F22 Self Contained Change: BIND version 9.10

Jaroslav Reznik jreznik at redhat.com
Tue Sep 16 11:34:32 UTC 2014 

= Proposed Self Contained Change: BIND version 9.10 = 
https://fedoraproject.org/wiki/Changes/BIND_9.10

Change owner(s): Tomas Hozza <thozza at redhat.com>

BIND (Berkeley Internet Name Domain) version 9.10 is the latest stable major 
update of the widely used DNS server. Besides new features, some settings 
defaults have changed since the previous major version (9.9). 

== Detailed Description ==

FULL BIND 9.10 RELEASE NOTES [1]

=== New features ===
* New zone file format, "map", stores zone data in a format that can be mapped 
directly into memory, allowing significantly faster zone loading.
* New tool "delv" (domain entity lookup and validation) with dig-like 
semantics for looking up DNS data and performing internal DNSSEC validation 
has been added.
* New "prefetch" option improving the recursive resolver performance has been 
added.
* Improved EDNS processing allowing better resolver performance.
* Substantial improvements have been made in response-policy zone (RPZ) 
performance.
* ACLs can now be specified based on geographic location using the MaxMind 
GeoIP databases.
* The statistics channel can now provide data in JSON format as well as XML.
* The new "in-view" zone option allows zone data to be shared between views, 
so that multiple views can serve the same zones authoritatively without 
storing multiple copies in memory.
* Native PKCS#11 API has been added. This allows BIND 9 cryptography functions 
to use the PKCS#11 API natively, so that BIND can drive a cryptographic 
hardware service module (HSM) directly instead of using a modified OpenSSL as 
an intermediary (Native PKCS#11 is known to work with the Thales nShield HSM 
and with SoftHSM version 2 from the Open DNSSEC project.).
* New tool "named-rrchecker" can be used to check the syntax of individual 
resource records, and optionally to convert them to the format used for 
unknown record types.
* New tool "dnssec-importkey" allows "offline" DNSSEC keys (i.e., keys whose 
private data is not stored on the system on which named is running) to be 
published or deleted on schedule using automatic DNSKEY management.
* Network interfaces are re-scanned automatically whenever they change.  Use 
"automatic-interface-scan no;" to disable this feature.
** Added "rndc scan" to trigger an interface scan manually.
* New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone 
containing a higher TTL, the load fails. DDNS updates with higher TTLs are 
accepted but the TTL is truncated.
* Multiple DLZ databases can now be configured, and are searched in order to 
find one that can answer an incoming query.
* "named-checkzone" and "named-compilezone" can now read journal files.

=== Feature changes ===
* The version 3 XML schema for the statistics channel, including new 
statistics and a flattened XML tree for faster parsing, is no longer optional. 
The version 2 XML schema is now deprecated.
* "named" now listens on IPv6 as well as IPv4 interfaces by default.
* The internal and export versions of the BIND libraries (libisc, libdns, etc) 
have been unified so that external library clients can use the same libraries 
as BIND itself.
* The default setting for the -U option (setting the number of UDP listeners 
per interface) has been adjusted to improve performance.
* Adaptive mutex locks are now used on systems which support them.
* "rndc flushtree" now flushes matching records from the address database and 
bad cache as well as the DNS cache. (Previously only the DNS cache was 
flushed.)
* The isc_bitstring API is no longer used and has been removed from the libisc 
library.
* The timestamps included in RRSIG records can now be read as integers 
indicating the number of seconds since the UNIX epoch, in addition to being 
read as formatted dates in YYYYMMDDHHMMSS format.

== Scope ==
* Proposal owners: Rebase the package to the latest 9.10 minor version and 
resolve possible packaging issues. (Also rebuild all currently existing 
dependent packages listed below)

* Other developers: Rebuild dependent packages (dhcp, dnsperf, bind-dyndb-
ldap) 
** Owner of this feature is co-maintainer of all dependent packages. He will 
do the necessary rebuilds himself in cooperation with dependent packages 
owners.

* Release engineering: N/A (not a System Wide Change) 
* Policies and guidelines: N/A (not a System Wide Change)

[1] http://ftp.isc.org/isc/bind9/9.10.0-P2/RELEASE-NOTES-BIND-9.10.0-P2.txt

More information about the devel-announce mailing list