BIND version 9.14 requires IPv6 and DNSSEC

It's no longer possible to compile the BIND DNS suite without support for DNSSEC and IPv6. From (development) version 9.13, POSIX Threads (pthreads), the Advanced Sockets API for IPv6 (RFC 3542) and the OpenSSL cryptography library are required for building BIND, together with a PKCS#11 provider for DNSSEC signing and validation in appropriate cases. Because all modern platforms support those facilities, ISC's developers do not expect the change to create problems.

Furthermore, DNSSEC validation will be enabled by default ('dnssec-validation auto'). A new 'validate-except' option is being added to allow users to specify (sub)domains that do not require validation. The new feature is similar to the 'rndc nta' command for specifying negative trust anchors.

Don't disable IPv6!

Not long ago, we warned that disabling IPv6 in order to "resolve" connection problems is a very bad idea. The reason being that IPv6 is integral to the Windows operating system. Consequently, applications are no longer tested at all in situations where IPv6 is disabled.

DNS Flag Day

As well as making the changes described above, BIND's developers have used the upcoming release (from version 9.13.3) to remove redundant old code from their software. More specifically, they have deleted the EDNS workarounds for old versions of UnixWare, BSD/OS, AIX, Tru64, SunOS, TruCluster and IRIX. The clean-up is linked to DNS Flag Day, a joint initiative by all major DNS software and service providers.


  • Monday 3 December 2018


    Average Dutch person on line with a smartphone for 60+ hours a month


    SIDN presents research results: Trends in Internet Use 2018

    Read more
  • Friday 14 June 2019

    About SIDN

    SIDN Fund introduces on-demand system for Pioneer Projects


    Grant applications considered and answered within six weeks

    Read more
  • Wednesday 11 September 2019

    Internet security

    Very last IPv4 addresses to be assigned later this year


    RIPE NCC scrapes together address block remnants

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.