BIND 9.5.2-P3 is now available.
Mark Andrews
marka at isc.org
Wed Mar 17 01:36:03 UTC 2010
BIND 9.5.2-P3 is now available.
BIND 9.5.2-P3 is a recommended patch for BIND 9.5.2. It addresses
excessive query traffic generated when there is a break in the
DNSSEC trust chain as a result of a configuration error. It is
recommended for anyone using DNSSEC validation and BIND 9.5.x.
Bugs should be reported to bind9-bugs at isc.org.
BIND 9.5.2-P3 can be downloaded from:
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/bind-9.5.2-P3.tar.gz
PGP signatures of the distribution are at:
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/bind-9.5.2-P3.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/bind-9.5.2-P3.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/bind-9.5.2-P3.tar.gz.sha512.asc
The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp
A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.zip
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.debug.zip
PGP signatures of the binary kit are at:
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2-P3/BIND9.5.2-P3.debug.zip.sha512.asc
Changes since 9.5.2:
--- 9.5.2-P3 released ---
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
--- 9.5.2-P2 released ---
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
--- 9.5.2-P1 released ---
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
--- 9.5.2 released ---
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list