BIND 9.10.0a1 is now available
mcnally at isc.org
Mon Nov 25 18:10:54 UTC 2013
BIND 9.10.0a1 is the first alpha development release for BIND
9.10, a new branch of BIND 9.
BIND 9.10 includes a number of changes from BIND 9.9 and earlier
releases. New features include:
- DNS Response-rate limiting (DNS RRL) blunts the impact of
reflection and amplification attacks by rate-limiting
- New "map" zone format for faster loading. The new zone file
format "map" is an image of a zone database that can be loaded
directly into memory, allowing much faster zone loading.
- RPZ performance improvements. Up to 32 response-policy zones
can be configured with minimal performance loss.
- New RPZ client-IP triggers and drop policies (RPZ2). RPZ responses
can be configured on the basis of the client IP address; this
can be used, for example, to blacklist misbehaving recursive or
- ACLs can now be specified based on geographic location using the
MaxMind GeoIP databases.
- Support for setting Differentiated Services Code Point (DSCP)
values in 'named' if supported by the underlying OS. DSCP is
used for prioritizing outbound traffic.
- Multiple DLZ databases can now be configured. Individual zones
can be configured to be served from a specific DLZ database.
DLZ databases now serve zones of type "master" and "redirect".
- New XML schema (version 3) for the statistics channel includes
many new statistics and uses a flattened XML tree for faster
- New stylesheet, based on the Google Charts API, displays XML
- The statistics channel can now provide data in JSON format as
well as XML.
- The internal and export versions of the BIND libraries (libisc,
libdns, etc) have been unified so that external library clients
can use the same libraries as BIND itself.
- New 'dnssec-coverage' tool to check DNSSEC key coverage for a
zone and report if a lapse in signing coverage has been inadvertently
- New 'dnssec-importkey' tool for importing externally generated
DNSKEY records into the DNSKEY management framework.
- New 'dnssec-checkds' tool for checking the correctness of a
zone's DS and DLV records.
- Signing algorithm flexibility and other improvements for the
"rndc" control channel.
- "rndc zonestatus" reports information about a specified zone.
- 'named-checkzone' and 'named-compilezone' can now read journal
files, allowing them to process dynamic zones.
- "named" now listens on IPv6 as well as IPv4 interfaces by default.
- New 'named-rrchecker' tool to verify the syntactic correctness
of individual resource records.
Please see the file CHANGES for a detailed list of the many changes
in this release.
The latest versions of BIND 9 software can always be found on
our web site at http://www.isc.org/downloads/. There you will
find additional information about each release, source code, and
pre-compiled versions for Microsoft Windows operating systems.
Professional support is provided by DNSco. Information about
paid support options is available at http://www.dns-co.com/solutions/.
Free support is provided by our user community via a mailing
list. Information on all public email lists is available at
Thank you to everyone who assisted us in making this release
possible. If you would like to contribute to ISC to assist us
in continuing to make quality open source software, please visit
our donations page at http://www.isc.org/donate/.
(c) 2001-2013 Internet Systems Consortium
More information about the bind-announce