BIND version 9.14 requires IPv6 and DNSSEC

It's no longer possible to compile the BIND DNS suite without support for DNSSEC and IPv6. From (development) version 9.13, POSIX Threads (pthreads), the Advanced Sockets API for IPv6 (RFC 3542) and the OpenSSL cryptography library are required for building BIND, together with a PKCS#11 provider for DNSSEC signing and validation in appropriate cases. Because all modern platforms support those facilities, ISC's developers do not expect the change to create problems.

Furthermore, DNSSEC validation will be enabled by default ('dnssec-validation auto'). A new 'validate-except' option is being added to allow users to specify (sub)domains that do not require validation. The new feature is similar to the 'rndc nta' command for specifying negative trust anchors.

Don't disable IPv6!

Not long ago, we warned that disabling IPv6 in order to "resolve" connection problems is a very bad idea. The reason being that IPv6 is integral to the Windows operating system. Consequently, applications are no longer tested at all in situations where IPv6 is disabled.

DNS Flag Day

As well as making the changes described above, BIND's developers have used the upcoming release (from version 9.13.3) to remove redundant old code from their software. More specifically, they have deleted the EDNS workarounds for old versions of UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX. The clean-up is linked to DNS Flag Day, a joint initiative by all major DNS software and service providers.

Comments

  • Friday 22 September 2017

    Internet security

    Veiliginternetten.nl privacy awareness campaign

    Thumb-Campagne-Je-deelt-meer-dan-je-weet

    You're sharing more than you know, so think about your on-line privacy

    Read more
  • Friday 12 April 2019

    SIDN Labs

    Using machine learning to make the internet more secure

    Thumb-internet-network-background

    4 challenges we'll be tackling in the period ahead

    Read more
  • Tuesday 25 September 2018

    .nl domain name

    ACM becomes first government agency that can order SIDN to take down domain names

    Thumb-ACM

    We welcome the change

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.