https://fedoraproject.org/wiki/Changes/BIND9.16 == Summary == BIND 9 would be updated to upcoming stable version BIND 9.16. == Owner == * Name: [[User:pemensik| Petr Menšík]] * Email: pemensik at redhat.com, dns-sig at fedoraproject dot org == Detailed Description == ISC BIND 9 stayed longer time on 9.11 Extended Support Version, because dhcp and freeipa depended on it. DHCP package no longer requires bind-export-libs, which new BIND 9.16 does not support. FreeIPA part bind-dyndb-ldap were also modified to support new version. BIND 9.16 includes more easy way to provide DNSSEC ([https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-Policy-(KASP) KASP]). == Benefit to Fedora == Stable version under most the active development is packaged again. Introduces [https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-Policy-(KASP) DNSSEC Key and Signing Policy] without external tools like opendnssec. Also client tools from '''bind-utils''' now support yaml export format (''dig, mdig, delv''). == Scope == * Proposal owners: * Other developers: N/A * Release engineering: N/A * Policies and guidelines: N/A * Trademark approval: N/A * Alignment with Objectives: == Upgrade/compatibility impact == N/A (not a System Wide Change) * [https://downloads.isc.org/isc/bind9/9.11.26/doc/arm/Bv9ARM.ch05.html#lightweight_resolver lightweight resolver (lwres)] server and nss client plugin are no longer provided. * named version with database backends support (bind-sdb) is also no longer provided as subpackage. Instead several bind-dlz-* plugins are offered as runtime loadable plugins, which require modification to named configuration. They offer the same functionality with just '''bind''' package and selected plugin. * ''dnssec-enabled'' option is not supported anymore, it is always set to ''yes''. ''dnssec-validation'' can be still turned off. == How To Test == System administrators would receive the most recent stable version of BIND, with improved performance and features. Prerelease is available on [https://copr.fedorainfracloud.org/coprs/pemensik/bind-9.16/ COPR]. == User Experience == * named service supports ''dnssec-policy'' option, merging ''dnssec-keymgr'' into ''named''. * DNSSEC trust anchors were merged into ''trust-anchors'' section, replacing previous ''trusted-keys'' and ''managed-keys''. * '''dig +yaml''' provides machine parseable output in YAML format == Dependencies == * bind-dyndb-ldap (required by freeipa) == Contingency Plan == * Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change) * Contingency deadline: N/A (not a System Wide Change) * Blocks release? N/A (not a System Wide Change), Yes/No * Blocks product? product == Documentation == * Upstream [https://bind9.readthedocs.io/en/v9_16_10/notes.html BIND 9.16 Release Notes] * [https://bind9.readthedocs.io/en/v9_16_10/notes.html#notes-for-bind-9-16-0 Added and removed features] * Upstream [https://downloads.isc.org/isc/bind9/9.14.0/RELEASE-NOTES-bind-9.14.0.html BIND 9.14 Release Notes] -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
