Development release of BIND 10: bind10-devel-20120119 Welcome to the sixteenth development release of BIND 10. BIND 10 provides a C++ library for DNS (with python wrappers) and several cooperating daemons for providing authoritative DNS service (with SQLite3 which supports DNSSEC and in-memory backends), DNS forwarding, and recursive name service. While it contains prototype code and experimental interfaces, both the authoritative and resolver servers are being used in production. It also provides experimental DHCPv4 and DHCPv6 servers and a C++ library for DHCP. Documentation is included and also available via the BIND 10 website at http://bind10.isc.org/ The bind10-devel-20120119 source may be downloaded from: ftp://ftp.isc.org/isc/bind10/devel-20120119/bind10-devel-20120119.tar.gz A PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind10/devel-20120119/bind10-devel-20120119.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at https://www.isc.org/about/openpgp Users and developers are encouraged to participate on the BIND 10 mailing lists. Please provide your feedback: https://lists.isc.org/mailman/listinfo/bind10-users https://lists.isc.org/mailman/listinfo/bind10-dev Bugs may be reported as tickets via the developers website (after logging into Trac): http://bind10.isc.org/ A summary of the significant changes since the previous release include (from the ChangeLog): 363. [func] jelte Added dummy DDNS module b10-ddns. Currently it does not provide any functionality, but it is a skeleton implementation that will be expanded later. (Trac #1451, git b0d0bf39fbdc29a7879315f9b8e6d602ef3afb1b) 362. [func]* vorner Due to the socket creator changes, b10-auth and b10-resolver are no longer needed to start as root. They are started as the user they should be running, so they no longer have the -u flag for switching the user after initialization. Note: this change broke backward compatibility to boss component configuration. If your b10-config.db contains "setuid" for Boss.components, you'll need to remove that entry by hand before starting BIND 10. (Trac #1508-#1510, git edc5b3c12eb45437361484c843794416ad86bb00) 361. [func] vorner,jelte,jinmei The socket creator is now used to provide sockets. It means you can reconfigure the ports and addresses at runtime even when the rest of the bind10 runs as non root user. (Trac #805,#1522, git 1830215f884e3b5efda52bd4dbb120bdca863a6a) 360. [bug] vorner Fixed problem where bindctl crashed when a duplicate non-string item was added to a list. This error is now properly reported. (Trac #1515, git a3cf5322a73e8a97b388c6f8025b92957e5d8986) 359. [bug] kevin Corrected SOA serial check in xfrout. It now compares the SOA serial of an IXFR query with that of the server based serial number arithmetic, and replies with a single SOA record of the server's current version if the former is equal to or newer than the latter. (Trac #1462, git ceeb87f6d539c413ebdc66e4cf718e7eb8559c45) 358. [bug] jinmei b10-resolver ignored default configuration parameters if listen_on failed (this can easily happen especially for a test environment where the run time user doesn't have root privilege), and even if listen_on was updated later the resolver wouldn't work correctly unless it's fully restarted (for example, all queries would be rejected due to an empty ACL). (Trac #1424, git 2cba8cb83cde4f34842898a848c0b1182bc20597) 357. [bug] jinmei ZoneFinder::find() for database based data sources didn't correctly identify out-of-zone query name and could return a confusing result such as NXRRSET. It now returns NXDOMAIN with an empty RRset. Note: we should rather throw an exception in such a case, which should be revisited later (see Trac #1536). (Trac #1430, git b35797ba1a49c78246abc8f2387901f9690b328d) 356. [doc] tomek BIND10 Guide updated. It now describes DHCPv4 and DHCPv6 components, including their overview, usage, supported standard and limitations. libdhcp++ is also described. (Trac #1367, git 3758ab360efe1cdf616636b76f2e0fb41f2a62a0) 355. [bug] jinmei Python xfrin.diff module incorrectly combined RRSIGs of different type covered, possibly merging different TTLs. As a result a secondary server could store different RRSIGs than those at the primary server if it gets these records via IXFR. (Trac #1502, git 57b06f8cb6681f591fa63f25a053eb6f422896ef) 354. [func] tomek dhcp4: Support for DISCOVER and OFFER implemented. b10-dhcp4 is now able to offer hardcoded leases to DHCPv4 clients. dhcp6: Code refactored to use the same approach as dhcp4. (Trac #1230, git aac05f566c49daad4d3de35550cfaff31c124513) 353. [func] tomek libdhcp++: Interface detection in Linux implemented. libdhcp++ is now able (on Linux systems) to detect available network interfaces, its link-layer addresses, flags and configured IPv4 and IPv6 addresses. Interface detection on other systems is planned. (Trac #1237, git 8a040737426aece7cc92a795f2b712d7c3407513) 352. [func] tomek libdhcp++: Transmission and reception of DHCPv4 packets is now implemented. Low-level hacks are not implemented for transmission to hosts that don't have IPv4 address yet, so currently the code is usable for communication with relays only, not hosts on the same link. (Trac #1239, #1240, git f382050248b5b7ed1881b086d89be2d9dd8fe385) 351. [func] fdupont Alpha version of DHCP benchmarking tool added. "perfdhcp" is able to test both IPv4 and IPv6 servers: it can time the four-packet exchange (DORA and SARR) as well as time the initial two-packet exchange (DO and SA). More information can be obtained by invoking the utility (in tests/tools/perfdhcp) with the "-h" flag. (Trac #1450, git 85083a76107ba2236732b45524ce7018eefbaf90) 350. [func]* vorner The target parameter of ZoneFinder::find is no longer present, as the interface was awkward. To get all the RRsets of a single domain, use the new findAll method (the same applies to python version, the method is named find_all). (Trac #1483,#1484, git 0020456f8d118c9f3fd6fc585757c822b79a96f6) 349. [bug] dvv resolver: If an upstream server responds with FORMERR to an EDNS query, try querying it without EDNS. (Trac #1386, git 99ad0292af284a246fff20b3702fbd7902c45418) 348. [bug] stephen By default the logging output stream is now flushed after each write. This fixes a problem seen on some systems where the log output from different processes was jumbled up. Flushing can be disabled by setting the appropriate option in the logging configuration. (Trac #1405, git 2f0aa20b44604b671e6bde78815db39381e563bf) 347. [bug] jelte Fixed a bug where adding Zonemgr/secondary_zones without explicitly setting the class value of the added zone resulted in a cryptic error in bindctl ("Error: class"). It will now correctly default to IN if not set. This also adds better checks on the name and class values, and better errors if they are bad. (Trac #1414, git 7b122af8489acf0f28f935a19eca2c5509a3677f) 346. [build]* jreed Renamed libdhcp to libdhcp++. (Trac #1446, git d394e64f4c44f16027b1e62b4ac34e054b49221d) 345. [func] tomek dhcp4: Dummy DHCPv4 component implemented. Currently it does nothing useful, except providing skeleton implementation that can be expanded in the future. (Trac #992, git d6e33479365c8f8f62ef2b9aa5548efe6b194601) 344. [func] y-aharen src/lib/statistics: Added statistics counter library for entire server items and per zone items. Also, modified b10-auth to use it. It is also intended to use in the other modules such as b10-resolver. (Trac #510, git afddaf4c5718c2a0cc31f2eee79c4e0cc625499f) 343. [func] jelte Added IXFR-out system tests, based on the first two test sets of http://bind10.isc.org/wiki/IxfrSystemTests. (Trac #1314, git 1655bed624866a766311a01214597db01b4c7cec) 342. [bug] stephen In the resolver, a FORMERR received from an upstream nameserver now results in a SERVFAIL being returned as a response to the original query. Additional debug messages added to distinguish between different errors in packets received from upstream nameservers. (Trac #1383, git 9b2b249d23576c999a65d8c338e008cabe45f0c9) 341. [func] tomek libdhcp++: Support for handling both IPv4 and IPv6 added. Also added support for binding IPv4 sockets. (Trac #1238, git 86a4ce45115dab4d3978c36dd2dbe07edcac02ac) 340. [build] jelte Fixed several linker issues related to recent gcc versions, botan and gtest. (Trac #1442, git 91fb141bfb3aadfdf96f13e157a26636f6e9f9e3) 339. [bug] jinmei libxfr, used by b10-auth to share TCP sockets with b10-xfrout, incorrectly propagated ASIO specific exceptions to the application if the given file name was too long. This could lead to unexpected shut down of b10-auth. (Trac #1387, git a5e9d9176e9c60ef20c0f5ef59eeb6838ed47ab2) 338. [bug] jinmei b10-xfrin didn't check SOA serials of SOA and IXFR responses, which resulted in unnecessary transfer or unexpected IXFR timeouts (these issues were not overlooked but deferred to be fixed until #1278 was completed). Validation on responses to SOA queries were tightened, too. (Trac #1299, git 6ff03bb9d631023175df99248e8cc0cda586c30a) 337. [func] tomek libdhcp++: Support for DHCPv4 option that can store a single address or a list of IPv4 addresses added. Support for END option added. (Trac #1350, git cc20ff993da1ddb1c6e8a98370438b45a2be9e0a) 336. [func] jelte libdns++ (and its python wrapper) now includes a class Serial, for SOA SERIAL comparison and addition. Operations on instances of this class follow the specification from RFC 1982. Rdata::SOA::getSerial() now returns values of this type (and not uint32_t). (Trac #1278, git 2ae72d76c74f61a67590722c73ebbf631388acbd) 335. [bug]* jelte The DataSourceClientContainer class that dynamically loads datasource backend libraries no longer provides just a .so file name to its call to dlopen(), but passes it an absolute path. This means that it is no longer an system implementation detail that depends on [DY]LD_LIBRARY_PATH which file is chosen, should there be multiple options (for instance, when test-running a new build while a different version is installed). These loadable libraries are also no longer installed in the default library path, but in a subdirectory of the libexec directory of the target ($prefix/libexec/[version]/backends). This also removes the need to handle b10-xfin and b10-xfrout as 'special' hardcoded components, and they are now started as regular components as dictated by the configuration of the boss process. (Trac #1292, git 83ce13c2d85068a1bec015361e4ef8c35590a5d0) 334. [bug] jinmei b10-xfrout could potentially create an overflow response message (exceeding the 64KB max) or could create unnecessarily small messages. The former was actually unlikely to happen due to the effect of name compression, and the latter was marginal and at least shouldn't cause an interoperability problem, but these were still potential problems and were fixed. (Trac #1389, git 3fdce88046bdad392bd89ea656ec4ac3c858ca2f) 333. [bug] dvv Solaris needs "-z now" to force non-lazy binding and prevent g++ static initialization code from deadlocking. (Trac #1439, git c789138250b33b6b08262425a08a2a0469d90433) 332. [bug] vorner C++ exceptions in the isc.dns.Rdata wrapper are now converted to python ones instead of just aborting the interpreter. (Trac #1407, git 5b64e839be2906b8950f5b1e42a3fadd72fca033) Please let us know about your experiences with using BIND 10. Jeremy C. Reed ISC Release Engineer