1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4 - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
6 - Permission to use, copy, modify, and/or distribute this software for any
7 - purpose with or without fee is hereby granted, provided that the above
8 - copyright notice and this permission notice appear in all copies.
10 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 - PERFORMANCE OF THIS SOFTWARE.
19 <!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.html,v 1.1.2.2 2010/11/29 01:16:39 tbox Exp $ -->
21 <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" type="text/css" href="release-notes.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.76.1" /></head><body><div class="article"><div class="titlepage"><hr /></div>
23 <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36111950"></a>Introduction</h2></div></div></div>
26 BIND 9.6-ESV-R3 is a maintenance release for BIND 9.6-ESV.
29 This document summarizes changes from BIND 9.6-ESV-R1 to BIND 9.6-ESV-R3.
30 Please see the CHANGES file in the source code release for a
31 complete list of all changes.
35 <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112014"></a>Download</h2></div></div></div>
38 The latest release of BIND 9 software can always be found
40 <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
41 There you will find additional information about each release,
42 source code, and some pre-compiled versions for certain operating
47 <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112037"></a>Support</h2></div></div></div>
49 <p>Product support information is available on
50 <a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
51 for paid support options. Free support is provided by our user
52 community via a mailing list. Information on all public email
54 <a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
58 <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36111986"></a>New Features</h2></div></div></div>
60 <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112025"></a>9.6-ESV-R2</h3></div></div></div>
64 <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112098"></a>9.6-ESV-R3</h3></div></div></div>
70 <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112120"></a>Feature Changes</h2></div></div></div>
72 <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112125"></a>9.6-ESV-R2</h3></div></div></div>
76 <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112135"></a>9.6-ESV-R3</h3></div></div></div>
82 <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112146"></a>Security Fixes</h2></div></div></div>
84 <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112151"></a>9.6-ESV-R2</h3></div></div></div>
88 <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112160"></a>9.6-ESV-R3</h3></div></div></div>
90 <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
91 Adding a NO DATA signed negative response to cache failed to clear
92 any matching RRSIG records already in cache. A subsequent lookup
93 of the cached NO DATA entry could crash named (INSIST) when the
94 unexpected RRSIG was also returned with the NO DATA cache entry.
95 [RT #22288] [CVE-2010-3613] [VU#706148]
96 </li><li class="listitem">
97 BIND, acting as a DNSSEC validator, was determining if the NS RRset
98 is insecure based on a value that could mean either that the RRset
99 is actually insecure or that there wasn't a matching key for the RRSIG
100 in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
101 This can happen when in the middle of a DNSKEY algorithm rollover,
102 when two different algorithms were used to sign a zone but only the
103 new set of keys are in the zone DNSKEY RRset.
104 [RT #22309] [CVE-2010-3614] [VU#837744]
109 <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112186"></a>Bug Fixes</h2></div></div></div>
111 <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112191"></a>9.6-ESV-R2</h3></div></div></div>
113 <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
114 Check that named successfully skips NSEC3 records
115 that fail to match the NSEC3PARAM record currently
118 </li><li class="listitem">
119 Worked around a race condition in the cache database memory
120 handling. Without this fix a DNS cache DB or ADB could
121 incorrectly stay in an over memory state, effectively refusing
122 further caching, which subsequently made a BIND 9 caching
125 </li><li class="listitem">
126 BIND did not properly handle non-cacheable negative responses
127 from insecure zones. This caused several non-protocol-compliant
128 zones to become unresolvable. BIND is now more accepting of
129 responses it receives from less strict servers.
131 </li><li class="listitem">
132 The resolver could attempt to destroy a fetch context too
133 soon, resulting in a crash.
135 </li><li class="listitem">
136 The placeholder negative caching element was not
137 properly constructed triggering a crash (INSIST) in
140 </li><li class="listitem">
141 Handle the introduction of new trusted-keys and
142 DS, DLV RRsets better.
144 </li><li class="listitem">
145 Fix arguments to dns_keytable_findnextkeynode() call.
149 <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112232"></a>9.6-ESV-R3</h3></div></div></div>
151 <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
152 Microsoft changed the behavior of sockets between NT/XP based
153 stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
154 behavior, 2008r2 has the new behavior. With the change, different
155 error results are possible, so ISC adapted BIND to handle the new
157 This resolves an issue where sockets would shut down on
158 Windows servers causing named to stop responding to queries.
160 </li><li class="listitem">
161 Windows has non-POSIX compliant behavior in its rename() and unlink()
162 calls. This caused journal compaction to fail on Windows BIND servers
163 with the log error: "dns_journal_compact failed: failure".
165 </li><li class="listitem">
166 'host -D' now turns on debugging messages earlier.
168 </li><li class="listitem">
169 isc_print_vsnprintf() failed to check if there was
170 space available in the buffer when adding a left
171 justified character with a non zero width,
174 </li><li class="listitem">
175 view->queryacl was being overloaded. Seperate the
176 usage into view->queryacl, view->cacheacl and
179 </li><li class="listitem">
180 win32: add more dependencies to BINDBuild.dsw.
182 </li><li class="listitem">
183 win32: named-checkzone and named-checkconf failed
184 to initialise winsock.
186 </li><li class="listitem">
187 named failed to generate a correct signed response
188 in a optout, delegation only zone with no secure
195 <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112280"></a>Known issues in this release</h2></div></div></div>
197 <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
199 "make test" will fail on OSX and possibly other operating systems.
200 The failure occurs in a new test to check for allow-query ACLs.
201 The failure is caused because the source address is not specified on
202 the dig commands issued in the test.
205 If running "make test" is part of your usual acceptance process,
206 please edit the file <code class="code">bin/tests/system/allow_query/test.sh</code>
209 <code class="code">-b 10.53.0.2</code>
211 to the <code class="code">DIGOPTS</code> line.
216 <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112315"></a>Thank You</h2></div></div></div>
219 Thank you to everyone who assisted us in making this release possible.
220 If you would like to contribute to ISC to assist us in continuing to make
221 quality open source software, please visit our donations page at
222 <a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.