BIND 10 - 1.0.0 Release Candidate Welcome to the first release candidate toward the first production BIND 10 1.0.0 release. BIND 10 provides a C++ library for DNS (with python wrappers) and several cooperating daemons for providing authoritative DNS service (with in-memory and SQLite3 backends and DNSSEC support), dynamic DNS, zone transfers, and experimental forwarding and recursive name service. Supplementary components are included for statistics collection and reporting and remote configuration and control. This version of BIND 10 also includes the latest snapshot of the BIND 10 DHCP development. The snapshot includes a C++ library for DHCP and two DHCP servers, one for IPv4 and one for IPv6. Features of these servers are: * Able to allocate and renew addresses, and handle lease expiration and releases. * Supports a subset of clients: - DHCPv4 clients connected to the server via a relay. - DHCPv6 clients on the same LAN as the server. * Able to configure values for standard options returned to a client, either globally or on a per-subnet basis. * Able to define new options and configure them in the same way as standard options. * Leases are stored in a MySQL database. * Configuration, logging and process control uses the same mechanisms as the BIND 10 DNS server. Note: The default testing account and password for bindctl/b10-cmdctl is now removed; a new account for remote configuration and control can be created with b10-cmdctl-usermgr, for example: b10-cmdctl-usermgr --file /usr/local/etc/bind10/cmdctl-accounts.csv We are looking for testers to provide feedback about using this release candidate. For more information about BIND 10, the release schedule, and the community testing plans, please see: http://bind10.isc.org/wiki/ProductionRelease Documentation is included and also available via the BIND 10 website at http://bind10.isc.org/ The bind10-1.0.0-rc source may be downloaded from: ftp://ftp.isc.org/isc/bind10/1.0.0-rc/bind10-1.0.0-rc.tar.gz A PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind10/1.0.0-rc/bind10-1.0.0-rc.tar.gz.sha512.asc The signature was generated with the ISC code signing key which is available at https://www.isc.org/about/openpgp A summary of the significant changes since the previous release include (from the ChangeLog): 580. [func]* muks There is no longer a default user account. The old default account with username 'root' has been removed. In a fresh installation of BIND 10, the administrator has to configure a user account using the b10-cmdctl-usermgr program. (Trac #2641, git 54e8f4061f92c2f9e5b8564240937515efa6d934) 579. [bug] jinmei libdatasrc/b10-auth: corrected some corner cases in query handling of in-memory data source that led to the following invalid/odd responses from b10-auth: - duplicate RRs in answer and additional for type ANY query - incorrect NSEC for no error, no data (NXRRSET) response that matches a wildcard (Trac #2585, git abe78fae4ba3aca5eb01806dd4e05607b1241745) 578. [bug] jinmei b10-auth now returns closest encloser NSEC3 proof to queries for an empty non terminal derived from an Opt-Out NSEC RR, as clarified in errata 3441 for RFC5155. Previously it regarded such case as broken zone and returned SERVFAIL. (Trac #2659, git 24c235cb1b379c6472772d340e21577c3460b742) 577. [func] muks Added an SQLite3 index on records(rname, rdtype). This decreases insert performance by ~28% and adds about ~20% to the file size, but increases zone iteration performance. As it introduces a new index, a database upgrade would be required. (Trac #1756, git 9b3c959af13111af1fa248c5010aa33ee7e307ee) 576. [bug] tmark, tomek b10-dhcp6: Fixed bug when the server aborts operation when receiving renew and there are no IPv6 subnets configured. (Trac #2719, git 3132b8b19495470bbfd0f2ba0fe7da443926034b) 575. [bug] marcin b10-dhcp6: Fixed the bug whereby the subnet for the incoming packet was selected using only its source address. The subnet is now selected using either source address or the name of the server's interface on which the packet has been received. (Trac #2704, git 1cbacf19a28bdae50bb9bd3767bca0147fde37ed) 574. [func] tmark b10-dhcp4, b10-dhcp6: Composite key indexes were added to the lease tables to reduce lease search time. The lease4 table now has two additional indexes: a) hwaddr/subnet_id and b) client_id/subnet_id. The lease6 now has the one additional index: iaid/subnet_id/duid. Adding these indexes significantly improves lease acquisition performance. (Trac #2699,#2703, git 54bbed5fcbe237c5a49b515ae4c55148723406ce) 573. [bug] stephen Fixed problem whereby the DHCP server crashed if it ran out of addresses. Such a condition now causes a packet to be returned to the client refusing the allocation of an address. (Trac #2681, git 87ce14cdb121b37afb5b1931af51bed7f6323dd6) 572. [bug] marcin perfdhcp: Fixed bug where the command line switches used to run the perfdhcp where printed as ASCII codes. (Trac #2700, git b8d6b949eb7f4705e32fbdfd7694ca2e6a6a5cdc) 571. [build] jinmei The ./configure script can now handle output from python-config --ldflags that contains a space after -L switches. This fixes failure reported on some Solaris environments. (Trac #2661, git e6f86f2f5eec8e6003c13d36804a767a840d96d6) 570. [bug] tmark, marcin, tomek b10-dhcp4: Address renewal now works properly for DHCPv4 clients that do not send client ID. (Trac #2702, git daf2abe68ce9c111334a15c14e440730f3a085e2) 569. [bug] tomek b10-dhcp4: Fix bug whereby a DHCP packet without a client ID could crash the MySQL lease database backend. (Trac #2697, git b5e2be95d21ed750ad7cf5e15de2058aa8bc45f4) 568. [func] muks Various message IDs have been renamed to remove the word 'ERROR' from them when they are not logged at ERROR severity level. (Trac #2672, git 660a0d164feaf055677f375977f7ed327ead893e) 567. [doc] marcin, stephen, tomek Update DHCP sections of the BIND 10 guide. (Trac #2657, git 1d0c2004865d1bf322bf78d13630d992e39179fd) 566. [func]* jinmei libdns++/Python isc.dns: In Python isc.dns, function style constants for RRType, RRClass, Rcode and Opcode were deprecated and replaced with straightforward object constants, e.g., from RRType.AAAA() to RRType.AAAA. This is a backward incompatible change (see the Trac ticket for a conversion script if needed). Also, these constants are now more consistent between C++ and Python, and RRType constants for all currently standardized types are now supported (even if Rdata for these are not yet available). (Trac #1866 and #2409, git e5005185351cf73d4a611407c2cfcd163f80e428) 565. [func]* jelte The main initializer script (formerly known as either 'bind10', 'boss', or 'bob'), has been renamed to b10-init (and Init in configuration). Configuring which components are run is henceforth done through '/Init/components', and the sbin/bind10 script is now simply a shellscript that runs b10-init. Existing configuration is automatically updated. NOTE: once configuration with this update has been saved (by committing any new change with bindctl), you cannot run older versions of BIND 10 anymore with this configuration. (Trac #1901, git bae3798603affdb276f370c1ac6b33b011a5ed4f) 564. [func] muks libdns++: the CNAME, DNAME, MX, NS, PTR and SRV Rdata classes now use the generic lexer in constructors from text. This means that the name fields in such RRs in a zone file can now be non-absolute (the origin name in that context will be used), e.g., when loaded by b10-loadzone. One additional change to the libdns++ API is that the existing string constructors for these Rdata classes also use the generic lexer, and they now expect an absolute name (with the trailing '.') in the name fields. (Trac #2390, git a01569277cda3f78b1171bbf79f15ecf502e81e2) (Trac #2656, git 5a0d055137287f81e23fbeedd35236fee274596d) 563. [build] jinmei Added --disable-rpath configure option to avoid embedding library paths to binaries. Patch from Adam Tkac. (Trac #2667, git 1c50c5a6ee7e9675e3ab154f2c7f975ef519fca2) 562. [func]* vorner The b10-xfrin now performs basic sanity check on just received zone. It'll reject severely broken zones (such as missing NS records). (Trac #2439, git 44699b4b18162581cd1dd39be5fb76ca536012e6) 561. [bug] kambe, jelte b10-stats-httpd no longer dumps request information to the console, but uses the bind10 logging system. Additionally, the logging identifiers have been changed from STATHTTPD_* to STATSHTTPD_* (Trac #1897, git 93716b025a4755a8a2cbf250a9e4187741dbc9bb) 560. [bug] jinmei b10-auth now sets the TTL of SOA RR for negative responses to the minimum of the RR TTL and the minimum TTL of the SOA RDATA as specified in RFC2308; previously the RR TTL was always used. The ZoneFinder class was extended partly for implementing this and partly for allowing further optimization. (Trac #2309 and #2635, git ee17e979fcde48b59d91c74ac368244169065f3b) 559. [bug] jelte b10-cmdctl no longer aborts on basic file issues with its https certificate or private key file. It performs additional checks, and provides better error logs if these fail. Additionally, bindctl provides a better error report if it is unable to connect over https connection. This issue could occur if BIND 10 was installed with root privileges but then started as a normal user. (Trac #2595, git 09b1a2f927483b407d70e98f5982f424cc872149) 558. [func] marcin b10-dhcp4: server now adds configured options to its responses to a client when client requests them. A few basic options: Routers, Domain Name, Domain Name Servers and Subnet Mask are added regardless if client requested them or not. (Trac #2591, git aeec2dc1b9c511d17971ac63138576c37e7c5164) 557. [doc] stephen Update DHCP sections of the BIND 10 guide. (Trac #2642, git e5faeb5fa84b7218fde486347359504cf692510e) 556. [bug] marcin Fixed DHCP servers configuration whereby the servers did not receive a configuration stored in the database on their startup. Also, the configuration handler function now uses full configuration instead of partial to configure the server. This guarantees that dependencies between various configuration parameters are fulfilled. (Trac #2637, git 91aa998226f1f91a232f2be59a53c9568c4ece77) 555. [func] marcin The encapsulated option space name can be specified for a DHCP option. It comprises sub-options being sent within an option that encapsulates this option space. (Trac #2314, git 27e6119093723a1e46a239ec245a8b4b10677635) 554. [func] jinmei b10-loadzone: improved completion log message and intermediate reports: It now logs the precise number of loaded RRs on completion, and intermediate reports show additional information such as the estimated progress in percentage and estimated time to complete. (Trac #2574, git 5b8a824054313bdecb8988b46e55cb2e94cb2d6c) 553. [func] stephen Values of the parameters to access the DHCP server lease database can now be set through the BIND 10 configuration mechanism. (Trac #2559, git 6c6f405188cc02d2358e114c33daff58edabd52a) 552. [bug] shane Build on Raspberry PI. The main issue was use of char for reading from input streams, which is incorrect, as EOF is returned as an int -1, which would then get cast into a char -1. A number of other minor issues were also fixed. (Trac #2571, git 525333e187cc4bbbbde288105c9582c1024caa4a) 551. [bug] shane Kill msgq if we cannot connect to it on startup. When the boss process was unable to connect to the msgq, it would exit. However, it would leave the msgq process running. This has been fixed, and the msgq is now stopped in this case. (Trac #2608, git 016925ef2437e0396127e135c937d3a55539d224) 550. [func] tomek b10-dhcp4: The DHCPv4 server now generates a server identifier the first time it is run. The identifier is preserved in a file across server restarts. b10-dhcp6: The server identifier is now preserved in a file across server restarts. (Trac #2597, git fa342a994de5dbefe32996be7eebe58f6304cff7) 549. [func] tomek b10-dhcp6: It is now possible to specify that a configured subnet is reachable locally over specified interface (see "interface" parameter in Subnet6 configuration). (Trac #2596, git a70f6172194a976b514cd7d67ce097bbca3c2798) 548. [func] vorner The message queue daemon now appears on the bus. This has two effects, one is it obeys logging configuration and logs to the correct place like the rest of the modules. The other is it appears in bindctl as module (but it doesn't have any commands or configuration yet). (Trac #2582, git ced31d8c5a0f2ca930b976d3caecfc24fc04634e) 547. [func]* vorner The b10-loadzone now performs more thorough sanity check on the loaded data. Some of the checks are now fatal and zone failing them will be rejected. (Trac #2436, git 48d999f1cb59f308f9f30ba2639521d2a5a85baa) 546. [func] marcin DHCP option definitions can be now created using the Configuration Manager. The option definition specifies the option code, name and the types of the data being carried by the option. The Configuration Manager reports an error on attempt to override standard DHCP option definition. (Trac #2317, git 71e25eb81e58a695cf3bad465c4254b13a50696e) 545. [func] jinmei libdns++: the SOA Rdata class now uses the generic lexer in constructors from text. This means that the MNAME and RNAME of an SOA RR in a zone file can now be non absolute (the origin name in that context will be used), e.g., when loaded by b10-loadzone. (Trac #2500, git 019ca218027a218921519f205139b96025df2bb5) 544. [func] tomek b10-dhcp4: Allocation engine support for IPv4 added. Currently supported operations are server selection (Discover/Offer), address assignment (Request/Ack), address renewal (Request/Ack), and address release (Release). Expired leases can be reused. Some options (e.g. Router Option) are still hardcoded, so the DHCPv4 server is not yet usable, although its address allocation is operational. (Trac #2320, git 60606cabb1c9584700b1f642bf2af21a35c64573) 543. [func]* jelte When calling getFullConfig() as a module, , the configuration is now returned as properly-structured JSON. Previously, the structure had been flattened, with all data being labelled by fully-qualified element names. (Trac #2619, git bed3c88c25ea8f7e951317775e99ebce3340ca22) 542. [func] marcin Created OptionSpace and OptionSpace6 classes to represent DHCP option spaces. The option spaces are used to group instances and definitions of options having uniqe codes. A special type of option space is the so-called "vendor specific option space" which groups sub-options sent within Vendor Encapsulated Options. The new classes are not used yet but they will be used once the creation of option spaces by configuration manager is implemented. (Trac #2313, git 37a27e19be874725ea3d560065e5591a845daa89) 541. [func] marcin Added routines to search for configured DHCP options and their definitions using name of the option space they belong to. New routines are called internally from the DHCPv4 and DHCPv6 servers code. (Trac #2315, git 741fe7bc96c70df35d9a79016b0aa1488e9b3ac8) 540. [func] marcin DHCP Option values can be now specified using a string of tokens separated with comma sign. Subsequent tokens are used to set values for corresponding data fields in a particular DHCP option. The format of the token matches the data type of the corresponding option field: e.g. "192.168.2.1" for IPv4 address, "5" for integer value etc. (Trac #2545, git 792c129a0785c73dd28fd96a8f1439fe6534a3f1) 539. [func] stephen Add logging to the DHCP server library. (Trac #2524, git b55b8b6686cc80eed41793c53d1779f4de3e9e3c) 538. [bug] muks Added escaping of special characters (double-quotes, semicolon, backslash, etc.) in text-like RRType's toText() implementation. Without this change, some TXT and SPF RDATA were incorrectly stored in SQLite3 datasource as they were not escaped. (Trac #2535, git f516fc484544b7e08475947d6945bc87636d4115) 537. [func] tomek b10-dhcp6: Support for RELEASE message has been added. Clients are now able to release their non-temporary IPv6 addresses. (Trac #2326, git 0974318566abe08d0702ddd185156842c6642424) 536. [build] jinmei Detect a build issue on FreeBSD with g++ 4.2 and Boost installed via FreeBSD ports at ./configure time. This seems to be a bug of FreeBSD ports setup and has been reported to the maintainer: http://www.freebsd.org/cgi/query-pr.cgi?pr=174753 Until it's fixed, you need to build BIND 10 for FreeBSD that has this problem with specifying --without-werror, with clang++ (development version), or with manually extracted Boost header files (no compiled Boost library is necessary). (Trac #1991, git 6b045bcd1f9613e3835551cdebd2616ea8319a36) 535. [bug] jelte The log4cplus internal logging mechanism has been disabled, and no output from the log4cplus library itself should be printed to stderr anymore. This output can be enabled by using the compile-time option --enable-debug. (Trac #1081, git db55f102b30e76b72b134cbd77bd183cd01f95c0) 534. [func]* vorner The b10-msgq now uses the same logging format as the rest of the system. However, it still doesn't obey the common configuration, as due to technical issues it is not able to read it yet. (git 9e6e821c0a33aab0cd0e70e51059d9a2761f76bb) Thanks again to those who contributed bug reports, code, and reviews. Bugs may be reported as tickets via the developers website (after logging into Trac) at: http://bind10.isc.org/ Please feel free to participate and share your feedback on the BIND 10 mailing lists: https://lists.isc.org/mailman/listinfo/bind10-users https://lists.isc.org/mailman/listinfo/bind10-dev Jeremy C. Reed ISC Release Engineering