1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
This is the source portion of BIND version 8.2.3-T2B. Its companions
are "doc" and "contrib" so you are probably not missing anything.
See the CHANGES file for a detailed listing of all changes. See the INSTALL
file for information on building and installing BIND.
See the SUPPORT file for information on obtaining commercial support for ISC
artifacts including BIND, INN, and DHCP.
SECURITY NOTE:
Solaris and other pre-4.4BSD kernels do not respect ownership or
protections on UNIX-domain sockets. This means that the default
path for the NDC control socket (/var/run/ndc) is such that any
user (root or other) on such systems can issue any NDC command
except "start" and "restart". The short term fix for this is to
override the default path and put such control sockets into root-
owned directories which do not permit non-root to r/w/x through them.
The medium term fix is for BIND to enforce this requirement internally.
The long term fix is for all kernels to upgrade to 4.4BSD semantics.
BIND 8.2.2 patchlevel 5 Highlights
Bug in named-xfer (from patchlevel 4).
Portability to IPv6 versions of FreeBSD, OpenBSD, NetBSD.
Portability improvements (A/UX, AIX, IRIX, NetBSD, SCO, MPE/IX, NT).
"also-notify" option could cause memory allocation errors.
IXFR improvements (though client-side is still disabled).
Contributed software upgraded (including TIS's "dns_signer").
Several latent denial-of-service bugs fixed (from audits, not abuse).
New "make noesw" top-level target for removing encumbered components.
BIND 8.2.2 Highlights
Interoperability with MS-Win2K has been improved.
Server-side IXFR is now known to work even under high load.
Support for Windows/NT (thanks to BayNetworks).
More fixes, especially to DNSSEC, TSIG, IXFR, and selective forwarding.
More portability improvements and lint removal (A/UX 3.1.1, SCO 5.0).
Better NOTIFY behaviour, especially with large update volume.
Better UPDATE handling, including SRV RR support and RFC compliance.
Fix for "ndc reload ZONENAME" (specific zone reload) problems.
Fix for round robin when multiple CNAMEs are in use.
New "min-roots" (MINROOTS) and "serial-queries" (MAXQSERIAL) options.
Log files are no longer auto-rotated every time the server starts up.
New "ndc reconfig" command only finds new/deleted zones, no stat()ing.
New global options for "transfer-source" and "also-notify".
$GENERATE now supports more record types, and options.
BIND 8.2.1 Highlights
Bug fixes, especially to DNSSEC, TSIG, IXFR, and selective forwarding.
Portability improvements and lint removal.
Use best SOA rather than first-better when selecting an AXFR master.
$TTL now accepts symbolic time values (such as "$TTL 1h30m").
"ndc reload" now accepts a zone argument, for single-zone reloads.
ndc is better behaved; is verbose or quiet when appropriate.
event and error reporting improvements.
BIND 8.2 Highlights
RFC 2308 (Negative Caching)
RFC 2181 (DNS Clarifications)
RFC 2065 (DNS Security)
TSIG (Transaction SIGnatures)
support for multiple virtual name servers
NDC uses a "control channel" now (no more signals)
"Split DNS" via zone type "forward".
Many bug fixes
Documentation improvements
Performance enhancements
BIND 8.1.2 Highlights
Security fixes for a number of problems including:
An attacker could overwrite the stack if inverse query support
was enabled.
A number of denial of service attacks where malformed packets
could cause the server to crash.
The server was willing to answer queries on its forwarding
sockets.
Several memory leaks have been plugged.
The server no longer panics if a periodic interface scan fails due
to no file descriptors being available.
Updates to a number of ports. New ports for QNX, LynxOS, HP-UX 9.x,
and HP MPE.
"files unlimited" now works as expected on systems where setting
an infinite rlim_max for RLIMIT_NOFILE works.
Adding and deleting the same record in the same dynamic update no
longer crashes the server.
If a dynamic update fails, rollback is now done in LIFO order instead
of FIFO order.
Better behavior when priming of the root servers fails.
purge_zone() didn't work correctly for the root zone, allowing
old data to persist after loading the zone.
Improved handling of oversized UDP packets.
All hosts on the also-notify list are now notified.
The meaning of the count returned by select() varies somewhat by
operating system, and this could cause previous releases of the
server to spin.
Per-host statistics may be disabled by specifying 'host-statistics no'
in named.conf.
The maximum number of zones has been increased from 32768 to 65536.
query-source may specify an address and port that the server is
already listening on. BIND 8.1.1 required that either the address
or port be wild. E.g., you can now say:
listen-on port 53 { 10.0.0.1; };
query-source address 10.0.0.1 port 53;
The value of FD_SETSIZE to use may be specified.
Experimental -u (set user id), -g (set group id), and -t (chroot)
command line options. See the INSTALL file for details.
BIND 8 Features
-> DNS Dynamic Updates (RFC 2136)
-> DNS Change Notification (RFC 1996)
-> Completely new configuration syntax
-> Flexible, categorized logging system
-> IP-address-based access control for queries, zone transfers, and
updates that may be specified on a zone-by-zone basis
-> More efficient zone transfers
-> Improved performance for servers with thousands of zones
-> The server no longer forks for outbound zone transfers
-> Many bug fixes
File and Directory Overview
CHANGES history of added features and
fixed bugs
INSTALL how to build and install
README this file
TODO features planned but not yet written
Version the version number of this release
bin/* source for executables, including
the nameserver
include/* public .h files
lib/* the resolver and various BIND
support libraries
port/* ports to various operating systems
Kits, Questions, Comments, and Bug Reports
<URL:ftp://ftp.isc.org/isc/bind/src/cur> current non-test release
<URL:ftp://ftp.isc.org/isc/bind/src/testing> latest public test kit
<URL:usenet:comp.protocols.dns.bind> using BIND
<URL:usenet:comp.protocols.dns.ops> DNS operations in general
<URL:usenet:comp.protocols.dns.std> DNS standards in general
<URL:mailto:bind-users-request@vix.com> gw'd to u:c.p.d.bind
<URL:mailto:namedroppers-request@internic.net> gw'd to u:c.p.d.std
<URL:mailto:bind-workers-request@vix.com> code warriors only please
<URL:http://www.isc.org/bind.html> the BIND home page
<URL:mailto:bind-bugs@isc.org> bug reports
To Support the Effort
Note that BIND is supported by the Internet Software Consortium, and
although it is free for use and redistribution and incorporation into
vendor products and export and anything else you can think of, it
costs money to produce. That money comes from ISPs, hardware and
software vendors, companies who make extensive use of the software,
and generally kind hearted folk such as yourself.
The Internet Software Consortium has also commissioned a DHCP server
implementation, has taken over official support/release of the INN
system, and has supported the Kerberos Version 5 effort at MIT. You
can learn more about the ISC's goals and accomplishments from the web
page at <URL:http://www.isc.org/>.
|
