https://fedoraproject.org/wiki/Changes/BIND9.16
== Summary ==
BIND 9 would be updated to upcoming stable version BIND 9.16.
== Owner ==
* Name: [[User:pemensik| Petr Menšík]]
* Email: pemensik at
redhat.com, dns-sig at fedoraproject dot org
== Detailed Description ==
ISC BIND 9 stayed longer time on 9.11 Extended Support Version,
because dhcp and freeipa depended on it. DHCP package no longer
requires bind-export-libs, which new BIND 9.16 does not support.
FreeIPA part bind-dyndb-ldap were also modified to support new
version.
BIND 9.16 includes more easy way to provide DNSSEC
([
https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-...
KASP]).
== Benefit to Fedora ==
Stable version under most the active development is packaged again.
Introduces
[
https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-...
DNSSEC Key and Signing Policy] without external tools like opendnssec.
Also client tools from '''bind-utils''' now support yaml export
format
(''dig, mdig, delv'').
== Scope ==
* Proposal owners:
* Other developers: N/A
* Release engineering: N/A
* Policies and guidelines: N/A
* Trademark approval: N/A
* Alignment with Objectives:
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
*
[
https://downloads.isc.org/isc/bind9/9.11.26/doc/arm/Bv9ARM.ch05.html#ligh...
lightweight resolver (lwres)] server and nss client plugin are no
longer provided.
* named version with database backends support (bind-sdb) is also no
longer provided as subpackage. Instead several bind-dlz-* plugins are
offered as runtime loadable plugins, which require modification to
named configuration. They offer the same functionality with just
'''bind''' package and selected plugin.
* ''dnssec-enabled'' option is not supported anymore, it is always set
to ''yes''. ''dnssec-validation'' can be still turned
off.
== How To Test ==
System administrators would receive the most recent stable version of
BIND, with improved performance and features.
Prerelease is available on
[
https://copr.fedorainfracloud.org/coprs/pemensik/bind-9.16/ COPR].
== User Experience ==
* named service supports ''dnssec-policy'' option, merging
''dnssec-keymgr'' into ''named''.
* DNSSEC trust anchors were merged into ''trust-anchors'' section,
replacing previous ''trusted-keys'' and ''managed-keys''.
* '''dig +yaml''' provides machine parseable output in YAML
format
== Dependencies ==
* bind-dyndb-ldap (required by freeipa)
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change), Yes/No
* Blocks product? product
== Documentation ==
* Upstream [
https://bind9.readthedocs.io/en/v9_16_10/notes.html BIND
9.16 Release Notes]
* [
https://bind9.readthedocs.io/en/v9_16_10/notes.html#notes-for-bind-9-16-0
Added and removed features]
* Upstream [
https://downloads.isc.org/isc/bind9/9.14.0/RELEASE-NOTES-bind-9.14.0.html
BIND 9.14 Release Notes]
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis