ISC BIND 9.8.1b1 is now available
Evan Hunt
each at isc.org
Thu May 26 16:36:07 UTC 2011
__________________________________________________________________
Introduction
BIND 9.8.1b1 is the first beta release of BIND 9.8.1, a maintenance
release for BIND 9.8.
Please see the CHANGES file in the source code release for a complete
list of all changes. See below for a list of changes since 9.8.0.
Download
The latest versions of BIND 9 software can always be found
on our web site at http://www.isc.org/downloads/all. There you will
find additional information about each release, source code, and
pre-compiled versions for certain operating systems.
Support
Product support information is available on
http://www.isc.org/services/support for paid support options. Free
support is provided by our user community via a mailing list.
Information on all public email lists is available at
https://lists.isc.org/mailman/listinfo.
Thank You
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
http://www.isc.org/supportisc.
Known issues in this release:
* Named can fail to return a complete CNAME chain when the CNAME record
and its target are both within zones for which the server is
authoritative. This only happens when named is configured to be
recursive as well as authoritative, and only effects recursive
clients. The failure happens infrequently, but once it has started
happening the only fix is to restart named. The bug was fixed too
late for inclusion in this beta release, but it will be included in
the next release.
All changes since 9.8.0:
3112. [doc] Add missing descriptions of the update policy name
types "ms-self", "ms-subdomain", "krb5-self" and
"krb5-subdomain", which allow machines to update
their own records, to the BIND 9 ARM.
3111. [bug] Improved consistency checks for dnssec-enable and
dnssec-validation, added test cases to the
checkconf system test. [RT #24398]
3110. [bug] dnssec-signzone: Wrong error message could appear
when attempting to sign with no KSK. [RT #24369]
3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852]
3105. [bug] GOST support can be suppressed by "configure
--without-gost" [RT #24367]
3104. [bug] Better support for cross-compiling. [RT #24367]
3103. [bug] Configuring 'dnssec-validation auto' in a view
instead of in the options statement could trigger
an assertion failure in named-checkconf. [RT #24382]
3101. [bug] Zones using automatic key maintenance could fail
to check the key repository for updates. [RT #23744]
3100. [security] Certain response policy zone configurations could
trigger an INSIST when receiving a query of type
RRSIG. [RT #24280]
3099. [test] "dlz" system test now runs but gives R:SKIPPED if
not compiled with --with-dlz-filesystem. [RT #24146]
3098. [bug] DLZ zones were answering without setting the AA bit.
[RT #24146]
3097. [test] Add a tool to test handling of malformed packets.
[RT #24096]
3096. [bug] Set KRB5_KTNAME before calling log_cred() in
dst_gssapi_acceptctx(). [RT #24004]
3095. [bug] Handle isolated reserved ports in the port range.
[RT #23957]
3094. [doc] Expand dns64 documentation.
3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
3092. [bug] Signatures for records at the zone apex could go
stale due to an incorrect timer setting. [RT #23769]
3091. [bug] Fixed a bug in which zone keys that were published
and then subsequently activated could fail to trigger
automatic signing. [RT #22911]
3090. [func] Make --with-gssapi default [RT #23738]
3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
and add setup.sh in order to resolve changing
named.conf issue. [RT #23687]
3087. [bug] DDNS updates using SIG(0) with update-policy match
type "external" could cause a crash. [RT #23735]
3086. [bug] Running dnssec-settime -f on an old-style key will
now force an update to the new key format even if no
other change has been specified, using "-P now -A now"
as default values. [RT #22474]
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
3082. [port] strtok_r is threads only. [RT #23747]
3081. [bug] Failure of DNAME substitution did not return
YXDOMAIN. [RT #23591]
3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
[RT #23587]
3079. [bug] Handle isc_event_allocate failures in t_tasks.
[RT #23572]
3078. [func] Added a new include file with function typedefs
for the DLZ "dlopen" driver. [RT #23629]
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
dns_zone_attach(), use zone->irefs instead. [RT #23303]
3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
timestamp when determining which keys are active.
[RT #23642]
3074. [bug] Make the adb cache read through for zone data and
glue learn for zone named is authoritative for.
[RT #22842]
3073. [bug] managed-keys changes were not properly being recorded.
[RT #20256]
3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
[RT #20256]
3071. [bug] has_nsec could be used unintialised in
update.c:next_active. [RT #20256]
3070. [bug] dnssec-signzone potential NULL pointer dereference.
[RT #20256]
3069. [cleanup] Silence warnings messages from clang static analysis.
[RT #20256]
3068. [bug] Named failed to build with a OpenSSL without engine
support. [RT #23473]
3067. [bug] ixfr-from-differences {master|slave}; failed to
select the master/slave zones. [RT #23580]
3066. [func] The DLZ "dlopen" driver is now built by default,
no longer requiring a configure option. To
disable it, use "configure --without-dlopen".
(Note: driver not supported on win32.) [RT #23467]
3065. [bug] RRSIG could have time stamps too far in the future.
[RT #23356]
3064. [bug] powerpc: add sync instructions to the end of atomic
operations. [RT #23469]
3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
3059. [test] Added a regression test for change #3023.
3058. [bug] Cause named to terminate at startup or rndc reconfig/
reload to fail, if a log file specified in the conf
file isn't a plain file. [RT #22771]
3057. [bug] "rndc secroots" would abort after the first error
and so could miss some views. [RT #23488]
3054. [bug] Added elliptic curve support check in
GOST OpenSSL engine detection. [RT #23485]
3053. [bug] Under a sustained high query load with a finite
max-cache-size, it was possible for cache memory
to be exhausted and not recovered. [RT #23371]
3052. [test] Fixed last autosign test report. [RT #23256]
3051. [bug] NS records obsure DNAME records at the bottom of the
zone if both are present. [RT #23035]
3050. [bug] The autosign system test was timing dependent.
Wait for the initial autosigning to complete
before running the rest of the test. [RT #23035]
3049. [bug] Save and restore the gid when creating creating
named.pid at startup. [RT #23290]
3048. [bug] Fully separate view key mangement. [RT #23419]
3047. [bug] DNSKEY NODATA responses not cached fixed in
validator.c. Tests added to dnssec system test.
[RT #22908]
3046. [bug] Use RRSIG original TTL to compute validated RRset
and RRSIG TTL. [RT #23332]
3044. [bug] Hold the socket manager lock while freeing the socket.
[RT #23333]
3043. [test] Merged in the NetBSD ATF test framework (currently
version 0.12) for development of future unit tests.
Use configure --with-atf to build ATF internally
or configure --with-atf=prefix to use an external
copy. [RT #23209]
3042. [bug] dig +trace could fail attempting to use IPv6
addresses on systems with only IPv4 connectivity.
[RT #23297]
3041. [bug] dnssec-signzone failed to generate new signatures on
ttl changes. [RT #23330]
3040. [bug] Named failed to validate insecure zones where a node
with a CNAME existed between the trust anchor and the
top of the zone. [RT #23338]
3038. [bug] Install <dns/rpz.h>. [RT #23342]
3037. [doc] Update COPYRIGHT to contain all the individual
copyright notices that cover various parts.
3036. [bug] Check built-in zone arguments to see if the zone
is re-usable or not. [RT #21914]
3035. [cleanup] Simplify by using strlcpy. [RT #22521]
3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
[RT #22521]
3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
[RT #22521]
3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
[RT #22521]
3029. [bug] isc_netaddr_format() handle a zero sized buffer.
[RT #22521]
3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
[RT #22521]
3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
catch NULL pointer dereferences before they happen.
[RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
after calling grow_headerspace() and if not
re-call grow_headerspace() until we do. [RT #22521]
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-workers
mailing list