Transition from BIND 9.9 to 9.10

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Transition from BIND 9.9 to 9.10

King, Harold Clyde (Hal)
I have not found any problems so far on my test machines, but I was wondering what changes there are to look forward to in moving from 9.9 to 9.10?


--
Hal King  - [hidden email]
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Transition from BIND 9.9 to 9.10

Mark Andrews

In message <[hidden email]>, "King, Harold Clyde
(Hal)" writes:
> I have not found any problems so far on my test machines, but I was wondering
>  what changes there are to look forward to in moving from 9.9 to 9.10?

9.10 and 9.11 are drop in replacements.  Basically all updates are
drop in replacements.

9.11 adds DNS COOKIE options to the out going requests.  This exposes
stupid firewall configurations and some broken handling of EDNS
queries.  https://ednscomp.isc.org/compliance/summary.html contain
graphs of how different populations of servers behave to different
EDNS extensions being used.  For the most part it just results in
additional queries being made as named falls back to plain DNS
queries when some of this misbehaviour is detected.  Echoing of the
option is currently ignored.

If the broken servers are also serving signed zones then lookups
will fail as responses to plain DNS queries do not contain RRSIGs.
Manual intervention is required to work with these servers but the
population of such servers is small.  I've got six entries in
named.conf.

e.g.
        server 117.56.91.234 { send-cookie false; };
        server 199.252/16 { send-cookie false; };

Unknown EDNS options are supposed to be ignored.

Mark

> --
> Hal King  - [hidden email]
> Systems Administrator
> Office of Information Technology
> Shared Systems Services
>
> The University of Tennessee
> 103C5 Kingston Pike Building
> 2309 Kingston Pk. Knoxville, TN 37996
> Phone : 974-1599
> Helpdesk 24/7 : 974-9900
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [hidden email]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Loading...