BIND 10 - 1.0.0 Release Candidate

Jeremy C. Reed jreed at isc.org
Fri Feb 15 03:27:49 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	BIND 10 - 1.0.0 Release Candidate

Welcome to the first release candidate toward the first production
BIND 10 1.0.0 release.  BIND 10 provides a C++ library for DNS
(with python wrappers) and several cooperating daemons for providing
authoritative DNS service (with in-memory and SQLite3 backends and
DNSSEC support), dynamic DNS, zone transfers, and experimental
forwarding and recursive name service.  Supplementary components
are included for statistics collection and reporting and remote
configuration and control.

This version of BIND 10 also includes the latest snapshot of the
BIND 10 DHCP development.  The snapshot includes a C++ library for
DHCP and two DHCP servers, one for IPv4 and one for IPv6. Features
of these servers are:

* Able to allocate and renew addresses, and handle lease expiration
  and releases.
* Supports a subset of clients:
  - DHCPv4 clients connected to the server via a relay.
  - DHCPv6 clients on the same LAN as the server.
* Able to configure values for standard options returned to a client,
  either globally or on a per-subnet basis.
* Able to define new options and configure them in the same way as
  standard options.
* Leases are stored in a MySQL database.
* Configuration, logging and process control uses the same mechanisms
  as the BIND 10 DNS server.

Note: The default testing account and password for bindctl/b10-cmdctl
is now removed; a new account for remote configuration and control
can be created with b10-cmdctl-usermgr, for example:
	b10-cmdctl-usermgr --file /usr/local/etc/bind10/cmdctl-accounts.csv

We are looking for testers to provide feedback about using this
release candidate. For more information about BIND 10, the release
schedule, and the community testing plans, please see:

	http://bind10.isc.org/wiki/ProductionRelease

Documentation is included and also available via the BIND 10 website
at http://bind10.isc.org/

The bind10-1.0.0-rc source may be downloaded from:

	ftp://ftp.isc.org/isc/bind10/1.0.0-rc/bind10-1.0.0-rc.tar.gz

A PGP signature of the distribution is at

	ftp://ftp.isc.org/isc/bind10/1.0.0-rc/bind10-1.0.0-rc.tar.gz.sha512.asc

The signature was generated with the ISC code signing key which is
available at https://www.isc.org/about/openpgp

A summary of the significant changes since the previous release
include (from the ChangeLog):

580.	[func]*		muks
	There is no longer a default user account. The old default account
	with username 'root' has been removed. In a fresh installation of
	BIND 10, the administrator has to configure a user account using
	the b10-cmdctl-usermgr program.
	(Trac #2641, git 54e8f4061f92c2f9e5b8564240937515efa6d934)

579.	[bug]		jinmei
	libdatasrc/b10-auth: corrected some corner cases in query handling
	of in-memory data source that led to the following invalid/odd
	responses from b10-auth:
	- duplicate RRs in answer and additional for type ANY query
	- incorrect NSEC for no error, no data (NXRRSET) response that
	  matches a wildcard
	(Trac #2585, git abe78fae4ba3aca5eb01806dd4e05607b1241745)

578.	[bug]		jinmei
	b10-auth now returns closest encloser NSEC3 proof to queries for
	an empty non terminal derived from an Opt-Out NSEC RR, as clarified
	in errata 3441 for RFC5155.  Previously it regarded such case as
	broken zone and returned SERVFAIL.
	(Trac #2659, git 24c235cb1b379c6472772d340e21577c3460b742)

577.	[func]		muks
	Added an SQLite3 index on records(rname, rdtype). This decreases
	insert performance by ~28% and adds about ~20% to the file size,
	but increases zone iteration performance. As it introduces a new
	index, a database upgrade would be required.
	(Trac #1756, git 9b3c959af13111af1fa248c5010aa33ee7e307ee)

576.	[bug]		tmark, tomek
	b10-dhcp6: Fixed bug when the server aborts operation when
	receiving renew and there are no IPv6 subnets configured.
	(Trac #2719, git 3132b8b19495470bbfd0f2ba0fe7da443926034b)

575.	[bug]		marcin
	b10-dhcp6: Fixed the bug whereby the subnet for the incoming
	packet was selected using only its source address. The subnet
	is now selected using either source address or the name of the
	server's interface on which the packet has been received.
	(Trac #2704, git 1cbacf19a28bdae50bb9bd3767bca0147fde37ed)

574.	[func]		tmark
	b10-dhcp4, b10-dhcp6: Composite key indexes were added to the lease
	tables to reduce lease search time. The lease4 table now has two
	additional indexes: a) hwaddr/subnet_id and b) client_id/subnet_id.
	The lease6 now has the one additional index: iaid/subnet_id/duid.
	Adding these indexes significantly improves lease acquisition
	performance.
	(Trac #2699,#2703, git 54bbed5fcbe237c5a49b515ae4c55148723406ce)

573.	[bug]		stephen
	Fixed problem whereby the DHCP server crashed if it ran out of
	addresses.  Such a condition now causes a packet to be returned
	to the client refusing the allocation of an address.
	(Trac #2681, git 87ce14cdb121b37afb5b1931af51bed7f6323dd6)

572.	[bug]		marcin
	perfdhcp: Fixed bug where the command line switches used to
	run the perfdhcp where printed as ASCII codes.
	(Trac #2700, git b8d6b949eb7f4705e32fbdfd7694ca2e6a6a5cdc)

571.	[build]		jinmei
	The ./configure script can now handle output from python-config
	--ldflags that contains a space after -L switches.  This fixes
	failure reported on some Solaris environments.
	(Trac #2661, git e6f86f2f5eec8e6003c13d36804a767a840d96d6)

570.	[bug]		tmark, marcin, tomek
	b10-dhcp4: Address renewal now works properly for DHCPv4 clients
	that do not send client ID.
	(Trac #2702, git daf2abe68ce9c111334a15c14e440730f3a085e2)

569.	[bug]		tomek
	b10-dhcp4: Fix bug whereby a DHCP packet without a client ID
	could crash the MySQL lease database backend.
	(Trac #2697, git b5e2be95d21ed750ad7cf5e15de2058aa8bc45f4)

568.	[func]		muks
	Various message IDs have been renamed to remove the word 'ERROR'
	from them when they are not logged at ERROR severity level.
	(Trac #2672, git 660a0d164feaf055677f375977f7ed327ead893e)

567.	[doc]		marcin, stephen, tomek
	Update DHCP sections of the BIND 10 guide.
	(Trac #2657, git 1d0c2004865d1bf322bf78d13630d992e39179fd)

566.	[func]*		jinmei
	libdns++/Python isc.dns: In Python isc.dns, function style
	constants for RRType, RRClass, Rcode and Opcode were deprecated
	and replaced with straightforward object constants, e.g., from
	RRType.AAAA() to RRType.AAAA.  This is a backward incompatible
	change (see the Trac ticket for a conversion script if needed).
	Also, these constants are now more consistent between C++
	and Python, and RRType constants for all currently standardized
	types are now supported (even if Rdata for these are not yet
	available).
	(Trac #1866 and #2409, git e5005185351cf73d4a611407c2cfcd163f80e428)

565.	[func]*		jelte
	The main initializer script (formerly known as either 'bind10',
	'boss', or 'bob'), has been renamed to b10-init (and Init in
	configuration). Configuring which components are run is henceforth
	done through '/Init/components', and the sbin/bind10 script is now
	simply a shellscript that runs b10-init. Existing configuration is
	automatically updated. NOTE: once configuration with this update
	has been saved (by committing any new change with bindctl), you
	cannot run older versions of BIND 10 anymore with this configuration.
	(Trac #1901, git bae3798603affdb276f370c1ac6b33b011a5ed4f)

564.	[func]		muks
	libdns++: the CNAME, DNAME, MX, NS, PTR and SRV Rdata classes now
	use the generic lexer in constructors from text.  This means that
	the name fields in such RRs in a zone file can now be non-absolute
	(the origin name in that context will be used), e.g., when loaded
	by b10-loadzone. One additional change to the libdns++ API is that
	the existing string constructors for these Rdata classes also use
	the generic lexer, and they now expect an absolute name (with the
	trailing '.') in the name fields.
	(Trac #2390, git a01569277cda3f78b1171bbf79f15ecf502e81e2)
	(Trac #2656, git 5a0d055137287f81e23fbeedd35236fee274596d)

563.	[build]		jinmei
	Added --disable-rpath configure option to avoid embedding library
	paths to binaries.  Patch from Adam Tkac.
	(Trac #2667, git 1c50c5a6ee7e9675e3ab154f2c7f975ef519fca2)

562.	[func]*		vorner
	The b10-xfrin now performs basic sanity check on just received
	zone. It'll reject severely broken zones (such as missing NS
	records).
	(Trac #2439, git 44699b4b18162581cd1dd39be5fb76ca536012e6)

561.	[bug]		kambe, jelte
	b10-stats-httpd no longer dumps request information to the console,
	but uses the bind10 logging system. Additionally, the logging
	identifiers have been changed from STATHTTPD_* to STATSHTTPD_*
	(Trac #1897, git 93716b025a4755a8a2cbf250a9e4187741dbc9bb)

560.	[bug]		jinmei
	b10-auth now sets the TTL of SOA RR for negative responses to
	the minimum of the RR TTL and the minimum TTL of the SOA RDATA
	as specified in RFC2308; previously the RR TTL was always used.
	The ZoneFinder class was extended partly for implementing this
	and partly for allowing further optimization.
	(Trac #2309 and #2635, git ee17e979fcde48b59d91c74ac368244169065f3b)

559.	[bug]		jelte
	b10-cmdctl no longer aborts on basic file issues with its https
	certificate or private key file. It performs additional checks, and
	provides better error logs if these fail. Additionally, bindctl
	provides a better error report if it is unable to connect over
	https connection. This issue could occur if BIND 10 was installed
	with root privileges but then started as a normal user.
	(Trac #2595, git 09b1a2f927483b407d70e98f5982f424cc872149)

558.	[func]		marcin
	b10-dhcp4: server now adds configured options to its
	responses to a client when client requests them.
	A few basic options: Routers, Domain Name, Domain
	Name Servers and Subnet Mask are added regardless
	if client requested them or not.
	(Trac #2591, git aeec2dc1b9c511d17971ac63138576c37e7c5164)

557.	[doc]		stephen
	Update DHCP sections of the BIND 10 guide.
	(Trac #2642, git e5faeb5fa84b7218fde486347359504cf692510e)

556.	[bug]		marcin
	Fixed DHCP servers configuration whereby the servers did not
	receive a configuration stored in the database on their startup.
	Also, the configuration handler function now uses full configuration
	instead of partial to configure the server. This guarantees that
	dependencies between various configuration parameters are
	fulfilled.
	(Trac #2637, git 91aa998226f1f91a232f2be59a53c9568c4ece77)

555.	[func]		marcin
	The encapsulated option space name can be specified for
	a DHCP option. It comprises sub-options being sent within
	an option that encapsulates this option space.
	(Trac #2314, git 27e6119093723a1e46a239ec245a8b4b10677635)

554.	[func]		jinmei
	b10-loadzone: improved completion log message and intermediate
	reports: It now logs the precise number of loaded RRs on
	completion, and intermediate reports show additional information
	such as the estimated progress in percentage and estimated time
	to complete.
	(Trac #2574, git 5b8a824054313bdecb8988b46e55cb2e94cb2d6c)

553.	[func]		stephen
	Values of the parameters to access the DHCP server lease database
	can now be set through the BIND 10 configuration mechanism.
	(Trac #2559, git 6c6f405188cc02d2358e114c33daff58edabd52a)

552.	[bug]		shane
	Build on Raspberry PI.
	The main issue was use of char for reading from input streams,
	which is incorrect, as EOF is returned as an int -1, which would
	then get cast into a char -1.
	A number of other minor issues were also fixed.
	(Trac #2571, git 525333e187cc4bbbbde288105c9582c1024caa4a)

551.	[bug]		shane
	Kill msgq if we cannot connect to it on startup.
	When the boss process was unable to connect to the msgq, it would
	exit. However, it would leave the msgq process running. This has
	been fixed, and the msgq is now stopped in this case.
	(Trac #2608, git 016925ef2437e0396127e135c937d3a55539d224)

550.	[func]		tomek
	b10-dhcp4: The DHCPv4 server now generates a server identifier
	the first time it is run. The identifier is preserved in a file
	across server restarts.
	b10-dhcp6: The server identifier is now preserved in a file across
	server restarts.
	(Trac #2597, git fa342a994de5dbefe32996be7eebe58f6304cff7)

549.	[func]		tomek
	b10-dhcp6: It is now possible to specify that a configured subnet
	is reachable locally over specified interface (see "interface"
	parameter in Subnet6 configuration).
	(Trac #2596, git a70f6172194a976b514cd7d67ce097bbca3c2798)

548.	[func]		vorner
	The message queue daemon now appears on the bus. This has two
	effects, one is it obeys logging configuration and logs to the
	correct place like the rest of the modules. The other is it
	appears in bindctl as module (but it doesn't have any commands or
	configuration yet).
	(Trac #2582, git ced31d8c5a0f2ca930b976d3caecfc24fc04634e)

547.	[func]*		vorner
	The b10-loadzone now performs more thorough sanity check on the
	loaded data.  Some of the checks are now fatal and zone failing
	them will be rejected.
	(Trac #2436, git 48d999f1cb59f308f9f30ba2639521d2a5a85baa)

546.	[func]		marcin
	DHCP option definitions can be now created using the
	Configuration Manager. The option definition specifies
	the option code, name and the types of the data being
	carried by the option.  The Configuration Manager
	reports an error on attempt to override standard DHCP
	option definition.
	(Trac #2317, git 71e25eb81e58a695cf3bad465c4254b13a50696e)

545.	[func]		jinmei
	libdns++: the SOA Rdata class now uses the generic lexer in
	constructors from text.  This means that the MNAME and RNAME of an
	SOA RR in a zone file can now be non absolute (the origin name
	in that context will be used), e.g., when loaded by b10-loadzone.
	(Trac #2500, git 019ca218027a218921519f205139b96025df2bb5)

544.	[func]		tomek
	b10-dhcp4: Allocation engine support for IPv4 added. Currently
	supported operations are server selection (Discover/Offer),
	address assignment (Request/Ack), address renewal (Request/Ack),
	and address release (Release). Expired leases can be reused.
	Some options (e.g. Router Option) are still hardcoded, so the
	DHCPv4 server is not yet usable, although its address allocation
	is operational.
	(Trac #2320, git 60606cabb1c9584700b1f642bf2af21a35c64573)

543.	[func]*		jelte
	When calling getFullConfig() as a module, , the configuration is now
	returned as properly-structured JSON.  Previously, the structure had
	been flattened, with all data being labelled by fully-qualified
	element names.
	(Trac #2619, git bed3c88c25ea8f7e951317775e99ebce3340ca22)

542.	[func]		marcin
	Created OptionSpace and OptionSpace6 classes to represent DHCP
	option spaces. The option spaces are used to group instances
	and definitions of options having uniqe codes. A special type
	of option space is the so-called "vendor specific option space"
	which groups sub-options sent within Vendor Encapsulated Options.
	The new classes are not used yet but they will be used once
	the creation of option spaces by configuration manager is
	implemented.
	(Trac #2313, git 37a27e19be874725ea3d560065e5591a845daa89)

541.	[func]		marcin
	Added routines to search for configured DHCP options and their
	definitions using name of the option space they belong to.
	New routines are called internally from the DHCPv4 and DHCPv6
	servers code.
	(Trac #2315, git 741fe7bc96c70df35d9a79016b0aa1488e9b3ac8)

540.	[func]		marcin
	DHCP Option values can be now specified using a string of
	tokens separated with comma sign. Subsequent tokens are used
	to set values for corresponding data fields in a particular
	DHCP option. The format of the token matches the data type
	of the corresponding option field: e.g. "192.168.2.1" for IPv4
	address, "5" for integer value etc.
	(Trac #2545, git 792c129a0785c73dd28fd96a8f1439fe6534a3f1)

539.	[func]		stephen
	Add logging to the DHCP server library.
	(Trac #2524, git b55b8b6686cc80eed41793c53d1779f4de3e9e3c)

538.	[bug]		muks
	Added escaping of special characters (double-quotes, semicolon,
	backslash, etc.) in text-like RRType's toText() implementation.
	Without this change, some TXT and SPF RDATA were incorrectly
	stored in SQLite3 datasource as they were not escaped.
	(Trac #2535, git f516fc484544b7e08475947d6945bc87636d4115)

537.	[func]		tomek
	b10-dhcp6: Support for RELEASE message has been added. Clients
	are now able to release their non-temporary IPv6 addresses.
	(Trac #2326, git 0974318566abe08d0702ddd185156842c6642424)

536.	[build]		jinmei
	Detect a build issue on FreeBSD with g++ 4.2 and Boost installed via
	FreeBSD ports at ./configure time.  This seems to be a bug of
	FreeBSD	ports setup and has been reported to the maintainer:
	http://www.freebsd.org/cgi/query-pr.cgi?pr=174753
	Until it's fixed, you need to build BIND 10 for FreeBSD that has
	this problem with specifying --without-werror, with clang++
	(development version), or with manually extracted Boost header
	files (no compiled Boost library is necessary).
	(Trac #1991, git 6b045bcd1f9613e3835551cdebd2616ea8319a36)

535.	[bug]		jelte
	The log4cplus internal logging mechanism has been disabled, and no
	output from the log4cplus library itself should be printed to
	stderr anymore. This output can be enabled by using the
	compile-time option --enable-debug.
	(Trac #1081, git db55f102b30e76b72b134cbd77bd183cd01f95c0)

534.	[func]*		vorner
	The b10-msgq now uses the same logging format as the rest
	of the system. However, it still doesn't obey the common
	configuration, as due to technical issues it is not able
	to read it yet.
	(git 9e6e821c0a33aab0cd0e70e51059d9a2761f76bb)

Thanks again to those who contributed bug reports, code, and reviews.
Bugs may be reported as tickets via the developers website (after
logging into Trac) at:

	http://bind10.isc.org/

Please feel free to participate and share your feedback on the BIND
10 mailing lists:

	https://lists.isc.org/mailman/listinfo/bind10-users
	https://lists.isc.org/mailman/listinfo/bind10-dev

Jeremy C. Reed
ISC Release Engineering

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (NetBSD)

iEYEARECAAYFAlEdqlYACgkQs9Bv5D4YwC3t9QCdFmHE9bVZq0WRa4E1pq5t1JtK
CMgAoNTXHYMMlvMU6bzARXBOsgYq2ZW5
=JulM
-----END PGP SIGNATURE-----



More information about the bind-users mailing list