BIND10 1.1.0 released

Jeremy C. Reed jreed at
Thu Jun 6 19:14:58 UTC 2013

Hash: SHA1

Welcome to BIND 10 version 1.1.0.  This is the second production
release of the BIND 10 Platform. It provides cooperating daemons
for authoritative DNS service, dynamic DNS, zone transfers, and
experimental forwarding and recursive name service. BIND 10 also
offers engineering snapshots of ISC's new implementations of DHCPv4
and DHCPv6 service.  Additional components supply remote configuration
and control and statistics collection and reporting.  BIND 10 also
provides C++ libraries for DNS (with python wrapper) and DHCP.

Important changes or new features since the 1.0.0 release include:
 - IXFR performance enhancement.
 - Improved authoritative server stability and performance.
 - Improved flexibility of DNS Resource Record ordering and
   suppressing duplicate RRs when loading zone to memory.
 - DNS separate "static" data source is now deprecated.
 - b10-cmdctl-usermgr options and arguments changed.
 - New Xfrout and Auth statistics counters.
 - Support for directly connected DHCPv4 clients.
 - Support for remote DHCPv6 clients connected via relays.
 - Significant DHCP performance improvement.

The bind10-1.1.0 source may be downloaded from:

A PGP signature of the distribution is at

The signature was generated with the ISC code signing key which is
available at

BIND 10 provides detailed documentation, including installation
instructions and usage tutorials, and manual pages. In addition,
all logging messages have unique documented explanations.  This
documentation is included with the installation or via in HTML, plain text, or PDF formats.
Installation suggestions for various operating systems are also
available via our wiki at

Limitations and known issues with the experimental DHCP release are
listed at

If you have any questions or comments about working with BIND 10,
please share them to the BIND 10 Users List or to the BIND
10 Jabber room.  Bugs and feature requests may also be submitted
via the ticket tracking system at

Paid support, training, and consulting options are available; see for information.

BIND 10 is a sponsored development project, and would not be possible
without the generous support of the sponsors.  JPRS is a Patron Level
sponsor.  AFNIC, CNNIC, CZ.NIC, DENIC eG, Google,, .nz
Registry Services, and Technical Center of Internet are current
sponsors.  Afilias, CIRA, IIS.SE, Nominet, and SIDN were founding
sponsors of the project. The RIPE NCC was also a sponsor.

Support for BIND 10 development of the DHCPv4 and DHCPv6 components is
provided by Comcast.

This release had no code changes or additions since last week's
release candidate. The following summarizes the significant changes
and important upgrade notes since the previous production release.
(See the git history for more details and additional development.)

619.	[bug]		jinmei
	b10-xfrout now uses blocking send for xfr response messages
	to prevent abrupt termination of the stream due to a slower
	client or narrower network bandwidth.
	(Trac #2934, git bde0e94518469557c8b455ccbecc079a38382afd)

617.	[bug]		marcin
	b10-dhcp4: Fixed a bug whereby the domain-name option was encoded
	as FQDN (using technique described in RFC1035) instead of a string.
	Also, created new class which represents an option carrying a single
	string value. This class is now used for all standard options of
	this kind.
	(Trac #2786, git 96b1a7eb31b16bf9b270ad3d82873c0bd86a3530)

615.	[bug]		jinmei
	b10-auth: Avoid referencing to a freed object when authoritative
	server addresses are reconfigured.  It caused a crash on a busy
	server during initial startup time, and the same crash could also
	happen if listen_on parameters are reconfigured at run time.
	(Trac #2946, git d5f2a0d0954acd8bc33aabb220fab31652394fcd)

610.	[bug]		muks
	When the sqlite3 program is not available on the system (in
	PATH), we no longer attempt to run some tests which depend
	on it.
	(Trac #1909, git f85b274b85b57a094d33ca06dfbe12ae67bb47df)

609.	[bug]		jinmei
	Handled some rare error cases in DNS server classes correctly.
	This fix specifically solves occasional crash of b10-auth due to
	errors caused by TCP DNS clients.  Also, as a result of cleanups
	with the fix, b10-auth should now be a little bit faster in
	handling UDP queries: in some local experiments it ran about 5%
	(Trac #2903, git 6d3e0f4b36a754248f8a03a29e2c36aef644cdcc)

608.	[bug]		jinmei
	b10-cmdctl: fixed a hangup problem on receiving the shutdown
	command from bindctl.  Note, however, that cmdctl is defined as
	a "needed" module by default, so shutting down cmdctl would cause
	shutdown of the entire BIND 10 system anyway, and is therefore
	still not very useful in practice.
	(Trac #2712, git fa392e8eb391a17d30550d4b290c975710651d98)

607.	[bug]		jinmei
	Worked around some unit test regressions on FreeBSD 9.1 due to
	a binary compatibility issue between standard and system
	libraries (
	While not all tests still pass, main BIND 10 programs should
	generally work correctly.  Still, there can be odd run time
	behavior such as abrupt crash instead of graceful shutdown
	when some fatal event happens, so it's generally discouraged to
	use BIND 10 on FreeBSD 9.1 RELEASE.  According to the above
	bug report for FreeBSD, it seems upgrading or downgrading the
	FreeBSD version will solve this problem.
	(Trac #2887, git 69dfb4544d9ded3c10cffbbfd573ae05fdeb771f)

606.	[bug]		jinmei
	b10-xfrout now correctly stops sending notify requests once it
	receives a valid response.  It previously handled it as if the
	requests are timed out and resent it a few times in a short
	(Trac #2879, git 4c45f29f28ae766a9f7dc3142859f1d0000284e1)

605.	[bug]		tmark
	Modified perfdhcp to calculate the times displayed for packet sent 
	and received as time elapsed since perfdhcp process start time.  
	Previously these were times since the start of the epoch.
	However the large numbers involved caused loss of precision
	in the calculation of the test statistics.
	(Trac #2785, git e9556924dcd1cf285dc358c47d65ed7c413e02cf)

604.	[func]		marcin
	libdhcp++: abstracted methods which open sockets and send/receive
	DHCP4 packets to a separate class. Other classes will be derived
	from it to implement OS-specific methods of DHCPv4 packets filtering.
	The primary purpose for this change is to add support for Direct
	DHCPv4 response to a client which doesn't have an address yet on
	different OSes.
	(Trac #991, git 33ffc9a750cd3fb34158ef676aab6b05df0302e2)

603.	[func]		tmark
	The directory in which the b10-dchp4 and b10-dhcp6 server id files has
	been changed from the local state directory (set by the "configure"
	--localstatedir switch) to the "bind10" subdirectory of it. After an
	upgrade, server id files in the former location will be orphaned and
	should be manually removed.
	(Trac #2770, git a622140d411b3f07a68a1451e19df36118a80650)

602.	[bug]		tmark
	Perfdhcp will now exit gracefully if the command line argument for
	IP version (-4 or -6) does not match the command line argument
	given for the server. Prior to this perfdhcp would core when given
	an IP version of -6 but a valid IPv4 address for server.
	(Trac #2784, git 96b66c0c79dccf9a0206a45916b9b23fe9b94f74)

601.	[bug]*		jinmei, vorner
	The "delete record" interface of the database based data source
	was extended so that the parameter includes reversed name in
	addition to the actual name.  This may help the underlying
	accessor implementation if reversed names are more convenient
	for the delete operation.  This was the case for the SQLite3
	accessor implementation, and it now performs delete operations
	much faster.  At a higher level, this means IXFR and DDNS Updates
	to the sqlite3 database are no longer so slow on large zones as
	they were before.
	(Trac #2877, git 33bd949ac7288c61ed0a664b7329b50b36d180e5)

600.	[bug]		tmark
	Changed mysql_lease_mgr to set the SQL mode option to STRICT. This
	causes mysql it to treat invalid input data as an error. Rather than
	"successfully" inserting a too large value by truncating it, the
	insert will fail, and the lease manager will throw an exception.
	Also, attempts to create a HWAddr (hardware address) object with
	too long an array of data now throw an exception.
	(Trac #2387, git cac02e9290600407bd6f3071c6654c1216278616)

599.	[func]		tomek
	libdhcp++: Pkt6 class is now able to parse and build relayed DHCPv6
	(Trac #2827, git 29c3f7f4e82d7e85f0f5fb692345fd55092796b4)

598.	[func]*		jinmei
	The separate "static" data source is now deprecated as it can be
	served in the more generic "MasterFiles" type of data source.
	This means existing configuration may not work after an update.
	If "config show data_sources/classes/CH[0]" on bindctl contains a
	"static" type of data source, you'll need to update it as follows:
	> config set data_sources/classes/CH[0]/type MasterFiles
	> config set data_sources/classes/CH[0]/params {"BIND": =>
	  "<the value of current data_sources/classes/CH[0]/params>"}
	> config set data_sources/classes/CH[0]/cache-enable true
	> config commit
	(Same for CH[1], CH[2], IN[0], etc, if applicable, although it
	should be very unlikely in practice.  Also note: '=>' above
	indicates the next line is actually part of the command.  Do
	not type in this "arrow").
	(Part of Trac #2833, git 0363b4187fe3c1a148ad424af39e12846610d2d7)

597.	[func]		tmark
	b10-dhcp6: Added unit tests for handling requests when no
	IPv6 subnets are configured/defined. Testing these conditions
	was overlooked during implementation of Trac #2719.
	(Trac #2721, git ce7f53b2de60e2411483b4aa31c714763a36da64)

596.	[bug]		jinmei
	Added special handling for the case where b10-auth receives a
	NOTIFY message, but zonemgr isn't running. Previously this was
	logged as a communications problem at the ERROR level, resulting
	in increasing noise when zonemgr is intentionally stopped. Other
	than the log level there is no change in externally visible
	(Trac #2562, git 119eed9938b17cbad3a74c823aa9eddb7cd337c2)

595.	[bug]		tomek
	All DHCP components now gracefully refuse to handle too short
	DUIDs and client-id.
	(Trac #2723, git a043d8ecda6aff57922fe98a33c7c3f6155d5d64)

594.	[func]		muks, pselkirk
	libdns++: the NSEC, DS, DLV, and AFSDB Rdata classes now use the
	generic lexer in constructors from text.  This means that the name
	fields in such RRs in a zone file can now be non-absolute (the
	origin name in that context will be used), e.g., when loaded by
	(Trac #2386, git dc0f34afb1eccc574421a802557198e6cd2363fa)
	(Trac #2391, git 1450d8d486cba3bee8be46e8001d66898edd370c)

593.	[func]		jelte
	Address + port output and logs is now consistent according to our
	coding guidelines, e.g. <address>:<port> in the case of IPv4, and
	[<address>]:<port> in the case of IPv6, instead of <address>#<port>
	(Trac #1086, git bcefe1e95cdd61ee4a09b20522c3c56b315a1acc)

592.	[bug]		jinmei
	b10-auth and zonemgr now handle some uncommon NOTIFY messages more
	gracefully: auth immediately returns a NOTAUTH response if the
	server does not have authority for the zone (the behavior
	compatible with BIND 9) without bothering zonemgr; zonemgr now
	simply skips retransfer if the specified zone is not in its
	secondary zone list, instead of producing noisy error logs.
	(Trac #1938, git 89d7de8e2f809aef2184b450e7dee1bfec98ad14)

591.	[func]		vorner
	Ported the remaining tests from the old shell/perl based system to
	lettuce. Make target `systest' is now gone. Currently, the lettuce
	tests are in git only, not part of the release tarball.
	(Trac #2624, git df1c5d5232a2ab551cd98b77ae388ad568a683ad)

590.	[bug]		tmark
	Modified "include" statements in DHCP MySQL lease manager code to
	fix build problems if MySQL is installed in a non-standard location.
	(Trac #2825, git 4813e06cf4e0a9d9f453890557b639715e081eca)

589.	[bug]		jelte
	b10-cmdctl now automatically re-reads the user accounts file when
	it is updated.
	(Trac #2710, git 16e8be506f32de668699e6954f5de60ca9d14ddf)

588.	[bug]*		jreed
	b10-xfrout: Log message id XFROUT_QUERY_QUOTA_EXCCEEDED
	(git be41be890f1349ae4c870a887f7acd99ba1eaac5)

587.	[bug]		jelte
	When used from python, the dynamic datasource factory now
	explicitly loads the logging messages dictionary, so that correct
	logging messages does not depend on incidental earlier import
	statements. Also, the sqlite3-specific log messages have been moved
	from the general datasource library to the sqlite3 datasource
	(which also explicitly loads its messages).
	(Trac #2746, git 1c004d95a8b715500af448683e4a07e9b66ea926)

586.	[func]		marcin
	libdhcp++: Removed unnecessary calls to the function which
	validates option definitions used to create instances of options
	being decoded in the received packets. Eliminating these calls
	lowered the CPU utilization by the server by approximately 10%.
	Also, added the composite search indexes on the container used to
	store DHCP leases by Memfile backend. This resulted in the
	significant performance rise when using this backend to store
	(Trac #2701, git b96a30b26a045cfaa8ad579b0a8bf84f5ed4e73f)

585.	[func]		jinmei, muks
	The zone data loader now accepts RRs in any order during load.
	Before it used to reject adding non-consecutive RRsets. It
	expected records for a single owner name and its type to be
	grouped together. These restrictions are now removed.  It now also
	suppresses any duplicate RRs in the zone file when loading them
	into memory.
	(Trac #2440, git 232307060189c47285121f696d4efb206f632432)
	(Trac #2441, git 0860ae366d73314446d4886a093f4e86e94863d4)

584.	[bug]		jinmei
	Fixed build failure with Boost 1.53 (and probably higher) in the
	internal utility library.  Note that with -Werror it may still
	fail, but it's due to a Boost bug that is reportedly fixed in their
	development trunk.  See
	Until the fix is available in a released Boost version you may need
	to specify the --without-werror configure option to build BIND 10.
	(Trac #2764, git ca1da8aa5de24358d7d4e7e9a4625347457118cf)

583.	[func]*		jelte
	b10-cmdctl-usermgr has been updated and its options and arguments
	have changed; it now defaults to the same accounts file as
	b10-cmdctl defaults to. It can now be used to remove users from the
	accounts file as well, and it now accepts command-line arguments to
	specify the username and password to add or remove, in which case
	it will not prompt for them.
	Note that using a password on the command line is not recommended,
	as this can be viewed by other users.
	(Trac #2713, git 9925af3b3f4daa47ba8c2eb66f556b01ed6f0502)

582.	[func]		naokikambe
	New statistics items related unixdomain sockets added into Xfrout :
	open, openfail, close, bindfail, acceptfail, accept, senderr, and
	recverr.  Their values can be obtained by invoking "Stats show Xfrout"
	via bindctl while Xfrout is running.
	(Trac #2225, git 6df60554683165adacc2d1c3d29aa42a0c9141a1)

581.	[func]*		y-aharen
	Added statistics items in b10-auth based on Qtype counters are
	dropped as it requires further spec design discussion.
	(Trac #2154, Trac #2155,
	             git 61d7c3959eb991b22bc1c0ef8f4ecb96b65d9325)
	(Trac #2157, git e653adac032f871cbd66cd500c37407a56d14589)

Thank you again to the contributors and testers of BIND 10.
We look forward to receiving your feedback.

Jeremy C. Reed
ISC Release Engineering Manager

Version: GnuPG v1.4.12 (NetBSD)


More information about the bind10-announce mailing list