ISC BIND 9.8.1b3 Provides Startup-Performance Improvements

ISC BIND 9.8.1b3 is now available. BIND 9.8.1b3 is the third beta release of BIND 9.8.

This document summarizes changes from BIND 9.8.0 to BIND 9.8.1b3. Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest versions of BIND 9 software can always be found on our website at https://www.isc.org/download. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems.

Support Product support information is available on https://www.isc.org/support.

Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo.

New Features

Added a new include file with function typedefs for the DLZ “dlopen” driver. [RT #23629]

Added a tool able to generate malformed packets to allow testing of how named handles them. [RT #24096]

Security Fixes

  • If `named` is configured with a response policy zone (RPZ) and a query of type RRSIG is received for a name configured for RRset replacement in that RPZ, it will trigger an INSIST and crash the server. RRSIG. [RT #24280]
  • `named`, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause `named` to crash. [RT #24650] [CVE-2011-1910]
  • Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause `named` to crash. Fix is query-type independent. [RT #24715]
  • Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause `named` to crash. Now logs that DNAME is not supported. [RT #24766]
  • Change #2912 populated the message section in replies to UPDATE requests, which some Windows clients wanted. This exposed a latent bug that allowed the response message to crash `named`. With this fix, change 2912 has been reduced to copy only the zone section to the reply. A more complete fix for the latent bug will be released later. [RT #24777]

Feature Changes

Improved the startup time for an authoritative server with a large number of zones by making the zone task table of variable size rather than fixed size. This means that authoritative servers with lots of zones will be serving that zone data much sooner. [RT #24406]

Merged in the NetBSD ATF test framework (currently version 0.12) for development of future unit tests. Use configure –with-atf to build ATF internally or configure –with-atf=prefix to use an external copy. [RT #23209]

Added more verbose error reporting from DLZ LDAP. [RT #23402]

The DLZ “dlopen” driver is now built by default, no longer requiring a configure option. To disable it, use “configure–without-dlopen”. (Note: driver not supported on win32.) [RT#23467]

Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]

Make –with-gssapi default for ./configure. [RT #23738]

Bug Fixes

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at https://www.isc.org/donate.

AUTHOR
author
Posted by: Evan Hunt
TAGS
CATEGORIES
  • BIND
  • DNS
    • PUBLISHED
    12 Jul 2011
    FOLLOW

    Recent Posts

    What's New from ISC

    Changes to ISC Software Signing

    At the end of 2022, we are introducing some changes to the tools and procedures we use for signing the source code releases of our software, to make the whole process simpler and more robust.

    Read post
    Next post: A Major Improvement in BIND 9 Startup Performance
    Previous post: ISC DHCP and IPv6 – the DHCPv6 Story