2.0 KiB
2.0 KiB
Significant Changes in BIND9 package
BIND 9.16
New features
- libuv is used for network subsystem as a mandatory dependency
- dnssec-policy support in named.conf is introduced, providing a a key and signing policy (KASP)
- trusted-keys and managed-keys are deprecated, replaced by trust-anchors
- trust-anchors support also anchor in a DS format, in addition to DNSKEY format
- dig, mdig and delv support +yaml parameter to print detailed machine parseable output
Feature changes
- Static trust anchor and dnssec-validation auto; are incompatible and cause fatal error, when used together.
- DS and CDS now generates only SHA-256 digest, SHA-1 is no longer generated by default
- SipHash 2-4 DNS Cookie (RFC 7873 is now default). Only AES alternative algorithm is kept, HMAC-SHA cookie support were removed.
- dnssec-signzone and dnssec-verify commands print output to stdout, -q parameter can silence them
Features removed
- dnssec-enable option is obsolete, DNSSEC support is always enabled
- dnssec-lookaside option is deprecated and support for it removed from all tools
- cleaning-interval option is removed
Upstream release notes
BIND 9.14
- single thread support removed. Cannot provide bind-export-libs for DHCP
- lwres support completely removed. Both daemon and library
- common parts of daemon moved into libns shared library
- introduced plugin for filtering aaaa responses
- some SDB utilities no longer supported