Release Notes for BIND Version 9.11.10

Introduction

   BIND 9.11 (Extended Support Version) is a stable branch of BIND. This
   document summarizes significant changes since the last production
   release on that branch.

   Please see the file CHANGES for a more detailed list of changes and bug
   fixes.

Download

   The latest versions of BIND 9 software can always be found at
   http://www.isc.org/downloads/. There you will find additional
   information about each release, source code, and pre-compiled versions
   for Microsoft Windows operating systems.

License Change

   With the release of BIND 9.11.0, ISC changed to the open source license
   for BIND from the ISC license to the Mozilla Public License (MPL 2.0).

   The MPL-2.0 license requires that if you make changes to licensed
   software (e.g. BIND) and distribute them outside your organization,
   that you publish those changes under that same license. It does not
   require that you publish or disclose anything other than the changes
   you made to our software.

   This requirement will not affect anyone who is using BIND, with or
   without modifications, without redistributing it, nor anyone
   redistributing it without changes. Therefore, this change will be
   without consequence for most individuals and organizations who are
   using BIND.

   Those unsure whether or not the license change affects their use of
   BIND, or who wish to discuss how to comply with the license may contact
   ISC at https://www.isc.org/mission/contact/.

Security Fixes

     * A race condition could trigger an assertion failure when a large
       number of incoming packets were being rejected. This flaw is
       disclosed in CVE-2019-6471. [GL #942]

New Features

     * The new GeoIP2 API from MaxMind is now supported when BIND is
       compiled using configure --with-geoip2. The legacy GeoIP API can be
       used by compiling with configure --with-geoip instead. (Note that
       the databases for the legacy API are no longer maintained by
       MaxMind.)
       The default path to the GeoIP2 databases will be set based on the
       location of the libmaxminddb library; for example, if it is in
       /usr/local/lib, then the default path will be
       /usr/local/share/GeoIP. This value can be overridden in named.conf
       using the geoip-directory option.
       Some geoip ACL settings that were available with legacy GeoIP,
       including searches for netspeed, org, and three-letter ISO country
       codes, will no longer work when using GeoIP2. Supported GeoIP2
       database types are country, city, domain, isp, and as. All of the
       databases support both IPv4 and IPv6 lookups. [GL #182]
     * A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added.
       [GL #605]
       If you are running multiple DNS Servers (different versions of BIND
       9 or DNS server from multiple vendors) responding from the same IP
       address (anycast or load-balancing scenarios), you'll have to make
       sure that all the servers are configured with the same DNS Cookie
       algorithm and same Server Secret for the best performance.
     * DS records included in DNS referral messages can now be validated
       and cached immediately, reducing the number of queries needed for a
       DNSSEC validation. [GL #964]

Bug Fixes

     * Glue address records were not being returned in responses to root
       priming queries; this has been corrected. [GL #1092]
     * Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
       cause unexpected results; this has been fixed. [GL #1106]
     * named-checkconf now checks DNS64 prefixes to ensure bits 64-71 are
       zero. [GL #1159]
     * named-checkconf could crash during configuration if configured to
       use "geoip continent" ACLs with legacy GeoIP. [GL #1163]
     * named-checkconf now correctly reports missing dnstap-output option
       when dnstap is set. [GL #1136]
     * Handle ETIMEDOUT error on connect() with a non-blocking socket. [GL
       #1133]

End of Life

   BIND 9.11 (Extended Support Version) will be supported until at least
   December, 2021. See
   https://www.isc.org/downloads/software-support-policy/ for details of
   ISC's software support policy.

Thank You

   Thank you to everyone who assisted us in making this release possible.
   If you would like to contribute to ISC to assist us in continuing to
   make quality open source software, please visit our donations page at
   http://www.isc.org/donate/.