BIND 9.7.3 Release Notes HP-UX 11i v3 (761997-001, January 2014)
Table Of Contents
- BIND 9.7.3 Release Notes
- Contents
- HP secure development lifecycle
- 1 BIND 9.7.3 release notes
- Announcement
- What is in this version?
- Fully automatic signing of zones by "named"
- Simplified configuration of DNSSEC Lookaside Validation (DLV)
- Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local” update-policy option (As a side effect, this also makes it easier to configure automatic zone re-signing)
- New named option "attach-cache" that allows multiple views to share a single cache
- DNS rebinding attack prevention
- New default values for dnssec-keygen parameters
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key maintenance
- Named and other binaries can now print out a stack backtrace on assertion failure, to aid in debugging
- Full NSEC3 support
- Automatic zone re-signing
- Default PID file location
- Default TTL with nsupdate
- Randomize server selection on queries
- Specify max sockets on named command line
- GSS-TSIG support (RFC 3645)
- More detailed statistics counters
- Faster ACL processing and efficient LRU cache cleaning mechanism
- NSID support (RFC 5001)
- Implementation of "additional section caching"
- Convenient syntax for already existing options like query-source, server statement in rndc.conf
- New acl option “allow-query-cache”
- Additional fields for already existing options like ixfr-from-differences
- Journal file names are configurable
- New control options for rndc like notify, sign, validation and querylog
- Error messages are now more informative
- Scope of some ACL (e.g. allow-update) was changed in named.conf.
- New options to control behavior of DNS NOTIFY
- UNIX domain controls channel are now supported
- Introduction of new zonefile format to enhance loading performance
- Extended post zone load checks. New configuration options for same
- Dig now has new options
- Recursive clients for same query can now be controlled with new configuration options
- Automatic empty zone are now fully covered as mentioned in RFC 1918 zones
- New update-policy fields added
- New algorithms support
- The EDNS response / reply sizes can now be configured
- Defaults have been changed for some configuration and binary options
- DNSSEC validation is set by default and can be unset explicitly
- SPF (Sender Policy Framework) support
- Support for new resource records
- New binaries have been added
- Changed features
- Installing BIND 9.7.3
- Prerequisites
- Installation instructions
- Verifying the BIND 9.7.3 installation
- Unsupported features
- Known problems
- Related information
- Manpages
- Product documentation
- Defects fixed in this release
- Defects fixed in the HP-UX 11i v3 operating system
- HP specific changes
- Defects for which fixes were ported from ISC:
- New deliverables in BIND 9.7.3 and their locations
Contents
HP secure development lifecycle......................................................................5
1 BIND 9.7.3 release notes.............................................................................6
Announcement.........................................................................................................................6
What is in this version?.............................................................................................................6
Fully automatic signing of zones by "named"...............................................................................6
Simplified configuration of DNSSEC Lookaside Validation (DLV)......................................................6
Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local”
update-policy option (As a side effect, this also makes it easier to configure automatic zone
re-signing)...............................................................................................................................6
New named option "attach-cache" that allows multiple views to share a single cache.......................6
DNS rebinding attack prevention................................................................................................7
New default values for dnssec-keygen parameters.........................................................................7
Support for RFC 5011 automated trust anchor maintenance............................................................7
Smart signing: simplified tools for zone signing and key maintenance.............................................7
Named and other binaries can now print out a stack backtrace on assertion failure, to aid in
debugging..............................................................................................................................7
Full NSEC3 support..................................................................................................................7
Generating NSEC3 chain.....................................................................................................8
New record for NSEC3........................................................................................................8
Documented interpretations of the octet values.........................................................................8
Automatic zone re-signing.........................................................................................................8
Default PID file location.............................................................................................................9
Default TTL with nsupdate..........................................................................................................9
Randomize server selection on queries.........................................................................................9
Specify max sockets on named command line..............................................................................9
GSS-TSIG support (RFC 3645)....................................................................................................9
More detailed statistics counters.................................................................................................9
Faster ACL processing and efficient LRU cache cleaning mechanism................................................9
NSID support (RFC 5001)..........................................................................................................9
Implementation of "additional section caching" ...........................................................................9
Convenient syntax for already existing options like query-source, server statement in rndc.conf..........10
New acl option “allow-query-cache” ........................................................................................10
Additional fields for already existing options like ixfr-from-differences.............................................10
Journal file names are configurable...........................................................................................10
New control options for rndc like notify, sign, validation and querylog..........................................10
Error messages are now more informative..................................................................................10
Scope of some ACL (e.g. allow-update) was changed in named.conf.............................................10
New options to control behavior of DNS NOTIFY.......................................................................10
UNIX domain controls channel are now supported......................................................................11
Introduction of new zonefile format to enhance loading performance.............................................11
Extended post zone load checks. New configuration options for same...........................................11
Dig now has new options........................................................................................................11
Recursive clients for same query can now be controlled with new configuration options....................11
Automatic empty zone are now fully covered as mentioned in RFC 1918 zones...............................11
New update-policy fields added...............................................................................................12
New algorithms support..........................................................................................................12
The EDNS response / reply sizes can now be configured.............................................................12
Defaults have been changed for some configuration and binary options........................................12
DNSSEC validation is set by default and can be unset explicitly....................................................13
SPF (Sender Policy Framework) support......................................................................................13
Support for new resource records..............................................................................................13
Contents 3