BIND version 9.14 requires IPv6 and DNSSEC

It's no longer possible to compile the BIND DNS suite without support for DNSSEC and IPv6. From (development) version 9.13, POSIX Threads (pthreads), the Advanced Sockets API for IPv6 (RFC 3542) and the OpenSSL cryptography library are required for building BIND, together with a PKCS#11 provider for DNSSEC signing and validation in appropriate cases. Because all modern platforms support those facilities, ISC's developers do not expect the change to create problems.

Furthermore, DNSSEC validation will be enabled by default ('dnssec-validation auto'). A new 'validate-except' option is being added to allow users to specify (sub)domains that do not require validation. The new feature is similar to the 'rndc nta' command for specifying negative trust anchors.

Don't disable IPv6!

Not long ago, we warned that disabling IPv6 in order to "resolve" connection problems is a very bad idea. The reason being that IPv6 is integral to the Windows operating system. Consequently, applications are no longer tested at all in situations where IPv6 is disabled.

DNS Flag Day

As well as making the changes described above, BIND's developers have used the upcoming release (from version 9.13.3) to remove redundant old code from their software. More specifically, they have deleted the EDNS workarounds for old versions of UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX. The clean-up is linked to DNS Flag Day, a joint initiative by all major DNS software and service providers.

Comments

  • Friday 21 December 2018

    Knowledge

    Register for The State of the Internet 2019

    Thumb-internet-mapping

    15 January at OBA Theatre, Amsterdam

    Read more
  • Wednesday 3 October 2018

    SIDN Labs

    New Franco-Dutch research project on automatic classification of domain name abuse

    Thumb-compromised-vs-maliciously-registered

    Compromised vs. maliciously registered

    Read more
  • Friday 1 June 2018

    About SIDN

    Malicious website detector wins fourth Dutch Open Hackathon

    Thumb-DOH2018-winners

    CrimeBusterBot voted best of 23 competing teams' creations

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.