BIND 9.10.1b1 is now available

Michael McNally mcnally at isc.org
Thu Jul 3 02:56:51 UTC 2014 

Introduction

   BIND 9.10.1b1 is the first development release of BIND 9.10.1.

   This document summarizes feature changes since the previous major
   release, BIND 9.10.0.

   Please see the CHANGES file in the source code release for a
   complete list of all changes, including bug fixes.

Download

   The latest versions of BIND 9 software can always be found on
   our web site at http://www.isc.org/downloads/. There you will
   find additional information about each release, source code, and
   pre-compiled versions for Microsoft Windows operating systems.

Support

   Professional support is provided by Internet Systems Consortium,
   Inc., doing business as DNSco.  Information about paid support
   options is available at http://www.dns-co.com/solutions/.  Free
   support is provided by our user community via a mailing list.
   Information on all public email lists is available at
   https://www.isc.org/community/mailing-list/.

Security Fixes

   A query specially crafted to exploit a defect in EDNS option
   processing could cause named to terminate with an assertion
   failure, due to a missing isc_buffer_availablelength() check
   when formatting packet contents for logging. For more information,
   see the security advisory at https://kb.isc.org/article/AA-01166/.
   [CVE-2014-3859] [RT #36078]

   A programming error in the prefetch feature could cause named
   to crash with a "REQUIRE" assertion failure in name.c. For more
   information, see the security advisory at
   https://kb.isc.org/article/AA-01161/. [CVE-2014-3214] [RT #35899]

New Features

   Support for CDS and CDNSKEY resource record types was added. For
   details see the proposed Informational Internet-Draft "Automating
   DNSSEC Delegation Trust Maintenance" at
   http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
   [RT #36333]

   Added version printing options to various BIND utilities. [RT
   #26057] [RT #10686]

   Optionally allow libseccomp-based (secure computing mode)
   system-call filtering on Linux. This sandboxing mechanism may
   be used to isolate "named" from various system resources. Use
   "configure --enable-seccomp" at build time to enable it.  Thank
   you to Loganaden Velvindron for the contribution. [RT #35347]

Feature Changes

   When an SPF record exists in a zone but no equivalent TXT record
   does, a warning will be issued.  The warning for the reverse
   condition is no longer issued. See the check-spf option in the
   documentation for details. [RT #36210] Aging of smoothed round-trip
   time measurements is now limited to no more than once per second,
   to improve accuracy in selecting the best name server. [RT #32909]
   DNSSEC keys that have been marked active but have no publication
   date are no longer presumed to be publishable. [RT #35063]

Bug Fixes

   Disable the GCC 4.9 "delete null pointer check" optimizer option,
   and refactor dns_rdataslab_fromrdataset() to separate out the
   handling of an rdataset with no records. This fixes problems
   when using GNU GCC 4.9.0 where its compiler code optimizations
   may cause crashes in BIND. For more information, see the operational
   advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]

   Fixed a bug that could cause repeated resigning of records in
   dynamically signed zones. [RT #35273]

   Fixed a bug that could cause an assertion failure after forwarding
   was disabled. [RT #35979]

   Fixed a bug that caused GeoIP ACLs not to work when referenced
   indirectly via named or nested ACLs. [RT #35879]

   FIxed a bug that could cause problems with cache cleaning when
   SIT was enabled. [RT #35858]

   Fixed a bug that caused SERVFAILs when using RPZ on a system
   configured as a forwarder. [RT #36060]

   Worked around a limitation in Solaris's /dev/poll implementation
   that could cause named to fail to start when configured to use
   more sockets than the system could accomodate. [RT #35878]

   Fixed a bug that could cause an assertion failure when inserting
   and deleting parent and child nodes in a response-policy zone.
   [RT #36272]

Thank You

   Thank you to everyone who assisted us in making this release
   possible. If you would like to contribute to ISC to assist us
   in continuing to make quality open source software, please visit
   our donations page at http://www.isc.org/donate/.

(c) 2001-2014 Internet Systems Consortium

More information about the bind-announce mailing list