upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-12 17:10:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

prep 9.11.5rc1

Browse source
This commit is contained in:
Tinderbox User 2018-09-29 03:48:11 +00:00
parent a9e4ed033b
commit 186cf94c9a
75 changed files with 344 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -1,3 +1,5 @@
--- 9.11.5rc1 released ---
5038. [bug] Chaosnet addresses were compared incorrectly.
[GL #562]

9
README
View file

@ -250,6 +250,15 @@ BIND 9.11.4
BIND 9.11.4 is a maintenance release, and addresses the security flaw
disclosed in CVE-2018-5738.
BIND 9.11.5
BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741 by
correcting faulty documentation and introducing the following new feature:
* New krb5-selfsub and ms-selfsub rule types for update-policy
statements allow updating of subdomains based on a Kerberos or Active
Directory machine principal.
Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX

10
README.md
View file

@ -266,6 +266,16 @@ disclosed in CVE-2017-3145.
BIND 9.11.4 is a maintenance release, and addresses the security flaw
disclosed in CVE-2018-5738.
#### BIND 9.11.5
BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741
by correcting faulty documentation and introducing the following new
feature:
* New `krb5-selfsub` and `ms-selfsub` rule types for `update-policy`
statements allow updating of subdomains based on a Kerberos or
Active Directory machine principal.
### <a name="build"/> Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX

15
bin/named/named.conf.5
View file

@ -891,10 +891,10 @@ view \fIstring\fR [ \fIclass\fR ] {
| slave | static\-stub | stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR (
6to4\-self | external | krb5\-self | krb5\-subdomain |
ms\-self | ms\-subdomain | name | self | selfsub |
selfwild | subdomain | tcp\-self | wildcard | zonesub )
[ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
6to4\-self | external | krb5\-self | krb5\-selfsub |
krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain |
name | self | selfsub | selfwild | subdomain | tcp\-self
| wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR );
@ -996,9 +996,10 @@ zone \fIstring\fR [ \fIclass\fR ] {
| static\-stub | stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self |
external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain
| name | self | selfsub | selfwild | subdomain | tcp\-self |
wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self
| ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild
| subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ]
\fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR );

15
bin/named/named.conf.docbook
View file

@ -863,10 +863,10 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
| slave | static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> (
6to4-self | external | krb5-self | krb5-subdomain |
ms-self | ms-subdomain | name | self | selfsub |
selfwild | subdomain | tcp-self | wildcard | zonesub )
[ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
| wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
@ -964,9 +964,10 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
| static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
| name | self | selfsub | selfwild | subdomain | tcp-self |
wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ]
<replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );

15
bin/named/named.conf.html
View file

@ -856,10 +856,10 @@ view
    | slave | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> (<br>
    6to4-self | external | krb5-self | krb5-subdomain |<br>
    ms-self | ms-subdomain | name | self | selfsub |<br>
    selfwild | subdomain | tcp-self | wildcard | zonesub )<br>
    [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
    6to4-self | external | krb5-self | krb5-selfsub |<br>
    krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |<br>
    name | self | selfsub | selfwild | subdomain | tcp-self<br>
    | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
@ -958,9 +958,10 @@ zone
    | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>
    | name | self | selfsub | selfwild | subdomain | tcp-self |<br>
    wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
    external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self<br>
    | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild<br>
    | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ]<br>
    <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>

13
bin/rndc/rndc.8
View file

@ -310,7 +310,7 @@ See also
\fBrndc trace\fR\&.
.RE
.PP
\fBnta \fR\fB[( \-d | \-f | \-r | \-l \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR
\fBnta \fR\fB[( \-class \fIclass\fR | \-dump | \-force | \-remove | \-lifetime \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR
.RS 4
Sets a DNSSEC negative trust anchor (NTA) for
\fBdomain\fR, with a lifetime of
@ -342,7 +342,7 @@ option\&. TTL\-style suffixes can be used to specify the lifetime in seconds, mi
to zero is equivalent to
\fB\-remove\fR\&.
.sp
If
If the
\fB\-dump\fR
is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up)\&.
.sp
@ -354,11 +354,16 @@ option in the Administrator Reference Manual for details)\&. If data can be vali
\fB\-force\fR
overrides this behavior and forces an NTA to persist for its entire lifetime, regardless of whether data could be validated if the NTA were not present\&.
.sp
The view class can be specified with
\fB\-class\fR\&. The default is class
\fBIN\fR, which is the only class for which DNSSEC is currently supported\&.
.sp
All of these options can be shortened, i\&.e\&., to
\fB\-l\fR,
\fB\-r\fR,
\fB\-d\fR, and
\fB\-f\fR\&.
\fB\-d\fR,
\fB\-f\fR, and
\fB\-c\fR\&.
.RE
.PP
\fBquerylog\fR [ on | off ]

11
bin/rndc/rndc.html
View file

@ -417,7 +417,7 @@
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>nta
[<span class="optional">( -d | -f | -r | -l <em class="replaceable"><code>duration</code></em>)</span>]
[<span class="optional">( -class <em class="replaceable"><code>class</code></em> | -dump | -force | -remove | -lifetime <em class="replaceable"><code>duration</code></em>)</span>]
<em class="replaceable"><code>domain</code></em>
[<span class="optional"><em class="replaceable"><code>view</code></em></span>]
</code></strong></span></dt>
@ -465,7 +465,7 @@
is equivalent to <code class="option">-remove</code>.
</p>
<p>
If <code class="option">-dump</code> is used, any other arguments
If the <code class="option">-dump</code> is used, any other arguments
are ignored, and a list of existing NTAs is printed
(note that this may include NTAs that are expired but
have not yet been cleaned up).
@ -482,10 +482,15 @@
lifetime, regardless of whether data could be
validated if the NTA were not present.
</p>
<p>
The view class can be specified with <code class="option">-class</code>.
The default is class <strong class="userinput"><code>IN</code></strong>, which is
the only class for which DNSSEC is currently supported.
</p>
<p>
All of these options can be shortened, i.e., to
<code class="option">-l</code>, <code class="option">-r</code>, <code class="option">-d</code>,
and <code class="option">-f</code>.
<code class="option">-f</code>, and <code class="option">-c</code>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional"> on | off </span>] </span></dt>

2
doc/arm/Bv9ARM.ch01.html
View file

@ -616,6 +616,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch02.html
View file

@ -151,6 +151,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch03.html
View file

@ -759,6 +759,6 @@ controls {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch04.html
View file

@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch05.html
View file

@ -142,6 +142,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

143
doc/arm/Bv9ARM.ch06.html
View file

@ -4687,6 +4687,11 @@ options {
<span class="command"><strong>slave</strong></span> zones respectively.
It is off by default.
</p>
<p>
Note: if inline signing is enabled for a zone, the
user-provided <span class="command"><strong>ixfr-from-differences</strong></span>
setting is ignored for that zone.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>multi-master</strong></span></span></dt>
<dd>
@ -9171,7 +9176,7 @@ view "external" {
<span class="command"><strong>sig-signing-type</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>sig-validity-interval</strong></span> <em class="replaceable"><code>integer</code></em> [ <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>update-check-ksk</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>update-policy</strong></span> ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };
<span class="command"><strong>update-policy</strong></span> ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };
<span class="command"><strong>zero-no-soa-ttl</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>zone-statistics</strong></span> ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );
};
@ -10397,7 +10402,7 @@ example.com. NS ns2.example.net.
has been used to create a shared secret, the identity of
the key used to authenticate the TKEY exchange will be
used as the identity of the shared secret. Some rule types
use indentities matching the client's Kerberos principal
use identities matching the client's Kerberos principal
(e.g, <strong class="userinput"><code>"host/machine@REALM"</code></strong>) or
Windows realm (<strong class="userinput"><code>machine$@REALM</code></strong>).
</p>
@ -10417,12 +10422,13 @@ example.com. NS ns2.example.net.
the rules are checked for each existing record type.
</p>
<p>
The <em class="replaceable"><code>ruletype</code></em> field has 13
The <em class="replaceable"><code>ruletype</code></em> field has 16
values:
<code class="varname">name</code>, <code class="varname">subdomain</code>,
<code class="varname">wildcard</code>, <code class="varname">self</code>,
<code class="varname">selfsub</code>, <code class="varname">selfwild</code>,
<code class="varname">krb5-self</code>, <code class="varname">ms-self</code>,
<code class="varname">krb5-selfsub</code>, <code class="varname">ms-selfsub</code>,
<code class="varname">krb5-subdomain</code>,
<code class="varname">ms-subdomain</code>,
<code class="varname">tcp-self</code>, <code class="varname">6to4-self</code>,
@ -10567,12 +10573,41 @@ example.com. NS ns2.example.net.
</td>
<td>
<p>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <em class="replaceable"><code>identity</code></em>
field. The name field should be set to "."
When a client sends an UPDATE using a Windows
machine principal (for example, 'machine$@REALM'),
this rule allows records with the absolute name
of 'machine.REALM' to be updated.
</p>
<p>
The realm to be matched is specified in the
<em class="replaceable"><code>identity</code></em> field.
</p>
<p>
The <em class="replaceable"><code>name</code></em> field has
no effect on this rule; it should be set to "."
as a placeholder.
</p>
<p>
For example,
<strong class="userinput"><code>grant EXAMPLE.COM ms-self . A AAAA</code></strong>
allows any machine with a valid principal in
the realm <strong class="userinput"><code>EXAMPLE.COM</code></strong> to update
its own address records.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">ms-selfsub</code>
</p>
</td>
<td>
<p>
This is similar to <span class="command"><strong>ms-self</strong></span>
except it also allows updates to any subdomain of
the name specified in the Windows machine
principal, not just to the name itself.
</p>
</td>
</tr>
@ -10584,13 +10619,32 @@ example.com. NS ns2.example.net.
</td>
<td>
<p>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
When a client sends an UPDATE using a Windows
machine principal (for example, 'machine$@REALM'),
this rule allows any machine in the specified
realm to update any record in the zone or in a
specified subdomain of the zone.
</p>
<p>
The realm to be matched is specified in the
<em class="replaceable"><code>identity</code></em> field.
</p>
<p>
The <em class="replaceable"><code>name</code></em> field
specifies the subdomain that may be updated.
If set to "." (or any other name at or above
the zone apex), any name in the zone can be
updated.
</p>
<p>
For example, if <span class="command"><strong>update-policy</strong></span>
for the zone "example.com" includes
<strong class="userinput"><code>grant EXAMPLE.COM ms-subdomain hosts.example.com. A AAAA</code></strong>,
any machine with a valid principal in
the realm <strong class="userinput"><code>EXAMPLE.COM</code></strong> will
be able to update address records at or below
"hosts.example.com".
</p>
</td>
</tr>
<tr>
@ -10601,12 +10655,47 @@ example.com. NS ns2.example.net.
</td>
<td>
<p>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <em class="replaceable"><code>identity</code></em>
field. The name field should be set to "."
When a client sends an UPDATE using a
Kerberos machine principal (for example,
'host/machine@REALM'), this rule allows
records with the absolute name of 'machine'
to be updated provided it has been authenticated
by REALM. This is similar but not identical
to <span class="command"><strong>ms-self</strong></span> due to the
'machine' part of the Kerberos principal
being an absolute name instead of a unqualified
name.
</p>
<p>
The realm to be matched is specified in the
<em class="replaceable"><code>identity</code></em> field.
</p>
<p>
The <em class="replaceable"><code>name</code></em> field has
no effect on this rule; it should be set to "."
as a placeholder.
</p>
<p>
For example,
<strong class="userinput"><code>grant EXAMPLE.COM krb5-self . A AAAA</code></strong>
allows any machine with a valid principal in
the realm <strong class="userinput"><code>EXAMPLE.COM</code></strong> to update
its own address records.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">krb5-selfsub</code>
</p>
</td>
<td>
<p>
This is similar to <span class="command"><strong>krb5-self</strong></span>
except it also allows updates to any subdomain of
the name specified in the 'machine' part of the
Kerberos principal, not just to the name itself.
</p>
</td>
</tr>
@ -10618,13 +10707,11 @@ example.com. NS ns2.example.net.
</td>
<td>
<p>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
to be matched is specified in the
<em class="replaceable"><code>identity</code></em> field. The
name field should be set to "."
This rule is identical to
<span class="command"><strong>ms-subdomain</strong></span>, except that it works
with Kerberos machine principals (i.e.,
'host/machine@REALM') rather than Windows machine
principals.
</p>
</td>
</tr>
@ -14573,6 +14660,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch07.html
View file

@ -399,6 +399,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch08.html
View file

@ -136,6 +136,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

32
doc/arm/Bv9ARM.ch09.html
View file

@ -36,7 +36,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4-P1</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.5rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@ -54,7 +54,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.4-P1</h2></div></div></div>
<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.5rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
@ -177,6 +177,15 @@
necessary.
</p>
</li>
<li class="listitem">
<p>
Two new update policy rule types have been added
<span class="command"><strong>krb5-selfsub</strong></span> and <span class="command"><strong>ms-selfsub</strong></span>
which allow machines with Kerberos principals to update
the name space at or below the machine names identified
in the respective principals.
</p>
</li>
</ul></div>
</div>
@ -214,6 +223,14 @@
matching <span class="command"><strong>cookie-secret</strong></span>.
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>rndc nta</strong></span> command could not differentiate
between views of the same name but different class; this
has been corrected with the addition of a <span class="command"><strong>-class</strong></span>
option. [GL #105]
</p>
</li>
</ul></div>
</div>
@ -221,6 +238,15 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
When a negative trust anchor was added to multiple views
using <span class="command"><strong>rndc nta</strong></span>, the text returned via
<span class="command"><strong>rndc</strong></span> was incorrectly truncated after the
first line, making it appear that only one NTA had been
added. This has been fixed. [GL #105]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> now rejects excessively large
@ -280,6 +306,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch10.html
View file

@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch11.html
View file

@ -914,6 +914,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch12.html
View file

@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch13.html
View file

@ -213,6 +213,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

6
doc/arm/Bv9ARM.html
View file

@ -32,7 +32,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="releaseinfo">BIND Version 9.11.4-P1</p></div>
<div><p class="releaseinfo">BIND Version 9.11.5rc1</p></div>
<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
@ -241,7 +241,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4-P1</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.5rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@ -443,6 +443,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

BIN
doc/arm/Bv9ARM.pdf
View file

Binary file not shown.

2
doc/arm/man.arpaname.html
View file

@ -91,6 +91,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.ddns-confgen.html
View file

@ -236,6 +236,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.delv.html
View file

@ -624,6 +624,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dig.html
View file

@ -1108,6 +1108,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-checkds.html
View file

@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-coverage.html
View file

@ -270,6 +270,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-dsfromkey.html
View file

@ -289,6 +289,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-importkey.html
View file

@ -250,6 +250,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-keyfromlabel.html
View file

@ -492,6 +492,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-keygen.html
View file

@ -579,6 +579,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-keymgr.html
View file

@ -398,6 +398,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-revoke.html
View file

@ -171,6 +171,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-settime.html
View file

@ -349,6 +349,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-signzone.html
View file

@ -708,6 +708,6 @@ db.example.com.signed
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnssec-verify.html
View file

@ -202,6 +202,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.dnstap-read.html
View file

@ -134,6 +134,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.genrandom.html
View file

@ -127,6 +127,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.host.html
View file

@ -366,6 +366,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.isc-hmac-fixup.html
View file

@ -126,6 +126,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.lwresd.html
View file

@ -329,6 +329,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.mdig.html
View file

@ -609,6 +609,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.named-checkconf.html
View file

@ -192,6 +192,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.named-checkzone.html
View file

@ -463,6 +463,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.named-journalprint.html
View file

@ -117,6 +117,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.named-nzd2nzf.html
View file

@ -119,6 +119,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.named-rrchecker.html
View file

@ -121,6 +121,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

17
doc/arm/man.named.conf.html
View file

@ -874,10 +874,10 @@ view
    | slave | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> (<br>
    6to4-self | external | krb5-self | krb5-subdomain |<br>
    ms-self | ms-subdomain | name | self | selfsub |<br>
    selfwild | subdomain | tcp-self | wildcard | zonesub )<br>
    [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
    6to4-self | external | krb5-self | krb5-selfsub |<br>
    krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |<br>
    name | self | selfsub | selfwild | subdomain | tcp-self<br>
    | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
@ -976,9 +976,10 @@ zone
    | static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>
    | name | self | selfsub | selfwild | subdomain | tcp-self |<br>
    wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
    external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self<br>
    | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild<br>
    | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ]<br>
    <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
@ -1035,6 +1036,6 @@ zone
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.named.html
View file

@ -490,6 +490,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.nsec3hash.html
View file

@ -131,6 +131,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.nslookup.html
View file

@ -419,6 +419,6 @@ nslookup -query=hinfo -timeout=10
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.nsupdate.html
View file

@ -817,6 +817,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.pkcs11-destroy.html
View file

@ -162,6 +162,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.pkcs11-keygen.html
View file

@ -200,6 +200,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.pkcs11-list.html
View file

@ -158,6 +158,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.pkcs11-tokens.html
View file

@ -119,6 +119,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.rndc-confgen.html
View file

@ -277,6 +277,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/man.rndc.conf.html
View file

@ -268,6 +268,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

13
doc/arm/man.rndc.html
View file

@ -435,7 +435,7 @@
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>nta
[<span class="optional">( -d | -f | -r | -l <em class="replaceable"><code>duration</code></em>)</span>]
[<span class="optional">( -class <em class="replaceable"><code>class</code></em> | -dump | -force | -remove | -lifetime <em class="replaceable"><code>duration</code></em>)</span>]
<em class="replaceable"><code>domain</code></em>
[<span class="optional"><em class="replaceable"><code>view</code></em></span>]
</code></strong></span></dt>
@ -483,7 +483,7 @@
is equivalent to <code class="option">-remove</code>.
</p>
<p>
If <code class="option">-dump</code> is used, any other arguments
If the <code class="option">-dump</code> is used, any other arguments
are ignored, and a list of existing NTAs is printed
(note that this may include NTAs that are expired but
have not yet been cleaned up).
@ -500,10 +500,15 @@
lifetime, regardless of whether data could be
validated if the NTA were not present.
</p>
<p>
The view class can be specified with <code class="option">-class</code>.
The default is class <strong class="userinput"><code>IN</code></strong>, which is
the only class for which DNSSEC is currently supported.
</p>
<p>
All of these options can be shortened, i.e., to
<code class="option">-l</code>, <code class="option">-r</code>, <code class="option">-d</code>,
and <code class="option">-f</code>.
<code class="option">-f</code>, and <code class="option">-c</code>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional"> on | off </span>] </span></dt>
@ -889,6 +894,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P1 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5rc1 (Extended Support Version)</p>
</body>
</html>

2
doc/arm/master.zoneopt.xml
View file

@ -62,7 +62,7 @@
<command>sig-signing-type</command> <replaceable>integer</replaceable>;
<command>sig-validity-interval</command> <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
<command>update-check-ksk</command> <replaceable>boolean</replaceable>;
<command>update-policy</command> ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
<command>update-policy</command> ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
<command>zero-no-soa-ttl</command> <replaceable>boolean</replaceable>;
<command>zone-statistics</command> ( full | terse | none | <replaceable>boolean</replaceable> );
};

28
doc/arm/notes.html
View file

@ -15,7 +15,7 @@
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2"></a>Release Notes for BIND Version 9.11.4-P1</h2></div></div></div>
<a name="id-1.2"></a>Release Notes for BIND Version 9.11.5rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
@ -138,6 +138,15 @@
necessary.
</p>
</li>
<li class="listitem">
<p>
Two new update policy rule types have been added
<span class="command"><strong>krb5-selfsub</strong></span> and <span class="command"><strong>ms-selfsub</strong></span>
which allow machines with Kerberos principals to update
the name space at or below the machine names identified
in the respective principals.
</p>
</li>
</ul></div>
</div>
@ -175,6 +184,14 @@
matching <span class="command"><strong>cookie-secret</strong></span>.
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>rndc nta</strong></span> command could not differentiate
between views of the same name but different class; this
has been corrected with the addition of a <span class="command"><strong>-class</strong></span>
option. [GL #105]
</p>
</li>
</ul></div>
</div>
@ -182,6 +199,15 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
When a negative trust anchor was added to multiple views
using <span class="command"><strong>rndc nta</strong></span>, the text returned via
<span class="command"><strong>rndc</strong></span> was incorrectly truncated after the
first line, making it appear that only one NTA had been
added. This has been fixed. [GL #105]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> now rejects excessively large

BIN
doc/arm/notes.pdf
View file

Binary file not shown.

16
doc/arm/notes.txt
View file

@ -1,4 +1,4 @@
Release Notes for BIND Version 9.11.4-P1
Release Notes for BIND Version 9.11.5rc1
Introduction
@ -72,6 +72,11 @@ New Features
security mechanism, and should not be disabled unless absolutely
necessary.
* Two new update policy rule types have been added krb5-selfsub and
ms-selfsub which allow machines with Kerberos principals to update the
name space at or below the machine names identified in the respective
principals.
Removed Features
* named will now log a warning if the old BIND now can be compiled
@ -88,8 +93,17 @@ Feature Changes
Any others are used to accept old server cookies or those generated by
other servers using the matching cookie-secret.
* The rndc nta command could not differentiate between views of the same
name but different class; this has been corrected with the addition of
a -class option. [GL #105]
Bug Fixes
* When a negative trust anchor was added to multiple views using rndc
nta, the text returned via rndc was incorrectly truncated after the
first line, making it appear that only one NTA had been added. This
has been fixed. [GL #105]
* named now rejects excessively large incremental (IXFR) zone transfers
in order to prevent possible corruption of journal files which could
cause named to abort when loading zones. [GL #339]

2
doc/misc/master.zoneopt
View file

@ -50,7 +50,7 @@ zone <string> [ <class> ] {
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};

15
doc/misc/options
View file

@ -770,10 +770,10 @@ view <string> [ <class> ] {
| slave | static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> (
6to4-self | external | krb5-self | krb5-subdomain |
ms-self | ms-subdomain | name | self | selfsub |
selfwild | subdomain | tcp-self | wildcard | zonesub )
[ <string> ] <rrtypelist>; ... };
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
| wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
@ -872,9 +872,10 @@ zone <string> [ <class> ] {
| static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
| name | self | selfsub | selfwild | subdomain | tcp-self |
wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
<rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );

4
lib/bind9/api
View file

@ -8,6 +8,6 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
LIBREVISION = 8
LIBINTERFACE = 161
LIBREVISION = 0
LIBAGE = 0

6
lib/dns/api
View file

@ -8,6 +8,6 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 1103
LIBREVISION = 1
LIBAGE = 1
LIBINTERFACE = 1104
LIBREVISION = 0
LIBAGE = 0

4
lib/irs/api
View file

@ -8,6 +8,6 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
LIBREVISION = 5
LIBINTERFACE = 161
LIBREVISION = 0
LIBAGE = 0

4
lib/isc/api
View file

@ -8,6 +8,6 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 169
LIBREVISION = 3
LIBINTERFACE = 1100
LIBREVISION = 0
LIBAGE = 0

4
lib/isccc/api
View file

@ -8,6 +8,6 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
LIBREVISION = 3
LIBINTERFACE = 161
LIBREVISION = 0
LIBAGE = 0

6
lib/isccfg/api
View file

@ -8,6 +8,6 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 162
LIBREVISION = 1
LIBAGE = 2
LIBINTERFACE = 163
LIBREVISION = 0
LIBAGE = 0

4
lib/lwres/api
View file

@ -8,6 +8,6 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
LIBINTERFACE = 160
LIBREVISION = 2
LIBINTERFACE = 161
LIBREVISION = 0
LIBAGE = 0

4
version
View file

@ -5,7 +5,7 @@ PRODUCT=BIND
DESCRIPTION="(Extended Support Version)"
MAJORVER=9
MINORVER=11
PATCHVER=4
RELEASETYPE=-P
PATCHVER=5
RELEASETYPE=rc
RELEASEVER=1
EXTENSIONS=