Knowledge Base ISC Main Website Ask a Question/Contact ISC
BIND 9.9.6-S1 (Subscription Edition) Release Notes
Author: Reference Number: AA-01215 Views: 6728 Created: 2014-10-22 13:25 Last Updated: 2014-10-22 15:38 0 Rating/ Voters

BIND 9.9.6-S1 is the newest release of the BIND 9.9 Subscription Edition.

The BIND Subscription Edition is a special release of BIND featuring new functionality not yet published in the publicly available BIND 9 branch.

Significant new features added since the previous Subscription Edition release (BIND 9.9.5-S1) are highlighted below, but for the complete list of changes and bug fixes, please see the CHANGES file.  For more details on the new features, please see the FEATURE_NOTES.

Recursive Client Rate Limiting

Added multiple experimental tuning features that can be used to optimise recursive server behavior in favor of good client queries, whilst at the same time limiting the impact of 'bad' client queries on local recursive server resource use.

PLEASE NOTE: All of these features are subject to ongoing research and may be modified or dropped in future releases.

  • Per-domain fetch limit set by "fetches-per-zone" option.
  • Per-server fetch limit set by "fetches-per-server" option.
  • Drop policy option "client-drop-policy" (defines a more flexible policy on which outstanding query to drop when too many client queries are active).

For more details on these features please see both the BIND Administrator Reference Manual (ARM) and also the KB article, Recursive Client Rate limiting in BIND 9.9 Subscription Version.

Negative Trust Anchors

The new rndc "nta" command can be used to set a temporary negative trust anchor, which disables DNSSEC validation below a specified name for a specified period of time (not exceeding 1 week.)  This can be used when validation for a domain is known to be failing due to a configuration error on the part of the domain owner rather than a spoofing attack. [RT #29358]

By default, negative trust anchors will be automatically tested periodically to see whether data below them can be validated, and if so, they will be allowed to expire early. The "rndc nta -force" option overrides this behaviour.  The default NTA lifetime and the recheck frequency can be configured by the "nta-lifetime" and "nta-recheck" named.conf options. [RT #36146]

SERVFAIL Response Caching

SERVFAIL responses can now be cached for a limited time, configured by "servfail-ttl", default 10 seconds, limit 300 (5 minutes.)  This can reduce the frequency of retries when an authoritative server is known to be failing, e.g., due to ongoing DNSSEC validation problems. [RT #21347]

Compile-time option, "--with-tuning=large"

"configure --with-tuning=large" adjusts various compiled-in constants and default settings to values suited to large servers with abundant memory. [RT #29538]

Per-zone statistics

Added per-zone stats counters to track TCP and UDP queries. [RT #35375]

Other Minor Feature Changes
  • Version printing option was added to various BIND utilities. [RT #26057] [RT #10686]
  • Only warn for SPF without TXT spf record. [RT #36210]
  • Support for CDS and CDNSKEY resource record types was added. [RT #36333]
Thank You

ISC is grateful for the support of our BIND 9 subscription customers.  Your support allows us to continue improving our software.

© 2001-2018 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

  • There is no feedback for this article
Quick Jump Menu