Path to this page:
Subject: CVS commit: pkgsrc/net/bind99
From: Takahiro Kambe
Date: 2018-03-24 16:03:54
Message id: 20180324150354.E563CFB40@cvs.NetBSD.org
Log Message:
net/bind99: update to 9.9.12
New maintenance releases in the 9.9, 9.10, 9.11, and 9.12 branches of
BIND are now available.
Release notes can be found with the releases or in the ISC Knowledge Base:
9.9.12: https://kb.isc.org/article/AA-01596/0/9.9.12-Notes.html
9.10.7: https://kb.isc.org/article/AA-01595/0/9.10.7-Notes.html
9.11.3: https://kb.isc.org/article/AA-01597/0/9.11.3-Notes.html
9.12.1: https://kb.isc.org/article/AA-01598/0/9.12.1-Notes.html
Users who are migrating an existing BIND configuration to these new
versions should take special note of two changes in the behavior
of the "update-policy" statement which slightly change the behavior
of two update-policy options.
The first such change is discussed in greater length in the BIND
Operational Notification issued today:
https://kb.isc.org/article/AA-01599/update-policy-local-was-named-misleadingly
The second change to update-policy behavior concerns this change:
"update-policy rules that otherwise ignore the name field now
require that it be set to "." to ensure that any type list present
is properly interpreted. Previously, if the name field was omitted
from the rule declaration but a type list was present, it wouldn't
be interpreted as expected."
which is a correction to an ambiguous case that was previously allowed,
but which was capable of causing unexpected results when accidentally
applied. The new requirement eliminates is intended to eliminate the
confusion, which previously caused some operators to misapply security
policies. However, due to the new requirement, named configuration
files that relied on the previous behavior will no longer be accepted.
These changes should not affect most operators, even those using
"update-policy" to define Dynamic DNS permissions, but we would like
to draw your attention to them so that operators are informed about
the new behaviors.
Files: