BIND 9.14.0 is now available
mcnally at isc.org
Fri Mar 22 04:12:27 UTC 2019
ISC is pleased to announce the first official release of BIND 9.14, 9.14.0.
This new release is available via the ISC downloads page:
Beginning in 2018 ISC adopted a new release numbering convention for BIND,
under which branches alternate between odd-numbered unstable/development
branches and even-numbered stable release branches. BIND 9.14 is the first
stable release branch to be produced under this new system and represents
a culmination of the new features, feature improvements, and performance
work done during the past year in the BIND 9.13 development branch.
Major benefits introduced since the previous stable branch include:
+ The BIND code has been substantially modernized and refactored.
+ Complexity and features which were no longer required have been
+ A new plug-in mechanism has been introduced.
+ QNAME minimization reduces the amount of query information
shared unnecessarily, with the intention of improving user privacy.
+ Mirror zones support a better way of serving a local copy of the
DNS root zone.
+ The task manager and socket code have been significantly re-written
to improve performance.
As with any new major branch debut, BIND 9.14.0 has some significant
differences from the previous stable branch. A number of these concern
optional configuration-time choices which are no longer supported in
the new branch.
For the benefit of our users who have not been tracking the 9.13 development
branch and are encountering some of these changes for the first time,
a PARTIAL list of configuration and support changes follows:
+ OpenSSL support is now required to build BIND.
+ While IPv6 connectivity is not required, OS, library, and header
file support for IPv6 functionality is required to build BIND.
+ POSIX threading support is now presumed on UNIX-like systems.
+ Build support for some very old legacy systems has been dropped.
Also, we have had a few late discoveries, based on feedback received from
testers during the Release Candidate stage, that may represent impediments
to operators who are configuring BIND with very uncommon build-time
configuration selections or running BIND with a quite rare configuration
in named.conf. Two that we especially wish to highlight are:
+ A problem has been discovered in 9.14.0 when building with the
./configure option "--with-dlopen=no". Conflict between this
option and the build requirements for plugins results in a broken
+ Feedback from early testers has convinced us that we should revert
a change in the behavior of the "allow-update" and
statements. Previously these statements were not limited
allowed scope in named.conf. While including them in the global
section was generally not advisable [unless they were qualified by
arguments, such as ones requiring a TSIG key], it was permissible in
previous BIND branches. BIND 9.14.0 enforces a requirement that those
commands not be defined at a global scope, but this means that
valid named.conf files which define these options at that level
rejected by named and named-checkconf as being in error. We do
recommend that people scope these statements appropriately but after
considering feedback from testers we have decided that in 9.14.1 the
change in behavior will be altered so that such declarations are only
flagged with a warning message, not blocked as an error. However,
this feedback reached us late in the release process and we decided
not to postpone our schedule to accommodate what we believe to be
uncommon configuration choice. Those who wish to build BIND 9.14.0
but who rely on this behavior for some reason may request,
from security-officer at isc.org, an early copy of the patch diff for
the change which will be included in 9.14.1
A great deal of work has gone into this new branch of BIND and we hope
enjoy the results.
More information about the bind-announce