Transition from BIND 9.9 to 9.10

Mark Andrews marka at
Thu Jul 27 22:53:22 UTC 2017

In message <4D7A2547-32B0-4DFB-8042-2DB33C62853A at>, "King, Harold Clyde 
(Hal)" writes:
> I have not found any problems so far on my test machines, but I was wondering
>  what changes there are to look forward to in moving from 9.9 to 9.10? 

9.10 and 9.11 are drop in replacements.  Basically all updates are
drop in replacements.

9.11 adds DNS COOKIE options to the out going requests.  This exposes
stupid firewall configurations and some broken handling of EDNS
queries. contain
graphs of how different populations of servers behave to different
EDNS extensions being used.  For the most part it just results in
additional queries being made as named falls back to plain DNS
queries when some of this misbehaviour is detected.  Echoing of the
option is currently ignored.

If the broken servers are also serving signed zones then lookups
will fail as responses to plain DNS queries do not contain RRSIGs.
Manual intervention is required to work with these servers but the
population of such servers is small.  I've got six entries in

	server { send-cookie false; };
	server 199.252/16 { send-cookie false; };

Unknown EDNS options are supposed to be ignored.


> -- 
> Hal King  - hck at
> Systems Administrator
> Office of Information Technology
> Shared Systems Services
> The University of Tennessee
> 103C5 Kingston Pike Building
> 2309 Kingston Pk. Knoxville, TN 37996
> Phone : 974-1599
> Helpdesk 24/7 : 974-9900
> _______________________________________________
> Please visit to unsubscribe
>  from this list
> bind-users mailing list
> bind-users at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list