ISC is pleased to announce the first official release of BIND 9.14, 9.14.0.
This new release is available via the ISC downloads page:

Beginning in 2018 ISC adopted a new release numbering convention for BIND,
under which branches alternate between odd-numbered unstable/development
branches and even-numbered stable release branches.  BIND 9.14 is the first
stable release branch to be produced under this new system and represents
a culmination of the new features, feature improvements, and performance
work done during the past year in the BIND 9.13 development branch.

Major benefits introduced since the previous stable branch include:

  +  The BIND code has been substantially modernized and refactored.

+ Complexity and features which were no longer required have been removed.

  +  A new plug-in mechanism has been introduced.

  +  QNAME minimization reduces the amount of query information
     shared unnecessarily, with the intention of improving user privacy.

  +  Mirror zones support a better way of serving a local copy of the
     DNS root zone.

  +  The task manager and socket code have been significantly re-written
     to improve performance.

As with any new major branch debut, BIND 9.14.0 has some significant
differences from the previous stable branch.  A number of these concern
optional configuration-time choices which are no longer supported in
the new branch.

For the benefit of our users who have not been tracking the 9.13 development
branch and are encountering some of these changes for the first time,
a PARTIAL list of configuration and support changes follows:

  +  OpenSSL support is now required to build BIND.

  +  While IPv6 connectivity is not required, OS, library, and header
     file support for IPv6 functionality is required to build BIND.

  +  POSIX threading support is now presumed on UNIX-like systems.

  +  Build support for some very old legacy systems has been dropped.

Also, we have had a few late discoveries, based on feedback received from
testers during the Release Candidate stage, that may represent impediments
to operators who are configuring BIND with very uncommon build-time
configuration selections or running BIND with a quite rare configuration
in named.conf.  Two that we especially wish to highlight are:

  +  A problem has been discovered in 9.14.0 when building with the
     ./configure option "--with-dlopen=no".  Conflict between this
     option and the build requirements for plugins results in a broken

  +  Feedback from early testers has convinced us that we should revert
a change in the behavior of the "allow-update" and "allow-update-forwarding" statements. Previously these statements were not limited regarding the allowed scope in named.conf. While including them in the global options section was generally not advisable [unless they were qualified by further
     arguments, such as ones requiring a TSIG key], it was permissible in
     previous BIND branches.  BIND 9.14.0 enforces a requirement that those
commands not be defined at a global scope, but this means that previously valid named.conf files which define these options at that level are now rejected by named and named-checkconf as being in error. We do strongly
     recommend that people scope these statements appropriately but after
     considering feedback from testers we have decided that in 9.14.1 the
     change in behavior will be altered so that such declarations are only
     flagged with a warning message, not blocked as an error.  However,
     this feedback reached us late in the release process and we decided
not to postpone our schedule to accommodate what we believe to be a very
     uncommon configuration choice.  Those who wish to build BIND 9.14.0
     but who rely on this behavior for some reason may request,
     from, an early copy of the patch diff for
     the change which will be included in 9.14.1

A great deal of work has gone into this new branch of BIND and we hope you'll
enjoy the results.

Michael McNally
ISC Support
bind-announce mailing list

Reply via email to