Re: F26 Self Contained Change: BIND version 9.11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/09/2016 09:58 PM, Peter Robinson wrote:
> On Mon, Oct 3, 2016 at 11:18 AM, Jan Kurik <jkurik@xxxxxxxxxx> wrote:
> > = Proposed Self Contained Change: BIND version 9.11 =
> > https://fedoraproject.org/wiki/Changes/BIND_9.11
> >
> > Change owner(s):
> > * Tomas Hozza <thozza AT redhat DOT com>
> > * Michal Ruprich <mruprich AT redhat DOT com>
> >
> > BIND (Berkeley Internet Name Domain) version 9.11 is the latest stable
> > major update of the widely used DNS server. Besides new features, some
> > settings defaults have changed since the previous major version
> > (9.10).
> >
> > == Detailed Description ==
> > FULL BIND 9.11 RELEASE NOTES:
> > ftp://ftp.isc.org/isc/bind9/9.11.0b3/RELEASE-NOTES-bind-9.11.0b3.txt
> >
> > New features
> > * A new method of provisioning secondary servers called "Catalog
> > Zones" has been added.
> > * Added an isc.rndc Python module, which allows rndc commands to be
> > sent from Python programs.
> > * Added support for DynDB, a new interface for loading zone data from
> > an external database, developed by Red Hat for the FreeIPA project.
> > * New quotas have been added to limit the queries that are sent by
> > recursive resolvers to authoritative servers experiencing
> > denial-of-service attacks.
> > * Added support for dnstap, a fast, flexible method for capturing and
> > logging DNS traffic.
> > * A new DNSSEC key management utility, dnssec-keymgr, has been added.
> > * nslookup will now look up IPv6 as well as IPv4 addresses by default.
> > * named will now check to see whether other name server processes are
> > running before starting up.
> > * Added server-side support for pipelined TCP queries.
> > * The new mdig command is a version of dig that sends multiple
> > pipelined queries and then waits for responses, instead of sending one
> > query and waiting the response before sending the next.
> > * A new message-compression option can be used to specify whether or
> > not to use name compression when answering queries.
> > * When loading a signed zone, named will now check whether an RRSIG's
> > inception time is in the future, and if so, it will regenerate the
> > RRSIG immediately.
> >
> > Feature changes
> > * When using native PKCS#11 cryptography (i.e., configure
> > --enable-native-pkcs11) HSM PINs of up to 256 characters can now be
> > used.
> > * Update forwarding performance has been improved by allowing a single
> > TCP connection to be shared between multiple updates.
> > * Added support for OPENPGPKEY type.
> > * Retrieving the local port range from net.ipv4.ip_local_port_range on
> > Linux is now supported.
> > * On machines with 2 or more processors (CPU), the default value for
> > the number of UDP listeners has been changed to the number of detected
> > processors minus one.
> > * Zone transfers now use smaller message sizes to improve message
> > compression. This results in reduced network usage.
> > * Added support for the AVC resource record type (Application
> > Visibility and Control).
> >
> > == Scope ==
> > Proposal owners:
> > * Rebase the package to the latest 9.11 minor version and resolve
> > possible packaging issues. (Also rebuild all currently existing
> > dependent packages listed below)
>
> Any idea if we can move back to building the dhcp package against the
> latest version and retire bind99? I don't remember the exact bugs we
> saw against 9.10 with dhcp (although I do vaguely remember some issue
> that forced the change).
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
>

Hello Peter.

ISC DHCP can be built only against BIND libraries from major version 9.9.x. In 9.9.x version they built separate "external" version of libraries, which are used by DHCP. In newer BIND versions they are building only a single version of libraries (in which they removed bunch of #IFDEFs), but unfortunately these libraries are not usable for building DHCP at this moment. ISC has other priorities at this point, as they bundle BIND sources with DHCP tarball and BIND of version 9.9.x is supported until end of 2017.

So short answer is NO, we can not retire bind99 because it is not possible to build DHCP against BIND 9.10.x nor 9.11.x.

Nevertheless bind99 is a stripped down version in which only the necessary libraries are built, without building BIND itself or any other BIND utility. So technically we have only a single version of BIND in the distribution.

Short story long (the FPC ticket which granted the exception for bind99) -> https://fedorahosted.org/fpc/ticket/502

Regards,
Tomas
-- 
Tomas Hozza
Associate Manager, Software Engineering - EMEA ENG Mainstream RHEL

PGP: 1D9F3C2D
UTC+2 (CEST)
Red Hat Inc.                 http://cz.redhat.com
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux