BIND 9.14.0 is now available

Michael McNally mcnally at isc.org
Fri Mar 22 04:12:27 UTC 2019


ISC is pleased to announce the first official release of BIND 9.14, 9.14.0.
This new release is available via the ISC downloads page:

   https://www.isc.org/downloads

Beginning in 2018 ISC adopted a new release numbering convention for BIND,
under which branches alternate between odd-numbered unstable/development
branches and even-numbered stable release branches.  BIND 9.14 is the first
stable release branch to be produced under this new system and represents
a culmination of the new features, feature improvements, and performance
work done during the past year in the BIND 9.13 development branch.

Major benefits introduced since the previous stable branch include:

   +  The BIND code has been substantially modernized and refactored.

   +  Complexity and features which were no longer required have been 
removed.

   +  A new plug-in mechanism has been introduced.

   +  QNAME minimization reduces the amount of query information
      shared unnecessarily, with the intention of improving user privacy.

   +  Mirror zones support a better way of serving a local copy of the
      DNS root zone.

   +  The task manager and socket code have been significantly re-written
      to improve performance.

As with any new major branch debut, BIND 9.14.0 has some significant
differences from the previous stable branch.  A number of these concern
optional configuration-time choices which are no longer supported in
the new branch.

For the benefit of our users who have not been tracking the 9.13 development
branch and are encountering some of these changes for the first time,
a PARTIAL list of configuration and support changes follows:

   +  OpenSSL support is now required to build BIND.

   +  While IPv6 connectivity is not required, OS, library, and header
      file support for IPv6 functionality is required to build BIND.

   +  POSIX threading support is now presumed on UNIX-like systems.

   +  Build support for some very old legacy systems has been dropped.

Also, we have had a few late discoveries, based on feedback received from
testers during the Release Candidate stage, that may represent impediments
to operators who are configuring BIND with very uncommon build-time
configuration selections or running BIND with a quite rare configuration
in named.conf.  Two that we especially wish to highlight are:

   +  A problem has been discovered in 9.14.0 when building with the
      ./configure option "--with-dlopen=no".  Conflict between this
      option and the build requirements for plugins results in a broken
      build.

   +  Feedback from early testers has convinced us that we should revert
      a change in the behavior of the "allow-update" and 
"allow-update-forwarding"
      statements.  Previously these statements were not limited 
regarding the
      allowed scope in named.conf.  While including them in the global 
options
      section was generally not advisable [unless they were qualified by 
further
      arguments, such as ones requiring a TSIG key], it was permissible in
      previous BIND branches.  BIND 9.14.0 enforces a requirement that those
      commands not be defined at a global scope, but this means that 
previously
      valid named.conf files which define these options at that level 
are now
      rejected by named and named-checkconf as being in error.  We do 
strongly
      recommend that people scope these statements appropriately but after
      considering feedback from testers we have decided that in 9.14.1 the
      change in behavior will be altered so that such declarations are only
      flagged with a warning message, not blocked as an error.  However,
      this feedback reached us late in the release process and we decided
      not to postpone our schedule to accommodate what we believe to be 
a very
      uncommon configuration choice.  Those who wish to build BIND 9.14.0
      but who rely on this behavior for some reason may request,
      from security-officer at isc.org, an early copy of the patch diff for
      the change which will be included in 9.14.1

A great deal of work has gone into this new branch of BIND and we hope 
you'll
enjoy the results.


Michael McNally
ISC Support


More information about the bind-announce mailing list