BIND version 9.14 requires IPv6 and DNSSEC

Default support for modern internet standards

It's no longer possible to compile the BIND DNS suite without support for DNSSEC and IPv6. From (development) version 9.13, POSIX Threads (pthreads), the Advanced Sockets API for IPv6 (RFC 3542) and the OpenSSL cryptography library are required for building BIND, together with a PKCS#11 provider for DNSSEC signing and validation in appropriate cases. Because all modern platforms support those facilities, ISC's developers do not expect the change to create problems.

Furthermore, DNSSEC validation will be enabled by default ('dnssec-validation auto'). A new 'validate-except' option is being added to allow users to specify (sub)domains that do not require validation. The new feature is similar to the 'rndc nta' command for specifying negative trust anchors.

Don't disable IPv6!

Not long ago, we warned that disabling IPv6 in order to "resolve" connection problems is a very bad idea. The reason being that IPv6 is integral to the Windows operating system. Consequently, applications are no longer tested at all in situations where IPv6 is disabled.

DNS Flag Day

As well as making the changes described above, BIND's developers have used the upcoming release (from version 9.13.3) to remove redundant old code from their software. More specifically, they have deleted the EDNS workarounds for old versions of UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX. The clean-up is linked to DNS Flag Day, a joint initiative by all major DNS software and service providers.

Comments

  • Monday 3 September 2018

    DNSSEC

    DNSSEC-validating DNS service: successful pilot completed

    Thumb-people-data-protection

    "It's high time access providers in the Netherlands enabled validation"

    Read more
  • Wednesday 25 July 2018

    SIDN Labs

    Students give SIDN Labs course thumbs up

    Thumb-employee-computer

    The course will be followed up

    Read more
  • Tuesday 20 November 2018

    Internet security

    DDoS protection prevents major losses for Dutch business community

    Thumb_SIDN_NBIP_report

    DDoS attacks could have cost unprotected businesses more than a billion euros

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.