|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
Packit |
5ce601 |
-
|
|
Packit |
5ce601 |
- This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
5ce601 |
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit Service |
704ed8 |
- file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
Packit |
5ce601 |
-
|
|
Packit |
5ce601 |
- See the COPYRIGHT file distributed with this work for additional
|
|
Packit |
5ce601 |
- information regarding copyright ownership.
|
|
Packit |
5ce601 |
-->
|
|
Packit |
5ce601 |
# BIND 9
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Contents
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
1. [Introduction](#intro)
|
|
Packit |
5ce601 |
1. [Reporting bugs and getting help](#help)
|
|
Packit |
5ce601 |
1. [Contributing to BIND](#contrib)
|
|
Packit |
5ce601 |
1. [BIND 9.11 features](#features)
|
|
Packit |
5ce601 |
1. [Building BIND](#build)
|
|
Packit |
5ce601 |
1. [macOS](#macos)
|
|
Packit |
5ce601 |
1. [Dependencies](#dependencies)
|
|
Packit |
5ce601 |
1. [Compile-time options](#opts)
|
|
Packit |
5ce601 |
1. [Automated testing](#testing)
|
|
Packit |
5ce601 |
1. [Documentation](#doc)
|
|
Packit |
5ce601 |
1. [Change log](#changes)
|
|
Packit |
5ce601 |
1. [Acknowledgments](#ack)
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Introduction
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND (Berkeley Internet Name Domain) is a complete, highly portable
|
|
Packit |
5ce601 |
implementation of the DNS (Domain Name System) protocol.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
The BIND name server, `named`, is able to serve as an authoritative name
|
|
Packit |
5ce601 |
server, recursive resolver, DNS forwarder, or all three simultaneously. It
|
|
Packit |
5ce601 |
implements views for split-horizon DNS, automatic DNSSEC zone signing and
|
|
Packit |
5ce601 |
key management, catalog zones to facilitate provisioning of zone data
|
|
Packit |
5ce601 |
throughout a name server constellation, response policy zones (RPZ) to
|
|
Packit |
5ce601 |
protect clients from malicious data, response rate limiting (RRL) and
|
|
Packit |
5ce601 |
recursive query limits to reduce distributed denial of service attacks,
|
|
Packit |
5ce601 |
and many other advanced DNS features. BIND also includes a suite of
|
|
Packit |
5ce601 |
administrative tools, including the `dig` and `delv` DNS lookup tools,
|
|
Packit |
5ce601 |
`nsupdate` for dynamic DNS zone updates, `rndc` for remote name server
|
|
Packit |
5ce601 |
administration, and more.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9 is a complete re-write of the BIND architecture that was used in
|
|
Packit |
5ce601 |
versions 4 and 8. Internet Systems Consortium
|
|
Packit |
5ce601 |
([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
|
|
Packit |
5ce601 |
corporation dedicated to providing software and services in support of the
|
|
Packit |
5ce601 |
Internet infrastructure, developed BIND 9 and is responsible for its
|
|
Packit |
5ce601 |
ongoing maintenance and improvement. BIND is open source software
|
|
Packit |
5ce601 |
licensed under the terms of ISC License for all versions up to and
|
|
Packit |
5ce601 |
including BIND 9.10, and the Mozilla Public License version 2.0 for all
|
|
Packit |
5ce601 |
subsequent versions.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
For a summary of features introduced in past major releases of BIND,
|
|
Packit |
5ce601 |
see the file [HISTORY](HISTORY.md).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
For a detailed list of changes made throughout the history of BIND 9, see
|
|
Packit |
5ce601 |
the file [CHANGES](CHANGES). See [below](#changes) for details on the
|
|
Packit |
5ce601 |
CHANGES file format.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
For up-to-date versions and release notes, see
|
|
Packit |
5ce601 |
[https://www.isc.org/download/](https://www.isc.org/download/).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Reporting bugs and getting help
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To report non-security-sensitive bugs or request new features, you may
|
|
Packit |
5ce601 |
open an Issue in the BIND 9 project on the
|
|
Packit |
5ce601 |
[ISC GitLab server](https://gitlab.isc.org) at
|
|
Packit |
5ce601 |
[https://gitlab.isc.org/isc-projects/bind9](https://gitlab.isc.org/isc-projects/bind9).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Please note that, unless you explicitly mark the newly created Issue as
|
|
Packit |
5ce601 |
"confidential", it will be publicly readable. Please do not include any
|
|
Packit |
5ce601 |
information in bug reports that you consider to be confidential unless
|
|
Packit |
5ce601 |
the issue has been marked as such. In particular, if submitting the
|
|
Packit |
5ce601 |
contents of your configuration file in a non-confidential Issue, it is
|
|
Packit |
5ce601 |
advisable to obscure key secrets: this can be done automatically by
|
|
Packit |
5ce601 |
using `named-checkconf -px`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
If the bug you are reporting is a potential security issue, such as an
|
|
Packit |
5ce601 |
assertion failure or other crash in `named`, please do *NOT* use GitLab to
|
|
Packit |
5ce601 |
report it. Instead, send mail to
|
|
Packit |
5ce601 |
[security-officer@isc.org](mailto:security-officer@isc.org) using our
|
|
Packit |
5ce601 |
OpenPGP key to secure your message. (Information about OpenPGP and links
|
|
Packit |
5ce601 |
to our key can be found at
|
|
Packit |
5ce601 |
[https://www.isc.org/pgpkey](https://www.isc.org/pgpkey).) Please do not
|
|
Packit |
5ce601 |
discuss the bug on any public mailing list.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
For a general overview of ISC security policies, read the Knowledge Base
|
|
Packit |
5ce601 |
article at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Professional support and training for BIND are available from
|
|
Packit |
5ce601 |
ISC at [https://www.isc.org/support](https://www.isc.org/support).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To join the __BIND Users__ mailing list, or view the archives, visit
|
|
Packit |
5ce601 |
[https://lists.isc.org/mailman/listinfo/bind-users](https://lists.isc.org/mailman/listinfo/bind-users).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
If you're planning on making changes to the BIND 9 source code, you
|
|
Packit |
5ce601 |
may also want to join the __BIND Workers__ mailing list, at
|
|
Packit |
5ce601 |
[https://lists.isc.org/mailman/listinfo/bind-workers](https://lists.isc.org/mailman/listinfo/bind-workers).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Contributing to BIND
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
ISC maintains a public git repository for BIND; details can be found
|
|
Packit |
5ce601 |
at [http://www.isc.org/git/](http://www.isc.org/git/).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Information for BIND contributors can be found in the following files:
|
|
Packit |
5ce601 |
- General information: [doc/dev/contrib.md](doc/dev/contrib.md)
|
|
Packit |
5ce601 |
- BIND 9 code style: [doc/dev/style.md](doc/dev/style.md)
|
|
Packit |
5ce601 |
- BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Patches for BIND may be submitted as
|
|
Packit |
5ce601 |
[merge requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
|
|
Packit |
5ce601 |
in the [ISC GitLab server](https://gitlab.isc.org) at
|
|
Packit |
5ce601 |
at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
By default, external contributors don't have ability to fork BIND in the
|
|
Packit |
5ce601 |
GitLab server, but if you wish to contribute code to BIND, you may request
|
|
Packit |
5ce601 |
permission to do so. Thereafter, you can create git branches and directly
|
|
Packit |
5ce601 |
submit requests that they be reviewed and merged.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
If you prefer, you may also submit code by opening a
|
|
Packit |
5ce601 |
[GitLab Issue](https://gitlab.isc.org/isc-projects/bind9/issues) and
|
|
Packit |
5ce601 |
including your patch as an attachment, preferably generated by
|
|
Packit |
5ce601 |
`git format-patch`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### BIND 9.11 features
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
|
|
Packit |
5ce601 |
releases. New features include:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
* Added support for Catalog Zones, a new method for provisioning servers: a
|
|
Packit |
5ce601 |
list of zones to be served is stored in a DNS zone, along with their
|
|
Packit |
5ce601 |
configuration parameters. Changes to the catalog zone are propagated to
|
|
Packit |
5ce601 |
slaves via normal AXFR/IXFR, whereupon the zones that are listed in it
|
|
Packit |
5ce601 |
are automatically added, deleted or reconfigured.
|
|
Packit |
5ce601 |
* Added support for "dnstap", a fast and flexible method of capturing and
|
|
Packit |
5ce601 |
logging DNS traffic.
|
|
Packit |
5ce601 |
* Added support for "dyndb", a new API for loading zone data from an
|
|
Packit |
5ce601 |
external database, developed by Red Hat for the FreeIPA project.
|
|
Packit |
5ce601 |
* "fetchlimit" quotas are now compiled in by default. These are for the
|
|
Packit |
5ce601 |
use of recursive resolvers that are are under high query load for domains
|
|
Packit |
5ce601 |
whose authoritative servers are nonresponsive or are experiencing a
|
|
Packit |
5ce601 |
denial of service attack:
|
|
Packit |
5ce601 |
* `fetches-per-server` limits the number of simultaneous queries that
|
|
Packit |
5ce601 |
can be sent to any single authoritative server. The configured value
|
|
Packit |
5ce601 |
is a starting point; it is automatically adjusted downward if the
|
|
Packit |
5ce601 |
server is partially or completely non-responsive. The algorithm used
|
|
Packit |
5ce601 |
to adjust the quota can be configured via the "fetch-quota-params"
|
|
Packit |
5ce601 |
option.
|
|
Packit |
5ce601 |
* `fetches-per-zone` limits the number of simultaneous queries that can
|
|
Packit |
5ce601 |
be sent for names within a single domain. (Note: Unlike
|
|
Packit |
5ce601 |
`fetches-per-server`, this value is not self-tuning.)
|
|
Packit |
5ce601 |
* New stats counters have been added to count queries spilled due to
|
|
Packit |
5ce601 |
these quotas.
|
|
Packit |
5ce601 |
* Added a new `dnssec-keymgr` key maintenance utility, which can generate or
|
|
Packit |
5ce601 |
update keys as needed to ensure that a zone's keys match a defined DNSSEC
|
|
Packit |
5ce601 |
policy.
|
|
Packit |
5ce601 |
* The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE" and
|
|
Packit |
5ce601 |
is no longer optional. EDNS COOKIE is a mechanism enabling clients to
|
|
Packit |
5ce601 |
detect off-path spoofed responses, and servers to detect spoofed-source
|
|
Packit |
5ce601 |
queries. Clients that identify themselves using COOKIE options are not
|
|
Packit |
5ce601 |
subject to response rate limiting (RRL) and can receive larger UDP
|
|
Packit |
5ce601 |
responses.
|
|
Packit |
5ce601 |
* SERVFAIL responses can now be cached for a limited time (defaulting to 1
|
|
Packit |
5ce601 |
second, with an upper limit of 30). This can reduce the frequency of
|
|
Packit |
5ce601 |
retries when a query is persistently failing.
|
|
Packit |
5ce601 |
* Added an `nsip-wait-recurse` switch to RPZ. This causes NSIP rules to be
|
|
Packit |
5ce601 |
skipped if a name server IP address isn't in the cache yet; the address
|
|
Packit |
5ce601 |
will be looked up and the rule will be applied on future queries.
|
|
Packit |
5ce601 |
* Added a Python RNDC module. This allows multiple commands to sent over a
|
|
Packit |
5ce601 |
persistent RNDC channel, which saves time.
|
|
Packit |
5ce601 |
* The `controls` block in named.conf can now grant read-only `rndc` access
|
|
Packit |
5ce601 |
to specified clients or keys. Read-only clients could, for example, check
|
|
Packit |
5ce601 |
`rndc status` but could not reconfigure or shut down the server.
|
|
Packit |
5ce601 |
* `rndc` commands can now return arbitrarily large amounts of text to the
|
|
Packit |
5ce601 |
caller.
|
|
Packit |
5ce601 |
* The zone serial number of a dynamically updatable zone can now be set via
|
|
Packit |
5ce601 |
`rndc signing -serial <number> <zonename>`. This allows inline-signing
|
|
Packit |
5ce601 |
zones to be set to a specific serial number.
|
|
Packit |
5ce601 |
* The new `rndc nta` command can be used to set a Negative Trust Anchor
|
|
Packit |
5ce601 |
(NTA), disabling DNSSEC validation for a specific domain; this can be
|
|
Packit |
5ce601 |
used when responses from a domain are known to be failing validation due
|
|
Packit |
5ce601 |
to administrative error rather than because of a spoofing attack.
|
|
Packit |
5ce601 |
Negative trust anchors are strictly temporary; by default they expire
|
|
Packit |
5ce601 |
after one hour, but can be configured to last up to one week.
|
|
Packit |
5ce601 |
* `rndc delzone` can now be used on zones that were not originally created
|
|
Packit |
5ce601 |
by "rndc addzone".
|
|
Packit |
5ce601 |
* `rndc modzone` reconfigures a single zone, without requiring the entire
|
|
Packit |
5ce601 |
server to be reconfigured.
|
|
Packit |
5ce601 |
* `rndc showzone` displays the current configuration of a zone.
|
|
Packit |
5ce601 |
* `rndc managed-keys` can be used to check the status of RFC 5001 managed
|
|
Packit |
5ce601 |
trust anchors, or to force trust anchors to be refreshed.
|
|
Packit |
5ce601 |
* `max-cache-size` can now be set to a percentage of available memory. The
|
|
Packit |
5ce601 |
default is 90%.
|
|
Packit |
5ce601 |
* Update forwarding performance has been improved by allowing a single TCP
|
|
Packit |
5ce601 |
connection to be shared by multiple updates.
|
|
Packit |
5ce601 |
* The EDNS Client Subnet (ECS) option is now supported for authoritative
|
|
Packit |
5ce601 |
servers; if a query contains an ECS option then ACLs containing `geoip`
|
|
Packit |
5ce601 |
or `ecs` elements can match against the the address encoded in the
|
|
Packit |
5ce601 |
option. This can be used to select a view for a query, so that different
|
|
Packit |
5ce601 |
answers can be provided depending on the client network.
|
|
Packit |
5ce601 |
* The EDNS EXPIRE option has been implemented on the client side, allowing
|
|
Packit |
5ce601 |
a slave server to set the expiration timer correctly when transferring
|
|
Packit |
5ce601 |
zone data from another slave server.
|
|
Packit |
5ce601 |
* The key generation and manipulation tools (`dnssec-keygen`,
|
|
Packit |
5ce601 |
`dnssec-settime`, `dnssec-importkey`, `dnssec-keyfromlabel`) now take
|
|
Packit |
5ce601 |
`-Psync` and `-Dsync` options to set the publication and deletion times
|
|
Packit |
5ce601 |
of CDS and CDNSKEY parent-synchronization records. Both `named` and
|
|
Packit |
5ce601 |
`dnssec-signzone` can now publish and remove these records at the
|
|
Packit |
5ce601 |
scheduled times.
|
|
Packit |
5ce601 |
* A new `minimal-any` option reduces the size of UDP responses for query
|
|
Packit |
5ce601 |
type ANY by returning a single arbitrarily selected RRset instead of all
|
|
Packit |
5ce601 |
RRsets.
|
|
Packit |
5ce601 |
* A new `masterfile-style` zone option controls the formatting of text zone
|
|
Packit |
5ce601 |
files: When set to `full`, a zone file is dumped in
|
|
Packit |
5ce601 |
single-line-per-record format.
|
|
Packit |
5ce601 |
* `serial-update-method` can now be set to `date`. On update, the serial
|
|
Packit |
5ce601 |
number will be set to the current date in YYYYMMDDNN format.
|
|
Packit |
5ce601 |
* `dnssec-signzone -N date` sets the serial number to YYYYMMDDNN.
|
|
Packit |
5ce601 |
* `named -L <filename>` causes named to send log messages to the specified
|
|
Packit |
5ce601 |
file by default instead of to the system log.
|
|
Packit |
5ce601 |
* `dig +ttlunits` prints TTL values with time-unit suffixes: w, d, h, m, s
|
|
Packit |
5ce601 |
for weeks, days, hours, minutes, and seconds.
|
|
Packit |
5ce601 |
* `dig +unknownformat` prints dig output in RFC 3597 "unknown record"
|
|
Packit |
5ce601 |
presentation format.
|
|
Packit |
5ce601 |
* `dig +ednsopt` allows dig to set arbitrary EDNS options on requests.
|
|
Packit |
5ce601 |
* `dig +ednsflags` allows dig to set yet-to-be-defined EDNS flags on
|
|
Packit |
5ce601 |
requests.
|
|
Packit |
5ce601 |
* `mdig` is an alternate version of dig which sends multiple pipelined TCP
|
|
Packit |
5ce601 |
queries to a server. Instead of waiting for a response after sending a
|
|
Packit |
5ce601 |
query, it sends all queries immediately and displays responses in the
|
|
Packit |
5ce601 |
order received.
|
|
Packit |
5ce601 |
* `serial-query-rate` no longer controls NOTIFY messages. These are
|
|
Packit |
5ce601 |
separately controlled by `notify-rate` and `startup-notify-rate`.
|
|
Packit |
5ce601 |
* `nsupdate` now performs `check-names` processing by default on records to
|
|
Packit |
5ce601 |
be added. This can be disabled with `check-names no`.
|
|
Packit |
5ce601 |
* The statistics channel now supports DEFLATE compression, reducing the
|
|
Packit |
5ce601 |
size of the data sent over the network when querying statistics.
|
|
Packit |
5ce601 |
* New counters have been added to the statistics channel to track the sizes
|
|
Packit |
5ce601 |
of incoming queries and outgoing responses in histogram buckets, as
|
|
Packit |
5ce601 |
specified in RSSAC002.
|
|
Packit |
5ce601 |
* A new NXDOMAIN redirect method (option `nxdomain-redirect`) has been
|
|
Packit |
5ce601 |
added, allowing redirection to a specified DNS namespace instead of a
|
|
Packit |
5ce601 |
single redirect zone.
|
|
Packit |
5ce601 |
* When starting up, named now ensures that no other named process is
|
|
Packit |
5ce601 |
already running.
|
|
Packit |
5ce601 |
* Files created by named to store information, including `mkeys` and `nzf`
|
|
Packit |
5ce601 |
files, are now named after their corresponding views unless the view name
|
|
Packit |
5ce601 |
contains characters incompatible with use as a filename. Old style
|
|
Packit |
5ce601 |
filenames (based on the hash of the view name) will still work.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.1
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.1 is a maintenance release, and addresses the security
|
|
Packit |
5ce601 |
flaws disclosed in CVE-2016-6170, CVE-2016-8864, CVE-2016-9131,
|
|
Packit |
5ce601 |
CVE-2016-9147, CVE-2016-9444, CVE-2016-9778, CVE-2017-3135,
|
|
Packit |
5ce601 |
CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.2
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.2 is a maintenance release, and addresses the security flaws
|
|
Packit |
5ce601 |
disclosed in CVE-2017-3140, CVE-2017-3141, CVE-2017-3142 and CVE-2017-3143.
|
|
Packit |
5ce601 |
It also addresses several bugs related to the use of an LMDB database to
|
|
Packit |
5ce601 |
store data related to zones added via `rndc addzone` or catalog zones.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.3
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.3 is a maintenance release, and addresses the security flaw
|
|
Packit |
5ce601 |
disclosed in CVE-2017-3145.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.4
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.4 is a maintenance release, and addresses the security flaw
|
|
Packit |
5ce601 |
disclosed in CVE-2018-5738. It also introduces "root key sentinel" support,
|
|
Packit |
5ce601 |
enabling validating resolvers to indicate via a special query which trust
|
|
Packit |
5ce601 |
anchors are configured for the root zone.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.5
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741
|
|
Packit |
5ce601 |
by correcting faulty documentation and introducing the following new
|
|
Packit |
5ce601 |
feature:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
* New `krb5-selfsub` and `ms-selfsub` rule types for `update-policy`
|
|
Packit |
5ce601 |
statements allow updating of subdomains based on a Kerberos or
|
|
Packit |
5ce601 |
Active Directory machine principal.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.6
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.6 is a maintenance release, and also addresses the security
|
|
Packit |
5ce601 |
flaws disclosed in CVE-2018-5743, CVE-2018-5745, CVE-2018-5744,
|
|
Packit |
5ce601 |
and CVE-2019-6465.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.7
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.7 is a maintenance release, and also addresses the security
|
|
Packit |
5ce601 |
flaw disclosed in CVE-2018-5743.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.8
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.8 is a maintenance release, and also addresses the security
|
|
Packit |
5ce601 |
flaw disclosed in CVE-2019-6471.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.9
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.9 is a maintenance release, and also adds support for
|
|
Packit |
5ce601 |
the new MaxMind GeoIP2 geolocation API when built with
|
|
Packit |
5ce601 |
`configure --with-geoip2`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.10
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.10 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.11
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.11 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.12
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.12 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.13
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.13 is a maintenance release, and also addresses the security
|
|
Packit |
5ce601 |
vulnerability disclosed in CVE-2019-6477.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.14
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.14 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.15
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.15 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.16
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.16 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.17
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.17 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.18
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.18 is a maintenance release.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.19
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.19 is a maintenance release, and also addresses the security
|
|
Packit |
5ce601 |
vulnerabilities disclosed in CVE-2020-8616 and CVE-2020-8617.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### BIND 9.11.20
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND 9.11.20 is a maintenance release, and also addresses the security
|
|
Packit |
5ce601 |
vulnerability disclosed in CVE-2020-8619.
|
|
Packit |
5ce601 |
|
|
Packit Service |
704ed8 |
#### BIND 9.11.21
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
BIND 9.11.21 is a maintenance release.
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
#### BIND 9.11.22
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
BIND 9.11.22 is a maintenance release, and also addresses the security
|
|
Packit Service |
704ed8 |
vulnerabilities disclosed in CVE-2020-8622, CVE-2020-8623, and
|
|
Packit Service |
704ed8 |
CVE-2020-8624.
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
#### BIND 9.11.23
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
BIND 9.11.23 is a maintenance release.
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
#### BIND 9.11.24
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
BIND 9.11.24 is a maintenance release.
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
#### BIND 9.11.25
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
BIND 9.11.25 is a maintenance release.
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
#### BIND 9.11.26
|
|
Packit Service |
704ed8 |
|
|
Packit Service |
704ed8 |
BIND 9.11.26 is a maintenance release.
|
|
Packit Service |
704ed8 |
|
|
Packit |
5ce601 |
### Building BIND
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
|
|
Packit |
5ce601 |
basic POSIX support, and a 64-bit integer type. Successful builds have been
|
|
Packit |
5ce601 |
observed on many versions of Linux and UNIX, including RHEL/CentOS, Fedora,
|
|
Packit |
5ce601 |
Debian, Ubuntu, SLES, openSUSE, Slackware, Alpine, FreeBSD, NetBSD,
|
|
Packit |
5ce601 |
OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE, HP-UX, and OpenWRT.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
BIND is also available for Windows Server 2008 and higher. See
|
|
Packit |
5ce601 |
`win32utils/build.txt` for details on building for Windows
|
|
Packit |
5ce601 |
systems.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To build on a UNIX or Linux system, use:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
$ ./configure
|
|
Packit |
5ce601 |
$ make
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
If you're planning on making changes to the BIND 9 source, you should run
|
|
Packit |
5ce601 |
`make depend`. If you're using Emacs, you might find `make tags` helpful.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Several environment variables that can be set before running `configure` will
|
|
Packit |
5ce601 |
affect compilation. Significant ones are:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
|Variable|Description |
|
|
Packit |
5ce601 |
|--------------------|-----------------------------------------------|
|
|
Packit |
5ce601 |
|`CC`|The C compiler to use. `configure` tries to figure out the right one for supported systems.|
|
|
Packit |
5ce601 |
|`CFLAGS`|C compiler flags. Defaults to include -g and/or -O2 as supported by the compiler. Please include '-g' if you need to set `CFLAGS`. |
|
|
Packit |
5ce601 |
|`STD_CINCLUDES`|System header file directories. Can be used to specify where add-on thread or IPv6 support is, for example. Defaults to empty string.|
|
|
Packit |
5ce601 |
|`STD_CDEFINES`|Any additional preprocessor symbols you want defined. Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).|
|
|
Packit |
5ce601 |
|`LDFLAGS`|Linker flags. Defaults to empty string.|
|
|
Packit |
5ce601 |
|`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.|
|
|
Packit |
5ce601 |
|`BUILD_CFLAGS`|`CFLAGS` for the target system during cross-compiling.|
|
|
Packit |
5ce601 |
|`BUILD_CPPFLAGS`|`CPPFLAGS` for the target system during cross-compiling.|
|
|
Packit |
5ce601 |
|`BUILD_LDFLAGS`|`LDFLAGS` for the target system during cross-compiling.|
|
|
Packit |
5ce601 |
|`BUILD_LIBS`|`LIBS` for the target system during cross-compiling.|
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Additional environment variables affecting the build are listed at the
|
|
Packit |
5ce601 |
end of the `configure` help text, which can be obtained by running the
|
|
Packit |
5ce601 |
command:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
$ ./configure --help
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
On platforms where neither the C11 Atomic operations library nor custom ISC
|
|
Packit |
5ce601 |
atomic operations are available, updating the statistics counters is not
|
|
Packit |
5ce601 |
locked due to performance reasons and therefore the counters might be
|
|
Packit |
5ce601 |
inaccurate. Anybody building BIND 9 is strongly advised to use a modern
|
|
Packit |
5ce601 |
C11 compiler with C11 Atomic operations library support.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### macOS
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Building on macOS assumes that the "Command Tools for Xcode" is installed.
|
|
Packit |
5ce601 |
This can be downloaded from
|
|
Packit |
5ce601 |
[https://developer.apple.com/download/more/](https://developer.apple.com/download/more/)
|
|
Packit |
5ce601 |
or, if you have Xcode already installed, you can run `xcode-select
|
|
Packit |
5ce601 |
--install`. (Note that an Apple ID may be required to access the download
|
|
Packit |
5ce601 |
page.)
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Dependencies
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Portions of BIND that are written in Python, including
|
|
Packit |
5ce601 |
`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
|
|
Packit |
5ce601 |
system tests, require the `argparse`, `ply` and `distutils.core` modules
|
|
Packit |
5ce601 |
to be available.
|
|
Packit |
5ce601 |
`argparse` is a standard module as of Python 2.7 and Python 3.2.
|
|
Packit |
5ce601 |
`ply` is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
|
|
Packit |
5ce601 |
`distutils.core` is required for installation.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### Compile-time options
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To see a full list of configuration options, run `configure --help`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
On most platforms, BIND 9 is built with multithreading support, allowing it
|
|
Packit |
5ce601 |
to take advantage of multiple CPUs. You can configure this by specifying
|
|
Packit |
5ce601 |
`--enable-threads` or `--disable-threads` on the `configure` command line.
|
|
Packit |
5ce601 |
The default is to enable threads, except on some older operating systems on
|
|
Packit |
5ce601 |
which threads are known to have had problems in the past. (Note: Prior to
|
|
Packit |
5ce601 |
BIND 9.10, the default was to disable threads on Linux systems; this has
|
|
Packit |
5ce601 |
now been reversed. On Linux systems, the threaded build is known to change
|
|
Packit |
5ce601 |
BIND's behavior with respect to file permissions; it may be necessary to
|
|
Packit |
5ce601 |
specify a user with the -u option when running `named`.)
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To build shared libraries, specify `--with-libtool` on the `configure`
|
|
Packit |
5ce601 |
command line.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
For the server to support DNSSEC, you need to build it with crypto support.
|
|
Packit |
5ce601 |
To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the
|
|
Packit |
5ce601 |
OpenSSL library is installed in a nonstandard location, specify the prefix
|
|
Packit |
5ce601 |
using `--with-openssl=<PREFIX>` on the configure command line. To use a
|
|
Packit |
5ce601 |
PKCS#11 hardware service module for cryptographic operations, specify the
|
|
Packit |
5ce601 |
path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
|
|
Packit |
5ce601 |
configure BIND with "--enable-native-pkcs11".
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To support the HTTP statistics channel, the server must be linked with at
|
|
Packit |
5ce601 |
least one of the following libraries: `libxml2`
|
|
Packit |
5ce601 |
[http://xmlsoft.org](http://xmlsoft.org) or `json-c`
|
|
Packit |
5ce601 |
[https://github.com/json-c/json-c](https://github.com/json-c/json-c).
|
|
Packit |
5ce601 |
If these are installed at a nonstandard location, then:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
* for `libxml2`, specify the prefix using `--with-libxml2=/prefix`,
|
|
Packit |
5ce601 |
* for `json-c`, adjust `PKG_CONFIG_PATH`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To support compression on the HTTP statistics channel, the server must be
|
|
Packit |
5ce601 |
linked against `libzlib`. If this is installed in a nonstandard location,
|
|
Packit |
5ce601 |
specify the prefix using `--with-zlib=/prefix`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To support storing configuration data for runtime-added zones in an LMDB
|
|
Packit |
5ce601 |
database, the server must be linked with liblmdb. If this is installed in a
|
|
Packit |
5ce601 |
nonstandard location, specify the prefix using `with-lmdb=/prefix`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To support GeoIP location-based ACLs, the server must be linked with
|
|
Packit |
5ce601 |
libGeoIP. This is not turned on by default; BIND must be configured with
|
|
Packit |
5ce601 |
"--with-geoip". If the library is installed in a nonstandard location, use
|
|
Packit |
5ce601 |
specify the prefix using "--with-geoip=/prefix".
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
For DNSTAP packet logging, you must have installed `libfstrm`
|
|
Packit |
5ce601 |
[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
|
|
Packit |
5ce601 |
and `libprotobuf-c`
|
|
Packit |
5ce601 |
[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
|
|
Packit |
5ce601 |
and BIND must be configured with `--enable-dnstap`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Certain compiled-in constants and default settings can be increased to
|
|
Packit |
5ce601 |
values better suited to large servers with abundant memory resources (e.g,
|
|
Packit |
5ce601 |
64-bit servers with 12G or more of memory) by specifying
|
|
Packit |
5ce601 |
`--with-tuning=large` on the `configure` command line. This can improve
|
|
Packit |
5ce601 |
performance on big servers, but will consume more memory and may degrade
|
|
Packit |
5ce601 |
performance on smaller systems.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
On some platforms it is necessary to explicitly request large file support
|
|
Packit |
5ce601 |
to handle files bigger than 2GB. This can be done by using
|
|
Packit |
5ce601 |
`--enable-largefile` on the `configure` command line.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Support for the "fixed" rrset-order option can be enabled or disabled by
|
|
Packit |
5ce601 |
specifying `--enable-fixed-rrset` or `--disable-fixed-rrset` on the
|
|
Packit |
5ce601 |
configure command line. By default, fixed rrset-order is disabled to
|
|
Packit |
5ce601 |
reduce memory footprint.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
If your operating system has integrated support for IPv6, it will be used
|
|
Packit |
5ce601 |
automatically. If you have installed KAME IPv6 separately, use
|
|
Packit |
5ce601 |
`--with-kame[=PATH]` to specify its location.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
The `--enable-querytrace` option causes `named` to log every step of
|
|
Packit |
5ce601 |
processing every query. This should only be enabled when debugging, because
|
|
Packit |
5ce601 |
it has a significant negative impact on query performance.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
`make install` will install `named` and the various BIND 9 libraries. By
|
|
Packit |
5ce601 |
default, installation is into /usr/local, but this can be changed with the
|
|
Packit |
5ce601 |
`--prefix` option when running `configure`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
You may specify the option `--sysconfdir` to set the directory where
|
|
Packit |
5ce601 |
configuration files like `named.conf` go by default, and `--localstatedir`
|
|
Packit |
5ce601 |
to set the default parent directory of `run/named.pid`. For backwards
|
|
Packit |
5ce601 |
compatibility with BIND 8, `--sysconfdir` defaults to `/etc` and
|
|
Packit |
5ce601 |
`--localstatedir` defaults to `/var` if no `--prefix` option is given. If
|
|
Packit |
5ce601 |
there is a `--prefix` option, sysconfdir defaults to `$prefix/etc` and
|
|
Packit |
5ce601 |
localstatedir defaults to `$prefix/var`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Automated testing
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
A system test suite can be run with `make test`. The system tests require
|
|
Packit |
5ce601 |
you to configure a set of virtual IP addresses on your system (this allows
|
|
Packit |
5ce601 |
multiple servers to run locally and communicate with one another). These
|
|
Packit |
5ce601 |
IP addresses can be configured by running the command
|
|
Packit |
5ce601 |
`bin/tests/system/ifconfig.sh up` as root.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Some tests require Perl and the `Net::DNS` and/or `IO::Socket::INET6` modules,
|
|
Packit |
5ce601 |
and will be skipped if these are not available. Some tests require Python
|
|
Packit |
5ce601 |
and the `dnspython` module and will be skipped if these are not available.
|
|
Packit |
5ce601 |
See bin/tests/system/README for further details.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Unit tests are implemented using the [CMocka unit testing framework](https://cmocka.org/).
|
|
Packit |
5ce601 |
To build them, use `configure --with-cmocka`. Execution of tests is done
|
|
Packit |
5ce601 |
by the [Kyua test execution engine](https://github.com/jmmv/kyua); if the
|
|
Packit |
5ce601 |
`kyua` command is available, then unit tests can be run via `make test`
|
|
Packit |
5ce601 |
or `make unit`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Documentation
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
The *BIND 9 Administrator Reference Manual* is included with the source
|
|
Packit |
5ce601 |
distribution, in DocBook XML, HTML, and PDF format, in the `doc/arm`
|
|
Packit |
5ce601 |
directory.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Some of the programs in the BIND 9 distribution have man pages in their
|
|
Packit |
5ce601 |
directories. In particular, the command line options of `named` are
|
|
Packit |
5ce601 |
documented in `bin/named/named.8`.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Frequently (and not-so-frequently) asked questions and their answers
|
|
Packit |
5ce601 |
can be found in the ISC Knowledge Base at
|
|
Packit |
5ce601 |
[https://kb.isc.org](https://kb.isc.org).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Additional information on various subjects can be found in other
|
|
Packit |
5ce601 |
`README` files throughout the source tree.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Change log
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
A detailed list of all changes that have been made throughout the
|
|
Packit |
5ce601 |
development BIND 9 is included in the file CHANGES, with the most recent
|
|
Packit |
5ce601 |
changes listed first. Change notes include tags indicating the category of
|
|
Packit |
5ce601 |
the change that was made; these categories are:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
|Category |Description |
|
|
Packit |
5ce601 |
|-------------- |-----------------------------------------------|
|
|
Packit |
5ce601 |
| [func] | New feature |
|
|
Packit |
5ce601 |
| [bug] | General bug fix |
|
|
Packit |
5ce601 |
| [security] | Fix for a significant security flaw |
|
|
Packit |
5ce601 |
| [experimental] | Used for new features when the syntax or other aspects of the design are still in flux and may change |
|
|
Packit |
5ce601 |
| [port] | Portability enhancement |
|
|
Packit |
5ce601 |
| [maint] | Updates to built-in data such as root server addresses and keys |
|
|
Packit |
5ce601 |
| [tuning] | Changes to built-in configuration defaults and constants to improve performance |
|
|
Packit |
5ce601 |
| [performance] | Other changes to improve server performance |
|
|
Packit |
5ce601 |
| [protocol] | Updates to the DNS protocol such as new RR types |
|
|
Packit |
5ce601 |
| [test] | Changes to the automatic tests, not affecting server functionality |
|
|
Packit |
5ce601 |
| [cleanup] | Minor corrections and refactoring |
|
|
Packit |
5ce601 |
| [doc] | Documentation |
|
|
Packit |
5ce601 |
| [contrib] | Changes to the contributed tools and libraries in the 'contrib' subdirectory |
|
|
Packit |
5ce601 |
| [placeholder] | Used in the master development branch to reserve change numbers for use in other branches, e.g. when fixing a bug that only exists in older releases |
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
In general, [func] and [experimental] tags will only appear in new-feature
|
|
Packit |
5ce601 |
releases (i.e., those with version numbers ending in zero). Some new
|
|
Packit |
5ce601 |
functionality may be backported to older releases on a case-by-case basis.
|
|
Packit |
5ce601 |
All other change types may be applied to all currently-supported releases.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
#### Bug report identifiers
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Most notes in the CHANGES file include a reference to a bug report or
|
|
Packit |
5ce601 |
issue number. Prior to 2018, these were usually of the form `[RT #NNN]`
|
|
Packit |
5ce601 |
and referred to entries in the "bind9-bugs" RT database, which was not open
|
|
Packit |
5ce601 |
to the public. More recent entries use the form `[GL #NNN]` or, less often,
|
|
Packit |
5ce601 |
`[GL !NNN]`, which, respectively, refer to issues or merge requests in the
|
|
Packit |
5ce601 |
GitLab database. Most of these are publicly readable, unless they include
|
|
Packit |
5ce601 |
information which is confidential or security sensitive.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
To look up a GitLab issue by its number, use the URL
|
|
Packit |
5ce601 |
[https://gitlab.isc.org/isc-projects/bind9/issues/NNN](https://gitlab.isc.org/isc-projects/bind9/issues).
|
|
Packit |
5ce601 |
To look up a merge request, use
|
|
Packit |
5ce601 |
[https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
In rare cases, an issue or merge request number may be followed with the
|
|
Packit |
5ce601 |
letter "P". This indicates that the information is in the private ISC
|
|
Packit |
5ce601 |
GitLab instance, which is not visible to the public.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
### Acknowledgments
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
* The original development of BIND 9 was underwritten by the
|
|
Packit |
5ce601 |
following organizations:
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
Sun Microsystems, Inc.
|
|
Packit |
5ce601 |
Hewlett Packard
|
|
Packit |
5ce601 |
Compaq Computer Corporation
|
|
Packit |
5ce601 |
IBM
|
|
Packit |
5ce601 |
Process Software Corporation
|
|
Packit |
5ce601 |
Silicon Graphics, Inc.
|
|
Packit |
5ce601 |
Network Associates, Inc.
|
|
Packit |
5ce601 |
U.S. Defense Information Systems Agency
|
|
Packit |
5ce601 |
USENIX Association
|
|
Packit |
5ce601 |
Stichting NLnet - NLnet Foundation
|
|
Packit |
5ce601 |
Nominum, Inc.
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
* This product includes software developed by the OpenSSL Project for use
|
|
Packit |
5ce601 |
in the OpenSSL Toolkit.
|
|
Packit |
5ce601 |
[http://www.OpenSSL.org/](http://www.OpenSSL.org/)
|
|
Packit |
5ce601 |
* This product includes cryptographic software written by Eric Young
|
|
Packit |
5ce601 |
(eay@cryptsoft.com)
|
|
Packit |
5ce601 |
* This product includes software written by Tim Hudson (tjh@cryptsoft.com)
|