BIND version 9.14 requires IPv6 and DNSSEC
It's no longer possible to compile the BIND DNS suite without support for DNSSEC and IPv6. From (development) version 9.13, POSIX Threads (pthreads), the Advanced Sockets API for IPv6 (RFC 3542) and the OpenSSL cryptography library are required for building BIND, together with a PKCS#11 provider for DNSSEC signing and validation in appropriate cases. Because all modern platforms support those facilities, ISC's developers do not expect the change to create problems.
Furthermore, DNSSEC validation will be enabled by default ('dnssec-validation auto'). A new 'validate-except' option is being added to allow users to specify (sub)domains that do not require validation. The new feature is similar to the 'rndc nta' command for specifying negative trust anchors.
Don't disable IPv6!
Not long ago, we warned that disabling IPv6 in order to "resolve" connection problems is a very bad idea. The reason being that IPv6 is integral to the Windows operating system. Consequently, applications are no longer tested at all in situations where IPv6 is disabled.
DNS Flag Day
As well as making the changes described above, BIND's developers have used the upcoming release (from version 9.13.3) to remove redundant old code from their software. More specifically, they have deleted the EDNS workarounds for old versions of UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX. The clean-up is linked to DNS Flag Day, a joint initiative by all major DNS software and service providers.