diff --git a/README b/README index 1cb5dfc2c8..60d92be389 100644 --- a/README +++ b/README @@ -50,20 +50,28 @@ BIND 9 BIND 9.9.0 - BIND 9.9.0 includes a number of changes from BIND 9.6 and earlier + BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier releases. New features include: + - Inline signing, allowing automatic DNSSEC signing of + master zones without modification of the zonefile, or + "bump in the wire" signing in slaves. - NXDOMAIN redirection. - - Improved scalability from using multiple threads to - listen for queries. - New 'rndc flushtree' command clears all data under a given name from the DNS cache. - - New 'rndc sync' command dumps pending changes in a dynamic zone - to disk without a freeze/thaw cycle. + - New 'rndc sync' command dumps pending changes in a dynamic + zone to disk without a freeze/thaw cycle. + - New 'rndc signing' command displays or clears signing status + records in 'auto-dnssec' zones + - NSEC3 parameters for 'auto-dnssec' zones can now be set prior + to signing, eliminating the need to initially sign with NSEC. + - Startup time improvements on large authoritative servers + - Slave zones are now saved in raw format by default + - Several improvements to response policy zones (RPZ) + - Improved scalability from using multiple threads to + listen for queries. - The 'also-notify' option now takes the same syntax as 'masters', so it can used named masterlists and TSIG keys. - - 'auto-dnssec' zones can now have NSEC3 parameters set prior - to signing. - 'dnssec-signzone -D' writes an output file containing only DNSSEC data, which can be included by the primary zone file. - 'dnssec-signzone -R' forces removal of signatures that are @@ -78,6 +86,9 @@ BIND 9.9.0 table per RFC 6303. - Dynamic updates can now optionally set the zone's SOA serial number to the current UNIX time. + - DLZ modules can now retrieve the source IP address of + the querying client + - 'request-ixfr' option can now be set at the per-zone level. BIND 9.8.0