This document summarizes significant changes since the last production release of BIND on the corresponding major release branch. Please see the CHANGES file for a further list of bug fixes and other changes.
The latest versions of BIND 9 software can always be found at http://www.isc.org/downloads/. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems.
As of BIND 9.9.11, Windows XP and Windows 2003 are no longer supported platforms for BIND; "XP" binaries are no longer available for download from ISC.
When recursion is enabled but the allow-recursion and allow-query-cache ACLs are not specified, they should be limited to local networks, but they were inadvertently set to match the default allow-query, thus allowing remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]
named now supports the "root key sentinel"
mechanism. This enables validating resolvers to indicate
which trust anchors are configured for the root, so that
information about root key rollover status can be gathered.
To disable this feature, add
root-key-sentinel no; to
rndc reload could cause named to leak memory if it was invoked before the zone loading actions from a previous rndc reload command were completed. [RT #47076]
BIND 9.9 (Extended Support Version) will be supported until June, 2018, at which time this final maintenance release will be published for the branch. The new Extended Support Version is BIND 9.11, which will be supported until at least December, 2021. See https://www.isc.org/downloads/software-support-policy/ for details of ISC's software support policy.
Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/donate/.