BIND 9.2.0 Release Notes
Table Of Contents
- 1 New Features
- BIND 8.1.2 Features Supported on HP-UX 11.0
- New BIND 9.2.0 Features
- Incremental Zone Transfer
- DNS Security
- Dynamic DNS Update
- TSIG-Based Security
- Lightweight Resolver Library and Daemon
- Improved Logging Mechanism
- Extended Configuration Syntax and Options
- New Options in options Statement
- New Option in “server” Statement
- New Options in “zone” Statement
- named-checkconf
- named-checkzone
- rndc
- Generating rndc.conf File
- New Command Line Options
- Changed Features
- Unsupported Features
- 2 Installation Information
- 3 Documentation
- 4 Known Problems, Limitation and Defect Fixes
New Features
New BIND 9.2.0 Features
Chapter 116
prematurely so that the limit is not exceeded. In a server with
multiple views, the limit applies separately to the cache of each view.
The default is unlimited, meaning that records are purged from the
cache only when their TTLs expire.
New Option in “server” Statement
The bogus option can be used to prevent queries to a remote server
which is giving out invalid data. The default value of bogus is no. The
syntax of bogus option in the “server” statement is as shown below:
[ bogus yes_or_no ; ]
New Options in “zone” Statement
The following are the new zone options added in BIND 9.2.0:
• update-policy
This is applicable only for master zones. When specified, one should
ensure that allow-update is not present, else it is an error. A set of
rules are specified, where each rule either grants or denies
permissions for one or more names to be updated by one or more
identities. If the dynamic update request message is signed (that is,
it includes either a TSIG or SIG(0) record), the identity of the signer
will be determined.
A rule definition looks like this:
(grant | deny ) identity nametype name [ types ]
Each rule grants or denies privileges. Once a message has
successfully matched a rule, the operation is immediately granted or
denied and no further rules are examined.
The identity field specifies a name or a wildcard name. The nametype
field has 4 values, name, subdomain, wildcard, and self.
If the nametype field is not specified, the rule matches all types
except SIG, NS, SOA, and NXT Resource Records. Types may be
specified by name, including "ANY" (ANY matches all types except
NXT, which can never be updated).
• max-transfer-time-out
This option is used to specify the time period for which Outbound
zone transfers will run. Default is 2 hrs.