Path: netnews.NCTU.edu.tw!news.nctu.edu.tw!spring.edu.tw!news-peer.gsl.net!news.maxwell.syr.edu!chi-news.cic.net!data.ramona.vix.com!vixie!nobody From: Paul Vixie Newsgroups: comp.protocols.dns.bind Subject: BIND 8.1.1 and BIND 4.9.6 announcement Followup-To: comp.protocols.dns.bind Date: 23 Jun 1997 22:51:38 -0700 Organization: Vixie Enterprises Lines: 104 Message-ID: X-Nntp-Posting-Host: wisdom.home.vix.com X-Newsreader: Gnus v5.3/Emacs 19.34 Approved: usenet@vix.com Xref: netnews.NCTU.edu.tw comp.protocols.dns.bind:2229 -----BEGIN PGP SIGNED MESSAGE----- Announcing BIND 8.1.1. If you are running BIND 8.1 you want to upgrade. Announcing BIND 4.9.6. If you are still running BIND-4 rather than BIND-8, you need the security patches contained herein. But, you should really just run BIND-8. (See below for motivation.) BIND is brought to you by the Internet Software Consortium, which provides publically available references of key portions of Internet infrastructure. Our 1997 sponsors include Usenix and Network Solutions. See for more details. The most recent security fix is for the trouble reported a while back on various mailing lists and recently demonstrated with a publically visible CGI script used to corrupt caches. Note that there is nothing we can really do about DNS Security until and unless either the SIG/KEY/NXT stuff, and possibly the TSIG stuff, are standardized and implemented. However, in the meanwhile, we can increase the DNS load on the Internet's backbone by about 40% by not caching anything which might be suspicious if only we'd be paranoid enough. Looks like from now on we're paranoid enough. BIND 8.1.1's changes from BIND 8.1-REL include: -> Improved security. -> libbind.a and .h files are installed under /usr/local/bind instead of under /usr/local. -> Bug fixes. -> Additional recipients of DNS Change Notification messages may be specified with the also-notify zone option. -> Added periodic interface scanning. -> New configuration options: dump-file, statistics-file, clean-interval, interface-interval, and statistics-interval. -> Ports to OpenBSD 2.1, SCO UnixWare 2.1.2, AIX 4. -> Etc, etc. (You should the CHANGES file now.) BIND 4.9.6's changes from BIND 4.9.5-P1 include: -> Improved security. -> Core leak plugged. -> Descriptor leak plugged. -> Named-xfer temporary files removed more often. -> Motorola 88K port included. -> Etc, etc. (You should the CHANGES file now.) BIND 8's features over BIND 4 are too numerous to mention here, but they include: -> DNS Dynamic Updates (RFC 2136). -> DNS Change Notification (RFC 1996). -> Completely new configuration syntax (and HTML docs for same). -> Flexible, categorized logging system (blackhole lame delegations!). -> IP-address-based access control for queries, zone transfers, and updates that may be specified on a zone-by-zone basis. -> More efficient zone transfers (no fork() on outbound!). -> Improved performance for servers with thousands of zones. -> get*by*() functions can now use Sun NIS if desired/available. -> Many bug fixes, including patches for all known security holes. Bob and I would like to thank Viraj Bais of Intel for his reference implementation of Dynamic DNS, which 8.1's dynamic DNS is built upon. We'd also like to thank everyone who has sent us bug reports, patches, or operating system ports. The release files are: BIND 8.1.1: ftp://ftp.isc.org/isc/bind/src/8.1.1/bind-src.tar.gz source code ftp://ftp.isc.org/isc/bind/src/8.1.1/bind-src.tar.gz.asc PGP sig ftp://ftp.isc.org/isc/bind/src/8.1.1/bind-doc.tar.gz documentation ftp://ftp.isc.org/isc/bind/src/8.1.1/bind-doc.tar.gz.asc PGP sig ftp://ftp.isc.org/isc/bind/src/8.1.1/bind-contrib.tar.gz contributions ftp://ftp.isc.org/isc/bind/src/8.1.1/bind-contrib.tar.gz.asc PGP sig BIND 4.9.6: ftp://ftp.isc.org/isc/bind/src/4.9.6/bind-4.9.6-REL.tar.gz whole thing ftp://ftp.isc.org/isc/bind/src/4.9.6/bind-4.9.6-REL.tar.gz.asc PGP sig The ".asc" files are PGP signatures for the kits, signed with the key. This key has been submitted to the MIT key ring with a lot of well known signatures on it. It can also be found at along with a lot of other ISC related material that we hope you'll glance through. There is a newish mailing list: . Submit bug reports to it so that both Bob Halley and Paul Vixie will see them, and they will be archived. This is not a mailing list in the traditional sense -- there are no external subscribers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBM69gAHcdkq6JcsfBAQEhQAQAx0BI0xPqEX0G8BmQUNlTsgXzHt8lrvIS 9AvgX0ADzT5BPc1nKHPYEeeG995ck4I7KiRCTaKldqJCptgrK48t8WVWQVarVFD7 W3HDqO9QTENbj4k/2ojvK9s9vNyoPKNgAAg9fWMUCxKm16N4LCfNpmCFJGMfk4ri yvgV8YBCrS4= =fn9f -----END PGP SIGNATURE-----