notes.xml 8.01 KB
Newer Older
Evan Hunt's avatar
Evan Hunt committed
1
2
<!DOCTYPE book [
<!ENTITY Scaron "&#x160;">
3
<!ENTITY scaron "&#x161;">
Evan Hunt's avatar
Evan Hunt committed
4
<!ENTITY ccaron "&#x10D;">
Evan Hunt's avatar
Evan Hunt committed
5
<!ENTITY aacute "&#x0E1;">
6
<!ENTITY iacute "&#x0ED;">
Evan Hunt's avatar
Evan Hunt committed
7
8
<!ENTITY mdash "&#8212;">
<!ENTITY ouml "&#xf6;">]>
Evan Hunt's avatar
Evan Hunt committed
9
<!--
10
 - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Evan Hunt's avatar
Evan Hunt committed
11
 -
12
13
14
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
15
16
17
 -
 - See the COPYRIGHT file distributed with this work for additional
 - information regarding copyright ownership.
Evan Hunt's avatar
Evan Hunt committed
18
-->
19

20
<section xmlns:db="http://docbook.org/ns/docbook" version="5.0"><info/>
Evan Hunt's avatar
Evan Hunt committed
21
22
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
  <section xml:id="relnotes_intro"><info><title>Introduction</title></info>
Evan Hunt's avatar
Evan Hunt committed
23
    <para>
24
      BIND 9.15 is an unstable development release of BIND.
Evan Hunt's avatar
Evan Hunt committed
25
      This document summarizes new features and functional changes that
Evan Hunt's avatar
Evan Hunt committed
26
      have been introduced on this branch.  With each development release
27
      leading up to the stable BIND 9.16 release, this document will be
Evan Hunt's avatar
Evan Hunt committed
28
29
30
31
32
33
      updated with additional features added and bugs fixed.
    </para>
  </section>

  <section xml:id="relnotes_versions"><info><title>Note on Version Numbering</title></info>
    <para>
34
      Until BIND 9.12, new feature development releases were tagged
Evan Hunt's avatar
Evan Hunt committed
35
36
      as "alpha" and "beta", leading up to the first stable release
      for a given development branch, which always ended in ".0".
37
      More recently, BIND adopted the "odd-unstable/even-stable"
Evan Hunt's avatar
Evan Hunt committed
38
      release numbering convention. There will be no "alpha" or "beta"
39
40
41
42
      releases in the 9.15 branch, only increasing version numbers.
      So, for example, what would previously have been called 9.15.0a1,
      9.15.0a2, 9.15.0b1, and so on, will instead be called 9.15.0,
      9.15.1, 9.15.2, etc.
Evan Hunt's avatar
Evan Hunt committed
43
44
45
    </para>
    <para>
      The first stable release from this development branch will be
46
47
48
      renamed as 9.16.0. Thereafter, maintenance releases will continue
      on the 9.16 branch, while unstable feature development proceeds in
      9.17.
Evan Hunt's avatar
Evan Hunt committed
49
    </para>
Evan Hunt's avatar
Evan Hunt committed
50
  </section>
51

52
53
  <section xml:id="relnotes_platforms"><info><title>Supported Platforms</title></info>
    <para>
54
      To build on UNIX-like systems, BIND requires support for POSIX.1c
55
56
57
58
59
      threads (IEEE Std 1003.1c-1995), the Advanced Sockets API for
      IPv6 (RFC 3542), and standard atomic operations provided by the
      C compiler.
    </para>
    <para>
60
      The OpenSSL cryptography library must be available for the target
61
62
63
64
65
      platform.  A PKCS#11 provider can be used instead for Public Key
      cryptography (i.e., DNSSEC signing and validation), but OpenSSL is
      still required for general cryptography operations such as hashing
      and random number generation.
    </para>
66
67
68
69
70
71
72
73
    <para>
      More information can be found in the <filename>PLATFORMS.md</filename>
      file that is included in the source distribution of BIND 9.  If your
      compiler and system libraries provide the above features, BIND 9
      should compile and run. If that isn't the case, the BIND
      development team will generally accept patches that add support
      for systems that are still supported by their respective vendors.
    </para>
74
75
  </section>

Evan Hunt's avatar
Evan Hunt committed
76
  <section xml:id="relnotes_download"><info><title>Download</title></info>
Evan Hunt's avatar
Evan Hunt committed
77
78
    <para>
      The latest versions of BIND 9 software can always be found at
Evan Hunt's avatar
Evan Hunt committed
79
      <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
Evan Hunt's avatar
Evan Hunt committed
80
81
82
83
      There you will find additional information about each release,
      source code, and pre-compiled versions for Microsoft Windows
      operating systems.
    </para>
Evan Hunt's avatar
Evan Hunt committed
84
  </section>
85

Evan Hunt's avatar
Evan Hunt committed
86
  <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
Evan Hunt's avatar
Evan Hunt committed
87
    <itemizedlist>
Tinderbox User's avatar
Tinderbox User committed
88
89
      <listitem>
        <para>
Evan Hunt's avatar
Evan Hunt committed
90
91
92
93
	  In certain configurations, <command>named</command> could crash
	  with an assertion failure if <command>nxdomain-redirect</command>
	  was in use and a redirected query resulted in an NXDOMAIN from the
	  cache. This flaw is disclosed in CVE-2019-6467. [GL #880]
94
95
	</para>
      </listitem>
Evan Hunt's avatar
Evan Hunt committed
96
97
98
99
100
101
102
      <listitem>
	<para>
	  The TCP client quota set using the <command>tcp-clients</command>
	  option could be exceeded in some cases. This could lead to
	  exhaustion of file descriptors. (CVE-2018-5743) [GL #615]
	</para>
      </listitem>
Evan Hunt's avatar
Evan Hunt committed
103
    </itemizedlist>
Evan Hunt's avatar
Evan Hunt committed
104
  </section>
105

Evan Hunt's avatar
Evan Hunt committed
106
  <section xml:id="relnotes_features"><info><title>New Features</title></info>
Evan Hunt's avatar
Evan Hunt committed
107
    <itemizedlist>
Witold Krecicki's avatar
Witold Krecicki committed
108
109
      <listitem>
	<para>
Mark Andrews's avatar
Mark Andrews committed
110
111
112
113
	  The new <command>add-soa</command> option specifies whether
	  or not the <command>response-policy</command> zone's SOA record
	  should be included in the additional section of RPZ responses.
	  [GL #865]
Witold Krecicki's avatar
Witold Krecicki committed
114
115
        </para>
      </listitem>
116
117
118
    </itemizedlist>
  </section>

119
120
  <section xml:id="relnotes_removed"><info><title>Removed Features</title></info>
    <itemizedlist>
Evan Hunt's avatar
Evan Hunt committed
121
122
      <listitem>
	<para>
Evan Hunt's avatar
Evan Hunt committed
123
124
125
	  The <command>dnssec-enable</command> option has been deprecated and
	  no longer has any effect. DNSSEC responses are always enabled
	  if signatures and other DNSSEC data are present. [GL #866]
126
127
	</para>
      </listitem>
128
129
130
    </itemizedlist>
  </section>

Evan Hunt's avatar
Evan Hunt committed
131
  <section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
Evan Hunt's avatar
Evan Hunt committed
132
    <itemizedlist>
Ondřej Surý's avatar
Ondřej Surý committed
133
134
      <listitem>
	<para>
135
	  None.
Evan Hunt's avatar
Evan Hunt committed
136
137
	</para>
      </listitem>
138
    </itemizedlist>
Evan Hunt's avatar
Evan Hunt committed
139
  </section>
Evan Hunt's avatar
Evan Hunt committed
140

Evan Hunt's avatar
Evan Hunt committed
141
  <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
Evan Hunt's avatar
Evan Hunt committed
142
    <itemizedlist>
Tinderbox User's avatar
Tinderbox User committed
143
144
      <listitem>
        <para>
Evan Hunt's avatar
Evan Hunt committed
145
146
147
148
149
150
	  The <command>allow-update</command> and
	  <command>allow-update-forwarding</command> options were
	  inadvertently treated as configuration errors when used at the
	  <command>options</command> or <command>view</command> level.
	  This has now been corrected.
	  [GL #913]
Evan Hunt's avatar
Evan Hunt committed
151
152
	</para>
      </listitem>
Evan Hunt's avatar
Evan Hunt committed
153
    </itemizedlist>
Evan Hunt's avatar
Evan Hunt committed
154
  </section>
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
  <section xml:id="relnotes_license"><info><title>License</title></info>
    <para>
      BIND is open source software licenced under the terms of the Mozilla
      Public License, version 2.0 (see the <filename>LICENSE</filename>
      file for the full text).
    </para>
    <para>
      The license requires that if you make changes to BIND and distribute
      them outside your organization, those changes must be published under
      the same license. It does not require that you publish or disclose
      anything other than the changes you have made to our software.  This
      requirement does not affect anyone who is using BIND, with or without
      modifications, without redistributing it, nor anyone redistributing
      BIND without changes.
    </para>
    <para>
      Those wishing to discuss license compliance may contact ISC at
      <link
	xmlns:xlink="http://www.w3.org/1999/xlink"
	xlink:href="https://www.isc.org/mission/contact/">
	https://www.isc.org/mission/contact/</link>.
    </para>
  </section>

Evan Hunt's avatar
Evan Hunt committed
180
  <section xml:id="end_of_life"><info><title>End of Life</title></info>
Mark Andrews's avatar
Mark Andrews committed
181
    <para>
182
183
      BIND 9.15 is an unstable development branch. When its development
      is complete, it will be renamed to BIND 9.16, which will be a
184
185
186
      stable branch.
    </para>
    <para>
187
      The end of life date for BIND 9.16 has not yet been determined.
188
      For those needing long term support, the current Extended Support
Evan Hunt's avatar
Evan Hunt committed
189
190
      Version (ESV) is BIND 9.11, which will be supported until at
      least December 2021. See
Evan Hunt's avatar
Evan Hunt committed
191
      <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.isc.org/downloads/software-support-policy/">https://www.isc.org/downloads/software-support-policy/</link>
192
      for details of ISC's software support policy.
Mark Andrews's avatar
Mark Andrews committed
193
    </para>
Evan Hunt's avatar
Evan Hunt committed
194
  </section>
195

196
  <section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
Evan Hunt's avatar
Evan Hunt committed
197
198
199
200
    <para>
      Thank you to everyone who assisted us in making this release possible.
      If you would like to contribute to ISC to assist us in continuing to
      make quality open source software, please visit our donations page at
Evan Hunt's avatar
Evan Hunt committed
201
      <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/donate/">http://www.isc.org/donate/</link>.
Evan Hunt's avatar
Evan Hunt committed
202
    </para>
Evan Hunt's avatar
Evan Hunt committed
203
204
  </section>
</section>