Update Changes and README to match 9.16 release
This commit is contained in:
parent
ce6a7853ac
commit
9a979d2e9c
45
Changes.md
45
Changes.md
@ -1,12 +1,43 @@
|
|||||||
= Changes in BIND9 package =
|
# Significant Changes in BIND9 package
|
||||||
|
|
||||||
== 9.14 ==
|
## BIND 9.16
|
||||||
|
|
||||||
- single thread support removed. Cannot provide bind-export-libs for DHCP
|
### New features
|
||||||
- lwres support completely removed. Both daemon and library
|
|
||||||
- common parts of daemon moved into libns shared library
|
- *libuv* is used for network subsystem as a mandatory dependency
|
||||||
|
- *dnssec-policy* support in named.conf is introduced, providing a a key and signing policy
|
||||||
|
([KASP](https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-Policy-(KASP)))
|
||||||
|
- *trusted-keys* and *managed-keys* are deprecated, replaced by *trust-anchors*
|
||||||
|
- *trust-anchors* support also anchor in a *DS* format, in addition to *DNSKEY* format
|
||||||
|
- **dig, mdig** and **delv** support **+yaml** parameter to print detailed machine parseable output
|
||||||
|
|
||||||
|
### Feature changes
|
||||||
|
|
||||||
|
- Static trust anchor and *dnssec-validation auto;* are incompatible and cause fatal error, when used together.
|
||||||
|
- *DS* and *CDS* now generates only SHA-256 digest, SHA-1 is no longer generated by default
|
||||||
|
- SipHash 2-4 DNS Cookie ([RFC 7873](https://www.rfc-editor.org/rfc/rfc7873.html) is now default).
|
||||||
|
Only AES alternative algorithm is kept, HMAC-SHA cookie support were removed.
|
||||||
|
- **dnssec-signzone** and **dnssec-verify** commands print output to stdout, *-q* parameter can silence them
|
||||||
|
|
||||||
|
### Features removed
|
||||||
|
|
||||||
|
- *dnssec-enable* option is obsolete, DNSSEC support is always enabled
|
||||||
|
- *dnssec-lookaside* option is deprecated and support for it removed from all tools
|
||||||
|
- *cleaning-interval* option is removed
|
||||||
|
|
||||||
|
### Upstream release notes
|
||||||
|
|
||||||
|
- [9.16.10 notes](https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10)
|
||||||
|
- [9.16.0 notes](https://downloads.isc.org/isc/bind9/9.16.0/doc/arm/html/notes.html#notes-for-bind-9-16-0)
|
||||||
|
|
||||||
|
## BIND 9.14
|
||||||
|
|
||||||
|
- single thread support removed. Cannot provide *bind-export-libs* for DHCP
|
||||||
|
- *lwres* support completely removed. Both daemon and library
|
||||||
|
- common parts of daemon moved into *libns* shared library
|
||||||
- introduced plugin for filtering aaaa responses
|
- introduced plugin for filtering aaaa responses
|
||||||
- some SDB utilities no longer supported
|
- some SDB utilities no longer supported
|
||||||
|
|
||||||
=== 9.14.7 ===
|
### Upstream release notes
|
||||||
[notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)
|
|
||||||
|
- [9.14.7 notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)
|
||||||
|
@ -22,11 +22,10 @@ The package contains several subpackages, some of them can be disabled on rebuil
|
|||||||
* **bind-utils** -- set of tools to analyse DNS responses or update entries (dig, host)
|
* **bind-utils** -- set of tools to analyse DNS responses or update entries (dig, host)
|
||||||
* **bind-doc** -- documentation for current bind, *BIND 9 Administrator Reference Manual*.
|
* **bind-doc** -- documentation for current bind, *BIND 9 Administrator Reference Manual*.
|
||||||
* **bind-license** -- Shared license for all packages but bind-export-libs.
|
* **bind-license** -- Shared license for all packages but bind-export-libs.
|
||||||
* **bind-sdb** -- *named* daemon built with support for [Dynamically Loadable Zones](http://bind-dlz.sourceforge.net/), interface to serve DNS names from external databases like LDAP or SQL. Can be disabled by `--without SDB`.
|
|
||||||
* **bind-pkcs11** -- *named* daemon built with native PKCS#11 support. Can be disabled by `--without PKCS11`.
|
* **bind-pkcs11** -- *named* daemon built with native PKCS#11 support. Can be disabled by `--without PKCS11`.
|
||||||
* **bind-libs** and **bind-libs-lite** -- Shared libraries used by some others programs
|
* **bind-libs** and **bind-libs-lite** -- Shared libraries used by some others programs
|
||||||
* **bind-export-libs** -- Special subset of libraries without support for threads. Used by *dhcp* package. Can be disabled by `--without EXPORT_LIBS`
|
* **bind-devel** -- Development headers for libs.
|
||||||
* **bind-devel** -- Development headers for libs. Can be disabled by `--without DEVEL`
|
* **bind-dlz-\*** -- Dynamic loadable [DLZ plugins](http://bind-dlz.sourceforge.net/) with support for external databases
|
||||||
|
|
||||||
|
|
||||||
## Optional features
|
## Optional features
|
||||||
|
Loading…
Reference in New Issue
Block a user