9.5.1-P1 to 9.6.1-P1

Jeremy C. Reed jreed at isc.org
Wed Jul 29 15:18:27 UTC 2009


On Wed, 29 Jul 2009, Sandy Mackenzie wrote:

> Any known gotcha's for this upgrade?

The significant 9.6.0 changes are listed at
https://www.isc.org/software/bind/new-features/9.6

The BIND 9.6.1 minor release has numerous improvements
especially in portability, documentation, and DNSSEC.

The release also includes the recent security fixes: correctly check the 
OpenSSL DSA_do_verify() and EVP_VerifyFinal() function results; and 
handling unknown algorithms in the DNSSEC lookaside validation. (Note that 
the BIND 9.6.0 version was not susceptible to the reported cases because 
it already had NSEC3 algorithm support.)

The behavior of default "allow-query-cache" option has now changed to also 
possibly be affected by "recursion no;". If the "allow-query-cache" option 
is not set, then the default for which hosts are allowed to get answers 
from the cache is determined by other configurations in the following 
order:

1) The "allow-recursion" ACL, if configured.

2) A "recursion no;" configuration implies "none;".

3) The "allow-query" ACL, if configured.

4) Barring all of the above, the final default is "{ localnets;
localhost }".

So in other words, if you have defined "recursion no;" and have not defined
the "allow-query-cache", "allow-recursion", and "allow-query" ACLs, then
the default will be  "allow-query-cache { none; }" and clients will
not have access to the cache. This is a change from 9.3.6, 9.4.3, 9.5.1,
and 9.6.0.  For more details, see the ARM.

The contrib/zkt was updated to version 0.98.

BIND 9.6.1 introduces a new logging category called "query-errors" which 
provides detailed internal information about query failures, such server 
failures. (This is documented in the ARM.)

Also new experimental new statistics counters were added, including for
socket I/O events and query RTT (round trip time) histograms.

And a "bind.keys" file is included in the source tree which contains the 
recent dlv.isc.org trust anchor for the administrator's convenience.




More information about the bind-users mailing list