F22 Self Contained Change: BIND version 9.10

Tomas Hozza thozza at redhat.com
Tue Sep 16 11:47:28 UTC 2014 

On 09/16/2014 01:34 PM, Jaroslav Reznik wrote:
> = Proposed Self Contained Change: BIND version 9.10 = 
> https://fedoraproject.org/wiki/Changes/BIND_9.10
> 
> Change owner(s): Tomas Hozza <thozza at redhat.com>
> 
> BIND (Berkeley Internet Name Domain) version 9.10 is the latest stable major 
> update of the widely used DNS server. Besides new features, some settings 
> defaults have changed since the previous major version (9.9). 
> 
> == Detailed Description ==
> 
> FULL BIND 9.10 RELEASE NOTES [1]
> 
> === New features ===
> * New zone file format, "map", stores zone data in a format that can be mapped 
> directly into memory, allowing significantly faster zone loading.
> * New tool "delv" (domain entity lookup and validation) with dig-like 
> semantics for looking up DNS data and performing internal DNSSEC validation 
> has been added.
> * New "prefetch" option improving the recursive resolver performance has been 
> added.
> * Improved EDNS processing allowing better resolver performance.
> * Substantial improvements have been made in response-policy zone (RPZ) 
> performance.
> * ACLs can now be specified based on geographic location using the MaxMind 
> GeoIP databases.
> * The statistics channel can now provide data in JSON format as well as XML.
> * The new "in-view" zone option allows zone data to be shared between views, 
> so that multiple views can serve the same zones authoritatively without 
> storing multiple copies in memory.
> * Native PKCS#11 API has been added. This allows BIND 9 cryptography functions 
> to use the PKCS#11 API natively, so that BIND can drive a cryptographic 
> hardware service module (HSM) directly instead of using a modified OpenSSL as 
> an intermediary (Native PKCS#11 is known to work with the Thales nShield HSM 
> and with SoftHSM version 2 from the Open DNSSEC project.).
> * New tool "named-rrchecker" can be used to check the syntax of individual 
> resource records, and optionally to convert them to the format used for 
> unknown record types.
> * New tool "dnssec-importkey" allows "offline" DNSSEC keys (i.e., keys whose 
> private data is not stored on the system on which named is running) to be 
> published or deleted on schedule using automatic DNSKEY management.
> * Network interfaces are re-scanned automatically whenever they change.  Use 
> "automatic-interface-scan no;" to disable this feature.
> ** Added "rndc scan" to trigger an interface scan manually.
> * New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone 
> containing a higher TTL, the load fails. DDNS updates with higher TTLs are 
> accepted but the TTL is truncated.
> * Multiple DLZ databases can now be configured, and are searched in order to 
> find one that can answer an incoming query.
> * "named-checkzone" and "named-compilezone" can now read journal files.
> 
> === Feature changes ===
> * The version 3 XML schema for the statistics channel, including new 
> statistics and a flattened XML tree for faster parsing, is no longer optional. 
> The version 2 XML schema is now deprecated.
> * "named" now listens on IPv6 as well as IPv4 interfaces by default.
> * The internal and export versions of the BIND libraries (libisc, libdns, etc) 
> have been unified so that external library clients can use the same libraries 
> as BIND itself.
> * The default setting for the -U option (setting the number of UDP listeners 
> per interface) has been adjusted to improve performance.
> * Adaptive mutex locks are now used on systems which support them.
> * "rndc flushtree" now flushes matching records from the address database and 
> bad cache as well as the DNS cache. (Previously only the DNS cache was 
> flushed.)
> * The isc_bitstring API is no longer used and has been removed from the libisc 
> library.
> * The timestamps included in RRSIG records can now be read as integers 
> indicating the number of seconds since the UNIX epoch, in addition to being 
> read as formatted dates in YYYYMMDDHHMMSS format.
> 
> == Scope ==
> * Proposal owners: Rebase the package to the latest 9.10 minor version and 
> resolve possible packaging issues. (Also rebuild all currently existing 
> dependent packages listed below)
> 
> * Other developers: Rebuild dependent packages (dhcp, dnsperf, bind-dyndb-
> ldap) 
> ** Owner of this feature is co-maintainer of all dependent packages. He will 
> do the necessary rebuilds himself in cooperation with dependent packages 
> owners.
> 
> * Release engineering: N/A (not a System Wide Change) 
> * Policies and guidelines: N/A (not a System Wide Change)
> 
> [1] http://ftp.isc.org/isc/bind9/9.10.0-P2/RELEASE-NOTES-BIND-9.10.0-P2.txt
> _______________________________________________
> devel-announce mailing list
> devel-announce at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel-announce
> 

You can try BIND 9.10.1b2 using COPR repo:
http://copr-fe.cloud.fedoraproject.org/coprs/thozza/bind-9.10.1b2/

I'll update the COPR in the mean time since there is already a RC1.

Dependent packages can be found here:
http://copr-fe.cloud.fedoraproject.org/coprs/thozza/bind-9.10.1b2-dependencies/

(only bind-dyndb-ldap is missing since it needs more changes. I'm working
with the maintainer on updating the package)

Regards,
-- 
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

PGP: 1D9F3C2D
Red Hat Inc.                               http://cz.redhat.com

More information about the devel mailing list