BIND 9.7.3 Release Notes HP-UX 11i v3 (761997-001, January 2014)
Table Of Contents
- BIND 9.7.3 Release Notes
- Contents
- HP secure development lifecycle
- 1 BIND 9.7.3 release notes
- Announcement
- What is in this version?
- Fully automatic signing of zones by "named"
- Simplified configuration of DNSSEC Lookaside Validation (DLV)
- Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local” update-policy option (As a side effect, this also makes it easier to configure automatic zone re-signing)
- New named option "attach-cache" that allows multiple views to share a single cache
- DNS rebinding attack prevention
- New default values for dnssec-keygen parameters
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key maintenance
- Named and other binaries can now print out a stack backtrace on assertion failure, to aid in debugging
- Full NSEC3 support
- Automatic zone re-signing
- Default PID file location
- Default TTL with nsupdate
- Randomize server selection on queries
- Specify max sockets on named command line
- GSS-TSIG support (RFC 3645)
- More detailed statistics counters
- Faster ACL processing and efficient LRU cache cleaning mechanism
- NSID support (RFC 5001)
- Implementation of "additional section caching"
- Convenient syntax for already existing options like query-source, server statement in rndc.conf
- New acl option “allow-query-cache”
- Additional fields for already existing options like ixfr-from-differences
- Journal file names are configurable
- New control options for rndc like notify, sign, validation and querylog
- Error messages are now more informative
- Scope of some ACL (e.g. allow-update) was changed in named.conf.
- New options to control behavior of DNS NOTIFY
- UNIX domain controls channel are now supported
- Introduction of new zonefile format to enhance loading performance
- Extended post zone load checks. New configuration options for same
- Dig now has new options
- Recursive clients for same query can now be controlled with new configuration options
- Automatic empty zone are now fully covered as mentioned in RFC 1918 zones
- New update-policy fields added
- New algorithms support
- The EDNS response / reply sizes can now be configured
- Defaults have been changed for some configuration and binary options
- DNSSEC validation is set by default and can be unset explicitly
- SPF (Sender Policy Framework) support
- Support for new resource records
- New binaries have been added
- Changed features
- Installing BIND 9.7.3
- Prerequisites
- Installation instructions
- Verifying the BIND 9.7.3 installation
- Unsupported features
- Known problems
- Related information
- Manpages
- Product documentation
- Defects fixed in this release
- Defects fixed in the HP-UX 11i v3 operating system
- HP specific changes
- Defects for which fixes were ported from ISC:
- New deliverables in BIND 9.7.3 and their locations
12. To verify that the BIND 9.7.3 depot is downloaded properly in the local directory, enter the
following HP-UX MD5 Secure Checksum command at the HP-UX prompt:
# md5sum <depot_name>
The result of this command must match the fingerprint provided in the Electronic Delivery
Receipt. If the result does not match, download the BIND 9.7.3 depot again.
NOTE: The HP-UX MD5 Secure Checksum software is not installed by default on the system.
It is available at: http://h20293.www2.hp.com/
13. To install the BIND 9.7.3 depot, enter the following command at the HP-UX prompt:
# swinstall -s <fully_qualified_depot_source_path>
The swinstall window is displayed.
14. Press the space bar to select the product that you wish to install.
15. Select Install in the Action menu. The Install Analysis window is displayed.
16. Select OK when the Status field displays a Ready message. The Install window is displayed.
The BIND 9.7.3 software installation starts. The swinstall command loads the BIND 9.7.3
files on to the system in approximately 3 to 5 minutes
17. Select Done when the Status field displays a Completed message.
18. Select File->Exit to exit from the swinstall window. The named daemon is preconfigured
and starts after installation. The swinstall command installs BIND in the /opt directory.
For more information on configuring and using BIND, see the HP-UX IP Address and Client
Management Services Administrator’s Guide at
http://www.hp.com/go/hpux-networking-docs
Verifying the BIND 9.7.3 installation
To verify whether the BIND 9.7.3 depot is installed successfully on your system, enter the following
command at the HP-UX prompt:
# swlist -l product <depot_name>
If BIND 9.7.3 is installed properly, the following output is displayed on a HP-UX 11i v3 operating
system.
# Initializing...
# Contacting target "hostname"...
#
# Target: hostname:/
HPUX-NameServer C.9.7.3.4.0 HPUX Name Server
HPUX-NameServer.NameService C.9.7.3.4.0 Berkeley Internet Name Domain Server Protocol daemons and utilities
NOTE: After installation of BIND9.7.3.over BIND 9.3.2 /etc/rc.config.d/namesvrs_dns will be
overwritten so named daemon will not restart.
Unsupported features
Following features are not supported in BIND9.7.3:
• CERT types resource record
• Enabling filter-aaaa-on-v4 ACL
• Integrate contributed IDN code
• Integrate contributed DLZ code into named
• Support for Cryptoki hardware
Known problems
There are currently no known problems in BIND 9.7.3
Verifying the BIND 9.7.3 installation 15