Knowledge Base ISC Main Website Ask a Question/Contact ISC
BIND9 Significant Features Matrix
Author: Cathy Almond Reference Number: AA-01310 Views: 19038 Created: 2015-10-20 13:07 Last Updated: 2017-11-29 20:20 100 Rating/ 3 Voters

The "S" (stable preview) editions and the other release branches of BIND differ in a number of ways. This table lists the major feature differences for current main supported versions of BIND, (with some provisional but incomplete insight into our future release plans where features overlap with already-released branches).

Feature9.99.9 S (stable preview)
9.109.10 S 9.119.12 
Removed support for:     dig + sigchase
dlv trust anchor

Automatic interface scanning

all allall all
Case-sensitive name compression9. allall all
Crypto: Native PKCS#11

allall all all
DDOS Mitigation: DNS COOKIE (previously called SIT)

all (with --enable-sit); code point updated to COOKIE in 9.10.3 allall all
(multiple cookie secret added)
DDOS Mitigation: Faster RPZ and new triggers
allall allall all (refactored RPZ)
DDOS Mitigation: Fetch limits (DDoS mitigation for recursiveservers)9.9.8 (with --enable-fetchlimit)9.9.6-S1 (revised 9.9.8-S1)9.10.3 (with --enable-fetchlimit) allall all
DDOS Mitigation: Minimal response to 'any' queries

 all all
DDOS Mitigation: Multiple response rate limiters for different domains
DDOS Mitigation: Response rate limiting (RRL)9.9.4 (with --enable-rrl)allall allall all
DDOS Mitigation: SERVFAIL caching
 allall all
DDOS Mitigation: Size & ratio controls for response rate limiters
DDOS Mitigation: Serve Stale      all
DNSSEC: Automatic creation of CDS, CDSKEY records

 all all
DNSSEC: Negative trust anchors
 allall all

EDNS Client-Subnet (ECS) for resolver


EDNS Client-Subnet (ECS) option support for authoritative servers

 expexp exp
EDNS EXPIRE option (server side)   all (with experimental code point);
EXPIRE code point finalized in 9.10.1
 all all all
EDNS EXPIRE option (client side)     all all
EDNSImproved EDNS fallback processing

all allall all
GeoIP support
allall allall all
Management: Detailed statistics counters
allall allall all
Management: DNSTAP query/response logging
 allall all
Management: automatic DNSTAP file rolling  9.9.9-S1  all  all
Management: timestamp suffix option for rolled log files
and DNSTAP files
    all  all
Management: JSON statistics
allall allallall 
Management: New XML statistics schema9.9.3all (with --enable-newstats)all allall all
Management: Squelch duplicate named servers

 all all
Management: Traffic size statistics (per RSSAC02)

all all
nxdomain-redirect option
 allall all
Performance: EDNS TCP keepalive support    all  all
Performance: Fast "map" format zone files

all allall all
Performance: glue cache      all
Performance: Large server tuning
allall allall all
Performance: minimal responses      all
Performance: mutex locking fixes (resolver)     all all all
Performance: Pipelined TCP queries (server side)

 allall all
(longer duration connections)
Performance: TCP connection sharing for update forwarding    all all
Performance: Separate rate limiting for startup NOTIFY messages
Provisioning: Catalog zones

 all all
Provisioning: Dynamic DB (DynDB) support

 all all
Provisioning: in-view zone option

all allall all
Resolver: Cache prefetch

all allall all
Resolver: Prefer IPv6 when querying authoritative servers
 allall all
RNDC: "showzone", "modzone", faster "delzone"
 allall all
RNDC: Python module

 all all
RNDC: read-only option
 allall all
RNDC: zone status reporting

all allall all
RPZ: refactored RPZ    all  all
RPZ: Response Policy Service API      all

New utilities that have been introduced in each branch

Utility9.99.9 S (stable preview)
9.109.10 S 9.119.12 
 delv  all allall all
 dnssec-cds      all
 dnssec-checkds9.9.2allall allall all
 dnssec-coverage9.9.3allall allall all
 dnssec-keymgr     all all
 dnssec-verify9.9.2allall allall all
 dnstap-read     all all
 mdig     all all
 named-rrchecker   all all all all
 tsig-keygen  all allall all


  • "all" indicates that this feature was (or will be) introduced in the first public release of this branch
  • version numbers indicate that this feature was (or will be) introduced in the specified version, not in the first public release of the branch
  • DNS COOKIE support was introduced in 9.10 as an experimental feature using the name SIT (server identity token).  It can be enabled with --enable-sit in all unix/linux builds and is on by default in Windows.  In 9.11 the name was changed to COOKIE and the feature is enabled by default in all builds.

© 2001-2018 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

  • There is no feedback for this article
Quick Jump Menu