BIND 9.3.6 Beta 1 is now available. BIND 9.3.6b1 is a beta maintenance release of BIND 9.3. BIND 9.3.6b1 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.3.6b1/bind-9.3.6b1.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.3.6b1/bind-9.3.6b1.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.3.6b1/bind-9.3.6b1.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.3.6b1/bind-9.3.6b1.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at . NOTE: Windows 2000 and Windows NT are no longer supported. A binary kit for Windows XP, Windows 2003 and Windows 2008 is at ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.zip ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.debug.zip The PGP signature of the binary kit for Windows XP, Windows 2003 and Windows 2008 is at ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.zip.asc ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.3.6b1/BIND9.3.6b1.debug.zip.sha512.asc Changes since 9.3.5: --- 9.3.6b1 released --- 2443. [bug] win32: UDP connect() would not generate an event, and so connected UDP sockets would never clean up. Fix this by doing an immediate WSAConnect() rather than an io completion port type for UDP. 2438. [bug] Timeouts could be logged incorrectly under win32. [RT #18617] 2437. [bug] Sockets could be closed too early, leading to inconsistent states in the socket module. [RT #18298] 2436. [security] win32: UDP client handler can be shutdown. [RT #18576] 2432. [bug] More Windows socket handling improvements. Stop using I/O events and use IO Completion Ports throughout. Rewrite the receive path logic to make it easier to support multiple simultaneous requestrs in the future. Add stricter consistency checking as a compile-time option (define ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off). 2430. [bug] win32: isc_interval_set() could round down to zero if the input was less than NS_INTERVAL nanoseconds. Round up instead. [RT #18549] 2429. [doc] nsupdate should be in section 1 of the man pages. [RT #18283] 2426. [bug] libbind: inet_net_pton() can sometimes return the wrong value if excessively large netmasks are supplied. [RT #18512] 2425. [bug] named didn't detect unavailable query source addresses at load time. [RT #18536] 2424. [port] configure now probes for a working epoll implementation. Allow the use of kqueue, epoll and /dev/poll to be selected at compile time. [RT #18277] 2422. [bug] Handle the special return value of a empty node as if it was a NXRRSET in the validator. [RT #18447] 2421. [func] Add new command line option '-S' for named to specify the max number of sockets. [RT #18493] Use caution: this option may not work for some operating systems without rebuilding named. 2420. [bug] Windows socket handling cleanup. Let the io completion event send out cancelled read/write done events, which keeps us from writing to memeory we no longer have ownership of. Add debugging socket_log() function. Rework TCP socket handling to not leak sockets. 2417. [bug] Connecting UDP sockets for outgoing queries could unexpectedly fail with an 'address already in use' error. [RT #18411] 2416. [func] Log file descriptors that cause exceeding the internal maximum. [RT #18460] 2414. [bug] A masterdump context held the database lock too long, causing various troubles such as dead lock and recursive lock acquisition. [RT #18311, #18456] 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442] 2412. [bug] win32: address a resourse leak. [RT #18374] 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE for select(). To enable this, set ISC_SOCKET_MAXSOCKETS at compilation time. [RT #18433] 2410. [bug] Correctly delete m_versionInfo. [RT #18432] 2408. [bug] A duplicate TCP dispatch event could be sent, which could then trigger an assertion failure in resquery_response(). [RT #18275] 2407. [port] hpux: test for sys/dyntune.h. [RT #18421] 2404. [port] hpux: files unlimited support. 2403. [bug] TSIG context leak. [RT #18341] 2402. [port] Support Solaris 2.11 and over. [RT #18362] 2401. [bug] Expect to get E[MN]FILE errno internal_accept() (from accept() or fcntl() system calls). [RT #18358] 2399. [bug] Abort timeout queries to reduce the number of open UDP sockets. [RT #18367] 2398. [bug] Improve file descriptor management. New, temporary, named.conf option reserved-sockets, default 512. [RT #18344] 2396. [bug] Don't set SO_REUSEADDR for randomized ports. [RT #18336] 2395. [port] Avoid warning and no effect from "files unlimited" on Linux when running as root. [RT #18335] 2394. [bug] Default configuration options set the limit for open files to 'unlimited' as described in the documentation. [RT #18331] 2392. [bug] remove 'grep -q' from acl test script, some platforms don't support it. [RT #18253] 2391 [port] hpux: cover additional recvmsg() error codes. [RT #18301] 2390 [bug] dispatch.c could make a false warning on 'odd socket'. [RT #18301]. 2389 [bug] Move the "working directory writable" check to after the ns_os_changeuser() call. [RT #18326] 2386. [func] Add warning about too small 'open files' limit. [RT #18269] 2385. [bug] A condition variable in socket.c could leak in rare error handling [RT #17968]. 2384. [security] Additional support for query port randomization (change #2375) including performance improvement and port range specification. [RT #17949, #18098] 2383. [bug] named could double queries when they resulted in SERVFAIL due to overkilling EDNS0 failure detection. [RT #18182] 2382. [doc] Add a description SSHFP to ARM. 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET proofs which, in turn, caused validation failures for insecure zones immediately below a secure zone the server was authoritative for. [RT #18112] 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant TLDs and supported RRs with TTLs [RT #17972] 2377. [bug] Address race condition in dnssec-signzone. [RT #18142] 2376. [bug] Change #2144 was not complete. 2375. [security] Fully randomize UDP query ports to improve forgery resilience. [RT #17949] 2369. [bug] libbind: Array bounds overrun on read in bitncmp(). [RT #18054] 2364. [bug] named could trigger an assertion when serving a malformed signed zone. [RT #17828] 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;". [RT #17513] 2361. [bug] "recursion" statistics counter could be counted multiple times for a single query. [RT #17990] 2358. [doc] Update host's default query description. [RT #17934] 2356. [bug] Built in mutex profiler was not scalable enough. [RT #17436] 2353. [func] libbind: nsid support. [RT #17091] 2350. [port] win32: IPv6 support. [RT #17797] 2347. [bug] Delete now traverses the RB tree in the canonical order. [RT #17451] 2345. [bug] named-checkconf failed to detect when forwarders were set at both the options/view level and in a root zone. [RT #17671] 2344. [bug] Improve "logging{ file ...; };" documentation. [RT #17888] 2343. [bug] (Seemingly) duplicate IPv6 entries could be created in ADB. [RT #17837] 2341. [bug] libbind: add missing -I../include for off source tree builds. [RT #17606] 2340. [port] openbsd: interface configuration. [RT #17700] 2335. [port] sunos: libbind and *printf() support for long long. [RT #17513] 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one bug in fromstruct_txt(). [RT #17609] 2333. [bug] Fix off by one error in isc_time_nowplusinterval(). [RT #17608] 2332. [contrib] query-loc-0.4.0. [RT #17602] 2331. [bug] Failure to regenerate any signatures was not being reported nor being past back to the UPDATE client. [RT #17570] 2330. [bug] Remove potential race condition when handling over memory events. [RT #17572] WARNING: API CHANGE: over memory callback function now needs to call isc_mem_waterack(). See for details. 2329. [bug] Clearer help text for dig's '-x' and '-i' options. 2325. [port] Linux: use capset() function if available. [RT #17557]