BIND 9.7.1b1 is now available. BIND 9.7.1b1 is a beta version of the maintenance release for BIND 9.7. The managed-keys-directory option is known to be broken and a patch (namedconf.c.patch) is available. BIND 9.7.1b1 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.7.1b1/bind-9.7.1b1.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.7.1b1/bind-9.7.1b1.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/bind-9.7.1b1.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/bind-9.7.1b1.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at . A binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.zip ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.debug.zip The PGP signature of the binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.zip.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/BIND9.7.1b1.debug.zip.sha512.asc namedconf.c.patch: ftp://ftp.isc.org/isc/bind9/9.7.1b1/namedconf.c.patch ftp://ftp.isc.org/isc/bind9/9.7.1b1/namedconf.c.patch.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/namedconf.c.patch.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.1b1/namedconf.c.patch.sha512.asc Changes since 9.7.0. --- 9.7.1b1 released --- 2902. [func] Add regression test for change 2897. [RT #21040] 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316] 2900. [bug] The placeholder negative caching element was not properly constructed triggering a INSIST in dns_ncache_towire(). [RT #21346] 2899. [port] win32: Support linking against OpenSSL 1.0.0. 2898. [bug] nslookup leaked memory when -domain=value was specified. [RT #21301] 2897. [bug] NSEC3 chains could be left behind when transitioning to insecure. [RT #21040] 2896. [bug] "rndc sign" failed to properly update the zone when adding a DNSKEY for publication only. [RT #21045] 2895. [func] genrandom: add support for the generation of multiple files. [RT #20917] 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294] 2893. [bug] Improve managed keys support. New named.conf option managed-keys-directory. [RT #20924] 2892. [bug] Handle REVOKED keys better. [RT #20961] 2891. [maint] Update empty-zones list to match draft-ietf-dnsop-default-local-zones-13. [RT# 21099] 2890. [bug] Handle the introduction of new trusted-keys and DS, DLV RRsets better. [RT #21097] 2889. [bug] Elements of the grammar where not properly reported. [RT #21046] 2888. [bug] Only the first EDNS option was displayed. [RT #21273] 2887. [bug] Report the keytag times in UTC in the .key file, local time is presented as a comment within the comment. [RT #21223] 2886. [bug] ctime() is not thread safe. [RT #21223] 2885. [bug] Improve -fno-strict-aliasing support probing in configure. [RT #21080] 2884. [bug] Insufficient valadation in dns_name_getlabelsequence(). [RT #21283] 2883. [bug] 'dig +short' failed to handle really large datasets. [RT #21113] 2882. [bug] Remove memory context from list of active contexts before clearing 'magic'. [RT #21274] 2881. [bug] Reduce the amount of time the rbtdb write lock is held when closing a version. [RT #21198] 2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke consistent. [RT #21078] 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor. [RT #21106] 2878. [func] Incrementally write the master file after performing a AXFR. [RT #21010] 2877. [bug] The validator failed to skip obviously mismatching RRSIGs. [RT #21138] 2876. [bug] Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] 2875. [bug] dns_time64_fromtext() could accept non digits. [RT #21033] 2874. [bug] Cache lack of EDNS support only after the server successfully responds to the query using plain DNS. [RT #20930] 2873. [bug] Canceling a dynamic update via the dns/client module could trigger an assertion failure. [RT #21133] 2872. [bug] Modify dns/client.c:dns_client_createx() to only require one of IPv4 or IPv6 rather than both. [RT #21122] 2871. [bug] Type mismatch in mem_api.c between the definition and the header file, causing build failure with --enable-exportlib. [RT #21138] 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET. 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. [RT #20877] 2868. [cleanup] Run "make clean" at the end of configure to ensure any changes made by configure are integrated. Use --with-make-clean=no to disable. [RT #20994] 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers don't like it. [RT #20986] 2866. [bug] Windows does not like the TSIG name being compressed. [RT #20986] 2865. [bug] memset to zero event.data. [RT #20986] 2864. [bug] Direct SIG/RRSIG queries were not handled correctly. [RT #21050] 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU. [RT #21056] 2862. [bug] nsupdate didn't default to the parent zone when updating DS records. [RT #20896] 2861. [doc] dnssec-settime man pages didn't correctly document the inactivation time. [RT #21039] 2860. [bug] named-checkconf's usage was out of date. [RT #21039] 2859. [bug] When cancelling validation it was possible to leak memory. [RT #20800] 2858. [bug] RTT estimates were not being adjusted on ICMP errors. [RT #20772] 2857. [bug] named-checkconf did not fail on a bad trusted key. [RT #20705] 2856. [bug] The size of a memory allocation was not always properly recorded. [RT #20927] 2853. [bug] add_sigs() could run out of scratch space. [RT #21015] 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2851. [doc] nslookup.1, removed from the docbook source as it produced bad nroff. [RT #21007] 2850. [bug] If isc_heap_insert() failed due to memory shortage the heap would have corrupted entries. [RT #20951] --- 9.7.0 released ---