upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 19:10:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

doc rebuild

Browse source
This commit is contained in:
Tinderbox User 2019-02-28 00:05:06 +00:00
parent 13c0bf922b
commit 4ea7fb82a7
57 changed files with 309 additions and 667 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/named/named.conf.5
View file

@ -10,12 +10,12 @@
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2018-12-07
.\" Date: 2019-02-06
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "NAMED\&.CONF" "5" "2018\-12\-07" "ISC" "BIND9"
.TH "NAMED\&.CONF" "5" "2019\-02\-06" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------

2
bin/named/named.conf.docbook
View file

@ -13,7 +13,7 @@
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
<date>2018-12-07</date>
<date>2019-02-06</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>

18
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for BIND 9.13.
# Generated by GNU Autoconf 2.69 for BIND 9.14.
#
# Report bugs to <info@isc.org>.
#
@ -589,8 +589,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='BIND'
PACKAGE_TARNAME='bind'
PACKAGE_VERSION='9.13'
PACKAGE_STRING='BIND 9.13'
PACKAGE_VERSION='9.14'
PACKAGE_STRING='BIND 9.14'
PACKAGE_BUGREPORT='info@isc.org'
PACKAGE_URL='https://www.isc.org/downloads/BIND/'
@ -1501,7 +1501,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures BIND 9.13 to adapt to many kinds of systems.
\`configure' configures BIND 9.14 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1566,7 +1566,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of BIND 9.13:";;
short | recursive ) echo "Configuration of BIND 9.14:";;
esac
cat <<\_ACEOF
@ -1770,7 +1770,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
BIND configure 9.13
BIND configure 9.14
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2193,7 +2193,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by BIND $as_me 9.13, which was
It was created by BIND $as_me 9.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -21995,7 +21995,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by BIND $as_me 9.13, which was
This file was extended by BIND $as_me 9.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -22062,7 +22062,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
BIND config.status 9.13
BIND config.status 9.14
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

4
doc/arm/Bv9ARM.ch01.html
View file

@ -75,7 +75,7 @@
<acronym class="acronym">BIND</acronym> version 9 software package for
system administrators.
</p>
<p>This version of the manual corresponds to BIND version 9.13.</p>
<p>This version of the manual corresponds to BIND version 9.14.</p>
</div>
<div class="section">
@ -614,6 +614,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch02.html
View file

@ -146,6 +146,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch03.html
View file

@ -856,6 +856,6 @@ controls {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch04.html
View file

@ -2863,6 +2863,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch05.html
View file

@ -14831,6 +14831,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch06.html
View file

@ -361,6 +361,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch07.html
View file

@ -191,6 +191,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

316
doc/arm/Bv9ARM.ch08.html
View file

@ -36,17 +36,15 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.7</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.0rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_platforms">Supported Platforms</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_removed">Removed Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_license">License</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#end_of_life">End of Life</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_thanks">Thank You</a></span></dt>
@ -55,17 +53,22 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.7</h2></div></div></div>
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.14.0rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
BIND 9.13 is an unstable development release of BIND.
This document summarizes new features and functional changes that
have been introduced on this branch. With each development release
leading up to the stable BIND 9.14 release, this document will be
updated with additional features added and bugs fixed.
BIND 9.14.0 is the first release of a new stable branch of BIND.
This document summarizes new features and functional changes
that have been introduced, as well as features that have been
deprecated or removed, since the last stable branch, 9.12.
</p>
<p>
</p>
<p>
Please see the file <code class="filename">CHANGES</code> for a more
detailed list of changes and bug fixes.
</p>
</div>
@ -73,23 +76,11 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_versions"></a>Note on Version Numbering</h3></div></div></div>
<p>
Prior to BIND 9.13, new feature development releases were tagged
as "alpha" and "beta", leading up to the first stable release
for a given development branch, which always ended in ".0".
</p>
<p>
Now, however, BIND has adopted the "odd-unstable/even-stable"
release numbering convention. There will be no "alpha" or "beta"
releases in the 9.13 branch, only increasing version numbers.
So, for example, what would previously have been called 9.13.0a1,
9.13.0a2, 9.13.0b1, and so on, will instead be called 9.13.0,
9.13.1, 9.13.2, etc.
</p>
<p>
The first stable release from this development branch will be
renamed as 9.14.0. Thereafter, maintenance releases will continue
on the 9.14 branch, while unstable feature development proceeds in
9.15.
As of BIND 9.13/9.14, BIND has adopted the "odd-unstable/even-stable"
release numbering convention. BIND 9.14 contains new features added
during the BIND 9.13 development process. Henceforth, the 9.14 branch
will be limited to bug fixes and new feature development will proceed
in the unstable 9.15 branch, and so forth.
</p>
</div>
@ -97,12 +88,15 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_platforms"></a>Supported Platforms</h3></div></div></div>
<p>
BIND 9.13 has undergone substantial code refactoring and cleanup,
and some very old code has been removed that was needed to support
legacy platforms which are no longer supported by their vendors
and for which ISC is no longer able to perform quality assurance
testing. Specifically, workarounds for old versions of UnixWare,
BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX have been removed.
Since 9.12, BIND has undergone substantial code refactoring and
cleanup, and some very old code has been removed that was needed
to support legacy platforms which are no longer supported by their
vendors and for which ISC is no longer able to perform quality
assurance testing. Specifically, workarounds for old versions of
UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX have been
removed.
</p>
<p>
On UNIX-like systems, BIND now requires support for POSIX.1c
threads (IEEE Std 1003.1c-1995), the Advanced Sockets API for
IPv6 (RFC 3542), and standard atomic operations provided by the
@ -117,7 +111,7 @@
for systems that are still supported by their respective vendors.
</p>
<p>
As of BIND 9.13, the BIND development team has also made cryptography
As of BIND 9.14, the BIND development team has also made cryptography
(i.e., TSIG and DNSSEC) an integral part of the DNS server. The
OpenSSL cryptography library must be available for the target
platform. A PKCS#11 provider can be used instead for Public Key
@ -141,83 +135,6 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
There was a long-existing flaw in the documentation for
<span class="command"><strong>ms-self</strong></span>, <span class="command"><strong>krb5-self</strong></span>,
<span class="command"><strong>ms-subdomain</strong></span>, and <span class="command"><strong>krb5-subdomain</strong></span>
rules in <span class="command"><strong>update-policy</strong></span> statements. Though
the policies worked as intended, operators who configured their
servers according to the misleading documentation may have
thought zone updates were more restricted than they were;
users of these rule types are advised to review the documentation
and correct their configurations if necessary. New rule types
matching the previously documented behavior will be introduced
in a future maintenance release. [GL !708]
</p>
</li>
<li class="listitem">
<p>
When recursion is enabled but the <span class="command"><strong>allow-recursion</strong></span>
and <span class="command"><strong>allow-query-cache</strong></span> ACLs are not specified, they
should be limited to local networks, but they were inadvertently set
to match the default <span class="command"><strong>allow-query</strong></span>, thus allowing
remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> could crash during recursive processing
of DNAME records when <span class="command"><strong>deny-answer-aliases</strong></span> was
in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
</p>
</li>
<li class="listitem">
<p>
Code change #4964, intended to prevent double signatures
when deleting an inactive zone DNSKEY in some situations,
introduced a new problem during zone processing in which
some delegation glue RRsets are incorrectly identified
as needing RRSIGs, which are then created for them using
the current active ZSK for the zone. In some, but not all
cases, the newly-signed RRsets are added to the zone's
NSEC/NSEC3 chain, but incompletely -- this can result in
a broken chain, affecting validation of proof of nonexistence
for records in the zone. [GL #771]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> could crash if it managed a DNSSEC
security root with <span class="command"><strong>managed-keys</strong></span> and the
authoritative zone rolled the key to an algorithm not supported
by BIND 9. This flaw is disclosed in CVE-2018-5745. [GL #780]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> leaked memory when processing a
request with multiple Key Tag EDNS options present. ISC
would like to thank Toshifumi Sakaguchi for bringing this
to our attention. This flaw is disclosed in CVE-2018-5744.
[GL #772]
</p>
</li>
<li class="listitem">
<p>
Zone transfer controls for writable DLZ zones were not
effective as the <span class="command"><strong>allowzonexfr</strong></span> method was
not being called for such zones. This flaw is disclosed in
CVE-2019-6465. [GL #790]
</p>
</li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
@ -231,15 +148,11 @@
</li>
<li class="listitem">
<p>
A new secondary zone option, <span class="command"><strong>mirror</strong></span>,
enables <span class="command"><strong>named</strong></span> to serve a transferred copy
of a zone's contents without acting as an authority for the
zone. A zone must be fully validated against an active trust
anchor before it can be used as a mirror zone. DNS responses
from mirror zones do not set the AA bit ("authoritative answer"),
but do set the AD bit ("authenticated data"). This feature is
meant to facilitate deployment of a local copy of the root zone,
as described in RFC 7706. [GL #33]
Support for QNAME minimization was added and enabled by default
in <span class="command"><strong>relaxed</strong></span> mode, in which BIND will fall back
to normal resolution if the remote server returns something
unexpected during the query minimization process. This default
setting might change to <span class="command"><strong>strict</strong></span> in the future.
</p>
</li>
<li class="listitem">
@ -255,6 +168,19 @@
as further plugins are implemented. [GL #15]
</p>
</li>
<li class="listitem">
<p>
A new secondary zone option, <span class="command"><strong>mirror</strong></span>,
enables <span class="command"><strong>named</strong></span> to serve a transferred copy
of a zone's contents without acting as an authority for the
zone. A zone must be fully validated against an active trust
anchor before it can be used as a mirror zone. DNS responses
from mirror zones do not set the AA bit ("authoritative answer"),
but do set the AD bit ("authenticated data"). This feature is
meant to facilitate deployment of a local copy of the root zone,
as described in RFC 7706. [GL #33]
</p>
</li>
<li class="listitem">
<p>
BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
@ -281,15 +207,6 @@
signatures covering DNSKEY RRsets. [GL #145]
</p>
</li>
<li class="listitem">
<p>
Support for QNAME minimization was added and enabled by default
in <span class="command"><strong>relaxed</strong></span> mode, in which BIND will fall back
to normal resolution if the remote server returns something
unexpected during the query minimization process. This default
setting might change to <span class="command"><strong>strict</strong></span> in the future.
</p>
</li>
<li class="listitem">
<p>
When built on Linux, BIND now requires the <span class="command"><strong>libcap</strong></span>
@ -344,6 +261,22 @@
configuration is being reloaded.
</p>
</li>
<li class="listitem">
<p>
The new <span class="command"><strong>answer-cookie</strong></span> option, if set to
<code class="literal">no</code>, prevents <span class="command"><strong>named</strong></span> from
returning a DNS COOKIE option to a client, even if such an
option was present in the request. This is only intended as
a temporary measure, for use when <span class="command"><strong>named</strong></span>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the same
address is not expected to cause operational problems, but the
option to disable COOKIE responses so that all servers have the
same behavior is provided out of an abundance of caution.
DNS COOKIE is an important security mechanism, and this option
should not be used to disable it unless absolutely necessary.
</p>
</li>
</ul></div>
</div>
@ -488,51 +421,43 @@
</li>
<li class="listitem">
<p>
Support for ECC-GOST (GOST R 34.11-94) algorithm has been
removed from BIND as the algorithm has been superseded by
GOST R 34.11-2012 in RFC6986 and it must not be used in new
deployments. BIND will neither create new DNSSEC keys,
signatures and digest, nor it will validate them.
Support for the RSAMD5 algorithm has been removed freom BIND as
the usage of the RSAMD5 algorithm for DNSSEC has been deprecated
in RFC6725, the security of the MD5 algorithm has been compromised,
and its usage is considered harmful.
</p>
</li>
<li class="listitem">
<p>
Add the ability to not return a DNS COOKIE option when one
is present in the request. To prevent a cookie being returned
add 'answer-cookie no;' to named.conf. [GL #173]
</p>
<p>
<span class="command"><strong>answer-cookie</strong></span> is only intended as a temporary
measure, for use when <span class="command"><strong>named</strong></span> shares an IP address
with other servers that do not yet support DNS COOKIE. A mismatch
between servers on the same address is not expected to cause
operational problems, but the option to disable COOKIE responses so
that all servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security mechanism,
and should not be disabled unless absolutely necessary.
</p>
<p>
Remove support for silently ignoring 'no-change' deltas from
BIND 8 when processing an IXFR stream. 'no-change' deltas
will now trigger a fallback to AXFR as the recovery mechanism.
</p>
<p>
BIND 9 will no longer build on platforms that doesn't have
proper IPv6 support. BIND 9 now also requires non-broken
POSIX-compatible pthread support. Such platforms are
usually long after their end-of-life date and they are
neither developed nor supported by their respective vendors.
Support for the ECC-GOST (GOST R 34.11-94) algorithm has been
removed from BIND, as the algorithm has been superseded by
GOST R 34.11-2012 in RFC6986 and it must not be used in new
deployments. BIND will neither create new DNSSEC keys,
signatures and digests, nor it will validate them.
</p>
</li>
<li class="listitem">
<p>
Support for DSA and DSA-NSEC3-SHA1 algorithms has been
removed from BIND as the DSA key length is limited to 1024
bits and this is not considered secure enough.
</p>
</li>
<li class="listitem">
<p>
Support for RSAMD5 algorithm has been removed freom BIND as the usage
of the RSAMD5 algorithm for DNSSEC has been deprecated in RFC6725 and
the security of MD5 algorithm has been compromised and the its usage
is considered harmful.
<span class="command"><strong>named</strong></span> will no longer ignore "no-change" deltas
when processing an IXFR stream. This had previously been
permitted for compatibility with BIND 8, but now "no-change"
deltas will trigger a fallback to AXFR as the recovery mechanism.
</p>
</li>
<li class="listitem">
<p>
BIND 9 will no longer build on platforms that don't have
proper IPv6 support. BIND 9 now also requires POSIX-compatible
pthread support. Most of the platforms that lack these featuers
are long past their end-of-lifew dates, and they are neither
developed nor supported by their respective vendors.
</p>
</li>
<li class="listitem">
@ -556,7 +481,7 @@
<p>
BIND will now always use the best CSPRNG (cryptographically-secure
pseudo-random number generator) available on the platform where
it is compiled. It will use <span class="command"><strong>arc4random()</strong></span>
it is compiled. It will use the <span class="command"><strong>arc4random()</strong></span>
family of functions on BSD operating systems,
<span class="command"><strong>getrandom()</strong></span> on Linux and Solaris,
<span class="command"><strong>CryptGenRandom</strong></span> on Windows, and the selected
@ -687,64 +612,6 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
Running <span class="command"><strong>rndc reconfig</strong></span> could cause
<span class="command"><strong>inline-signing</strong></span> zones to stop signing.
[GL #439]
</p>
</li>
<li class="listitem">
<p>
Reloading all zones caused zone maintenance to stop for
<span class="command"><strong>inline-signing</strong></span> zones. [GL #435]
</p>
</li>
<li class="listitem">
<p>
Signatures loaded from the journal for the signed version
of an <span class="command"><strong>inline-signing</strong></span> zone were not scheduled
for refresh. [GL #482]
</p>
</li>
<li class="listitem">
<p>
A referral response with a non-empty ANSWER section was
incorrectly treated as an error; this caused certain domains
to be non-resolvable. [GL #390]
</p>
</li>
<li class="listitem">
<p>
When a negative trust anchor was added to multiple views
using <span class="command"><strong>rndc nta</strong></span>, the text returned via
<span class="command"><strong>rndc</strong></span> was incorrectly truncated after the
first line, making it appear that only one NTA had been
added. This has been fixed. [GL #105]
</p>
</li>
<li class="listitem">
<p>
The view name is now included in the output of
<span class="command"><strong>rndc nta -dump</strong></span>, for consistency with
other options. [GL !816]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> now rejects excessively large
incremental (IXFR) zone transfers in order to prevent
possible corruption of journal files which could cause
<span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
</p>
</li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License</h3></div></div></div>
<p>
BIND is open source software licenced under the terms of the Mozilla
@ -770,11 +637,6 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
BIND 9.13 is an unstable development branch. When its development
is complete, it will be renamed to BIND 9.14, which will be a
stable branch.
</p>
<p>
The end of life date for BIND 9.14 has not yet been determined.
For those needing long term support, the current Extended Support
@ -815,6 +677,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch09.html
View file

@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch10.html
View file

@ -914,6 +914,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch11.html
View file

@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch12.html
View file

@ -210,6 +210,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

8
doc/arm/Bv9ARM.html
View file

@ -32,7 +32,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="releaseinfo">BIND Version 9.13.7</p></div>
<div><p class="releaseinfo">BIND Version 9.14.0rc1</p></div>
<div><p class="copyright">Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
@ -242,17 +242,15 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.7</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.14.0rc1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_platforms">Supported Platforms</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_removed">Removed Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_license">License</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#end_of_life">End of Life</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_thanks">Thank You</a></span></dt>
@ -440,6 +438,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

BIN
doc/arm/Bv9ARM.pdf
View file

Binary file not shown.

2
doc/arm/man.arpaname.html
View file

@ -90,6 +90,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.ddns-confgen.html
View file

@ -220,6 +220,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.delv.html
View file

@ -625,6 +625,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dig.html
View file

@ -1151,6 +1151,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-cds.html
View file

@ -376,6 +376,6 @@ nsupdate -l
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-checkds.html
View file

@ -150,6 +150,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-coverage.html
View file

@ -270,6 +270,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-dsfromkey.html
View file

@ -352,6 +352,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-importkey.html
View file

@ -250,6 +250,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-keyfromlabel.html
View file

@ -498,6 +498,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-keygen.html
View file

@ -568,6 +568,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-keymgr.html
View file

@ -405,6 +405,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-revoke.html
View file

@ -171,6 +171,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-settime.html
View file

@ -349,6 +349,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-signzone.html
View file

@ -701,6 +701,6 @@ db.example.com.signed
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-verify.html
View file

@ -202,6 +202,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.dnstap-read.html
View file

@ -143,6 +143,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.filter-aaaa.html
View file

@ -168,6 +168,6 @@ plugin query "/usr/local/lib/filter-aaaa.so" {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.host.html
View file

@ -366,6 +366,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.mdig.html
View file

@ -604,6 +604,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.named-checkconf.html
View file

@ -208,6 +208,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.named-checkzone.html
View file

@ -463,6 +463,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.named-journalprint.html
View file

@ -117,6 +117,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.named-nzd2nzf.html
View file

@ -119,6 +119,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.named-rrchecker.html
View file

@ -121,6 +121,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.named.conf.html
View file

@ -1073,6 +1073,6 @@ zone
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.named.html
View file

@ -492,6 +492,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.nsec3hash.html
View file

@ -155,6 +155,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.nslookup.html
View file

@ -437,6 +437,6 @@ nslookup -query=hinfo -timeout=10
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.nsupdate.html
View file

@ -818,6 +818,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-destroy.html
View file

@ -162,6 +162,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-keygen.html
View file

@ -200,6 +200,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-list.html
View file

@ -158,6 +158,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-tokens.html
View file

@ -123,6 +123,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.rndc-confgen.html
View file

@ -260,6 +260,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.rndc.conf.html
View file

@ -268,6 +268,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

2
doc/arm/man.rndc.html
View file

@ -1024,6 +1024,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.7 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.0rc1 (Stable Release)</p>
</body>
</html>

310
doc/arm/notes.html
View file

@ -15,17 +15,22 @@
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2"></a>Release Notes for BIND Version 9.13.7</h2></div></div></div>
<a name="id-1.2"></a>Release Notes for BIND Version 9.14.0rc1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
BIND 9.13 is an unstable development release of BIND.
This document summarizes new features and functional changes that
have been introduced on this branch. With each development release
leading up to the stable BIND 9.14 release, this document will be
updated with additional features added and bugs fixed.
BIND 9.14.0 is the first release of a new stable branch of BIND.
This document summarizes new features and functional changes
that have been introduced, as well as features that have been
deprecated or removed, since the last stable branch, 9.12.
</p>
<p>
</p>
<p>
Please see the file <code class="filename">CHANGES</code> for a more
detailed list of changes and bug fixes.
</p>
</div>
@ -33,23 +38,11 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_versions"></a>Note on Version Numbering</h3></div></div></div>
<p>
Prior to BIND 9.13, new feature development releases were tagged
as "alpha" and "beta", leading up to the first stable release
for a given development branch, which always ended in ".0".
</p>
<p>
Now, however, BIND has adopted the "odd-unstable/even-stable"
release numbering convention. There will be no "alpha" or "beta"
releases in the 9.13 branch, only increasing version numbers.
So, for example, what would previously have been called 9.13.0a1,
9.13.0a2, 9.13.0b1, and so on, will instead be called 9.13.0,
9.13.1, 9.13.2, etc.
</p>
<p>
The first stable release from this development branch will be
renamed as 9.14.0. Thereafter, maintenance releases will continue
on the 9.14 branch, while unstable feature development proceeds in
9.15.
As of BIND 9.13/9.14, BIND has adopted the "odd-unstable/even-stable"
release numbering convention. BIND 9.14 contains new features added
during the BIND 9.13 development process. Henceforth, the 9.14 branch
will be limited to bug fixes and new feature development will proceed
in the unstable 9.15 branch, and so forth.
</p>
</div>
@ -57,12 +50,15 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_platforms"></a>Supported Platforms</h3></div></div></div>
<p>
BIND 9.13 has undergone substantial code refactoring and cleanup,
and some very old code has been removed that was needed to support
legacy platforms which are no longer supported by their vendors
and for which ISC is no longer able to perform quality assurance
testing. Specifically, workarounds for old versions of UnixWare,
BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX have been removed.
Since 9.12, BIND has undergone substantial code refactoring and
cleanup, and some very old code has been removed that was needed
to support legacy platforms which are no longer supported by their
vendors and for which ISC is no longer able to perform quality
assurance testing. Specifically, workarounds for old versions of
UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX have been
removed.
</p>
<p>
On UNIX-like systems, BIND now requires support for POSIX.1c
threads (IEEE Std 1003.1c-1995), the Advanced Sockets API for
IPv6 (RFC 3542), and standard atomic operations provided by the
@ -77,7 +73,7 @@
for systems that are still supported by their respective vendors.
</p>
<p>
As of BIND 9.13, the BIND development team has also made cryptography
As of BIND 9.14, the BIND development team has also made cryptography
(i.e., TSIG and DNSSEC) an integral part of the DNS server. The
OpenSSL cryptography library must be available for the target
platform. A PKCS#11 provider can be used instead for Public Key
@ -101,83 +97,6 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
There was a long-existing flaw in the documentation for
<span class="command"><strong>ms-self</strong></span>, <span class="command"><strong>krb5-self</strong></span>,
<span class="command"><strong>ms-subdomain</strong></span>, and <span class="command"><strong>krb5-subdomain</strong></span>
rules in <span class="command"><strong>update-policy</strong></span> statements. Though
the policies worked as intended, operators who configured their
servers according to the misleading documentation may have
thought zone updates were more restricted than they were;
users of these rule types are advised to review the documentation
and correct their configurations if necessary. New rule types
matching the previously documented behavior will be introduced
in a future maintenance release. [GL !708]
</p>
</li>
<li class="listitem">
<p>
When recursion is enabled but the <span class="command"><strong>allow-recursion</strong></span>
and <span class="command"><strong>allow-query-cache</strong></span> ACLs are not specified, they
should be limited to local networks, but they were inadvertently set
to match the default <span class="command"><strong>allow-query</strong></span>, thus allowing
remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> could crash during recursive processing
of DNAME records when <span class="command"><strong>deny-answer-aliases</strong></span> was
in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
</p>
</li>
<li class="listitem">
<p>
Code change #4964, intended to prevent double signatures
when deleting an inactive zone DNSKEY in some situations,
introduced a new problem during zone processing in which
some delegation glue RRsets are incorrectly identified
as needing RRSIGs, which are then created for them using
the current active ZSK for the zone. In some, but not all
cases, the newly-signed RRsets are added to the zone's
NSEC/NSEC3 chain, but incompletely -- this can result in
a broken chain, affecting validation of proof of nonexistence
for records in the zone. [GL #771]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> could crash if it managed a DNSSEC
security root with <span class="command"><strong>managed-keys</strong></span> and the
authoritative zone rolled the key to an algorithm not supported
by BIND 9. This flaw is disclosed in CVE-2018-5745. [GL #780]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> leaked memory when processing a
request with multiple Key Tag EDNS options present. ISC
would like to thank Toshifumi Sakaguchi for bringing this
to our attention. This flaw is disclosed in CVE-2018-5744.
[GL #772]
</p>
</li>
<li class="listitem">
<p>
Zone transfer controls for writable DLZ zones were not
effective as the <span class="command"><strong>allowzonexfr</strong></span> method was
not being called for such zones. This flaw is disclosed in
CVE-2019-6465. [GL #790]
</p>
</li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
@ -191,15 +110,11 @@
</li>
<li class="listitem">
<p>
A new secondary zone option, <span class="command"><strong>mirror</strong></span>,
enables <span class="command"><strong>named</strong></span> to serve a transferred copy
of a zone's contents without acting as an authority for the
zone. A zone must be fully validated against an active trust
anchor before it can be used as a mirror zone. DNS responses
from mirror zones do not set the AA bit ("authoritative answer"),
but do set the AD bit ("authenticated data"). This feature is
meant to facilitate deployment of a local copy of the root zone,
as described in RFC 7706. [GL #33]
Support for QNAME minimization was added and enabled by default
in <span class="command"><strong>relaxed</strong></span> mode, in which BIND will fall back
to normal resolution if the remote server returns something
unexpected during the query minimization process. This default
setting might change to <span class="command"><strong>strict</strong></span> in the future.
</p>
</li>
<li class="listitem">
@ -215,6 +130,19 @@
as further plugins are implemented. [GL #15]
</p>
</li>
<li class="listitem">
<p>
A new secondary zone option, <span class="command"><strong>mirror</strong></span>,
enables <span class="command"><strong>named</strong></span> to serve a transferred copy
of a zone's contents without acting as an authority for the
zone. A zone must be fully validated against an active trust
anchor before it can be used as a mirror zone. DNS responses
from mirror zones do not set the AA bit ("authoritative answer"),
but do set the AD bit ("authenticated data"). This feature is
meant to facilitate deployment of a local copy of the root zone,
as described in RFC 7706. [GL #33]
</p>
</li>
<li class="listitem">
<p>
BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
@ -241,15 +169,6 @@
signatures covering DNSKEY RRsets. [GL #145]
</p>
</li>
<li class="listitem">
<p>
Support for QNAME minimization was added and enabled by default
in <span class="command"><strong>relaxed</strong></span> mode, in which BIND will fall back
to normal resolution if the remote server returns something
unexpected during the query minimization process. This default
setting might change to <span class="command"><strong>strict</strong></span> in the future.
</p>
</li>
<li class="listitem">
<p>
When built on Linux, BIND now requires the <span class="command"><strong>libcap</strong></span>
@ -304,6 +223,22 @@
configuration is being reloaded.
</p>
</li>
<li class="listitem">
<p>
The new <span class="command"><strong>answer-cookie</strong></span> option, if set to
<code class="literal">no</code>, prevents <span class="command"><strong>named</strong></span> from
returning a DNS COOKIE option to a client, even if such an
option was present in the request. This is only intended as
a temporary measure, for use when <span class="command"><strong>named</strong></span>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the same
address is not expected to cause operational problems, but the
option to disable COOKIE responses so that all servers have the
same behavior is provided out of an abundance of caution.
DNS COOKIE is an important security mechanism, and this option
should not be used to disable it unless absolutely necessary.
</p>
</li>
</ul></div>
</div>
@ -448,51 +383,43 @@
</li>
<li class="listitem">
<p>
Support for ECC-GOST (GOST R 34.11-94) algorithm has been
removed from BIND as the algorithm has been superseded by
GOST R 34.11-2012 in RFC6986 and it must not be used in new
deployments. BIND will neither create new DNSSEC keys,
signatures and digest, nor it will validate them.
Support for the RSAMD5 algorithm has been removed freom BIND as
the usage of the RSAMD5 algorithm for DNSSEC has been deprecated
in RFC6725, the security of the MD5 algorithm has been compromised,
and its usage is considered harmful.
</p>
</li>
<li class="listitem">
<p>
Add the ability to not return a DNS COOKIE option when one
is present in the request. To prevent a cookie being returned
add 'answer-cookie no;' to named.conf. [GL #173]
</p>
<p>
<span class="command"><strong>answer-cookie</strong></span> is only intended as a temporary
measure, for use when <span class="command"><strong>named</strong></span> shares an IP address
with other servers that do not yet support DNS COOKIE. A mismatch
between servers on the same address is not expected to cause
operational problems, but the option to disable COOKIE responses so
that all servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security mechanism,
and should not be disabled unless absolutely necessary.
</p>
<p>
Remove support for silently ignoring 'no-change' deltas from
BIND 8 when processing an IXFR stream. 'no-change' deltas
will now trigger a fallback to AXFR as the recovery mechanism.
</p>
<p>
BIND 9 will no longer build on platforms that doesn't have
proper IPv6 support. BIND 9 now also requires non-broken
POSIX-compatible pthread support. Such platforms are
usually long after their end-of-life date and they are
neither developed nor supported by their respective vendors.
Support for the ECC-GOST (GOST R 34.11-94) algorithm has been
removed from BIND, as the algorithm has been superseded by
GOST R 34.11-2012 in RFC6986 and it must not be used in new
deployments. BIND will neither create new DNSSEC keys,
signatures and digests, nor it will validate them.
</p>
</li>
<li class="listitem">
<p>
Support for DSA and DSA-NSEC3-SHA1 algorithms has been
removed from BIND as the DSA key length is limited to 1024
bits and this is not considered secure enough.
</p>
</li>
<li class="listitem">
<p>
Support for RSAMD5 algorithm has been removed freom BIND as the usage
of the RSAMD5 algorithm for DNSSEC has been deprecated in RFC6725 and
the security of MD5 algorithm has been compromised and the its usage
is considered harmful.
<span class="command"><strong>named</strong></span> will no longer ignore "no-change" deltas
when processing an IXFR stream. This had previously been
permitted for compatibility with BIND 8, but now "no-change"
deltas will trigger a fallback to AXFR as the recovery mechanism.
</p>
</li>
<li class="listitem">
<p>
BIND 9 will no longer build on platforms that don't have
proper IPv6 support. BIND 9 now also requires POSIX-compatible
pthread support. Most of the platforms that lack these featuers
are long past their end-of-lifew dates, and they are neither
developed nor supported by their respective vendors.
</p>
</li>
<li class="listitem">
@ -516,7 +443,7 @@
<p>
BIND will now always use the best CSPRNG (cryptographically-secure
pseudo-random number generator) available on the platform where
it is compiled. It will use <span class="command"><strong>arc4random()</strong></span>
it is compiled. It will use the <span class="command"><strong>arc4random()</strong></span>
family of functions on BSD operating systems,
<span class="command"><strong>getrandom()</strong></span> on Linux and Solaris,
<span class="command"><strong>CryptGenRandom</strong></span> on Windows, and the selected
@ -647,64 +574,6 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
Running <span class="command"><strong>rndc reconfig</strong></span> could cause
<span class="command"><strong>inline-signing</strong></span> zones to stop signing.
[GL #439]
</p>
</li>
<li class="listitem">
<p>
Reloading all zones caused zone maintenance to stop for
<span class="command"><strong>inline-signing</strong></span> zones. [GL #435]
</p>
</li>
<li class="listitem">
<p>
Signatures loaded from the journal for the signed version
of an <span class="command"><strong>inline-signing</strong></span> zone were not scheduled
for refresh. [GL #482]
</p>
</li>
<li class="listitem">
<p>
A referral response with a non-empty ANSWER section was
incorrectly treated as an error; this caused certain domains
to be non-resolvable. [GL #390]
</p>
</li>
<li class="listitem">
<p>
When a negative trust anchor was added to multiple views
using <span class="command"><strong>rndc nta</strong></span>, the text returned via
<span class="command"><strong>rndc</strong></span> was incorrectly truncated after the
first line, making it appear that only one NTA had been
added. This has been fixed. [GL #105]
</p>
</li>
<li class="listitem">
<p>
The view name is now included in the output of
<span class="command"><strong>rndc nta -dump</strong></span>, for consistency with
other options. [GL !816]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> now rejects excessively large
incremental (IXFR) zone transfers in order to prevent
possible corruption of journal files which could cause
<span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
</p>
</li>
</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License</h3></div></div></div>
<p>
BIND is open source software licenced under the terms of the Mozilla
@ -730,11 +599,6 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
BIND 9.13 is an unstable development branch. When its development
is complete, it will be renamed to BIND 9.14, which will be a
stable branch.
</p>
<p>
The end of life date for BIND 9.14 has not yet been determined.
For those needing long term support, the current Extended Support

BIN
doc/arm/notes.pdf
View file

Binary file not shown.

220
doc/arm/notes.txt
View file

@ -1,40 +1,35 @@
Release Notes for BIND Version 9.13.7
Release Notes for BIND Version 9.14.0rc1
Introduction
BIND 9.13 is an unstable development release of BIND. This document
summarizes new features and functional changes that have been introduced
on this branch. With each development release leading up to the stable
BIND 9.14 release, this document will be updated with additional features
added and bugs fixed.
BIND 9.14.0 is the first release of a new stable branch of BIND. This
document summarizes new features and functional changes that have been
introduced, as well as features that have been deprecated or removed,
since the last stable branch, 9.12.
Please see the file CHANGES for a more detailed list of changes and bug
fixes.
Note on Version Numbering
Prior to BIND 9.13, new feature development releases were tagged as
"alpha" and "beta", leading up to the first stable release for a given
development branch, which always ended in ".0".
Now, however, BIND has adopted the "odd-unstable/even-stable" release
numbering convention. There will be no "alpha" or "beta" releases in the
9.13 branch, only increasing version numbers. So, for example, what would
previously have been called 9.13.0a1, 9.13.0a2, 9.13.0b1, and so on, will
instead be called 9.13.0, 9.13.1, 9.13.2, etc.
The first stable release from this development branch will be renamed as
9.14.0. Thereafter, maintenance releases will continue on the 9.14 branch,
while unstable feature development proceeds in 9.15.
As of BIND 9.13/9.14, BIND has adopted the "odd-unstable/even-stable"
release numbering convention. BIND 9.14 contains new features added during
the BIND 9.13 development process. Henceforth, the 9.14 branch will be
limited to bug fixes and new feature development will proceed in the
unstable 9.15 branch, and so forth.
Supported Platforms
BIND 9.13 has undergone substantial code refactoring and cleanup, and some
very old code has been removed that was needed to support legacy platforms
which are no longer supported by their vendors and for which ISC is no
longer able to perform quality assurance testing. Specifically,
Since 9.12, BIND has undergone substantial code refactoring and cleanup,
and some very old code has been removed that was needed to support legacy
platforms which are no longer supported by their vendors and for which ISC
is no longer able to perform quality assurance testing. Specifically,
workarounds for old versions of UnixWare, BSD/OS, AIX, Tru64, SunOS,
TruCluster and IRIX have been removed. On UNIX-like systems, BIND now
requires support for POSIX.1c threads (IEEE Std 1003.1c-1995), the
Advanced Sockets API for IPv6 (RFC 3542), and standard atomic operations
provided by the C compiler.
TruCluster and IRIX have been removed.
On UNIX-like systems, BIND now requires support for POSIX.1c threads (IEEE
Std 1003.1c-1995), the Advanced Sockets API for IPv6 (RFC 3542), and
standard atomic operations provided by the C compiler.
More information can be found in the PLATFORM.md file that is included in
the source distribution of BIND 9. If your platform compiler and system
@ -43,7 +38,7 @@ that isn't the case, the BIND development team will generally accept
patches that add support for systems that are still supported by their
respective vendors.
As of BIND 9.13, the BIND development team has also made cryptography
As of BIND 9.14, the BIND development team has also made cryptography
(i.e., TSIG and DNSSEC) an integral part of the DNS server. The OpenSSL
cryptography library must be available for the target platform. A PKCS#11
provider can be used instead for Public Key cryptography (i.e., DNSSEC
@ -57,52 +52,6 @@ www.isc.org/downloads/. There you will find additional information about
each release, source code, and pre-compiled versions for Microsoft Windows
operating systems.
Security Fixes
* There was a long-existing flaw in the documentation for ms-self,
krb5-self, ms-subdomain, and krb5-subdomain rules in update-policy
statements. Though the policies worked as intended, operators who
configured their servers according to the misleading documentation may
have thought zone updates were more restricted than they were; users
of these rule types are advised to review the documentation and
correct their configurations if necessary. New rule types matching the
previously documented behavior will be introduced in a future
maintenance release. [GL !708]
* When recursion is enabled but the allow-recursion and
allow-query-cache ACLs are not specified, they should be limited to
local networks, but they were inadvertently set to match the default
allow-query, thus allowing remote queries. This flaw is disclosed in
CVE-2018-5738. [GL #309]
* named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in
CVE-2018-5740. [GL #387]
* Code change #4964, intended to prevent double signatures when deleting
an inactive zone DNSKEY in some situations, introduced a new problem
during zone processing in which some delegation glue RRsets are
incorrectly identified as needing RRSIGs, which are then created for
them using the current active ZSK for the zone. In some, but not all
cases, the newly-signed RRsets are added to the zone's NSEC/NSEC3
chain, but incompletely -- this can result in a broken chain,
affecting validation of proof of nonexistence for records in the zone.
[GL #771]
* named could crash if it managed a DNSSEC security root with
managed-keys and the authoritative zone rolled the key to an algorithm
not supported by BIND 9. This flaw is disclosed in CVE-2018-5745. [GL
#780]
* named leaked memory when processing a request with multiple Key Tag
EDNS options present. ISC would like to thank Toshifumi Sakaguchi for
bringing this to our attention. This flaw is disclosed in
CVE-2018-5744. [GL #772]
* Zone transfer controls for writable DLZ zones were not effective as
the allowzonexfr method was not being called for such zones. This flaw
is disclosed in CVE-2019-6465. [GL #790]
New Features
* Task manager and socket code have been substantially modified. The
@ -110,6 +59,20 @@ New Features
event loops in CPU-affinitive threads. This greatly improves
performance on large systems, especially when using multi-queue NICs.
* Support for QNAME minimization was added and enabled by default in
relaxed mode, in which BIND will fall back to normal resolution if the
remote server returns something unexpected during the query
minimization process. This default setting might change to strict in
the future.
* A new plugin mechanism has been added to allow extension of query
processing functionality through the use of external libraries. The
new filter-aaaa.so plugin replaces the filter-aaaa feature that was
formerly implemented as a native part of BIND.
The plugin API is a work in progress and is likely to evolve as
further plugins are implemented. [GL #15]
* A new secondary zone option, mirror, enables named to serve a
transferred copy of a zone's contents without acting as an authority
for the zone. A zone must be fully validated against an active trust
@ -119,14 +82,6 @@ New Features
facilitate deployment of a local copy of the root zone, as described
in RFC 7706. [GL #33]
* A new plugin mechanism has been added to allow extension of query
processing functionality through the use of external libraries. The
new filter-aaaa.so plugin replaces the filter-aaaa feature that was
formerly implemented as a native part of BIND.
The plugin API is a work in progress and is likely to evolve as
further plugins are implemented. [GL #15]
* BIND now can be compiled against the libidn2 library to add IDNA2008
support. Previously, BIND supported IDNA2003 using the (now obsolete
and unsupported) idnkit-1 library.
@ -140,12 +95,6 @@ New Features
* The dnskey-sig-validity option allows the sig-validity-interval to be
overriden for signatures covering DNSKEY RRsets. [GL #145]
* Support for QNAME minimization was added and enabled by default in
relaxed mode, in which BIND will fall back to normal resolution if the
remote server returns something unexpected during the query
minimization process. This default setting might change to strict in
the future.
* When built on Linux, BIND now requires the libcap library to set
process privileges. The adds a new compile-time dependency, which can
be met on most Linux platforms by installing the libcap-dev or
@ -178,6 +127,17 @@ New Features
* rndc status output now includes a reconfig/reload in progress status
line if named configuration is being reloaded.
* The new answer-cookie option, if set to no, prevents named from
returning a DNS COOKIE option to a client, even if such an option was
present in the request. This is only intended as a temporary measure,
for use when named shares an IP address with other servers that do not
yet support DNS COOKIE. A mismatch between servers on the same address
is not expected to cause operational problems, but the option to
disable COOKIE responses so that all servers have the same behavior is
provided out of an abundance of caution. DNS COOKIE is an important
security mechanism, and this option should not be used to disable it
unless absolutely necessary.
Removed Features
* Workarounds for servers that misbehave when queried with EDNS have
@ -257,43 +217,31 @@ Removed Features
The -p option to use pseudo-random data has been removed from the
dnssec-signzone command.
* Support for ECC-GOST (GOST R 34.11-94) algorithm has been removed from
BIND as the algorithm has been superseded by GOST R 34.11-2012 in
RFC6986 and it must not be used in new deployments. BIND will neither
create new DNSSEC keys, signatures and digest, nor it will validate
them.
* Support for the RSAMD5 algorithm has been removed freom BIND as the
usage of the RSAMD5 algorithm for DNSSEC has been deprecated in
RFC6725, the security of the MD5 algorithm has been compromised, and
its usage is considered harmful.
* Add the ability to not return a DNS COOKIE option when one is present
in the request. To prevent a cookie being returned add 'answer-cookie
no;' to named.conf. [GL #173]
* Support for the ECC-GOST (GOST R 34.11-94) algorithm has been removed
from BIND, as the algorithm has been superseded by GOST R 34.11-2012
in RFC6986 and it must not be used in new deployments. BIND will
neither create new DNSSEC keys, signatures and digests, nor it will
validate them.
answer-cookie is only intended as a temporary measure, for use when
named shares an IP address with other servers that do not yet support
DNS COOKIE. A mismatch between servers on the same address is not
expected to cause operational problems, but the option to disable
COOKIE responses so that all servers have the same behavior is
provided out of an abundance of caution. DNS COOKIE is an important
security mechanism, and should not be disabled unless absolutely
necessary.
Remove support for silently ignoring 'no-change' deltas from BIND 8
when processing an IXFR stream. 'no-change' deltas will now trigger a
fallback to AXFR as the recovery mechanism.
BIND 9 will no longer build on platforms that doesn't have proper IPv6
support. BIND 9 now also requires non-broken POSIX-compatible pthread
support. Such platforms are usually long after their end-of-life date
and they are neither developed nor supported by their respective
vendors.
Support for DSA and DSA-NSEC3-SHA1 algorithms has been removed from
* Support for DSA and DSA-NSEC3-SHA1 algorithms has been removed from
BIND as the DSA key length is limited to 1024 bits and this is not
considered secure enough.
Support for RSAMD5 algorithm has been removed freom BIND as the usage
of the RSAMD5 algorithm for DNSSEC has been deprecated in RFC6725 and
the security of MD5 algorithm has been compromised and the its usage
is considered harmful.
* named will no longer ignore "no-change" deltas when processing an IXFR
stream. This had previously been permitted for compatibility with BIND
8, but now "no-change" deltas will trigger a fallback to AXFR as the
recovery mechanism.
* BIND 9 will no longer build on platforms that don't have proper IPv6
support. BIND 9 now also requires POSIX-compatible pthread support.
Most of the platforms that lack these featuers are long past their
end-of-lifew dates, and they are neither developed nor supported by
their respective vendors.
* The incomplete support for internationalization message catalogs has
been removed from BIND. Since the internationalization was never
@ -306,7 +254,7 @@ Feature Changes
* BIND will now always use the best CSPRNG (cryptographically-secure
pseudo-random number generator) available on the platform where it is
compiled. It will use arc4random() family of functions on BSD
compiled. It will use the arc4random() family of functions on BSD
operating systems, getrandom() on Linux and Solaris, CryptGenRandom on
Windows, and the selected cryptography provider library (OpenSSL or
PKCS#11) as the last resort. [GL #221]
@ -369,33 +317,6 @@ Feature Changes
* Zone signing and key maintenance events are now logged to the dnssec
category rather than zone.
Bug Fixes
* Running rndc reconfig could cause inline-signing zones to stop
signing. [GL #439]
* Reloading all zones caused zone maintenance to stop for inline-signing
zones. [GL #435]
* Signatures loaded from the journal for the signed version of an
inline-signing zone were not scheduled for refresh. [GL #482]
* A referral response with a non-empty ANSWER section was incorrectly
treated as an error; this caused certain domains to be non-resolvable.
[GL #390]
* When a negative trust anchor was added to multiple views using rndc
nta, the text returned via rndc was incorrectly truncated after the
first line, making it appear that only one NTA had been added. This
has been fixed. [GL #105]
* The view name is now included in the output of rndc nta -dump, for
consistency with other options. [GL !816]
* named now rejects excessively large incremental (IXFR) zone transfers
in order to prevent possible corruption of journal files which could
cause named to abort when loading zones. [GL #339]
License
BIND is open source software licenced under the terms of the Mozilla
@ -413,9 +334,6 @@ www.isc.org/mission/contact/.
End of Life
BIND 9.13 is an unstable development branch. When its development is
complete, it will be renamed to BIND 9.14, which will be a stable branch.
The end of life date for BIND 9.14 has not yet been determined. For those
needing long term support, the current Extended Support Version (ESV) is
BIND 9.11, which will be supported until at least December 2021. See