New BIND releases are available - BIND 9.11.5-P1, 9.12.3-P1, and 9.13.5

Michael McNally mcnally at isc.org
Thu Dec 13 03:34:59 UTC 2018


New BIND releases are available from https://www.isc.org/downloads

-----

BIND 9.11.5-P1 and 9.12.3-P1 update our stable production branches
of BIND.  These two releases contains just a single bug fix to
distinguish them from the versions they replace.

5108.	[bug]		Named could fail to determine bottom of zone when
			removing out of date keys leading to invalid NSEC
			and NSEC3 records being added to the zone. [GL #771]

The purpose of this fix is to prevent the defect, introduced in
change #4964, which could cause signing problems to occur after removing
out of date keys from a signed zone.  We previously warned about this
issue in our Operational Notification of November 30, 2018 and these
updated releases correct the improper signing behavior.

-----

BIND 9.13.5 is the most recent release in the 9.13 unstable development
branch of BIND.  In addition to change #5108 it contains other feature
improvements and bug fixes.

-----

Release notes for each of these releases can be found via these links:

9.11.5-P1:
https://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html
9.12.3-P1:
https://ftp.isc.org/isc/bind9/9.12.3-P1/RELEASE-NOTES-bind-9.12.3-P1.txt
9.13.5:
https://ftp.isc.org/isc/bind9/9.13.5/RELEASE-NOTES-bind-9.13.5.html

For your convenience, the November Operational Notification, containing
details on the issue corrected by change #5108, can be found here:


https://kb.isc.org/docs/dnssec-key-deletion-may-create-broken-nsec-and-nsec3-chains-and-unnecessary-rrsigs


More information about the bind-announce mailing list