BIND 9.10.0a1 is now available

Michael McNally mcnally at
Mon Nov 25 18:10:54 UTC 2013

BIND 9.10.0a1 is the first alpha development release for BIND
9.10, a new branch of BIND 9.

BIND 9.10 includes a number of changes from BIND 9.9 and earlier
releases. New features include:

 - DNS Response-rate limiting (DNS RRL) blunts the impact of
   reflection and amplification attacks by rate-limiting
   substantially-identical responses.

 - New "map" zone format for faster loading. The new zone file
   format "map" is an image of a zone database that can be loaded
   directly into memory, allowing much faster zone loading.

 - RPZ performance improvements.  Up to 32 response-policy zones
   can be configured with minimal performance loss.

 - New RPZ client-IP triggers and drop policies (RPZ2). RPZ responses
   can be configured on the basis of the client IP address; this
   can be used, for example, to blacklist misbehaving recursive or
   stub resolvers.

 - ACLs can now be specified based on geographic location using the
   MaxMind GeoIP databases.

 - Support for setting Differentiated Services Code Point (DSCP)
   values in 'named' if supported by the underlying OS. DSCP is
   used for prioritizing outbound traffic.

 - Multiple DLZ databases can now be configured.  Individual zones
   can be configured to be served from a specific DLZ database.
   DLZ databases now serve zones of type "master" and "redirect".

 - New XML schema (version 3) for the statistics channel includes
   many new statistics and uses a flattened XML tree for faster

 - New stylesheet, based on the Google Charts API, displays XML
   statistics in charts and graphs on javascript-enabled browsers.

 - The statistics channel can now provide data in JSON format as
   well as XML.

 - The internal and export versions of the BIND libraries (libisc,
   libdns, etc) have been unified so that external library clients
   can use the same libraries as BIND itself.

 - New 'dnssec-coverage' tool to check DNSSEC key coverage for a
   zone and report if a lapse in signing coverage has been inadvertently

 - New 'dnssec-importkey' tool for importing externally generated
   DNSKEY records into the DNSKEY management framework.

 - New 'dnssec-checkds' tool for checking the correctness of a
   zone's DS and DLV records.

 - Signing algorithm flexibility and other improvements for the
   "rndc" control channel.

 - "rndc zonestatus" reports information about a specified zone.

 - 'named-checkzone' and 'named-compilezone' can now read journal
   files, allowing them to process dynamic zones.

 - "named" now listens on IPv6 as well as IPv4 interfaces by default.

 - New 'named-rrchecker' tool to verify the syntactic correctness
   of individual resource records.

Please see the file CHANGES for a detailed list of the many changes
in this release.


   The latest versions of BIND 9 software can always be found on
   our web site at There you will
   find additional information about each release, source code, and
   pre-compiled versions for Microsoft Windows operating systems.


   Professional support is provided by DNSco. Information about
   paid support options is available at
   Free support is provided by our user community via a mailing
   list. Information on all public email lists is available at

Thank You

   Thank you to everyone who assisted us in making this release
   possible. If you would like to contribute to ISC to assist us
   in continuing to make quality open source software, please visit
   our donations page at

(c) 2001-2013 Internet Systems Consortium

More information about the bind-announce mailing list