BIND 9.3.
Legal Notices © Copyright 2012 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents 1 BIND 9.3.2 Release Notes...........................................................................4 Announcement.........................................................................................................................4 What is in this version?.............................................................................................................4 BIND 9.3.2 features...............................................................................................................
1 BIND 9.3.2 Release Notes This document discusses the most recent product information pertaining to Berkeley Internet Name Domain (BIND) 9.3.2. It also discusses how to install BIND 9.3.2 on the HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 operating systems. Announcement BIND is a Berkeley implementation of the Domain Name System (DNS). It is a distributed network information lookup service that maps host names to Internet addresses, and Internet addresses to host names.
4034 (Resource Records for the DNS Security Extensions), and 4035 (Protocol Modifications for the DNS Security Extension). The DNSSEC implementation provides the following new features: • Signed Zone A signed zone contains additional security-related resource records (RRs). Table 1 (page 5) describes additional security-related records in BIND 9.3.2. Table 1 Security-Related RRs in a Signed Zone • RR Type Description DNS Public Key (DNSKEY) Enables normal DNS resolution and stores public keys.
Support for the ip6.arpa domain BIND 9.3.2 uses the ip6.arpa domain for IPv6 forward lookups, instead of the ip6.int domain. However, BIND 9.3.2 continues to support the ip6.int domain for backward compatibility. BIND 9.3.2 also uses the ip6.arpa domain for storing IPv6 addresses in the DNS. The existing queries that perform additional section processing to locate IPv4 addresses are redefined to perform additional section processing on both IPv4 and IPv6 addresses. The ip6.
Table 3 New Options in the Options Statement (continued) Option Description key-directory Specifies the location of the public and private key files if the current directory is not the working directory memstatistics-file Specifies the pathname of the file where the server writes memory usage statistics upon exit. The default file is named.memstats. flush-zones-on-shutdown Specifies whether any pending zone writes must be flushed when the name server exits because of a SIGTERM signal.
New option to configure the ordering of records The new rrset-order option in the options statement enables you to configure the ordering of the records in a multiple-record response. When the name server returns multiple records in a response, it is useful to configure the order of the records placed into the response.
New options to enable and disable IXFR In BIND 9.3.2, the incremental zone transfer (IXFR) feature is enabled by default. describes the new options available in the options statement that can be used to enable and disable IXFR. Table 4 Options to Enable and Disable IXFR Option Description provide-ixfr yes_or_no; Determines whether the local server, which acts as a master, responds with an incremental zone transfer when the remove slave server requests an IXFR.
file to be synchronized into the master, and the journal file to be removed. All dynamic update attempts are refused if the zone is frozen. • thaw zone [class [view]] This command enables you to update a frozen dynamic zone. This command causes the server to reload the zone from the disk and re-enables dynamic updates after the load is complete. For more information on these commands, see rndc(1). A sample rndc.conf file is distributed with this release of BIND in the /usr/examples/bind directory.
Table 5 New Command-Line Options (continued) Binaries/Tools Options Description named-checkzone -D Specifies the dump zone file in canonical format named -4 Specifies named to use only the IPv4 transport even if the host system is capable of handling IPv6 addresses named -6 Specifies named to use only the IPv6 transport even if the host system is capable of handling IPv4 addresses nsupdate -t Sets the maximum timeout value for an update request before it can abort.
• The following dig features are modified in BIND 9.3.2: • ◦ The -i option in the dig command must be used for IP6.INT IPv6 reverse lookups. By default, dig performs IP6.ARPA reverse IPv6 lookups. ◦ The output of the dig name command for Not Implemented is changed from NOTIMPL to NOTIMP. Table 6 lists the changed command-line options for the dnssec-signzone tool in BIND 9.3.2.
10. Select the BIND 9.3.2 depot under Download Software. 11. Save the BIND 9.3.2 depot in a local directory, for example, /tmp. 12. To verify that the BIND 9.3.2 depot is downloaded properly in the local directory, enter the following HP-UX MD5 Secure Checksum command at the HP-UX prompt: # md5sum The result of this command must match the fingerprint provided in the Electronic Delivery Receipt. If the result does not match, download the BIND 9.3.2 depot again.
BindUpgrade C.9.3.2.10.0 BIND special release upgrade • On an HP-UX 11i v2 operating system # Initializing... # Contacting target "hostname"... # # Target: hostname:/ # BindUpgrade C.9.3.2.10.0 BIND special release upgrade • On an HP-UX 11i v3 operating system # Initializing... # Contacting target "hostname"... # # Target: hostname:/ # # HPUX-NameServer C.9.3.2.11.0 HPUX Name Server HPUX-NameServer.NameService C.9.3.2.11.
Table 8 BIND 9.3.2 Manpages Manpage Description dnssec-keygen(1) Tool to generate keys for DNSSEC dnssec-signzone(1) Tool to sign the DNSSEC zone host(1) Utility for DNS lookup named-checkconf(1) Tool to check the syntax of the named configuration file named-checkzone(1) Tool to check the validity of a zone nslookup.
Table 9 Defects Fixed in both HP-UX 11i v1 and HP-UX 11i v2 Operating Systems Identifier Description Defects fixed in BIND 9.3.2 (C.9.3.2.10.0) QXCR1001180790 The named(1M) crashes, if subsequent queries are sent to cache an invalid record. Defects fixed in BIND 9.3.2 (C.9.3.2.9.0) QXCR1001118561 When multiple threads try to acquire locks, there is a race, because the lock handling mechanism is not synchronized. This causes the named daemon to abort.
Table 9 Defects Fixed in both HP-UX 11i v1 and HP-UX 11i v2 Operating Systems (continued) Identifier Description Defects fixed in BIND 9.3.2 (C.9.3.2.2.0) JAGag45362 Query ID generation is cryptographically weak. Defects fixed in BIND 9.3.2 (C.9.3.2.1.0) JAGag32951 named(1M) does not handle queries of type ANY properly. JAGag32950 named(1M) aborts unexpectedly under certain circumstances. JAGag24093 Under certain circumstances, DNSSEC utilities do not work properly. Defects fixed in BIND 9.3.2 (C.
Table 10 Defects Fixed in the HP-UX 11i v3 Operating System (continued) Identifier Description QXCR1000848700 Some DNS responses arriving at the host are not being delivered to the /usr/sbin/ named process but instead are directed to other processes running on the same host.