way that "rndc addzone" and "rndc delzone" handle
    non-standard characters in zone names. [RT #33419]

Thank You

    Thank you to everyone who assisted us in making this release
    possible. If you would like to contribute to ISC to assist us
    in continuing to make quality open source software, please visit
    our donations page at

(c) 2001-2013 Internet Systems Consortium

More information about the bind-announce mailing list