bind-announce July 2010 archive
Main Archive Page > Month Archives  > bind-announce archives
bind-announce: BIND 9.7.2b1 is now available.

BIND 9.7.2b1 is now available.

From: Mark Andrews <marka_at_nospam>
Date: Fri Jul 23 2010 - 00:31:43 GMT
To: bind-announce@isc.org

                BIND 9.7.2b1 is now available.

        BIND 9.7.2b1 is a beta version of the maintenance release for
        BIND 9.7.

BIND 9.7.2b1 can be downloaded from

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz
        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz

The PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc

        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha256.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at <https://www.isc.org/about/openpgp>.

A binary kit for Windows XP and Window 2003 is at

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip

The PGP signature of the binary kit for Windows XP and Window 2003 is at
        
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc

        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha256.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.zip.sha512.asc

        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc

        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha256.asc
        http://ftp.isc.org/isc/bind9/9.7.2b1/BIND9.7.2b1.debug.zip.sha512.asc

Changes since 9.7.0.

        --- 9.7.2b1 released ---

2931. [bug] Temporarily and partially disable change 2864
                        because it would cause inifinite attempts of RRSIG
                        queries. This is an urgent care fix; we'll
                        revisit the issue and complete the fix later.
                        [RT #21710]

2930. [experimental] New "rndc addzone" and "rndc delzone" commads
                        allow dynamic addition and deletion of zones.
                        To enable this feature, specify a "new-zone-file"
                        option at the view or options level in named.conf.
                        Zone configuration information for the new zones
                        will be written into that file. To make the new
                        zones persist after a restart, "include" the file
                        into named.conf in the appropriate view. (Note:
                        This feature is not yet documented, and its syntax
                        is expected to change.) [RT #19447]

2929. [bug] Improved handling of GSS security contexts:
                         - added LRU expiration for generated TSIGs
                         - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
                         - limited lifetime of generated keys to 1 hour
                           or the lifetime of the context (whichever is
                           smaller)
                        [RT #19737]

2925. [bug] Named failed to accept uncachable negative responses
                        from insecure zones. [RT# 21555]

2924. [func] 'rndc secroots' dump a combined summary of the
                        current managed keys combined with trusted keys.
                        [RT #20904]

2923. [bug] 'dig +trace' could drop core after "connection
                        timeout". [RT #21514]

2922. [contrib] Update zkt to version 1.0.

2921. [bug] The resolver could attempt to destroy a fetch context
                        too soon. [RT #19878]

2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
                        to IPv4 clients. New acl 'filter-aaaa' (default any).

2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
                        [RT #20840]

2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.

2917. [func] Virtual time test framework. [RT #20801]

2916. [func] Add framework to use IPv6 in tests.
                        fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7

2915. [cleanup] Be smarter about which objects we attempt to compile
                        based on configure options. [RT #21444]

2914. [bug] Make the "autosign" system test more portable.
                        [RT #20997]

2913. [func] Add pkcs#11 system tests. [RT #20784]

2912. [func] Windows clients don't like UPDATE responses that clear
                        the zone section. [RT #20986]

2911. [bug] dnssec-signzone didn't handle out of zone records well.
                        [RT #21367]

2910. [func] Sanity check Kerberos credentials. [RT #20986]

        --- 9.7.1 released ---

        --- 9.7.1rc1 released ---

2909. [bug] named-checkconf -p could die if "update-policy local;"
                        was specified in named.conf. [RT #21416]

2908. [bug] It was possible for re-signing to stop after removing
                        a DNSKEY. [RT #21384]

2907. [bug] The export version of libdns had undefined references.
                        [RT #21444]

2906. [bug] Address RFC 5011 implementation issues. [RT #20903]

2905. [port] aix: set use_atomic=yes with native compiler.
                        [RT #21402]

2904. [bug] When using DLV, sub-zones of the zones in the DLV,
                        could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing. This was
                        a unintended outcome from change 2890. [RT# 21392]

2903. [bug] managed-keys-directory missing from namedconf.c.
                        [RT #21370]

        --- 9.7.1b1 released ---

2902. [func] Add regression test for change 2897. [RT #21040]

2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

2900. [bug] The placeholder negative caching element was not
                        properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]
                        
2899. [port] win32: Support linking against OpenSSL 1.0.0.

2898. [bug] nslookup leaked memory when -domain=value was
                        specified. [RT #21301]

2897. [bug] NSEC3 chains could be left behind when transitioning
                        to insecure. [RT #21040]
                        
2896. [bug] "rndc sign" failed to properly update the zone
                        when adding a DNSKEY for publication only. [RT #21045]

2895. [func] genrandom: add support for the generation of multiple
                        files. [RT #20917]

2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]

2893. [bug] Improve managed keys support. New named.conf option
                        managed-keys-directory. [RT #20924]

2892. [bug] Handle REVOKED keys better. [RT #20961]

2891. [maint] Update empty-zones list to match
                        draft-ietf-dnsop-default-local-zones-13. [RT# 21099]

2890. [bug] Handle the introduction of new trusted-keys and
                        DS, DLV RRsets better. [RT #21097]

2889. [bug] Elements of the grammar where not properly reported.
                        [RT #21046]

2888. [bug] Only the first EDNS option was displayed. [RT #21273]

2887. [bug] Report the keytag times in UTC in the .key file,
                        local time is presented as a comment within the
                        comment. [RT #21223]

2886. [bug] ctime() is not thread safe. [RT #21223]

2885. [bug] Improve -fno-strict-aliasing support probing in
                        configure. [RT #21080]

2884. [bug] Insufficient valadation in dns_name_getlabelsequence().
                        [RT #21283]

2883. [bug] 'dig +short' failed to handle really large datasets.
                        [RT #21113]

2882. [bug] Remove memory context from list of active contexts
                        before clearing 'magic'. [RT #21274]

2881. [bug] Reduce the amount of time the rbtdb write lock
                        is held when closing a version. [RT #21198]

2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
                        consistent. [RT #21078]

2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
                        [RT #21106]

2878. [func] Incrementally write the master file after performing
                        a AXFR. [RT #21010]

2877. [bug] The validator failed to skip obviously mismatching
                        RRSIGs. [RT #21138]

2876. [bug] Named could return SERVFAIL for negative responses
                        from unsigned zones. [RT #21131]

2875. [bug] dns_time64_fromtext() could accept non digits.
                        [RT #21033]

2874. [bug] Cache lack of EDNS support only after the server
                        successfully responds to the query using plain DNS.
                        [RT #20930]

2873. [bug] Canceling a dynamic update via the dns/client module
                        could trigger an assertion failure. [RT #21133]

2872. [bug] Modify dns/client.c:dns_client_createx() to only
                        require one of IPv4 or IPv6 rather than both.
                        [RT #21122]

2871. [bug] Type mismatch in mem_api.c between the definition and
                        the header file, causing build failure with
                        --enable-exportlib. [RT #21138]

2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.

2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
                        [RT #20877]

2868. [cleanup] Run "make clean" at the end of configure to ensure
                        any changes made by configure are integrated.
                        Use --with-make-clean=no to disable. [RT #20994]

2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
                        don't like it. [RT #20986]

2866. [bug] Windows does not like the TSIG name being compressed.
                        [RT #20986]

2865. [bug] memset to zero event.data. [RT #20986]

2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
                        [RT #21050]

2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
                        [RT #21056]

2862. [bug] nsupdate didn't default to the parent zone when
                        updating DS records. [RT #20896]

2861. [doc] dnssec-settime man pages didn't correctly document the
                        inactivation time. [RT #21039]

2860. [bug] named-checkconf's usage was out of date. [RT #21039]

2859. [bug] When cancelling validation it was possible to leak
                        memory. [RT #20800]

2858. [bug] RTT estimates were not being adjusted on ICMP errors.
                        [RT #20772]

2857. [bug] named-checkconf did not fail on a bad trusted key.
                        [RT #20705]

2856. [bug] The size of a memory allocation was not always properly
                        recorded. [RT #20927]

2853. [bug] add_sigs() could run out of scratch space. [RT #21015]

2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]

2851. [doc] nslookup.1, removed <informalexample> from the docbook
                        source as it produced bad nroff. [RT #21007]

2850. [bug] If isc_heap_insert() failed due to memory shortage
                        the heap would have corrupted entries. [RT #20951]

        --- 9.7.0 released ---
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org _______________________________________________ bind-announce mailing list bind-announce@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-announce