Operational Notification:

BIND 9.11.0 and 9.11.1 carries a number of integration problems with
LMDB (liblmdb) that will be addressed in BIND 9.11.2.

Posting date:      14 Jun 2017
Program Impacted:  BIND
Versions affected: BIND 9.11.0 -> 9.11.1.Px
                   (all versions of BIND 9.11.0 and 9.11.1)


    ISC will be releasing BIND 9.11.2 in July/August 2017 which will
    address integration issues with BIND's use of LMDB in BIND 9.11.0
    and 9.11.1.  Until then, our recommendation is that LMDB be

    Use of LMDB for the 'New Zone Database" (NZD) is a new feature in
    BIND 9.11, introduced in order to provide significant performance
    improvements during dynamic zone handling.  It is enabled by default
    when building BIND on a system that has liblmdb installed and some
    packagers of BIND 9.11 include this feature (along with the liblmdb
    dependency) in their distribution.


    Problems that may be encountered on servers with LMDB enabled and
    "allow-new-zones yes;" include:

    - Some new zones fail to persist following a restart, reload or
    - Zone deletions are incomplete leading to anomalies on restart
      and/or when re-adding zones
    - On a server that is started with the -u option, Issuing the
      commands "rndc reload" or "rndc reconfig" may result in named
      terminating unexpectedly
    - A deadlock (hang) of named sometimes occurs during concurrent
      dynamic zone operations


    - If building BIND 9.11 in an environment with liblmdb available,
      ensure that the integration is explicitly disabled by building
      BIND with the configure option --without-lmdb.
    - There are no run time options available to disable lmdb
      integration, therefore if you are running a pre-built (package)
      version of BIND 9.11.0 or 9.11.2 that provides LMDB integration
      along with installing liblmdb as a dependent package, we recommend
      contacting your provider to request an update.


    BIND 9.11.2 will be published in July/August 2017.  At that time it
    will become available for download from

Do you still have questions?  Questions regarding this advisory should
go to security-offi...@isc.org.  To report a new issue, please encrypt
your message using security-offi...@isc.org's PGP key which can be found
https://www.isc.org/downloads/software-support-policy/openpgp-key/.  If
you are unable to use encrypted email, you may also report new issues
at: https://www.isc.org/community/report-bug/.


    ISC patches only currently supported versions. When possible we
    indicate EOL versions affected.  (For current information on which
    versions are actively supported, please see

ISC Security Vulnerability Disclosure Policy:

    Details of our current security advisory policy and practice can be
    found here: https://kb.isc.org/article/AA-00861

This Knowledge Base article https://kb.isc.org/article/AA-01497 is the
complete and official operational notification document.

Legal Disclaimer:

    Internet Systems Consortium (ISC) is providing this notice on an "AS
    IS" basis. No warranty or guarantee of any kind is expressed in this
    notice and none should be implied. ISC expressly excludes and
    disclaims any warranties regarding this notice or materials referred
    to in this notice, including, without limitation, any implied
    warranty of merchantability, fitness for a particular purpose,
    absence of hidden defects, or of non-infringement. Your use or
    reliance on this notice or materials referred to in this notice is
    at your own risk. ISC may change this notice at any time.  A
    stand-alone copy or paraphrase of the text of this document that
    omits the document URL is an uncontrolled copy. Uncontrolled copies
    may lack important information, be out of date, or contain factual

(C) 2017 Internet Systems Consortium
bind-announce mailing list

Reply via email to