New BIND releases are available - BIND 9.11.5-P1, 9.12.3-P1, and 9.13.5
Michael McNally
mcnally at isc.org
Thu Dec 13 03:34:59 UTC 2018
New BIND releases are available from https://www.isc.org/downloads
-----
BIND 9.11.5-P1 and 9.12.3-P1 update our stable production branches
of BIND. These two releases contains just a single bug fix to
distinguish them from the versions they replace.
5108. [bug] Named could fail to determine bottom of zone when
removing out of date keys leading to invalid NSEC
and NSEC3 records being added to the zone. [GL #771]
The purpose of this fix is to prevent the defect, introduced in
change #4964, which could cause signing problems to occur after removing
out of date keys from a signed zone. We previously warned about this
issue in our Operational Notification of November 30, 2018 and these
updated releases correct the improper signing behavior.
-----
BIND 9.13.5 is the most recent release in the 9.13 unstable development
branch of BIND. In addition to change #5108 it contains other feature
improvements and bug fixes.
-----
Release notes for each of these releases can be found via these links:
9.11.5-P1:
https://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html
9.12.3-P1:
https://ftp.isc.org/isc/bind9/9.12.3-P1/RELEASE-NOTES-bind-9.12.3-P1.txt
9.13.5:
https://ftp.isc.org/isc/bind9/9.13.5/RELEASE-NOTES-bind-9.13.5.html
For your convenience, the November Operational Notification, containing
details on the issue corrected by change #5108, can be found here:
https://kb.isc.org/docs/dnssec-key-deletion-may-create-broken-nsec-and-nsec3-chains-and-unnecessary-rrsigs
More information about the bind-announce
mailing list