BIND 9 Updates, April 2017

Maintenance - Plus

One hundred and seventy-eight tickets were resolved with 9.9.10, 9.10.5, 9.10.5-S and 9.11.1.

35 of these were minor features or feature changes and 13 were test items.

We incorporated 15 submitted patches, contributed by:

• Hannes Frederic Sowa - Use IP_PMTUDISC_OMIT if available
• Thomas Anderson - Fixing a build failure problem
• LaMont Jones - “This patch has been kicking around in the Debian tree for quite some time.”
• Tony Finch - No fewer than NINE changes from Tony!
• Stacey Jonathan Marshall - Solaris Software (Allow krb5-config to be used when configuring gssapi)
• Xose Vazquez Perez - Making sure we were aware of the IPv6 address for G.root
• Petr Spacek - From when he was still at RedHat (we were sorry to see him leave!)

The Subscriber Preview edition, 9.10.5-S, included two very significant changes:

• EDNS Client-Subnet Identifier (ECS) for caching resolver operations

  • Our implementation uses a white-list to identify servers to send client-subnet information to.
  • Naturally we also respect the client signalling requesting privacy.

• Newly re-written Response Policy Zones (RPZ) engine

  • The re-implemented RPZ is 100% backwards compatible with the older RPZ implementation (according to our tests; please let us know if you find any differently!).
  • We have eliminated the blocking that could occur when processing large RPZ updates, significantly improving usability for heavily-loaded systems.
  • This is the first installment of our 2017 BIND refactoring effort. There is more to come in BIND 9.12.