diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 94 |
1 files changed, 56 insertions, 38 deletions
@@ -48,18 +48,36 @@ BIND 9 For a detailed list of user-visible changes from previous releases, see the CHANGES file. - For up-to-date release notes and errata, see - http://www.isc.org/software/bind9/releasenotes + For up-to-date release notes and errata, see + http://www.isc.org/software/bind9/releasenotes + +BIND 9.8.7 + + BIND 9.8.7 includes several bug fixes and patches the security + flaws described in CVE-2013-6320 and CVE-2014-0591. It also + includes the following functional enhancements: + + - "named" now preserves the capitalization of names when + responding to queries. + - "named-checkconf -px" will print the contents of configuration + files with the shared secrets obscured, making it easier to + share configuration (e.g. when submitting a bug report) + without revealing private information. + +BIND 9.8.6 + + BIND 9.8.6 includes several bug fixes and patches the security + flaws described in CVE-2013-3919 and CVE-2013-4854. BIND 9.8.5 - BIND 9.8.5 includes several bug fixes and patches security - flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266. + BIND 9.8.5 includes several bug fixes and patches security + flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266. BIND 9.8.4 - BIND 9.8.4 includes several bug fixes and patches security - flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244. + BIND 9.8.4 includes several bug fixes and patches security + flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244. BIND 9.8.3 @@ -72,32 +90,32 @@ BIND 9.8.2 BIND 9.8.1 - BIND 9.8.1 includes a number of bug fixes and enhancements from + BIND 9.8.1 includes a number of bug fixes and enhancements from BIND 9.8 and earlier releases. New features include: - The DLZ "dlopen" driver is now built by default. - Added a new include file with function typedefs - for the DLZ "dlopen" driver. + for the DLZ "dlopen" driver. - Made "--with-gssapi" default. - More verbose error reporting from DLZ LDAP. BIND 9.8.0 - BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier - releases. New features include: - - - Built-in trust anchor for the root zone, which can be - switched on via "dnssec-validation auto;" - - Support for DNS64. - - Support for response policy zones (RPZ). - - Support for writable DLZ zones. - - Improved ease of configuration of GSS/TSIG for - interoperability with Active Directory - - Support for GOST signing algorithm for DNSSEC. - - Removed RTT Banding from server selection algorithm. - - New "static-stub" zone type. - - Allow configuration of resolver timeouts via - "resolver-query-timeout" option. + BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier + releases. New features include: + + - Built-in trust anchor for the root zone, which can be + switched on via "dnssec-validation auto;" + - Support for DNS64. + - Support for response policy zones (RPZ). + - Support for writable DLZ zones. + - Improved ease of configuration of GSS/TSIG for + interoperability with Active Directory + - Support for GOST signing algorithm for DNSSEC. + - Removed RTT Banding from server selection algorithm. + - New "static-stub" zone type. + - Allow configuration of resolver timeouts via + "resolver-query-timeout" option. BIND 9.7.0 @@ -183,9 +201,9 @@ Building Ubuntu 7.04, 7.10 Windows XP/2003/2008 - NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of - Windows, including Windows NT and Windows 2000, are no longer - supported. + NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of + Windows, including Windows NT and Windows 2000, are no longer + supported. We have recent reports from the user community that a supported version of BIND will build and run on the following systems: @@ -238,7 +256,7 @@ Building -DDIG_SIGCHASE_BU=1) Disable dropping queries from particular well known ports. -DNS_CLIENT_DROPPORT=0 - Sibling glue checking in named-checkzone is enabled by default. + Sibling glue checking in named-checkzone is enabled by default. To disable the default check set. -DCHECK_SIBLING=0 named-checkzone checks out-of-zone addresses by default. To disable this default set. -DCHECK_LOCAL=0 @@ -285,10 +303,10 @@ Building on the configure command line. The default is operating system dependent. - Support for the "fixed" rrset-order option can be enabled - or disabled by specifying "--enable-fixed-rrset" or - "--disable-fixed-rrset" on the configure command line. - The default is "disabled", to reduce memory footprint. + Support for the "fixed" rrset-order option can be enabled + or disabled by specifying "--enable-fixed-rrset" or + "--disable-fixed-rrset" on the configure command line. + The default is "disabled", to reduce memory footprint. If your operating system has integrated support for IPv6, it will be used automatically. If you have installed KAME IPv6 @@ -355,8 +373,8 @@ Documentation Frequently asked questions and their answers can be found in FAQ. - Additional information on various subjects can be found - in the other README files. + Additional information on various subjects can be found + in the other README files. Change Log @@ -373,7 +391,7 @@ Change Log [security] Fix for a significant security flaw [experimental] Used for new features when the syntax - or other aspects of the design are still + or other aspects of the design are still in flux and may change [port] Portability enhancement @@ -382,15 +400,15 @@ Change Log server addresses and keys [tuning] Changes to built-in configuration defaults - and constants to improve performanceo + and constants to improve performanceo [protocol] Updates to the DNS protocol such as new RR types - [test] Changes to the automatic tests, not - affecting server functionality + [test] Changes to the automatic tests, not + affecting server functionality - [cleanup] Minor corrections and refactoring + [cleanup] Minor corrections and refactoring [doc] Documentation |