bind-announce May 2011 archive
Main Archive Page > Month Archives  > bind-announce archives
bind-announce: ISC BIND 9.8.1b1 is now available

ISC BIND 9.8.1b1 is now available

From: Evan Hunt <each_at_nospam>
Date: Thu May 26 2011 - 16:36:21 GMT



   BIND 9.8.1b1 is the first beta release of BIND 9.8.1, a maintenance
   release for BIND 9.8.

   Please see the CHANGES file in the source code release for a complete
   list of all changes. See below for a list of changes since 9.8.0.


   The latest versions of BIND 9 software can always be found
   on our web site at There you will
   find additional information about each release, source code, and
   pre-compiled versions for certain operating systems.


   Product support information is available on for paid support options. Free
   support is provided by our user community via a mailing list.
   Information on all public email lists is available at

Thank You

   Thank you to everyone who assisted us in making this release possible.
   If you would like to contribute to ISC to assist us in continuing to
   make quality open source software, please visit our donations page at

Known issues in this release:

   * Named can fail to return a complete CNAME chain when the CNAME record
     and its target are both within zones for which the server is
     authoritative. This only happens when named is configured to be
     recursive as well as authoritative, and only effects recursive
     clients. The failure happens infrequently, but once it has started
     happening the only fix is to restart named. The bug was fixed too
     late for inclusion in this beta release, but it will be included in
     the next release.

All changes since 9.8.0:

  3112. [doc] Add missing descriptions of the update policy name
                          types "ms-self", "ms-subdomain", "krb5-self" and
                          "krb5-subdomain", which allow machines to update
                          their own records, to the BIND 9 ARM.
  3111. [bug] Improved consistency checks for dnssec-enable and
                        dnssec-validation, added test cases to the
                        checkconf system test. [RT #24398]
  3110. [bug] dnssec-signzone: Wrong error message could appear
                          when attempting to sign with no KSK. [RT #24369]
  3107. [bug] dnssec-signzone: Report the correct number of ZSKs
                          when using -x. [RT #20852]
  3105. [bug] GOST support can be suppressed by "configure
                        --without-gost" [RT #24367]
  3104. [bug] Better support for cross-compiling. [RT #24367]
  3103. [bug] Configuring 'dnssec-validation auto' in a view
                          instead of in the options statement could trigger
                          an assertion failure in named-checkconf. [RT #24382]
  3101. [bug] Zones using automatic key maintenance could fail
                          to check the key repository for updates. [RT #23744]
  3100. [security] Certain response policy zone configurations could
                          trigger an INSIST when receiving a query of type
                          RRSIG. [RT #24280]
  3099. [test] "dlz" system test now runs but gives R:SKIPPED if
                          not compiled with --with-dlz-filesystem. [RT #24146]
  3098. [bug] DLZ zones were answering without setting the AA bit.
                          [RT #24146]
  3097. [test] Add a tool to test handling of malformed packets.
                          [RT #24096]
  3096. [bug] Set KRB5_KTNAME before calling log_cred() in
                          dst_gssapi_acceptctx(). [RT #24004]
  3095. [bug] Handle isolated reserved ports in the port range.
                          [RT #23957]
  3094. [doc] Expand dns64 documentation.
  3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
  3092. [bug] Signatures for records at the zone apex could go
                          stale due to an incorrect timer setting. [RT #23769]
  3091. [bug] Fixed a bug in which zone keys that were published
                          and then subsequently activated could fail to trigger
                          automatic signing. [RT #22911]
  3090. [func] Make --with-gssapi default [RT #23738]
  3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
                          and add in order to resolve changing
                          named.conf issue. [RT #23687]
  3087. [bug] DDNS updates using SIG(0) with update-policy match
                          type "external" could cause a crash. [RT #23735]
  3086. [bug] Running dnssec-settime -f on an old-style key will
                          now force an update to the new key format even if no
                          other change has been specified, using "-P now -A now"
                          as default values. [RT #22474]
  3083. [bug] NOTIFY messages were not being sent when generating
                          a NSEC3 chain incrementally. [RT #23702]
  3082. [port] strtok_r is threads only. [RT #23747]
  3081. [bug] Failure of DNAME substitution did not return
                          YXDOMAIN. [RT #23591]
  3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
                          [RT #23587]
  3079. [bug] Handle isc_event_allocate failures in t_tasks.
                          [RT #23572]
  3078. [func] Added a new include file with function typedefs
                          for the DLZ "dlopen" driver. [RT #23629]
  3077. [bug] zone.c:zone_refreshkeys() incorrectly called
                          dns_zone_attach(), use zone->irefs instead. [RT #23303]
  3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
                          timestamp when determining which keys are active.
                          [RT #23642]
  3074. [bug] Make the adb cache read through for zone data and
                          glue learn for zone named is authoritative for.
                          [RT #22842]
  3073. [bug] managed-keys changes were not properly being recorded.
                          [RT #20256]
  3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
                          [RT #20256]
  3071. [bug] has_nsec could be used unintialised in
                          update.c:next_active. [RT #20256]
  3070. [bug] dnssec-signzone potential NULL pointer dereference.
                          [RT #20256]
  3069. [cleanup] Silence warnings messages from clang static analysis.
                          [RT #20256]
  3068. [bug] Named failed to build with a OpenSSL without engine
                          support. [RT #23473]
  3067. [bug] ixfr-from-differences {master|slave}; failed to
                          select the master/slave zones. [RT #23580]
  3066. [func] The DLZ "dlopen" driver is now built by default,
                          no longer requiring a configure option. To
                          disable it, use "configure --without-dlopen".
                          (Note: driver not supported on win32.) [RT #23467]
  3065. [bug] RRSIG could have time stamps too far in the future.
                          [RT #23356]
  3064. [bug] powerpc: add sync instructions to the end of atomic
                          operations. [RT #23469]
  3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
  3059. [test] Added a regression test for change #3023.
  3058. [bug] Cause named to terminate at startup or rndc reconfig/
                          reload to fail, if a log file specified in the conf
                          file isn't a plain file. [RT #22771]
  3057. [bug] "rndc secroots" would abort after the first error
                          and so could miss some views. [RT #23488]
  3054. [bug] Added elliptic curve support check in
                          GOST OpenSSL engine detection. [RT #23485]
  3053. [bug] Under a sustained high query load with a finite
                          max-cache-size, it was possible for cache memory
                          to be exhausted and not recovered. [RT #23371]
  3052. [test] Fixed last autosign test report. [RT #23256]
  3051. [bug] NS records obsure DNAME records at the bottom of the
                          zone if both are present. [RT #23035]
  3050. [bug] The autosign system test was timing dependent.
                          Wait for the initial autosigning to complete
                          before running the rest of the test. [RT #23035]
  3049. [bug] Save and restore the gid when creating creating
                 at startup. [RT #23290]
  3048. [bug] Fully separate view key mangement. [RT #23419]
  3047. [bug] DNSKEY NODATA responses not cached fixed in
                          validator.c. Tests added to dnssec system test.
                          [RT #22908]
  3046. [bug] Use RRSIG original TTL to compute validated RRset
                          and RRSIG TTL. [RT #23332]
  3044. [bug] Hold the socket manager lock while freeing the socket.
                          [RT #23333]
  3043. [test] Merged in the NetBSD ATF test framework (currently
                          version 0.12) for development of future unit tests.
                        Use configure --with-atf to build ATF internally
                        or configure --with-atf=prefix to use an external
                        copy. [RT #23209]
  3042. [bug] dig +trace could fail attempting to use IPv6
                          addresses on systems with only IPv4 connectivity.
                          [RT #23297]
  3041. [bug] dnssec-signzone failed to generate new signatures on
                          ttl changes. [RT #23330]
  3040. [bug] Named failed to validate insecure zones where a node
                          with a CNAME existed between the trust anchor and the
                          top of the zone. [RT #23338]
  3038. [bug] Install <dns/rpz.h>. [RT #23342]
  3037. [doc] Update COPYRIGHT to contain all the individual
                          copyright notices that cover various parts.
  3036. [bug] Check built-in zone arguments to see if the zone
                          is re-usable or not. [RT #21914]
  3035. [cleanup] Simplify by using strlcpy. [RT #22521]
  3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
  3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
                          [RT #22521]
  3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
  3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
                          [RT #22521]
  3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
                          [RT #22521]
  3029. [bug] isc_netaddr_format() handle a zero sized buffer.
                          [RT #22521]
  3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
                          [RT #22521]
  3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
                          catch NULL pointer dereferences before they happen.
                          [RT #22521]
  3026. [bug] lib/isc/httpd.c: check that we have enough space
                          after calling grow_headerspace() and if not
                          re-call grow_headerspace() until we do. [RT #22521]

-- Evan Hunt -- Internet Systems Consortium, Inc. _______________________________________________ bind-announce mailing list