BIND 9.7.3 Release Notes HP-UX 11i v3 (761997-001, January 2014)
Table Of Contents
- BIND 9.7.3 Release Notes
- Contents
- HP secure development lifecycle
- 1 BIND 9.7.3 release notes
- Announcement
- What is in this version?
- Fully automatic signing of zones by "named"
- Simplified configuration of DNSSEC Lookaside Validation (DLV)
- Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local” update-policy option (As a side effect, this also makes it easier to configure automatic zone re-signing)
- New named option "attach-cache" that allows multiple views to share a single cache
- DNS rebinding attack prevention
- New default values for dnssec-keygen parameters
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key maintenance
- Named and other binaries can now print out a stack backtrace on assertion failure, to aid in debugging
- Full NSEC3 support
- Automatic zone re-signing
- Default PID file location
- Default TTL with nsupdate
- Randomize server selection on queries
- Specify max sockets on named command line
- GSS-TSIG support (RFC 3645)
- More detailed statistics counters
- Faster ACL processing and efficient LRU cache cleaning mechanism
- NSID support (RFC 5001)
- Implementation of "additional section caching"
- Convenient syntax for already existing options like query-source, server statement in rndc.conf
- New acl option “allow-query-cache”
- Additional fields for already existing options like ixfr-from-differences
- Journal file names are configurable
- New control options for rndc like notify, sign, validation and querylog
- Error messages are now more informative
- Scope of some ACL (e.g. allow-update) was changed in named.conf.
- New options to control behavior of DNS NOTIFY
- UNIX domain controls channel are now supported
- Introduction of new zonefile format to enhance loading performance
- Extended post zone load checks. New configuration options for same
- Dig now has new options
- Recursive clients for same query can now be controlled with new configuration options
- Automatic empty zone are now fully covered as mentioned in RFC 1918 zones
- New update-policy fields added
- New algorithms support
- The EDNS response / reply sizes can now be configured
- Defaults have been changed for some configuration and binary options
- DNSSEC validation is set by default and can be unset explicitly
- SPF (Sender Policy Framework) support
- Support for new resource records
- New binaries have been added
- Changed features
- Installing BIND 9.7.3
- Prerequisites
- Installation instructions
- Verifying the BIND 9.7.3 installation
- Unsupported features
- Known problems
- Related information
- Manpages
- Product documentation
- Defects fixed in this release
- Defects fixed in the HP-UX 11i v3 operating system
- HP specific changes
- Defects for which fixes were ported from ISC:
- New deliverables in BIND 9.7.3 and their locations
Default PID file location
he default location for PID files changed from /var/run/named.pid to
/var/run/named/named.pid and /var/run/lwresd/lwresd.pid for improved
chroot/setuid support.
This allows the owner of the containing directory to be set, for "named -u" support, and allows
there to be a permanent symbolic link in the path, for "named -t" support.
Default TTL with nsupdate
New command ‘ttl’ has been introduced in nsupdate to set the default value for all updates.
Randomize server selection on queries
This feature makes the order of the server selection for queries less predictable. Previously, it used
to prefer the server with lowest RTT value.
Specify max sockets on named command line
Introduced a new option ‘–S’ for specifying the maximum number of sockets on command line.
This is used to support more listening sockets.
GSS-TSIG support (RFC 3645)
Support for GSSAPI for secure transaction key negotiation.
More detailed statistics counters
Support for most of the statistics counters of BIND 8 and also new counters are added.
New counters added to following already existing categories:
• Name Server Statistics
• Resolver Statistics
New information that can be retrieved from new counters can be categorized as:
• Zone Maintenance Statistics
• Cache DB RRsets
• Socket I/O Statistics
Faster ACL processing and efficient LRU cache cleaning mechanism
BIND 9.7.3 uses acl and varied values of max-cache-size with heavy load to increase the
nameserver performance.
NSID support (RFC 5001)
This ID enables the client to identify which server amongst a set of DNS server has answered the
query. New named.conf option server-id is introduced for publishing the nameserver ID.
A query of the form : dig @ <server> TXT CH ID.SERVER retrieves the nameserver Identifier.
Implementation of "additional section caching"
A new internal cache-framework for additional section content to improve response performance
has been introduced.
This feature improves the performance of nameserver that serves many delegations e.g the root
nameserver.
Default PID file location 9