BIND 9.7.3 Release Notes HP-UX 11i v3 (761997-001, January 2014)
Table Of Contents
- BIND 9.7.3 Release Notes
- Contents
- HP secure development lifecycle
- 1 BIND 9.7.3 release notes
- Announcement
- What is in this version?
- Fully automatic signing of zones by "named"
- Simplified configuration of DNSSEC Lookaside Validation (DLV)
- Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local” update-policy option (As a side effect, this also makes it easier to configure automatic zone re-signing)
- New named option "attach-cache" that allows multiple views to share a single cache
- DNS rebinding attack prevention
- New default values for dnssec-keygen parameters
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key maintenance
- Named and other binaries can now print out a stack backtrace on assertion failure, to aid in debugging
- Full NSEC3 support
- Automatic zone re-signing
- Default PID file location
- Default TTL with nsupdate
- Randomize server selection on queries
- Specify max sockets on named command line
- GSS-TSIG support (RFC 3645)
- More detailed statistics counters
- Faster ACL processing and efficient LRU cache cleaning mechanism
- NSID support (RFC 5001)
- Implementation of "additional section caching"
- Convenient syntax for already existing options like query-source, server statement in rndc.conf
- New acl option “allow-query-cache”
- Additional fields for already existing options like ixfr-from-differences
- Journal file names are configurable
- New control options for rndc like notify, sign, validation and querylog
- Error messages are now more informative
- Scope of some ACL (e.g. allow-update) was changed in named.conf.
- New options to control behavior of DNS NOTIFY
- UNIX domain controls channel are now supported
- Introduction of new zonefile format to enhance loading performance
- Extended post zone load checks. New configuration options for same
- Dig now has new options
- Recursive clients for same query can now be controlled with new configuration options
- Automatic empty zone are now fully covered as mentioned in RFC 1918 zones
- New update-policy fields added
- New algorithms support
- The EDNS response / reply sizes can now be configured
- Defaults have been changed for some configuration and binary options
- DNSSEC validation is set by default and can be unset explicitly
- SPF (Sender Policy Framework) support
- Support for new resource records
- New binaries have been added
- Changed features
- Installing BIND 9.7.3
- Prerequisites
- Installation instructions
- Verifying the BIND 9.7.3 installation
- Unsupported features
- Known problems
- Related information
- Manpages
- Product documentation
- Defects fixed in this release
- Defects fixed in the HP-UX 11i v3 operating system
- HP specific changes
- Defects for which fixes were ported from ISC:
- New deliverables in BIND 9.7.3 and their locations
patch to be installed. But we will keep it since if some machine does not have this patch it can
still do DNSSEC.
• arpaname: translate IP addresses to the corresponding ARPA names.
Changed features
The following are the changed features in BIND 9.7.3:
• The default value of dnssec-enable configuration parameter in named.conf has been
set to yes, earlier it was set to no.
• Default named.pid location has been changed, in source, to /var/run/named/named.pid.
Earlier, it was /var/run/named.pid.
• lwresd.pid location has been modified, in source, to /var/run/named/lwresd.pid.
Earlier it was /var/run/lwresd.pid.
• dnssec-keygen is now verbose. Its displays its progress in the generation of keys using
dots and spaces. BIND-9.7.3’s dnssec-keygen never displayed such messages. To turnoff
such messages use –q (quiet) options with dnssec-keygen.
• nsupdate in non-interactive mode treat syntax errors as fatal. So this implies that if an
nsupdate script had syntax errors, nsupdate will not continue further. In BIND 9.7.3
nsupdate continued even in this case.
• The BIND 9.7.3 dnssec-signzone requires KSK to be included before signing unlike 9.3.2.
• IN BIND9.7.3 for every NS type record a corresponding A or AAAA type record must present
in the zone database file otherwise the zone database will fail to load.
NOTE: None of these changes will affect the existing functionality behind such options getting
set.
Installing BIND 9.7.3
This section describes how to install BIND 9.7.3 on HP-UX 11i v3.
Prerequisites
There is no prerequisite for installing BIND 9.7.3 on HP-UX 11i v3.
Installation instructions
To install BIND 9.7.3, complete the following steps:
1. Review to ensure that your system meets BIND 9.7.3 installation requirements.
2. Go to the HP Software Depot website at:
http://h20293.www2.hp.com/
3. Use the Search button to browse for BIND. The product catalog page is displayed.
4. BIND in the product catalog. The BIND page is displayed.
5. Read the “Overview” and “Installation” pages for BIND.
6. Select the Receive for Free>> option at the bottom right of any of these pages.
7. Select the appropriate release of HP-UX operating system
8. Enter the registration information. Read and accept the terms and conditions statements
9. Click Next>>. The Electronic Delivery Receipt page is displayed.
10. Select the BIND 9.7.3 depot under Download Software.
11. Save the BIND 9.7.3 depot in a local directory, for example, /tmp.
14 BIND 9.7.3 release notes