Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

BIND 8.3.0 is now available

1 view
Skip to first unread message

Mark_A...@isc.org

unread,
Jan 11, 2002, 10:38:04 AM1/11/02
to

BIND 8.3.0 Release

BIND 8.3.0 is the first release of 8.3 and contains new features not found
in 8.2.5.

The recommended version to use is BIND 9.2.0. If for whatever reason you
must run BIND 8, use nothing earlier than 8.2.5-REL. Do not under any
circumstances run BIND 4.

Highlights vs. BIND 8.2.5:

Minor bug fixes and portability changes.
Some new resolver API elements.
Improved operational reporting.
Can now AXFR unknown RR types (in, out, or both).
IPv6 transport support in the resolver (from KAME).
EDNS0 support.

the distribution files are:

ftp://ftp.isc.org/isc/bind/src/8.3.0/bind-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.3.0/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.3.0/bind-contrib.tar.gz

the pgp signature files are:

ftp://ftp.isc.org/isc/bind/src/8.3.0/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.3.0/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.3.0/bind-contrib.tar.gz.asc

the md5 checksums are:

MD5 (bind-contrib.tar.gz) = 7371abd8eb1517e30aff22499f27f4df
MD5 (bind-contrib.tar.gz.asc) = 3388036a538d592e58ac32fa21c49080
MD5 (bind-doc.tar.gz) = dc275e489b89cccc52a2631f1f22c7ad
MD5 (bind-doc.tar.gz.asc) = 3d95c6996812fe651ddc6e42f82f514f
MD5 (bind-src.tar.gz) = bed3de4829ca7267368a4a61b72522e4
MD5 (bind-src.tar.gz.asc) = 5564767f4a4ae74139446ae7b1e92f5d

Windows NT / Windows 2000 binary distribution.

[available shortly]

ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.3.0/readme1st.txt
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.3.0/BIND8.3.0-NT.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.3.0/BIND8.3.0-NT.zip.asc

top of CHANGES says:

--- 8.3.0-REL released --- (Fri Jan 11 04:00:00 PST 2002)

1323. [bug] don't assume statp->_u._ext.ext is valid unless
RES_INIT is set when calling res_*init().

1322. [bug] call res_ndestroy() if RES_INIT is set when
res_*init() is called.

1321. [cleanup] YPKLUDGE in no longer default.

1320. [port] winnt: namespace collision #undef the system's EV_ERR.

1319. [port] winnt: make __res_nopt() visible externally.

1318. [port] Tru64 UNIX V5.1 can return spurious EINVAL on
close() after connect() failure.

1317. [bug] NULL used where zero was required.

--- 8.3.0-RC2 released --- (Wed Jan 2 17:14:23 PST 2002)

1316. [bug] memory leak when a ixfr update or a re-applied update
was rejected.

1315. [bug] the wrong options level check-names value was used
when merging ixfr updates.

1314. [bug] corrupt update / ixfr updates should result in
merge errors being reported.

1313. [bug] set current_serial in db_ixfr.c:ixfr_getdelta().

1312. [bug] use serial space arithmetic when selecting deltas for
IXFR.

1311. [contrib] mdnkit update to 2.2.3

1310. [bug] TSIG signed IXFR's wern't correctly verified.

1309. [port] win32: re-order fclose/unlink so that the unlink
succeeds.

1308. [doc] miscellaneous nroff fixes.

1307. [func] preferred-glue can now be used to partially order
the additional section.

1306. [bug] It was possible to trigger an INSIST failure with
certian EDNS responses.

1305. [bug] named-xfer could return a false up-to-date status.

1304. [bug] "named-xfer -x" didn't attempt to use the specified
address for all possible masters if earlier connects
failed.

1303. [contrib] nslint upgraded from 2.0.2 to 2.1a3 (by author).

1302. [bug] res_nametotype() and res_nametoclass() were broken.

1301. [bug] "ndc reload zone" without class was broken.

1300. [port] TrueUNIX 5.1 does not like __align as a element name.

1299. [bug] host failed to handle "." in search list correctly.

1298. [bug] max-ixfr-log-size default was unreasonable.

1297. [bug] read buffer overflows.

1296. [protocol] NAPTR additional section processing.

--- 8.3.0-RC1 released --- (Wed Nov 21 20:41:32 PST 2001)

1295. [bug] be more aggressive at dropping messages from certian
well known ports.

1294. [bug] hint zones and root stub zones were not being removed
correctly.

1293. [port] MPE/iX workaround recvfrom() not supporting larger
address buffers required for IPv6.

1292. [bug] memory leak: free_flushset().

1291. [func] accept and generate EDNS0 queries.

1290. [func] allow initial notifies on startup to be suppressed.
[Kenneth Karoliussen, ken...@activeisp.com]

1289. [func] allow keys to be specified in the masters clause.

1288. [func] named-xfer report if response was signed.

1287. [bug] named-xfer could report false TSIG failures under
certian conditions.

1286. [bug] don't allow rtt estimates to drop to zero.

1285. [bug] non-answering servers rtt estimates were not always
penalised.

1284. [bug] struct __res_state was still broken after #1265.

1283. [port] addition platform support for _r functions.

1282. [port] pw->pw_class is platform dependant.

1281. [port] namespace collision: dprintf -> res_dprintf,
ERR -> EV_ERR, OK -> EV_OK.

1280. [cleanup] gai_strerror() re-written.

1279. [bug] non-glue was not being reported on reload.

1278. [bug] Remove the INSIST at the end if zone_maint().

1277. [func] hostname.bind/txt/chaos now returns the name of
the machine hosting the nameserver. This is useful
in diagnosing problems with anycast servers.

1276. [bug] dns_ho.c:add_hostent() was not returning the amount
of memory consumed resulting in garbage address
being returned. Alignment calculations were
wasting space. We wern't suppressing duplicate
addresses.

1275. [port] sunos: old sprintf.

1274. [port] MPE/iX C.70

1273. [bug] host was sorting multiple RRs into the wrong order
prior to verifying.

--- 8.3.0-T2A released --- (Thu Sep 27 18:15:00 PDT 2001)

1272. [bug] "rndc trace 0" should behave like "rndc notrace".

1271. [func] inet_{cidr,net}_{pton,ntop}() now have IPv6 support.

1270. [bug] AXFR style IXFR responses were not handled properly,
transfer-format single-answer.

1269. [bug] misc: more string format fixes, open va_end(),
call exit() with positive values, include <string.h>.

1268. [func] Resolver, dig: "DNSSEC OK" (DO) support.

1267. [port] HP e3000 MPE is big-endian.

1266. [func] dig +[no]tr: use relative names when printing
out a zone transfer ([NO]TRuncate).

1265. [bug] struct __res_state to large on 64 bit arch.

1264. [port] winnt: pass the root zone as "." to named-xfer
rather than "".

1263. [port] #1227 broke sunos.

1262. [func] log type as well as class for denied queries.

1261. [bug] get*by*() failed to check if res_init() had been
called.

1260. [func] resolver option: no-tld-query. disables trying
unqualified as a tld. no_tld_query is also supported
for FreeBSD compatability.

1259. [func] enable NOADDITIONAL code by default.

1258. [func] treat class ANY as class IN for access control for
non-xfr queries.

1257. [func] increase nameserver chaining distance from 1 to 3
(NS_MAX_DISTANCE).

1256. [bug] increased loop avoidance with well known ports.

1255. [bug] cached NXDOMAIN responses were being ignored when
selecting servers to query.

1254. [support] improved support for parallel make.

1253. [port] winnt: support for change #1218

1252. [port] winnt: the stat structure does not have st_blksize.

1251. [bug] AXFR style IXFR responses were not handled properly.

1250. [doc] document support-ixfr.

1249. [func] add support gcc's format string checking.

1248. [bug] string formats.

1247. [bug] dig -t axfr attempted to use UDP not TCP.

1246. [doc] miscellaneous nroff fixes.

1245. [port] winnt: named-xfer failures. improved recvfrom()
emulation.

1244. [port] winnt: bug in tracking "file" file descriptors
extend "file" file descriptors support to 2048.

1243. [cleanup] defining REPORT_ERRORS in lib/dst caused compile time
errors.

1242. [bug] inet_pton() failed to reject octal input.

1241. [bug] memory leaks: zone forwarder table, server key list,
global forwarder table, query tsig info, unused
channels, key names, xfr tsig info.

1240. [bug] restore message if ns_forw() fails.

1239. [bug] call res_ndestroy() in net_data_destroy().

1238. [func] named-bootconf now supports HP's "no-round-robin".

1237. [bug] buffer overrun, access mode read.

1236. [bug] ignore white space after address of nameserver.

1235. [port] solaris 2.4: use ioctl(FIONBIO) rather than fcntl().

--- 8.3.0-T1A released --- (Wed Jun 20 19:05:01 PDT 2001)

1234. [bug] memory leak with "use-id-pool no;".

1233. [func] res_setservers(), res_getservers().

1232. [bug] don't assume the forwarder has dropped bogus records.

1231. [bug] always restart a query if we dropped records when
parsing.

1230. [func] report the address the server learnt the record from
in lame server messages.

1229. [func] opaque rdata support for unknown types.

1228. [protocol] IXFR don't test for AA, don't check that the question
is returned.

1227. [port] solaris: sys_nerr and sys_errlist do not exist when
compiling in 64 bit mode.

1226. [placeholder]

1225. [bug] don't send cross class additional records.

1224. [bug] use after realloc(), non portable pointer arithmetic in

grmerge().

1223. [bug] allow all KEY records in parent zone at bottom of zone
cut.

1222. [bug] HMAC-MD5 key files are now mode 0600.

1221. [port] aix: 4.3.3.0 (4.3.2.0?) and later have strndup().

1220. [port] winnt: isc_movefile() and syslog() updated.

1219. [bug] winnt: zone transfers could fail.

1218. [func] add IPv6 transport support to the resolver from the
KAME project. Includes initial bitstring support.

1217. [bug] #1186 broke the command-line programs that relied on
the fact that HMAC-MD5 keys have keyid 0.

1216. [bug] #1180 completely broke inet_nsap_addr(),
inet_nsap_ntoa() still didn't emit the leading 0x.

1215. [bug] long UNIX domain control socket names were not being
printed in full.

1214. [bug] getrgnam()/getgrgid() leaked memory.

1213. [bug] #1199 introduced a reference after free bug.

1212. [bug] some function declarations wern't protected by
__BEGIN_DECL/__END_DECL in resolv.h.

1211. [port] next: openstep is now supported as well as nextstep.

1210. [port] add: SCO Unix 5.0.6.

1209. [port] winnt: issues.

1208. [func] close "dynamic" file channels when debug is set to
zero allowing them to be removed and re-opened.

1207. [contrib] new h2n from author.

1206. [bug] ixfr_getdelta() uninitialised variable used.

1205. [bug] parse_cert_rr() passes wrong buffer size to b64_pton().

1204. [bug] memory leak: pathname leaked specifing controls unix.

1203. [bug] detect corrupted ixfr logs.

1202. [bug] memory leak: dynamic update was leaking.

1201. [bug] ISO/IEC 9945-1 versions of getpwuid_r(), getpwnam_r(),
getgrgid_r() and getgrnam_r() were not ISO/IEC 9945-1
compliant.

1200. [bug] memory leak: when following CNAMES from of req_query().

1199. [bug] memory leak: when defining keys.

1198. [func] reference count all databuf activity.

1197. [func] deallocate-on-exit yes; will call abort() if there
is still active memory.

1196. [func] memactive(): report if there is still active memory.

1195. [bug] memory leak: include in named.conf leaked file name.

1194. [port] MPE/IX port updated by Mark Bixby of the
HP CSY MPE/iX Internet & Interoperability Team.

1193. [port] winnt: path separator.

1192. [bug] winnt: fix accept failures.

1191. [port] winnt: a CLI tool for controling named 'BINDcmd' now
exists.

1190. [contrib] nslint upgraded from 1.5.1 to 2.0.2 (by author).

1189. [port] redo #1146 to cope w/ differing gettimeofday()
function signatures.

1188. [bug] memory leak when removing multiple records via dynamic
updates.
...

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.A...@isc.org

Nate Campi

unread,
Jan 11, 2002, 3:51:42 PM1/11/02
to

On Sat, Jan 12, 2002 at 12:00:28AM +1100, Mark_A...@isc.org wrote:
>
> BIND 8.3.0 Release
>
> BIND 8.3.0 is the first release of 8.3 and contains new features not found
> in 8.2.5.
>
> The recommended version to use is BIND 9.2.0. If for whatever reason you
> must run BIND 8, use nothing earlier than 8.2.5-REL. Do not under any
> circumstances run BIND 4.
>
> Highlights vs. BIND 8.2.5:
>
> Minor bug fixes and portability changes.
> Some new resolver API elements.
> Improved operational reporting.
> Can now AXFR unknown RR types (in, out, or both).
> IPv6 transport support in the resolver (from KAME).
> EDNS0 support.

So has anyone done any load testing to see if the EDNS0 checks make
8.3.0 as slow as BIND 9 for recursive queries outside it's authority
(outside records)?

If not, I'll be doing this later today. I have production resolvers that
*cannot* perform as poorly as BIND 9 does. I really hope 8.3.0 isn't as
bad.
--
Nate Campi | Terra Lycos DNS | WiReD UNIX Operations

It's not that I'm so smart , it's just that I stay with problems longer.
- Albert Einstein


Nate Campi

unread,
Jan 12, 2002, 12:48:28 AM1/12/02
to

On Fri, Jan 11, 2002 at 12:47:11PM -0800, Nate Campi wrote:
>
> On Sat, Jan 12, 2002 at 12:00:28AM +1100, Mark_A...@isc.org wrote:
> >
> > BIND 8.3.0 Release
> >
> > BIND 8.3.0 is the first release of 8.3 and contains new features not found
> > in 8.2.5.
> >
> > Highlights vs. BIND 8.2.5:

> >
> > EDNS0 support.
>
> So has anyone done any load testing to see if the EDNS0 checks make
> 8.3.0 as slow as BIND 9 for recursive queries outside it's authority
> (outside records)?
>
> If not, I'll be doing this later today. I have production resolvers that
> *cannot* perform as poorly as BIND 9 does. I really hope 8.3.0 isn't as
> bad.

Here's the load testing I promised. It appears that the EDNS0 checks in
8.3.0 don't adversely affect it, though it's still not as fast a
resolver as dnscache:

BIND 8.3.0 on localhost (dual PIII solaris x86, 1 gig RAM):

queryperf -q 200

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 49827 queries
Queries completed: 48038 queries
Queries lost: 1789 queries

Percentage completed: 96.41%
Percentage lost: 3.59%

Started at: Fri Jan 11 21:20:48 2002
Finished at: Fri Jan 11 21:23:07 2002
Ran for: 139.289560 seconds

Queries per second: 344.878683 qps


BIND 8.2.5 on remote host (dual PIII linux x86, 1 gig RAM):

queryperf -q 200

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 49827 queries
Queries completed: 46765 queries
Queries lost: 3062 queries

Percentage completed: 93.85%
Percentage lost: 6.15%

Started at: Fri Jan 11 21:16:44 2002
Finished at: Fri Jan 11 21:19:13 2002
Ran for: 149.779228 seconds

Queries per second: 312.226205 qps


BIND 8.2.5 on remote host (single proc sparc netra t1 105, 256 RAM,
solaris):

queryperf -q 200

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 49827 queries
Queries completed: 48749 queries
Queries lost: 1078 queries

Percentage completed: 97.84%
Percentage lost: 2.16%

Started at: Fri Jan 11 21:14:31 2002
Finished at: Fri Jan 11 21:15:59 2002
Ran for: 87.994650 seconds

Queries per second: 553.999590 qps

dnscache on localhost (same dual PIII solaris x86, 1 gig RAM):

queryperf -q 200

Statistics:

Parse input file: once
Ended due to: reaching end of file

Queries sent: 49827 queries
Queries completed: 49329 queries
Queries lost: 498 queries

Percentage completed: 99.00%
Percentage lost: 1.00%

Started at: Fri Jan 11 21:24:39 2002
Finished at: Fri Jan 11 21:25:50 2002
Ran for: 71.166479 seconds

Queries per second: 693.149369 qps

Hosts marked as "remote" are in the same datacenter, separated only by
a few switches. The records used were hostnames pulled from (resolved)
web logs, about one thousand of them repeated 50 times to make a file
with 50,000 records to look up. This tests the initial resolution and
subsequent service from the cache.

Each nameserver was stopped and started before testing to clear the
cache (without a doubt). I had originally installed dnscache on this
host for testing but left it in place when I couldn't find anything else
that performed as well. It is now our primary production resolver for a
busy datacenter.


--
Nate Campi | Terra Lycos DNS | WiReD UNIX Operations

Mount attack on Osama Bin Laden
# mount /attack osama:/bin/laden


Mr. James W. Laferriere

unread,
Jan 12, 2002, 4:11:25 PM1/12/02
to

Hello Mark , What is the reason behind the release of 8.3 ?
The security url shows no new vulnerabilities . Just curious .
Tia , JimL

+------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network Engineer | P.O. Box 854 | Give me Linux |
| bab...@baby-dragons.com | Coudersport PA 16915 | only on AXP |
+------------------------------------------------------------------+

Mark_A...@isc.org

unread,
Jan 12, 2002, 6:57:22 PM1/12/02
to

> Hello Mark , What is the reason behind the release of 8.3 ?

Did you read the release announcement? The feature set for
BIND 8 was extended.

> The security url shows no new vulnerabilities . Just curious .

Why do you think that there has to be a security issue for
there to be a release?

> Tia , JimL
>
> +------------------------------------------------------------------+
> | James W. Laferriere | System Techniques | Give me VMS |
> | Network Engineer | P.O. Box 854 | Give me Linux |
> | bab...@baby-dragons.com | Coudersport PA 16915 | only on AXP |
> +------------------------------------------------------------------+

Thomas Seyrat

unread,
Jan 12, 2002, 8:17:33 PM1/12/02
to

Mark_A...@isc.org wrote:
> Why do you think that there has to be a security issue for
> there to be a release?

Your "Do not under any circumstances run BIND 4." was actually most
frightening ...

--
Thomas Seyrat.

Mr. James W. Laferriere

unread,
Jan 12, 2002, 10:36:00 PM1/12/02
to

On Sun, 13 Jan 2002 Mark.A...@isc.org wrote:
> > Hello Mark , What is the reason behind the release of 8.3 ?
> Did you read the release announcement? The feature set for
> BIND 8 was extended.
Yes I Sure did . :-) .

> > The security url shows no new vulnerabilities . Just curious .

> Why do you think that there has to be a security issue for
> there to be a release?

BUT , BUT ... darned near all the other releases were for
security issues . Why not this one ;-) .

Btw , Thanks -all- for the hard work . Twyl , JimL

David Barr

unread,
Jan 13, 2002, 2:11:14 PM1/13/02
to
In article <a1qn7d$j...@pub3.rc.vix.com>,

That's hardly new.. that warning's been in place for what, at least a year? two?

--Dave

Barry Margolin

unread,
Jan 13, 2002, 4:07:54 PM1/13/02
to
In article <a1qvb0$k...@pub3.rc.vix.com>,

Mr. James W. Laferriere <bab...@baby-dragons.com> wrote:
> BUT , BUT ... darned near all the other releases were for
> security issues . Why not this one ;-) .

I guess they got tired of waiting for the crackers to find a new security
hole, and went ahead with the release without it.

--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Joseph S D Yao

unread,
Jan 13, 2002, 10:53:12 PM1/13/02
to

On Sun, Jan 13, 2002 at 02:13:34AM +0100, Thomas Seyrat wrote:
...

> Your "Do not under any circumstances run BIND 4." was actually most
> frightening ...
...

Good.

It was probably intentional ...

--
Joe Yao js...@center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.

0 new messages