= Proposed Self Contained Change: BIND version 9.11 = https://fedoraproject.org/wiki/Changes/BIND_9.11 Change owner(s): * Tomas Hozza <thozza AT redhat DOT com> * Michal Ruprich <mruprich AT redhat DOT com> BIND (Berkeley Internet Name Domain) version 9.11 is the latest stable major update of the widely used DNS server. Besides new features, some settings defaults have changed since the previous major version (9.10). == Detailed Description == FULL BIND 9.11 RELEASE NOTES: ftp://ftp.isc.org/isc/bind9/9.11.0b3/RELEASE-NOTES-bind-9.11.0b3.txt New features * A new method of provisioning secondary servers called "Catalog Zones" has been added. * Added an isc.rndc Python module, which allows rndc commands to be sent from Python programs. * Added support for DynDB, a new interface for loading zone data from an external database, developed by Red Hat for the FreeIPA project. * New quotas have been added to limit the queries that are sent by recursive resolvers to authoritative servers experiencing denial-of-service attacks. * Added support for dnstap, a fast, flexible method for capturing and logging DNS traffic. * A new DNSSEC key management utility, dnssec-keymgr, has been added. * nslookup will now look up IPv6 as well as IPv4 addresses by default. * named will now check to see whether other name server processes are running before starting up. * Added server-side support for pipelined TCP queries. * The new mdig command is a version of dig that sends multiple pipelined queries and then waits for responses, instead of sending one query and waiting the response before sending the next. * A new message-compression option can be used to specify whether or not to use name compression when answering queries. * When loading a signed zone, named will now check whether an RRSIG's inception time is in the future, and if so, it will regenerate the RRSIG immediately. Feature changes * When using native PKCS#11 cryptography (i.e., configure --enable-native-pkcs11) HSM PINs of up to 256 characters can now be used. * Update forwarding performance has been improved by allowing a single TCP connection to be shared between multiple updates. * Added support for OPENPGPKEY type. * Retrieving the local port range from net.ipv4.ip_local_port_range on Linux is now supported. * On machines with 2 or more processors (CPU), the default value for the number of UDP listeners has been changed to the number of detected processors minus one. * Zone transfers now use smaller message sizes to improve message compression. This results in reduced network usage. * Added support for the AVC resource record type (Application Visibility and Control). == Scope == Proposal owners: * Rebase the package to the latest 9.11 minor version and resolve possible packaging issues. (Also rebuild all currently existing dependent packages listed below) Other developers: * Rebuild dependent packages (dhcp, dnsperf, bind-dyndb-ldap) Release engineering: * no work required Policies and guidelines: * no change required -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
