diff --git a/CHANGES b/CHANGES index 704e5132f4..486f0df83c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.11.5rc1 released --- + 5038. [bug] Chaosnet addresses were compared incorrectly. [GL #562] diff --git a/README b/README index 07d3b95e2e..c27c307faa 100644 --- a/README +++ b/README @@ -250,6 +250,15 @@ BIND 9.11.4 BIND 9.11.4 is a maintenance release, and addresses the security flaw disclosed in CVE-2018-5738. +BIND 9.11.5 + +BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741 by +correcting faulty documentation and introducing the following new feature: + + * New krb5-selfsub and ms-selfsub rule types for update-policy + statements allow updating of subdomains based on a Kerberos or Active + Directory machine principal. + Building BIND BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX diff --git a/README.md b/README.md index 291c22105c..5c72e1959e 100644 --- a/README.md +++ b/README.md @@ -266,6 +266,16 @@ disclosed in CVE-2017-3145. BIND 9.11.4 is a maintenance release, and addresses the security flaw disclosed in CVE-2018-5738. +#### BIND 9.11.5 + +BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741 +by correcting faulty documentation and introducing the following new +feature: + +* New `krb5-selfsub` and `ms-selfsub` rule types for `update-policy` + statements allow updating of subdomains based on a Kerberos or + Active Directory machine principal. + ### Building BIND BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index cb21f43f77..2f3f789584 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -891,10 +891,10 @@ view \fIstring\fR [ \fIclass\fR ] { | slave | static\-stub | stub ); update\-check\-ksk \fIboolean\fR; update\-policy ( local | { ( deny | grant ) \fIstring\fR ( - 6to4\-self | external | krb5\-self | krb5\-subdomain | - ms\-self | ms\-subdomain | name | self | selfsub | - selfwild | subdomain | tcp\-self | wildcard | zonesub ) - [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; + 6to4\-self | external | krb5\-self | krb5\-selfsub | + krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain | + name | self | selfsub | selfwild | subdomain | tcp\-self + | wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; use\-alt\-transfer\-source \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zone\-statistics ( full | terse | none | \fIboolean\fR ); @@ -996,9 +996,10 @@ zone \fIstring\fR [ \fIclass\fR ] { | static\-stub | stub ); update\-check\-ksk \fIboolean\fR; update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self | - external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain - | name | self | selfsub | selfwild | subdomain | tcp\-self | - wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; + external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self + | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild + | subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ] + \fIrrtypelist\fR; \&.\&.\&. }; use\-alt\-transfer\-source \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zone\-statistics ( full | terse | none | \fIboolean\fR ); diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index f8c94eb3d8..a4bd6894f6 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -863,10 +863,10 @@ view string [ class ] { | slave | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( - 6to4-self | external | krb5-self | krb5-subdomain | - ms-self | ms-subdomain | name | self | selfsub | - selfwild | subdomain | tcp-self | wildcard | zonesub ) - [ string ] rrtypelist; ... }; + 6to4-self | external | krb5-self | krb5-selfsub | + krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | + name | self | selfsub | selfwild | subdomain | tcp-self + | wildcard | zonesub ) [ string ] rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); @@ -964,9 +964,10 @@ zone string [ class ] { | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( 6to4-self | - external | krb5-self | krb5-subdomain | ms-self | ms-subdomain - | name | self | selfsub | selfwild | subdomain | tcp-self | - wildcard | zonesub ) [ string ] rrtypelist; ... }; + external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self + | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild + | subdomain | tcp-self | wildcard | zonesub ) [ string ] + rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index cfcfe69b83..d3144942bc 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -856,10 +856,10 @@ view     | slave | static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string (
-     6to4-self | external | krb5-self | krb5-subdomain |
-     ms-self | ms-subdomain | name | self | selfsub |
-     selfwild | subdomain | tcp-self | wildcard | zonesub )
-     [ string ] rrtypelist; ... };
+     6to4-self | external | krb5-self | krb5-selfsub |
+     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+     name | self | selfsub | selfwild | subdomain | tcp-self
+     | wildcard | zonesub ) [ string ] rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
@@ -958,9 +958,10 @@ zone     | static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string ( 6to4-self |
-     external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
-     | name | self | selfsub | selfwild | subdomain | tcp-self |
-     wildcard | zonesub ) [ string ] rrtypelist; ... };
+     external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+     | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+     | subdomain | tcp-self | wildcard | zonesub ) [ string ]
+     rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 38d23df44c..a7e2dc610d 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -310,7 +310,7 @@ See also \fBrndc trace\fR\&. .RE .PP -\fBnta \fR\fB[( \-d | \-f | \-r | \-l \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR +\fBnta \fR\fB[( \-class \fIclass\fR | \-dump | \-force | \-remove | \-lifetime \fIduration\fR)]\fR\fB \fR\fB\fIdomain\fR\fR\fB \fR\fB[\fIview\fR]\fR\fB \fR .RS 4 Sets a DNSSEC negative trust anchor (NTA) for \fBdomain\fR, with a lifetime of @@ -342,7 +342,7 @@ option\&. TTL\-style suffixes can be used to specify the lifetime in seconds, mi to zero is equivalent to \fB\-remove\fR\&. .sp -If +If the \fB\-dump\fR is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up)\&. .sp @@ -354,11 +354,16 @@ option in the Administrator Reference Manual for details)\&. If data can be vali \fB\-force\fR overrides this behavior and forces an NTA to persist for its entire lifetime, regardless of whether data could be validated if the NTA were not present\&. .sp +The view class can be specified with +\fB\-class\fR\&. The default is class +\fBIN\fR, which is the only class for which DNSSEC is currently supported\&. +.sp All of these options can be shortened, i\&.e\&., to \fB\-l\fR, \fB\-r\fR, -\fB\-d\fR, and -\fB\-f\fR\&. +\fB\-d\fR, +\fB\-f\fR, and +\fB\-c\fR\&. .RE .PP \fBquerylog\fR [ on | off ] diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index c4694bdc56..4bb7649b35 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -417,7 +417,7 @@

nta - [( -d | -f | -r | -l duration)] + [( -class class | -dump | -force | -remove | -lifetime duration)] domain [view]
@@ -465,7 +465,7 @@ is equivalent to -remove.

- If -dump is used, any other arguments + If the -dump is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up). @@ -482,10 +482,15 @@ lifetime, regardless of whether data could be validated if the NTA were not present.

+

+ The view class can be specified with -class. + The default is class IN, which is + the only class for which DNSSEC is currently supported. +

All of these options can be shortened, i.e., to -l, -r, -d, - and -f. + -f, and -c.

querylog [ on | off ]
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index 47fe522cce..dfcf90d4c3 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -616,6 +616,6 @@ -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html index 457e7cb2d1..f4e3c66bfb 100644 --- a/doc/arm/Bv9ARM.ch02.html +++ b/doc/arm/Bv9ARM.ch02.html @@ -151,6 +151,6 @@ -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 7beeef4a20..814a9a5630 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -759,6 +759,6 @@ controls { -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index bb97165b35..099c3c006f 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index 3615fed566..1322575391 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -142,6 +142,6 @@ -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 085daa7311..edf1480044 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -4687,6 +4687,11 @@ options { slave zones respectively. It is off by default.

+

+ Note: if inline signing is enabled for a zone, the + user-provided ixfr-from-differences + setting is ignored for that zone. +

multi-master
@@ -9171,7 +9176,7 @@ view "external" { sig-signing-type integer; sig-validity-interval integer [ integer ]; update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; + update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); }; @@ -10397,7 +10402,7 @@ example.com. NS ns2.example.net. has been used to create a shared secret, the identity of the key used to authenticate the TKEY exchange will be used as the identity of the shared secret. Some rule types - use indentities matching the client's Kerberos principal + use identities matching the client's Kerberos principal (e.g, "host/machine@REALM") or Windows realm (machine$@REALM).

@@ -10417,12 +10422,13 @@ example.com. NS ns2.example.net. the rules are checked for each existing record type.

- The ruletype field has 13 + The ruletype field has 16 values: name, subdomain, wildcard, self, selfsub, selfwild, krb5-self, ms-self, + krb5-selfsub, ms-selfsub, krb5-subdomain, ms-subdomain, tcp-self, 6to4-self, @@ -10567,12 +10573,41 @@ example.com. NS ns2.example.net.

- This rule takes a Windows machine principal - (machine$@REALM) for machine in REALM and - and converts it machine.realm allowing the machine - to update machine.realm. The REALM to be matched - is specified in the identity - field. The name field should be set to "." + When a client sends an UPDATE using a Windows + machine principal (for example, 'machine$@REALM'), + this rule allows records with the absolute name + of 'machine.REALM' to be updated. +

+

+ The realm to be matched is specified in the + identity field. +

+

+ The name field has + no effect on this rule; it should be set to "." + as a placeholder. +

+

+ For example, + grant EXAMPLE.COM ms-self . A AAAA + allows any machine with a valid principal in + the realm EXAMPLE.COM to update + its own address records. +

+ + + + +

+ ms-selfsub +

+ + +

+ This is similar to ms-self + except it also allows updates to any subdomain of + the name specified in the Windows machine + principal, not just to the name itself.

@@ -10584,13 +10619,32 @@ example.com. NS ns2.example.net.

- This rule takes a Windows machine principal - (machine$@REALM) for machine in REALM and - converts it to machine.realm allowing the machine - to update subdomains of machine.realm. The REALM - to be matched is specified in the + When a client sends an UPDATE using a Windows + machine principal (for example, 'machine$@REALM'), + this rule allows any machine in the specified + realm to update any record in the zone or in a + specified subdomain of the zone. +

+

+ The realm to be matched is specified in the identity field.

+

+ The name field + specifies the subdomain that may be updated. + If set to "." (or any other name at or above + the zone apex), any name in the zone can be + updated. +

+

+ For example, if update-policy + for the zone "example.com" includes + grant EXAMPLE.COM ms-subdomain hosts.example.com. A AAAA, + any machine with a valid principal in + the realm EXAMPLE.COM will + be able to update address records at or below + "hosts.example.com". +

@@ -10601,12 +10655,47 @@ example.com. NS ns2.example.net.

- This rule takes a Kerberos machine principal - (host/machine@REALM) for machine in REALM and - and converts it machine.realm allowing the machine - to update machine.realm. The REALM to be matched - is specified in the identity - field. The name field should be set to "." + When a client sends an UPDATE using a + Kerberos machine principal (for example, + 'host/machine@REALM'), this rule allows + records with the absolute name of 'machine' + to be updated provided it has been authenticated + by REALM. This is similar but not identical + to ms-self due to the + 'machine' part of the Kerberos principal + being an absolute name instead of a unqualified + name. +

+

+ The realm to be matched is specified in the + identity field. +

+

+ The name field has + no effect on this rule; it should be set to "." + as a placeholder. +

+

+ For example, + grant EXAMPLE.COM krb5-self . A AAAA + allows any machine with a valid principal in + the realm EXAMPLE.COM to update + its own address records. +

+ + + + +

+ krb5-selfsub +

+ + +

+ This is similar to krb5-self + except it also allows updates to any subdomain of + the name specified in the 'machine' part of the + Kerberos principal, not just to the name itself.

@@ -10618,13 +10707,11 @@ example.com. NS ns2.example.net.

- This rule takes a Kerberos machine principal - (host/machine@REALM) for machine in REALM and - converts it to machine.realm allowing the machine - to update subdomains of machine.realm. The REALM - to be matched is specified in the - identity field. The - name field should be set to "." + This rule is identical to + ms-subdomain, except that it works + with Kerberos machine principals (i.e., + 'host/machine@REALM') rather than Windows machine + principals.

@@ -14573,6 +14660,6 @@ HOST-127.EXAMPLE. MX 0 . -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index 4b347c1252..188aa50d63 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -399,6 +399,6 @@ allow-query { !{ !10/8; any; }; key example; }; -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index e99a4d2328..8671c7d487 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -136,6 +136,6 @@ -

BIND 9.11.4-P1 (Extended Support Version)

+

BIND 9.11.5rc1 (Extended Support Version)

diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index ac1bcdb2a7..a2058e027d 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -36,7 +36,7 @@

Table of Contents

-
Release Notes for BIND Version 9.11.4-P1
+
Release Notes for BIND Version 9.11.5rc1
Introduction
Download
@@ -54,7 +54,7 @@

-Release Notes for BIND Version 9.11.4-P1

+Release Notes for BIND Version 9.11.5rc1

@@ -177,6 +177,15 @@ necessary.

+
  • +

    + Two new update policy rule types have been added + krb5-selfsub and ms-selfsub + which allow machines with Kerberos principals to update + the name space at or below the machine names identified + in the respective principals. +

    +

    • @@ -214,6 +223,14 @@ matching cookie-secret.

    +
  • +

    + The rndc nta command could not differentiate + between views of the same name but different class; this + has been corrected with the addition of a -class + option. [GL #105] +

    +
    • @@ -221,6 +238,15 @@

    Bug Fixes

    -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html index faaf24389c..8ec661fd07 100644 --- a/doc/arm/Bv9ARM.ch10.html +++ b/doc/arm/Bv9ARM.ch10.html @@ -148,6 +148,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html index beafa148d5..ed3f20d800 100644 --- a/doc/arm/Bv9ARM.ch11.html +++ b/doc/arm/Bv9ARM.ch11.html @@ -914,6 +914,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html index 546dce80c8..20a3f40b76 100644 --- a/doc/arm/Bv9ARM.ch12.html +++ b/doc/arm/Bv9ARM.ch12.html @@ -533,6 +533,6 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html index 5190275f7d..4cbc403168 100644 --- a/doc/arm/Bv9ARM.ch13.html +++ b/doc/arm/Bv9ARM.ch13.html @@ -213,6 +213,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index 298ad7a2be..06aea32836 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -32,7 +32,7 @@

    BIND 9 Administrator Reference Manual

    -

    BIND Version 9.11.4-P1

    +

    BIND Version 9.11.5rc1

    Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")

    @@ -241,7 +241,7 @@
    A. Release Notes
    -
    Release Notes for BIND Version 9.11.4-P1
    +
    Release Notes for BIND Version 9.11.5rc1
    Introduction
    Download
    @@ -443,6 +443,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf index 23a0fbcf4b..024b256d01 100644 Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 2f8a78a947..be73c41628 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -91,6 +91,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 96f18cd36b..f47db3b162 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -236,6 +236,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index 5c723b509e..fb49fca2a1 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -624,6 +624,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index 3340eae54b..f87b75eb0e 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -1108,6 +1108,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index 51cf2d8460..9a0d2d1653 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -148,6 +148,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index df738dfe6b..8ed91bf057 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -270,6 +270,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index 5332f50dde..81a46ddc71 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -289,6 +289,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html index 179e1ada88..d6a9e68c54 100644 --- a/doc/arm/man.dnssec-importkey.html +++ b/doc/arm/man.dnssec-importkey.html @@ -250,6 +250,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 3db6c8c492..0d1ba18f07 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -492,6 +492,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index a6e773cab5..cf960ec230 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -579,6 +579,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-keymgr.html b/doc/arm/man.dnssec-keymgr.html index 9af7c869d1..971d65ca49 100644 --- a/doc/arm/man.dnssec-keymgr.html +++ b/doc/arm/man.dnssec-keymgr.html @@ -398,6 +398,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index a8b52aa393..6577681140 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -171,6 +171,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index e470c4aee9..0c7ca75df3 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -349,6 +349,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index 0646be01a7..9895b58b55 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -708,6 +708,6 @@ db.example.com.signed -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index 3089a56341..636f9b5df2 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -202,6 +202,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html index 0285a125d5..8cf97096ad 100644 --- a/doc/arm/man.dnstap-read.html +++ b/doc/arm/man.dnstap-read.html @@ -134,6 +134,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index f8295bdbd9..1126b145d3 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -127,6 +127,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index 6d06ea9cbd..12f503d5d1 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -366,6 +366,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 9289533994..6e589f9f09 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -126,6 +126,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html index 496c7cae2a..4b575564e5 100644 --- a/doc/arm/man.lwresd.html +++ b/doc/arm/man.lwresd.html @@ -329,6 +329,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html index 59c17df009..e835839f23 100644 --- a/doc/arm/man.mdig.html +++ b/doc/arm/man.mdig.html @@ -609,6 +609,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index b7da4b6e68..0d7744fdae 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -192,6 +192,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 2c087be3a2..fc6b12392c 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -463,6 +463,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 78f9983494..e282b29894 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -117,6 +117,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html index 5caf67ca10..db715f62aa 100644 --- a/doc/arm/man.named-nzd2nzf.html +++ b/doc/arm/man.named-nzd2nzf.html @@ -119,6 +119,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index ed4c2de056..038af4a764 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -121,6 +121,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index f42d62a067..61bd9ed60d 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -874,10 +874,10 @@ view     | slave | static-stub | stub );
    update-check-ksk boolean;
    update-policy ( local | { ( deny | grant ) string (
    -     6to4-self | external | krb5-self | krb5-subdomain |
    -     ms-self | ms-subdomain | name | self | selfsub |
    -     selfwild | subdomain | tcp-self | wildcard | zonesub )
    -     [ string ] rrtypelist; ... };
    +     6to4-self | external | krb5-self | krb5-selfsub |
    +     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
    +     name | self | selfsub | selfwild | subdomain | tcp-self
    +     | wildcard | zonesub ) [ string ] rrtypelist; ... };
    use-alt-transfer-source boolean;
    zero-no-soa-ttl boolean;
    zone-statistics ( full | terse | none | boolean );
    @@ -976,9 +976,10 @@ zone     | static-stub | stub );
    update-check-ksk boolean;
    update-policy ( local | { ( deny | grant ) string ( 6to4-self |
    -     external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
    -     | name | self | selfsub | selfwild | subdomain | tcp-self |
    -     wildcard | zonesub ) [ string ] rrtypelist; ... };
    +     external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
    +     | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
    +     | subdomain | tcp-self | wildcard | zonesub ) [ string ]
    +     rrtypelist; ... };
    use-alt-transfer-source boolean;
    zero-no-soa-ttl boolean;
    zone-statistics ( full | terse | none | boolean );
    @@ -1035,6 +1036,6 @@ zone -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index ee18a15888..93107800cb 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -490,6 +490,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index 8099b0b243..9d70126145 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -131,6 +131,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html index 955e78b820..b9ff131172 100644 --- a/doc/arm/man.nslookup.html +++ b/doc/arm/man.nslookup.html @@ -419,6 +419,6 @@ nslookup -query=hinfo -timeout=10 -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 7940d1ba6f..3b78aae4a3 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -817,6 +817,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html index 1bcf34ade4..856c43c896 100644 --- a/doc/arm/man.pkcs11-destroy.html +++ b/doc/arm/man.pkcs11-destroy.html @@ -162,6 +162,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html index ba10853498..9f130e311f 100644 --- a/doc/arm/man.pkcs11-keygen.html +++ b/doc/arm/man.pkcs11-keygen.html @@ -200,6 +200,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html index 557c27f045..7860ed9ce2 100644 --- a/doc/arm/man.pkcs11-list.html +++ b/doc/arm/man.pkcs11-list.html @@ -158,6 +158,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html index 9cd50686ad..38f7566f3c 100644 --- a/doc/arm/man.pkcs11-tokens.html +++ b/doc/arm/man.pkcs11-tokens.html @@ -119,6 +119,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index b13633fe45..92a08dcce9 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -277,6 +277,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 59b3e3940e..ddc419c582 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -268,6 +268,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 9c71543283..b29cc24346 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -435,7 +435,7 @@

    nta - [( -d | -f | -r | -l duration)] + [( -class class | -dump | -force | -remove | -lifetime duration)] domain [view]
    @@ -483,7 +483,7 @@ is equivalent to -remove.

    - If -dump is used, any other arguments + If the -dump is used, any other arguments are ignored, and a list of existing NTAs is printed (note that this may include NTAs that are expired but have not yet been cleaned up). @@ -500,10 +500,15 @@ lifetime, regardless of whether data could be validated if the NTA were not present.

    +

    + The view class can be specified with -class. + The default is class IN, which is + the only class for which DNSSEC is currently supported. +

    All of these options can be shortened, i.e., to -l, -r, -d, - and -f. + -f, and -c.

    querylog [ on | off ]
    @@ -889,6 +894,6 @@ -

    BIND 9.11.4-P1 (Extended Support Version)

    +

    BIND 9.11.5rc1 (Extended Support Version)

    diff --git a/doc/arm/master.zoneopt.xml b/doc/arm/master.zoneopt.xml index 7a0e76d18b..85df9bdb01 100644 --- a/doc/arm/master.zoneopt.xml +++ b/doc/arm/master.zoneopt.xml @@ -62,7 +62,7 @@ sig-signing-type integer; sig-validity-interval integer [ integer ]; update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; + update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); }; diff --git a/doc/arm/notes.html b/doc/arm/notes.html index 30c0cba47c..4c14a471e8 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -15,7 +15,7 @@

    -Release Notes for BIND Version 9.11.4-P1

    +Release Notes for BIND Version 9.11.5rc1

    @@ -138,6 +138,15 @@ necessary.

    +
  • +

    + Two new update policy rule types have been added + krb5-selfsub and ms-selfsub + which allow machines with Kerberos principals to update + the name space at or below the machine names identified + in the respective principals. +

    +

    • @@ -175,6 +184,14 @@ matching cookie-secret.

    +
  • +

    + The rndc nta command could not differentiate + between views of the same name but different class; this + has been corrected with the addition of a -class + option. [GL #105] +

    +
    • @@ -182,6 +199,15 @@

    Bug Fixes

      +
    • +

      + When a negative trust anchor was added to multiple views + using rndc nta, the text returned via + rndc was incorrectly truncated after the + first line, making it appear that only one NTA had been + added. This has been fixed. [GL #105] +

      +

    • named now rejects excessively large diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf index 5e347585b4..1f410a896e 100644 Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ diff --git a/doc/arm/notes.txt b/doc/arm/notes.txt index 621a25e117..1e2ffeca7b 100644 --- a/doc/arm/notes.txt +++ b/doc/arm/notes.txt @@ -1,4 +1,4 @@ -Release Notes for BIND Version 9.11.4-P1 +Release Notes for BIND Version 9.11.5rc1 Introduction @@ -72,6 +72,11 @@ New Features security mechanism, and should not be disabled unless absolutely necessary. + * Two new update policy rule types have been added krb5-selfsub and + ms-selfsub which allow machines with Kerberos principals to update the + name space at or below the machine names identified in the respective + principals. + Removed Features * named will now log a warning if the old BIND now can be compiled @@ -88,8 +93,17 @@ Feature Changes Any others are used to accept old server cookies or those generated by other servers using the matching cookie-secret. + * The rndc nta command could not differentiate between views of the same + name but different class; this has been corrected with the addition of + a -class option. [GL #105] + Bug Fixes + * When a negative trust anchor was added to multiple views using rndc + nta, the text returned via rndc was incorrectly truncated after the + first line, making it appear that only one NTA had been added. This + has been fixed. [GL #105] + * named now rejects excessively large incremental (IXFR) zone transfers in order to prevent possible corruption of journal files which could cause named to abort when loading zones. [GL #339] diff --git a/doc/misc/master.zoneopt b/doc/misc/master.zoneopt index aa276dc24d..7152ed1de5 100644 --- a/doc/misc/master.zoneopt +++ b/doc/misc/master.zoneopt @@ -50,7 +50,7 @@ zone [ ] { sig-signing-type ; sig-validity-interval [ ]; update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-subdomain | ms-self | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ; ... }; + update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ; ... }; zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); }; diff --git a/doc/misc/options b/doc/misc/options index a3f9b6c647..ad6bbb269d 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -770,10 +770,10 @@ view [ ] { | slave | static-stub | stub ); update-check-ksk ; update-policy ( local | { ( deny | grant ) ( - 6to4-self | external | krb5-self | krb5-subdomain | - ms-self | ms-subdomain | name | self | selfsub | - selfwild | subdomain | tcp-self | wildcard | zonesub ) - [ ] ; ... }; + 6to4-self | external | krb5-self | krb5-selfsub | + krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | + name | self | selfsub | selfwild | subdomain | tcp-self + | wildcard | zonesub ) [ ] ; ... }; use-alt-transfer-source ; zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); @@ -872,9 +872,10 @@ zone [ ] { | static-stub | stub ); update-check-ksk ; update-policy ( local | { ( deny | grant ) ( 6to4-self | - external | krb5-self | krb5-subdomain | ms-self | ms-subdomain - | name | self | selfsub | selfwild | subdomain | tcp-self | - wildcard | zonesub ) [ ] ; ... }; + external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self + | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild + | subdomain | tcp-self | wildcard | zonesub ) [ ] + ; ... }; use-alt-transfer-source ; zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); diff --git a/lib/bind9/api b/lib/bind9/api index 0f454b5e22..79bb9ebfc7 100644 --- a/lib/bind9/api +++ b/lib/bind9/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 160 -LIBREVISION = 8 +LIBINTERFACE = 161 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/dns/api b/lib/dns/api index bd4f358686..dd8f92525a 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 1103 -LIBREVISION = 1 -LIBAGE = 1 +LIBINTERFACE = 1104 +LIBREVISION = 0 +LIBAGE = 0 diff --git a/lib/irs/api b/lib/irs/api index d7c46cae29..79bb9ebfc7 100644 --- a/lib/irs/api +++ b/lib/irs/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 160 -LIBREVISION = 5 +LIBINTERFACE = 161 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isc/api b/lib/isc/api index 8cdd04666f..7b1b2b1bb4 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 169 -LIBREVISION = 3 +LIBINTERFACE = 1100 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isccc/api b/lib/isccc/api index bc911207e4..79bb9ebfc7 100644 --- a/lib/isccc/api +++ b/lib/isccc/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 160 -LIBREVISION = 3 +LIBINTERFACE = 161 +LIBREVISION = 0 LIBAGE = 0 diff --git a/lib/isccfg/api b/lib/isccfg/api index 5da02bc2d4..4cbb63b6cd 100644 --- a/lib/isccfg/api +++ b/lib/isccfg/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 162 -LIBREVISION = 1 -LIBAGE = 2 +LIBINTERFACE = 163 +LIBREVISION = 0 +LIBAGE = 0 diff --git a/lib/lwres/api b/lib/lwres/api index bf0576b333..79bb9ebfc7 100644 --- a/lib/lwres/api +++ b/lib/lwres/api @@ -8,6 +8,6 @@ # 9.10-sub: 180-189 # 9.11: 160-169,1100-1199 # 9.12: 1200-1299 -LIBINTERFACE = 160 -LIBREVISION = 2 +LIBINTERFACE = 161 +LIBREVISION = 0 LIBAGE = 0 diff --git a/version b/version index d449f9e197..2625ddd3db 100644 --- a/version +++ b/version @@ -5,7 +5,7 @@ PRODUCT=BIND DESCRIPTION="(Extended Support Version)" MAJORVER=9 MINORVER=11 -PATCHVER=4 -RELEASETYPE=-P +PATCHVER=5 +RELEASETYPE=rc RELEASEVER=1 EXTENSIONS=