bind-announce July 2010 archive
Main Archive Page > Month Archives  > bind-announce archives
bind-announce: BIND 9.7.2b1 is now available.

BIND 9.7.2b1 is now available.

From: Mark Andrews <marka_at_nospam>
Date: Fri Jul 23 2010 - 00:31:43 GMT

                BIND 9.7.2b1 is now available.

        BIND 9.7.2b1 is a beta version of the maintenance release for
        BIND 9.7.

BIND 9.7.2b1 can be downloaded from

The PGP signature of the distribution is at

The signature was generated with the ISC public key, which is
available at <>.

A binary kit for Windows XP and Window 2003 is at

The PGP signature of the binary kit for Windows XP and Window 2003 is at

Changes since 9.7.0.

        --- 9.7.2b1 released ---

2931. [bug] Temporarily and partially disable change 2864
                        because it would cause inifinite attempts of RRSIG
                        queries. This is an urgent care fix; we'll
                        revisit the issue and complete the fix later.
                        [RT #21710]

2930. [experimental] New "rndc addzone" and "rndc delzone" commads
                        allow dynamic addition and deletion of zones.
                        To enable this feature, specify a "new-zone-file"
                        option at the view or options level in named.conf.
                        Zone configuration information for the new zones
                        will be written into that file. To make the new
                        zones persist after a restart, "include" the file
                        into named.conf in the appropriate view. (Note:
                        This feature is not yet documented, and its syntax
                        is expected to change.) [RT #19447]

2929. [bug] Improved handling of GSS security contexts:
                         - added LRU expiration for generated TSIGs
                         - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
                         - limited lifetime of generated keys to 1 hour
                           or the lifetime of the context (whichever is
                        [RT #19737]

2925. [bug] Named failed to accept uncachable negative responses
                        from insecure zones. [RT# 21555]

2924. [func] 'rndc secroots' dump a combined summary of the
                        current managed keys combined with trusted keys.
                        [RT #20904]

2923. [bug] 'dig +trace' could drop core after "connection
                        timeout". [RT #21514]

2922. [contrib] Update zkt to version 1.0.

2921. [bug] The resolver could attempt to destroy a fetch context
                        too soon. [RT #19878]

2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
                        to IPv4 clients. New acl 'filter-aaaa' (default any).

2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
                        [RT #20840]

2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.

2917. [func] Virtual time test framework. [RT #20801]

2916. [func] Add framework to use IPv6 in tests.
                        fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7

2915. [cleanup] Be smarter about which objects we attempt to compile
                        based on configure options. [RT #21444]

2914. [bug] Make the "autosign" system test more portable.
                        [RT #20997]

2913. [func] Add pkcs#11 system tests. [RT #20784]

2912. [func] Windows clients don't like UPDATE responses that clear
                        the zone section. [RT #20986]

2911. [bug] dnssec-signzone didn't handle out of zone records well.
                        [RT #21367]

2910. [func] Sanity check Kerberos credentials. [RT #20986]

        --- 9.7.1 released ---

        --- 9.7.1rc1 released ---

2909. [bug] named-checkconf -p could die if "update-policy local;"
                        was specified in named.conf. [RT #21416]

2908. [bug] It was possible for re-signing to stop after removing
                        a DNSKEY. [RT #21384]

2907. [bug] The export version of libdns had undefined references.
                        [RT #21444]

2906. [bug] Address RFC 5011 implementation issues. [RT #20903]

2905. [port] aix: set use_atomic=yes with native compiler.
                        [RT #21402]

2904. [bug] When using DLV, sub-zones of the zones in the DLV,
                        could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing. This was
                        a unintended outcome from change 2890. [RT# 21392]

2903. [bug] managed-keys-directory missing from namedconf.c.
                        [RT #21370]

        --- 9.7.1b1 released ---

2902. [func] Add regression test for change 2897. [RT #21040]

2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

2900. [bug] The placeholder negative caching element was not
                        properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]
2899. [port] win32: Support linking against OpenSSL 1.0.0.

2898. [bug] nslookup leaked memory when -domain=value was
                        specified. [RT #21301]

2897. [bug] NSEC3 chains could be left behind when transitioning
                        to insecure. [RT #21040]
2896. [bug] "rndc sign" failed to properly update the zone
                        when adding a DNSKEY for publication only. [RT #21045]

2895. [func] genrandom: add support for the generation of multiple
                        files. [RT #20917]

2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]

2893. [bug] Improve managed keys support. New named.conf option
                        managed-keys-directory. [RT #20924]

2892. [bug] Handle REVOKED keys better. [RT #20961]

2891. [maint] Update empty-zones list to match
                        draft-ietf-dnsop-default-local-zones-13. [RT# 21099]

2890. [bug] Handle the introduction of new trusted-keys and
                        DS, DLV RRsets better. [RT #21097]

2889. [bug] Elements of the grammar where not properly reported.
                        [RT #21046]

2888. [bug] Only the first EDNS option was displayed. [RT #21273]

2887. [bug] Report the keytag times in UTC in the .key file,
                        local time is presented as a comment within the
                        comment. [RT #21223]

2886. [bug] ctime() is not thread safe. [RT #21223]

2885. [bug] Improve -fno-strict-aliasing support probing in
                        configure. [RT #21080]

2884. [bug] Insufficient valadation in dns_name_getlabelsequence().
                        [RT #21283]

2883. [bug] 'dig +short' failed to handle really large datasets.
                        [RT #21113]

2882. [bug] Remove memory context from list of active contexts
                        before clearing 'magic'. [RT #21274]

2881. [bug] Reduce the amount of time the rbtdb write lock
                        is held when closing a version. [RT #21198]

2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
                        consistent. [RT #21078]

2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
                        [RT #21106]

2878. [func] Incrementally write the master file after performing
                        a AXFR. [RT #21010]

2877. [bug] The validator failed to skip obviously mismatching
                        RRSIGs. [RT #21138]

2876. [bug] Named could return SERVFAIL for negative responses
                        from unsigned zones. [RT #21131]

2875. [bug] dns_time64_fromtext() could accept non digits.
                        [RT #21033]

2874. [bug] Cache lack of EDNS support only after the server
                        successfully responds to the query using plain DNS.
                        [RT #20930]

2873. [bug] Canceling a dynamic update via the dns/client module
                        could trigger an assertion failure. [RT #21133]

2872. [bug] Modify dns/client.c:dns_client_createx() to only
                        require one of IPv4 or IPv6 rather than both.
                        [RT #21122]

2871. [bug] Type mismatch in mem_api.c between the definition and
                        the header file, causing build failure with
                        --enable-exportlib. [RT #21138]

2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.

2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
                        [RT #20877]

2868. [cleanup] Run "make clean" at the end of configure to ensure
                        any changes made by configure are integrated.
                        Use --with-make-clean=no to disable. [RT #20994]

2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
                        don't like it. [RT #20986]

2866. [bug] Windows does not like the TSIG name being compressed.
                        [RT #20986]

2865. [bug] memset to zero [RT #20986]

2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
                        [RT #21050]

2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
                        [RT #21056]

2862. [bug] nsupdate didn't default to the parent zone when
                        updating DS records. [RT #20896]

2861. [doc] dnssec-settime man pages didn't correctly document the
                        inactivation time. [RT #21039]

2860. [bug] named-checkconf's usage was out of date. [RT #21039]

2859. [bug] When cancelling validation it was possible to leak
                        memory. [RT #20800]

2858. [bug] RTT estimates were not being adjusted on ICMP errors.
                        [RT #20772]

2857. [bug] named-checkconf did not fail on a bad trusted key.
                        [RT #20705]

2856. [bug] The size of a memory allocation was not always properly
                        recorded. [RT #20927]

2853. [bug] add_sigs() could run out of scratch space. [RT #21015]

2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]

2851. [doc] nslookup.1, removed <informalexample> from the docbook
                        source as it produced bad nroff. [RT #21007]

2850. [bug] If isc_heap_insert() failed due to memory shortage
                        the heap would have corrupted entries. [RT #20951]

        --- 9.7.0 released ---
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: _______________________________________________ bind-announce mailing list