BIND 9.8.7-W1 is now available
Michael McNally
mcnally at isc.org
Thu Feb 13 03:08:33 UTC 2014
Introduction
BIND 9.8.7-W1 is the latest production release of BIND 9.8.
The -W1 suffix in the version name indicates that this a special
out-of-cycle release to correct a defect that is specific to the
Windows platform only. Please see the release note for #35288
for specific details.
This document summarizes changes from BIND 9.8.6 to BIND 9.8.7-W1.
Please see the CHANGES file in the source code release for a
complete list of all changes.
Download
The latest versions of BIND 9 software can always be found on
our web site at http://www.isc.org/downloads/. There you will
find additional information about each release, source code, and
pre-compiled versions for Microsoft Windows operating systems.
Support
Professional support is provided by DNSco. Information about
paid support options is available at http://www.dns-co.com/solutions/.
Free support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list/.
Security Fixes
Treat an all zero netmask as invalid when generating the localnets
acl to work around a bug on the Windows platform.[CVE-2013-6230]
[RT #34687]
Fix crashes when serving some NSEC3 signed zones. memcpy was
incorrectly called with overlapping ranges, resulting in malformed
names being generated on some platforms. This could cause INSIST
failures. (CVE 2014-0591) [RT #35120]
Feature Changes
Add the ability to specify ndots to "nslookup". [RT #34711]
Check that EDNS subnet client options are well formed. [RT #34718]
"named" now preserves the capitalization of names when responding
to queries. [RT #34737]
Use separate rate limiting queues for refresh and notify requests.
[RT #30589]
Adjust when a master server is deemed unreachable to be less
aggressive. [RT #27075]
Create delegations for all "children" of empty zones except
"forward first". [RT #34826]
Include a comment in .nzf files (used for adding new zones via
"rndc"), giving the name of the associated view. [RT #34765]
Changed the name of "isc-config.sh" developers script (for
outputting compiler and linker flags) to "bind9-config". [RT
#23825]
Add "dig" option to keep the TCP socket open between successive
queries (+[no]keepopen). [RT #34918]
"named-checkconf -z" now checks zones of type hint as well as
master. [RT #35046]
Update config.guess and config.sub to add support for ppc64le
(powerpc 64-bit Little Endian). [RT #35060]
Update the Windows build system to support feature selection and
WIN64 builds. This is a work in progress. [RT #34160]
Add a more detailed "not found" message to "rndc" commands which
specify a zone name. [RT #35059]
named will now warn when a zone's configured "key-directory"
does not exist or is not a directory. [RT #35108]
"named-checkconf" can now obscure shared secrets when printing
by specifying '-x'. [RT #34465]
"named" can now accept integer timestamps in RRSIG records. [RT #35185]
The export-library API call for loading "resolv.conf",
irs_resconf_load(), has been modified to return ISC_R_FILENOTFOUND
when the file does not exist and initializes the resconf structure
as if the file had existed and configured with nameservers at
the localhost addresses (127.0.0.1 and ::1). [RT #35194]
Bug Fixes
Fix a bug that prevented the dig, nslookup, and host utilities
from exiting properly after completing a UDP query. [RT #35288]
Treat type 65533 (KEYDATA) as opaque except when used in a key
zone. [RT #34238]
Fix "host" and "nslookup" so don't need dot after the domain by
checking ndots when searching. Only continue searching on NXDOMAIN
responses. [RT #34711]
Handle changes to sig-validity-interval settings better. [RT #34625]
Fix bug where journal filename string could be set incorrectly,
causing garbage in log messages. [RT #34738]
Check that EDNS subnet client options are well formed. [RT #34718]
Address race condition with manual notify requests. [RT #34806]
Fix Linux compilation issue when libcap-devel is installed. [RT #34838]
Fix "host" failure if a UDP query timed out. [RT #34870]
Address bugs in dns_rdata_fromstruct and dns_rdata_tostruct for
WKS and ISDN types. [RT #34910]
Updated OpenSSL PKCS#11 patches to fix active list locking and
other bugs. [RT #34855]
Fix cast in lex.c which could see 0xff treated as EOF. This fixes
issue with potential bad data in a database used by DLZ or SDB.
[RT #34993]
Fix build issue on newer FreeBSD needing -lhx509 for GSSAPI
build. [RT #35001]
Address read after free in server side of lwres_getrrsetbyname.
[RT #29075]
Fix "nsupdate" memory leak if "realm" was used multiple times.
[RT #35073]
Fix "dig" for cleaning up TCP sockets still waiting on connect().
[RT #35074]
Address bug in libdns loadnode function that could return a freed
node on out of memory. [RT #35106]
Fixed a bug causing an insecure delegation from one "static-stub"
zone to another to fail with a broken trust chain. [RT #35081]
Fix crashes in RBTDB implementation. Two calls to dns_db_getoriginnode
were fatal if there was no data at the node. [RT #35080]
Fix a possible race and crash in the socket_search() function
in dispatch.c. [RT #35107]
Fix "dig" so it can handle AXFR style IXFR responses which span
multiple messages. [RT #35137]
Fix a "host" tool problem with converting UTF-8 textname to IDN
encoding by handling "." as a search list element when IDN support
is enabled. [RT #35133]
Fix "queryperf" to prevent a possible integer overflow when
printing results. [RT #35182]
Fix a bug which could cause a crash when running "rndc reconfig"
or "rndc reload" after configuration is changed from regular
zones to automatic empty zones. [RT #35177]
Thank You
Thank you to everyone who assisted us in making this release
possible. If you would like to contribute to ISC to assist us
in continuing to make quality open source software, please visit
our donations page at http://www.isc.org/donate/.
(c) 2001-2014 Internet Systems Consortium
More information about the bind-announce
mailing list