This is the twelfth development release of the BIND 10 suite. The significant new features include: - Auth server can sign answers using TSIG and Xfrout supports TSIG verification. - Many components switched over to use new log framework which uses log4cplus. BIND 10 includes unique log messages with detailed descriptions available in the BIND 10 Messages Manual: http://bind10.isc.org/docs/bind10-messages.html - Configurable Access Control on incoming queries for the resolver. BIND 10 is a new DNS suite. While it contains prototype code and experimental interfaces, both the authoritative and resolver servers are being used in production. It provides a C++ library for DNS (with Python wrappers) and several cooperating daemons for providing authoritative DNS service (with SQLite3 - which supports DNSSEC - and in-memory backends), forwarding, recursive caching name service, and statistics reporting. Documentation is included and also available via the BIND 10 website at http://bind10.isc.org/ The bind10-devel-20110705 source may be downloaded from: ftp://ftp.isc.org/isc/bind10/devel-20110705/bind10-devel-20110705.tar.gz A PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind10/devel-20110705/bind10-devel-20110705.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at https://www.isc.org/about/openpgp Users and developers are encouraged to participate on the BIND 10 mailing lists. Please provide your feedback: https://lists.isc.org/mailman/listinfo/bind10-users https://lists.isc.org/mailman/listinfo/bind10-dev Bugs may be reported as tickets via the developers website (after logging into Trac): http://bind10.isc.org/ A summary of the significant changes since the previous release include (from the ChangeLog): 267. [func] tomek Added a dummy module for DHCP6. This module does not actually do anything at this point, and BIND 10 has no option for starting it yet. It is included as a base for further development. (Trac #990, git 4a590df96a1b1d373e87f1f56edaceccb95f267d) 266. [func] Multiple developers Convert various error messages, debugging and other output to the new logging interface, including for b10-resolver, the resolver library, the CC library, b10-auth, b10-cfgmgr, b10-xfrin, and b10-xfrout. This includes a lot of new documentation describing the new log messages. (Trac #738, #739, #742, #746, #759, #761, #762) 265. [func]* jinmei b10-resolver: Introduced ACL on incoming queries. By default the resolver accepts queries from ::1 and 127.0.0.1 and rejects all others. The ACL can be configured with bindctl via the "Resolver/query_acl" parameter. For example, to accept queries from 192.0.2.0/24 (in addition to the default list), do this: > config add Resolver/query_acl > config set Resolver/query_acl[2]/action "ACCEPT" > config set Resolver/query_acl[2]/from "192.0.2.0/24" > config commit (Trac #999, git e0744372924442ec75809d3964e917680c57a2ce, also based on other ACL related work done by stephen and vorner) 264. [bug] jerry b10-xfrout: fixed a busy loop in its notify-out subthread. Due to the loop, the thread previously woke up every 0.5 seconds throughout most of the lifetime of b10-xfrout, wasting the corresponding CPU time. (Trac #1001, git fb993ba8c52dca4a3a261e319ed095e5af8db15a) 263. [func] jelte Logging configuration can now also accept a * as a first-level name (e.g. '*', or '*.cache'), indicating that every module should use that configuration, unless overridden by an explicit logging configuration for that module (Trac #1004, git 0fad7d4a8557741f953eda9fed1d351a3d9dc5ef) 262. [func] stephen Add some initial documentation about the logging framework. Provide BIND 10 Messages Manual in HTML and DocBook? XML formats. This provides all the log message descriptions in a single document. A developer tool, tools/system_messages.py (available in git repo), was written to generate this. (Trac #1012, git 502100d7b9cd9d2300e78826a3bddd024ef38a74) 261. [func] stephen Add new-style logging messages to b10-auth. (Trac #738, git c021505a1a0d6ecb15a8fd1592b94baff6d115f4) 260. [func] stephen Remove comma between message identification and the message text in the new-style logging messages. (Trac #1031, git 1c7930a7ba19706d388e4f8dcf2a55a886b74cd2) 259. [bug] stephen Logging now correctly initialized in b10-auth. Also, fixed bug whereby querying for "version.bind txt ch" would cause b10-auth to crash if BIND 10 was started with the "-v" switch. (Trac #1022,#1023, git 926a65fa08617be677a93e9e388df0f229b01067) 258. [build] jelte Now builds and runs with Python 3.2 (Trac #710, git dae1d2e24f993e1eef9ab429326652f40a006dfb) 257. [bug] y-aharen Fixed a bug an instance of IntervalTimerImpl may be destructed while deadline_timer is holding the handler. This fix addresses occasional failure of IntervalTimerTest.destructIntervalTimer. (Trac #957, git e59c215e14b5718f62699ec32514453b983ff603) 256. [bug] jerry src/bin/xfrin: update xfrin to check TSIG before other part of incoming message. (Trac #955, git 261450e93af0b0406178e9ef121f81e721e0855c) 255. [func] zhang likun src/lib/cache: remove empty code in lib/cache and the corresponding suppression rule in src/cppcheck-suppress.lst. (Trac #639, git 4f714bac4547d0a025afd314c309ca5cb603e212) 254. [bug] jinmei b10-xfrout: failed to send notifies over IPv6 correctly. (Trac #964, git 3255c92714737bb461fb67012376788530f16e40) 253. [func] jelte Add configuration options for logging through the virtual module Logging. (Trac #736, git 9fa2a95177265905408c51d13c96e752b14a0824) 252. [func] stephen Add syslog as destination for logging. (Trac #976, git 31a30f5485859fd3df2839fc309d836e3206546e) 251. [bug]* jinmei Make sure bindctl private files are non readable to anyone except the owner or users in the same group. Note that if BIND 10 is run with changing the user, this change means that the file owner or group will have to be adjusted. Also note that this change is only effective for a fresh install; if these files already exist, their permissions must be adjusted by hand (if necessary). (Trac #870, git 461fc3cb6ebabc9f3fa5213749956467a14ebfd4) 250. [bug] ocean src/lib/util/encode, in some conditions, the DecodeNormalizer's iterator may reach the end() and when later being dereferenced it will cause crash on some platform. (Trac #838, git 83e33ec80c0c6485d8b116b13045b3488071770f) 249. [func] jerry xfrout: add support for TSIG verification. (Trac #816, git 3b2040e2af2f8139c1c319a2cbc429035d93f217) 248. [func] stephen Add file and stderr as destinations for logging. (Trac #555, git 38b3546867425bd64dbc5920111a843a3330646b) 247. [func] jelte Upstream queries from the resolver now set EDNS0 buffer size. (Trac #834, git 48e10c2530fe52c9bde6197db07674a851aa0f5d) 246. [func] stephen Implement logging using log4cplus (http://log4cplus.sourceforge.net) (Trac #899, git 31d3f525dc01638aecae460cb4bc2040c9e4df10) 245. [func] vorner Authoritative server can now sign the answers using TSIG (configured in tsig_keys/keys, list of strings like "name::sha1-hmac"). It doesn't use them for ACL yet, only verifies them and signs if the request is signed. (Trac #875, git fe5e7003544e4e8f18efa7b466a65f336d8c8e4d) 244. [func] stephen In unit tests, allow the choice of whether unhandled exceptions are caught in the unit test program (and details printed) or allowed to propagate to the default exception handler. See the bind10-dev thread https://lists.isc.org/pipermail/bind10-dev/2011-January/001867.html for more details. (Trac #542, git 1aa773d84cd6431aa1483eb34a7f4204949a610f) 243. [func]* feng Add optional hmac algorithm SHA224/384/812. (Trac #782, git 77d792c9d7c1a3f95d3e6a8b721ac79002cd7db1) We look forward to your feedback. Jeremy C. Reed ISC BIND 10 Release Engineer p.s. The documentation for these new features are in progress.