bind9-next/Changes.md
2023-01-27 18:26:07 +01:00

2.0 KiB

Significant Changes in BIND9 package

BIND 9.16

New features

  • libuv is used for network subsystem as a mandatory dependency
  • dnssec-policy support in named.conf is introduced, providing a a key and signing policy (KASP)
  • trusted-keys and managed-keys are deprecated, replaced by trust-anchors
  • trust-anchors support also anchor in a DS format, in addition to DNSKEY format
  • dig, mdig and delv support +yaml parameter to print detailed machine parseable output

Feature changes

  • Static trust anchor and dnssec-validation auto; are incompatible and cause fatal error, when used together.
  • DS and CDS now generates only SHA-256 digest, SHA-1 is no longer generated by default
  • SipHash 2-4 DNS Cookie (RFC 7873 is now default). Only AES alternative algorithm is kept, HMAC-SHA cookie support were removed.
  • dnssec-signzone and dnssec-verify commands print output to stdout, -q parameter can silence them

Features removed

  • dnssec-enable option is obsolete, DNSSEC support is always enabled
  • dnssec-lookaside option is deprecated and support for it removed from all tools
  • cleaning-interval option is removed

Upstream release notes

BIND 9.14

  • single thread support removed. Cannot provide bind-export-libs for DHCP
  • lwres support completely removed. Both daemon and library
  • common parts of daemon moved into libns shared library
  • introduced plugin for filtering aaaa responses
  • some SDB utilities no longer supported

Upstream release notes