Knowledge Base ISC Main Website Ask a Question/Contact ISC
BIND 9.10.4b2 Release Notes
Author: ISC Support Reference Number: AA-01368 Views: 951 Created: 2016-03-25 17:28 Last Updated: 2016-03-25 17:28 0 Rating/ Voters

Introduction

      This document summarizes changes since the last production release       of BIND on the corresponding major release branch.     

Download

      The latest versions of BIND 9 software can always be found at       http://www.isc.org/downloads/.       There you will find additional information about each release,       source code, and pre-compiled versions for Microsoft Windows       operating systems.     

Security Fixes

  •   Duplicate EDNS COOKIE options in a response could trigger   an assertion failure. This flaw is disclosed in CVE-2016-2088.   [RT #41809]

  •   The resolver could abort with an assertion failure due to   improper DNAME handling when parsing fetch reply   messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]

  •   Malformed control messages can trigger assertions in named   and rndc. This flaw is disclosed in CVE-2016-1285. [RT   #41666]

  •   Certain errors that could be encountered when printing out   or logging an OPT record containing a CLIENT-SUBNET option   could be mishandled, resulting in an assertion failure.   This flaw is disclosed in CVE-2015-8705. [RT #41397]

  •   Specific APL data could trigger an INSIST.  This flaw   is disclosed in CVE-2015-8704. [RT #41396]

  •   Incorrect reference counting could result in an INSIST   failure if a socket error occurred while performing a   lookup.  This flaw is disclosed in CVE-2015-8461. [RT#40945]

  •   Insufficient testing when parsing a message allowed   records with an incorrect class to be be accepted,   triggering a REQUIRE failure when those records   were subsequently cached.  This flaw is disclosed   in CVE-2015-8000. [RT #40987]

New Features

  •   The following resource record types have been implemented:   AVC, CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK.

  •   Added a warning for a common misconfiguration involving forwarded   RFC 1918 and ULA zones.

  •   Contributed software from Nominum is included in the source at   contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring   the performance of authoritative DNS servers, resperf for   testing the resolution performance of a caching DNS server,   resperf-report for generating a resperf report in HTML with   gnuplot graphs, and queryparse to extract DNS queries from   pcap capture files. This software is not installed by default   with BIND.

  •   When loading managed signed zones detect if the RRSIG's   inception time is in the future and regenerate the RRSIG   immediately. This helps when the system's clock needs to   be reset backwards.

Feature Changes

  •   Updated the compiled-in addresses for H.ROOT-SERVERS.NET.

  •   The default preferred glue is now the address type of the   transport the query was received over.

  •   On machines with 2 or more processors (CPU), the default value   for the number of UDP listeners has been changed to the number   of detected processors minus one.

  •   Zone transfers now use smaller message sizes to improve   message compression. This results in reduced network usage.

  •   named -V output now also includes operating system details.

Bug Fixes

  •   When deleting records from a zone database, interior nodes   could be left empty but not deleted, damaging search   performance afterward. [RT #40997]

  •   The server could crash due to a use-after-free if a   zone transfer timed out. [RT #41297]

  •   Authoritative servers that were marked as bogus (e.g. blackholed   in configuration or with invalid addresses) were being queried   anyway. [RT #41321]

  •   Some of the options for GeoIP ACLs, including "areacode",   "metrocode", and "timezone", were incorrectly documented   as "area", "metro" and "tz".  Both the long and abbreviated   versions are now accepted.

  •   Zones configured to use map format   master files can't be used as policy zones because RPZ   summary data isn't compiled when such zones are mapped into   memory.  This limitation may be fixed in a future release,   but in the meantime it has been documented, and attempting   to use such zones in response-policy   statements is now a configuration error.  [RT #38321]

End of Life

      The end of life for BIND 9.10 is yet to be determined but       will not be before BIND 9.12.0 has been released for 6 months.       https://www.isc.org/downloads/software-support-policy/     

Thank You

      Thank you to everyone who assisted us in making this release possible.       If you would like to contribute to ISC to assist us in continuing to       make quality open source software, please visit our donations page at       http://www.isc.org/donate/.     


© 2001-2016 Internet Systems Consortium

Please help us to improve the content of our knowledge base by letting us know below how we can improve this article.

If you have a technical question or problem on which you'd like help, please don't submit it here as article feedback.

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu