Introduction BIND 9.8.7b1 is the first beta release of BIND 9.8.7. This document summarizes changes from BIND 9.8.6 to BIND 9.8.7b1. There was not a previous development release. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems. Support Professional support is provided by DNSco. Information about paid support options is available at http://www.dns-co.com/solutions/. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list/. Security Fixes Treat an all zero netmask as invalid when generating the localnets acl to work around bug on the Windows platform. [CVE-2013-6230] [RT #34687] Feature Changes Add the ability to specify ndots to "nslookup". [RT #34711] Check that EDNS subnet client options are well formed. [RT #34718] "named" now preserves the capitalization of names when responding to queries. [RT #34737] Use separate rate limiting queues for refresh and notify requests. [RT #30589] Adjust when a master server is deemed unreachable to be less aggressive. [RT #27075] Create delegations for all "children" of empty zones except "forward first". [RT #34826] Include a comment in .nzf files (used for adding new zones via "rndc"), giving the name of the associated view. [RT #34765] Changed the name of "isc-config.sh" developers script (for outputting compiler and linker flags) to "bind9-config". [RT #23825] Add "dig" option to keep the TCP socket open between successive queries (+[no]keepopen). [RT #34918] "named-checkconf -z" now checks zones of type hint as well as master. [RT #35046] Update config.guess and config.sub to add support for ppc64le (powerpc 64-bit Little Endian). [RT #35060] Update the Windows build system to support feature selection and WIN64 builds. This is a work in progress. [RT #34160] Add a more detailed "not found" message to "rndc" commands which specify a zone name. [RT #35059] Bug Fixes Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238] Fix "host" and "nslookup" so don't need dot after the domain by checking ndots when searching. Only continue searching on NXDOMAIN responses. [RT #34711] Handle changes to sig-validity-interval settings better. [RT #34625] Fix bug where journal filename string could be set incorrectly, causing garbage in log messages. [RT #34738] Check that EDNS subnet client options are well formed. [RT #34718] Address race condition with manual notify requests. [RT #34806] Fix Linux compilation issue when libcap-devel is installed. [RT #34838] Fix "host" failure if a UDP query timed out. [RT #34870] Address bugs in dns_rdata_fromstruct and dns_rdata_tostruct for WKS and ISDN types. [RT #34910] Updated OpenSSL PKCS#11 patches to fix active list locking and other bugs. [RT #34855] Fix cast in lex.c which could see 0xff treated as EOF. This fixes issue with potential bad data in a database used by DLZ or SDB. [RT #34993] Fix build issue on newer FreeBSD needing -lhx509 for GSSAPI build. [RT #35001] Address read after free in server side of lwres_getrrsetbyname. [RT #29075] Fix "nsupdate" memory leak if "realm" was used multiple times. [RT #35073] Fix "dig" for cleaning up TCP sockets still waiting on connect(). [RT #35074] Address bug in libdns loadnode function that could return a freed node on out of memory. [RT #35106] Thank You Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/donate/. (c) 2001-2013 Internet Systems Consortium