Commit efb0d1e8 authored by Evan Hunt's avatar Evan Hunt

documentation changes setting up 9.15 development branch

parent d7b82380
Pipeline #10331 passed with stages
in 20 minutes
Functional enhancements from prior major releases of BIND 9
BIND 9.14
BIND 9.14 (a stable branch based on the 9.13 development branch) includes
a number of changes from BIND 9.12 and earlier releases. New features
include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
* Secondary zones can now be configured as "mirror" zones; their
contents are transferred in as with traditional slave zones, but are
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
* "named -V" now outputs the default paths for files used by named and
other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See https://dnsflagday.net for more details.
Cryptographic support has been modernized. BIND now uses the best
available pseudo-random number generator for the platform on which it's
built. Very old versions of OpenSSL are no longer supported. Cryptography
is now mandatory: building BIND without DNSSEC is no longer supported.
Special code to support certain legacy operating systems has also been
removed; see the file PLATFORMS.md for details of supported platforms. In
addition to OpenSSL, BIND now requires support for IPv6, threads, and
standard atomic operations provided by the C compiler.
BIND 9.12
BIND 9.12 includes a number of changes from BIND 9.11 and earlier
releases. New features include:
* named and related libraries have been substantially refactored for
improved query performance -- particularly on delegation heavy zones
-- and for improved readability, maintainability, and testability.
* Code implementing the name server query processing logic has been
moved into a new libns library, for easier testing and use in tools
other than named.
* Cached, validated NSEC and other records can now be used to synthesize
NXDOMAIN responses.
* The DNS Response Policy Service API (DNSRPS) is now supported.
* Setting 'max-journal-size default' now limits the size of journal
files to twice the size of the zone.
* dnstap-read -x prints a hex dump of the wire format of each logged DNS
message.
* dnstap output files can now be configured to roll automatically when
reaching a given size.
* Log file timestamps can now also be formatted in ISO 8601 (local) or
ISO 8601 (UTC) formats.
* Logging channels and dnstap output files can now be configured to use
a timestamp as the suffix when rolling to a new file.
* 'named-checkconf -l' lists zones found in named.conf.
* Added support for the EDNS Padding and Keepalive options.
* 'new-zones-directory' option sets the location where the configuration
data for zones added by rndc addzone is stored.
* The default key algorithm in rndc-confgen is now hmac-sha256.
* filter-aaaa-on-v4 and filter-aaaa-on-v6 options are now available by
default without a configure option.
* The obsolete isc-hmac-fixup command has been removed.
BIND 9.11
BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
......
......@@ -10,6 +10,81 @@
-->
### Functional enhancements from prior major releases of BIND 9
#### BIND 9.14
BIND 9.14 (a stable branch based on the 9.13 development branch)
includes a number of changes from BIND 9.12 and earlier releases.
New features include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a plugin.
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root zone.
* Secondary zones can now be configured as "mirror" zones; their contents
are transferred in as with traditional slave zones, but are subject to
DNSSEC validation and are not treated as authoritative data when
answering. This makes it easier to configure a local copy of the root
zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below which
DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with `libidn2`.
* "named -V" now outputs the default paths for files used by named
and other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See [https://dnsflagday.net](https://dnsflagday.net)
for more details.
Cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
it's built. Very old versions of OpenSSL are no longer supported.
Cryptography is now mandatory: building BIND without DNSSEC is no
longer supported.
Special code to support certain legacy operating systems has also
been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details
of supported platforms. In addition to OpenSSL, BIND now requires
support for IPv6, threads, and standard atomic operations provided
by the C compiler.
#### BIND 9.12
BIND 9.12 includes a number of changes from BIND 9.11 and earlier releases.
New features include:
* `named` and related libraries have been substantially refactored for
improved query performance -- particularly on delegation heavy zones --
and for improved readability, maintainability, and testability.
* Code implementing the name server query processing logic has been moved
into a new `libns` library, for easier testing and use in tools other
than `named`.
* Cached, validated NSEC and other records can now be used to synthesize
NXDOMAIN responses.
* The DNS Response Policy Service API (DNSRPS) is now supported.
* Setting `'max-journal-size default'` now limits the size of journal files
to twice the size of the zone.
* `dnstap-read -x` prints a hex dump of the wire format of each logged
DNS message.
* `dnstap` output files can now be configured to roll automatically when
reaching a given size.
* Log file timestamps can now also be formatted in ISO 8601 (local) or ISO
8601 (UTC) formats.
* Logging channels and `dnstap` output files can now be configured to use a
timestamp as the suffix when rolling to a new file.
* `'named-checkconf -l'` lists zones found in `named.conf`.
* Added support for the EDNS Padding and Keepalive options.
* 'new-zones-directory' option sets the location where the configuration
data for zones added by rndc addzone is stored.
* The default key algorithm in `rndc-confgen` is now hmac-sha256.
* `filter-aaaa-on-v4` and `filter-aaaa-on-v6` options are now available
by default without a configure option.
* The obsolete `isc-hmac-fixup` command has been removed.
#### BIND 9.11
BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
......
......@@ -13,7 +13,7 @@ offer support on a "best effort" basis for some.
Regularly tested platforms
As of Jan 2019, BIND 9.13 is fully supported and regularly tested on the
As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
following systems:
* Debian 8, 9, 10
......@@ -51,7 +51,7 @@ Server 2012 R2, none of these are tested regularly by ISC.
Unsupported platforms
These are platforms on which BIND 9.13 is known not to build or run:
These are platforms on which BIND 9.15 is known not to build or run:
* Platforms without at least OpenSSL 1.0.2
* Windows 10 / x86
......
......@@ -23,7 +23,7 @@ offer support on a "best effort" basis for some.
### Regularly tested platforms
As of Jan 2019, BIND 9.13 is fully supported and regularly tested on the
As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
following systems:
* Debian 8, 9, 10
......@@ -60,7 +60,7 @@ Server 2012 R2, none of these are tested regularly by ISC.
## Unsupported platforms
These are platforms on which BIND 9.13 is known *not* to build or run:
These are platforms on which BIND 9.15 is known *not* to build or run:
* Platforms without at least OpenSSL 1.0.2
* Windows 10 / x86
......
......@@ -5,7 +5,7 @@ Contents
1. Introduction
2. Reporting bugs and getting help
3. Contributing to BIND
4. BIND 9.13 features
4. BIND 9.15 features
5. Building BIND
6. macOS
7. Dependencies
......@@ -100,45 +100,12 @@ If you prefer, you may also submit code by opening a GitLab Issue and
including your patch as an attachment, preferably generated by git
format-patch.
BIND 9.13 features
BIND 9.13 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.12 and earlier releases. New features include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
* Secondary zones can now be configured as "mirror" zones; their
contents are transferred in as with traditional slave zones, but are
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
* "named -V" now outputs the default paths for files used by named and
other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See https://dnsflagday.net for more details.
Cryptographic support has been modernized. BIND now uses the best
available pseudo-random number generator for the platform on which it's
built. Very old versions of OpenSSL are no longer supported. Cryptography
is now mandatory: building BIND without DNSSEC is no longer supported.
Special code to support certain legacy operating systems has also been
removed; see the file PLATFORMS.md for details of supported platforms. In
addition to OpenSSL, BIND now requires support for IPv6, threads, and
standard atomic operations provided by the C compiler.
BIND 9.15 features
BIND 9.15 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.14 and earlier releases. New features include:
* TBD
Building BIND
......
......@@ -15,7 +15,7 @@
1. [Introduction](#intro)
1. [Reporting bugs and getting help](#help)
1. [Contributing to BIND](#contrib)
1. [BIND 9.13 features](#features)
1. [BIND 9.15 features](#features)
1. [Building BIND](#build)
1. [macOS](#macos)
1. [Dependencies](#dependencies)
......@@ -117,47 +117,13 @@ If you prefer, you may also submit code by opening a
including your patch as an attachment, preferably generated by
`git format-patch`.
### <a name="features"/> BIND 9.13 features
### <a name="features"/> BIND 9.15 features
BIND 9.13 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.12 and earlier releases. New features
BIND 9.15 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.14 and earlier releases. New features
include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a plugin.
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root zone.
* Secondary zones can now be configured as "mirror" zones; their contents
are transferred in as with traditional slave zones, but are subject to
DNSSEC validation and are not treated as authoritative data when
answering. This makes it easier to configure a local copy of the root
zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below which
DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with `libidn2`.
* "named -V" now outputs the default paths for files used by named
and other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See [https://dnsflagday.net](https://dnsflagday.net)
for more details.
Cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
it's built. Very old versions of OpenSSL are no longer supported.
Cryptography is now mandatory: building BIND without DNSSEC is no
longer supported.
Special code to support certain legacy operating systems has also
been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details
of supported platforms. In addition to OpenSSL, BIND now requires
support for IPv6, threads, and standard atomic operations provided
by the C compiler.
* TBD
### <a name="build"/> Building BIND
......
......@@ -7,7 +7,7 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
AC_INIT(BIND, [9.13], [info@isc.org], [], [https://www.isc.org/downloads/BIND/])
AC_INIT(BIND, [9.15], [info@isc.org], [], [https://www.isc.org/downloads/BIND/])
AC_PREREQ([2.60])
AC_CONFIG_HEADER(config.h)
......
This diff is collapsed.
......@@ -8,7 +8,8 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1302
LIBREVISION = 1
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBAGE = 0
......@@ -8,7 +8,8 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1306
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBAGE = 0
......@@ -8,7 +8,8 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1301
LIBREVISION = 3
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBAGE = 0
......@@ -8,7 +8,8 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1306
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBAGE = 0
......@@ -8,7 +8,8 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1302
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBAGE = 0
......@@ -8,7 +8,8 @@
# 9.10-sub: 180-189
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1302
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBAGE = 0
......@@ -8,7 +8,8 @@
# 9.10-sub: 180-189
# 9.11: 160-169
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1304
LIBREVISION = 1
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBAGE = 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment