BIND 9.6.0rc2 is now available.

Mark Andrews Mark_Andrews at
Thu Dec 18 00:55:02 UTC 2008

		BIND 9.6.0rc2 is now available.

BIND 9.6.0rc2 is a release candidate for BIND 9.6.0.

	Please as a minimum perform a test build on your operating
	system.  We don't have test platforms for every operating
	system and sometimes we accidently break builds.  Now is
	the time to tell us about that.

	Bugs should be reported to bind9-bugs at

BIND 9.6 has a number of new features over 9.5, including:

	Full NSEC3 support

	Automatic zone re-signing

	New update-policy methods tcp-self and 6to4-self

BIND 9.6.0rc2 can be downloaded from

The PGP signature of the distribution is at

The signature was generated with the ISC public key, which is
available at <>.

A binary kit for Windows XP and Window 2003 is at

The PGP signature of the binary kit for Windows XP and Window 2003 is at

Changes since BIND 9.6.0a1

	--- 9.6.0rc2 released ---

2515.	[port]		win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
			[RT #19063]

2513	[bug]		Fix windows cli build. [RT #19062]

2510.	[bug]		"dig +sigchase" could trigger REQUIRE failures.
			[RT #19033]

2509.	[bug]		Specifying a fixed query source port was broken.
			[RT #19051]

2504.	[bug]		Address race condition in the socket code. [RT #18899]

	--- 9.6.0rc1 released ---

2498.	[bug]		Removed a bogus function argument used with
			ISC_SOCKET_USE_POLLWATCH: it could cause compiler
			warning or crash named with the debug 1 level
			of logging. [RT #18917]

2497.	[bug]		Don't add RRSIG bit to NSEC3 bit map for insecure

2496.	[bug]		Add sanity length checks to NSID option. [RT #18813]

2495.	[bug]		Tighten RRSIG checks. [RT #18795]

2494.	[bug]		isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
			installed. [RT #18826]

2493.	[bug]		The linux capabilities code was not correctly cleaning
			up after itself. [RT #18767]

2492.	[func]		Rndc status now reports the number of cpus discovered
			and the number of worker threads when running
			multi-threaded. [RT #18273]

2491.	[func]		Attempt to re-use a local port if we are already using
			the port. [RT #18548]

2490.	[port]		aix: work around a kernel bug where IPV6_RECVPKTINFO
			is cleared when IPV6_V6ONLY is set. [RT #18785]

2489.	[port]		solaris: Workaround Solaris's kernel bug about
			Define ISC_SOCKET_USE_POLLWATCH at build time to enable
			this workaround. [RT #18870]

2488.	[func]		Added a tool, dnssec-dsfromkey, to generate DS records
			from keyset and .key files. [RT #18694]

2487.	[bug]		Give TCP connections longer to complete. [RT #18675]

2486.	[func]		The default locations for and
			are now /var/run/named/ and
			/var/run/lwresd/ respectively.

			This allows the owner of the containing directory
			to be set, for "named -u" support, and allows there
			to be a permanent symbolic link in the path, for
			"named -t" support.  [RT #18306]

2485.	[bug]		Change update's the handling of obscured RRSIG
			records.  Not all orphaned DS records were being
			removed. [RT #18828]

2484.	[bug]		It was possible to trigger a REQUIRE failure when
			adding NSEC3 proofs to the response in
			query_addwildcardproof().  [RT #18828]

2483.	[port]		win32: chroot() is not supported. [RT #18805]

2482.	[port]		libxml2: support versions 2.7.* in addition
			to 2.6.*. [RT #18806]

	--- 9.6.0b1 released ---

2481.	[bug]		rbtdb.c:matchparams() failed to handle NSEC3 chain
			collisions.  [RT #18812]

2480.	[bug]		named could fail to emit all the required NSEC3
			records.  [RT #18812]

2479.	[bug]		xfrout:covers was not properly initialized. [RT #18801]

2478.	[bug]		'addresses' could be used uninitialized in
			configure_forward(). [RT #18800]
2477.	[bug]		dig: the global option to print the command line is
			+cmd not print_cmd.  Update the output to reflect
			this. [RT #17008]

2476.	[doc]		ARM: improve documentation for max-journal-size and
			ixfr-from-differences. [RT #15909] [RT #18541]

2475.	[bug]		LRU cache cleanup under overmem condition could purge
			particular entries more aggressively. [RT #17628]

2474.	[bug]		ACL structures could be allocated with insufficient
			space, causing an array overrun. [RT #18765]

2473.	[port]		linux: raise the limit on open files to the possible
			maximum value before spawning threads; 'files'
		        specified in named.conf doesn't seem to work with
			threads as expected. [RT #18784]

2472.	[port]		linux: check the number of available cpu's before
			calling chroot as it depends on "/proc". [RT #16923]

2471.	[bug]		named-checkzone was not reporting missing mandatory
			glue when sibling checks were disabled. [RT #18768]

2470.	[bug]		Elements of the isc_radix_node_t could be incorrectly
			overwritten.  [RT# 18719]

2469.	[port]		solaris: Work around Solaris's select() limitations.
			[RT #18769]

2468.	[bug]		Resolver could try unreachable servers multiple times.
			[RT #18739]

2467.	[bug]		Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]

2466.	[doc]		ARM: explain max-cache-ttl 0 SERVFAIL issue.
			[RT #18302]

2465.	[bug]		Adb's handling of lame addresses was different
			for IPv4 and IPv6. [RT #18738]

2464.	[port]		linux: check that a capability is present before
			trying to set it. [RT #18135]

2463.   [port]          linux: POSIX doesn't include the IPv6 Advanced Socket
			API and glibc hides parts of the IPv6 Advanced Socket
			API as a result.  This is stupid as it breaks how the
			two halves (Basic and Advanced) of the IPv6 Socket API
			were designed to be used but we have to live with it.
			Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
			API. [RT #18388]

2462.	[doc]		Document -m (enable memory usage debugging)
			option for dig. [RT #18757]

2461.	[port]		sunos: Change #2363 was not complete. [RT #17513]

	--- 9.6.0a1 released ---

More information about the bind-users mailing list