BIND 9.16.0, Stable Branch for 2020 and Beyond

BIND 9.16.0 has been issued, beginning a new stable branch.

New releases of BIND are available for download from our downloads page.

BIND 9.11.16 and 9.14.11 are maintenance release versions of the existing 9.11 (ESV) and 9.14 release branches and contain the usual assortment of bug fixes and minor feature improvements. We plan to continue maintaining 9.11, which is our current Extended Support Version, through 2020, with security fixes through 2021. 9.16 replaces 9.14 as the new stable version. We had planned to EOL 9.14 at the end of Q1 2020, but we will extend that enough to allow a 3-month transition period for our users. During this time we will backport and issue security fixes as required. If you are running 9.14.x, we recommend you begin planning your migration to 9.16 now, and complete it within about 3 months. To review our published release plan, see this Knowledgebase article.

The bigger news in today’s set of releases is the release of BIND 9.16.0: the code refactoring, new features, and performance work which were done for the 9.15 experimental branch are now considered complete and stable enough to be moved to a production branch of BIND, capping major changes to that work and moving it to the new stable branch. Evan Hunt, one of the Senior Developers on the BIND 9 project, spoke about the refactoring effort at a recent conference. BIND 9.16 will be an especially long-lived version. Our plan is to declare 9.16 as our next Extended Support Version, after it has been in the field for a while.

Significant work included in the 9.16 branch includes:

  1. The new Key and Signing Policy (KASP) feature provides simplified DNSSEC key and signing management using policies defined by the “dnssec-policy” statement. We hope this tool will significantly facilitate ongoing key and signing maintenance. Use of this tool will be covered in our 10-webinar series on DNSSEC with BIND 9.

  2. BIND’s networking system has been substantially reworked. This does not have user-visible impact yet, but subsequent releases and features will benefit from this change. In particular, we expect to realize significant performance improvements in the 9.16 branch.

  3. The way that DNSSEC trust anchors are managed has been improved. Please note the updated CLI for this.

  4. DLV (Domain Look-aside Verification) has been deprecated since BIND 9.12. dlv.isc.org (the main service used by those previously relying on DLV, operated by ISC) was turned off in 2017. Support for DLV has now been removed from BIND 9 completely, shortening BIND’s validator by hundreds of lines of code and greatly reducing its complexity. Removing this feature required a multi-year process of notification, working with partners, and gradual deprecation to avoid disruption in the DNS.

Read more about these new editions of BIND in their release notes:

9.11.16

9.14.11

9.16.0

AUTHOR
author
Posted by: Michael McNally
TAGS
CATEGORIES
  • BIND
    • PUBLISHED
    20 Feb 2020
    FOLLOW

    Recent Posts

    What's New from ISC

    Changes to ISC Software Signing

    At the end of 2022, we are introducing some changes to the tools and procedures we use for signing the source code releases of our software, to make the whole process simpler and more robust.

    Read post
    Next post: Remote Working at ISC
    Previous post: Meet an ISC Engineer - Peter Davies!