On 09/16/2014 01:34 PM, Jaroslav Reznik wrote: > = Proposed Self Contained Change: BIND version 9.10 = > https://fedoraproject.org/wiki/Changes/BIND_9.10 > > Change owner(s): Tomas Hozza <thozza@xxxxxxxxxx> > > BIND (Berkeley Internet Name Domain) version 9.10 is the latest stable major > update of the widely used DNS server. Besides new features, some settings > defaults have changed since the previous major version (9.9). > > == Detailed Description == > > FULL BIND 9.10 RELEASE NOTES [1] > > === New features === > * New zone file format, "map", stores zone data in a format that can be mapped > directly into memory, allowing significantly faster zone loading. > * New tool "delv" (domain entity lookup and validation) with dig-like > semantics for looking up DNS data and performing internal DNSSEC validation > has been added. > * New "prefetch" option improving the recursive resolver performance has been > added. > * Improved EDNS processing allowing better resolver performance. > * Substantial improvements have been made in response-policy zone (RPZ) > performance. > * ACLs can now be specified based on geographic location using the MaxMind > GeoIP databases. > * The statistics channel can now provide data in JSON format as well as XML. > * The new "in-view" zone option allows zone data to be shared between views, > so that multiple views can serve the same zones authoritatively without > storing multiple copies in memory. > * Native PKCS#11 API has been added. This allows BIND 9 cryptography functions > to use the PKCS#11 API natively, so that BIND can drive a cryptographic > hardware service module (HSM) directly instead of using a modified OpenSSL as > an intermediary (Native PKCS#11 is known to work with the Thales nShield HSM > and with SoftHSM version 2 from the Open DNSSEC project.). > * New tool "named-rrchecker" can be used to check the syntax of individual > resource records, and optionally to convert them to the format used for > unknown record types. > * New tool "dnssec-importkey" allows "offline" DNSSEC keys (i.e., keys whose > private data is not stored on the system on which named is running) to be > published or deleted on schedule using automatic DNSKEY management. > * Network interfaces are re-scanned automatically whenever they change. Use > "automatic-interface-scan no;" to disable this feature. > ** Added "rndc scan" to trigger an interface scan manually. > * New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone > containing a higher TTL, the load fails. DDNS updates with higher TTLs are > accepted but the TTL is truncated. > * Multiple DLZ databases can now be configured, and are searched in order to > find one that can answer an incoming query. > * "named-checkzone" and "named-compilezone" can now read journal files. > > === Feature changes === > * The version 3 XML schema for the statistics channel, including new > statistics and a flattened XML tree for faster parsing, is no longer optional. > The version 2 XML schema is now deprecated. > * "named" now listens on IPv6 as well as IPv4 interfaces by default. > * The internal and export versions of the BIND libraries (libisc, libdns, etc) > have been unified so that external library clients can use the same libraries > as BIND itself. > * The default setting for the -U option (setting the number of UDP listeners > per interface) has been adjusted to improve performance. > * Adaptive mutex locks are now used on systems which support them. > * "rndc flushtree" now flushes matching records from the address database and > bad cache as well as the DNS cache. (Previously only the DNS cache was > flushed.) > * The isc_bitstring API is no longer used and has been removed from the libisc > library. > * The timestamps included in RRSIG records can now be read as integers > indicating the number of seconds since the UNIX epoch, in addition to being > read as formatted dates in YYYYMMDDHHMMSS format. > > == Scope == > * Proposal owners: Rebase the package to the latest 9.10 minor version and > resolve possible packaging issues. (Also rebuild all currently existing > dependent packages listed below) > > * Other developers: Rebuild dependent packages (dhcp, dnsperf, bind-dyndb- > ldap) > ** Owner of this feature is co-maintainer of all dependent packages. He will > do the necessary rebuilds himself in cooperation with dependent packages > owners. > > * Release engineering: N/A (not a System Wide Change) > * Policies and guidelines: N/A (not a System Wide Change) > > [1] http://ftp.isc.org/isc/bind9/9.10.0-P2/RELEASE-NOTES-BIND-9.10.0-P2.txt > _______________________________________________ > devel-announce mailing list > devel-announce@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel-announce > You can try BIND 9.10.1b2 using COPR repo: http://copr-fe.cloud.fedoraproject.org/coprs/thozza/bind-9.10.1b2/ I'll update the COPR in the mean time since there is already a RC1. Dependent packages can be found here: http://copr-fe.cloud.fedoraproject.org/coprs/thozza/bind-9.10.1b2-dependencies/ (only bind-dyndb-ldap is missing since it needs more changes. I'm working with the maintainer on updating the package) Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
