ECO kit NAMED-041_A053
NAMED-041_A053 - NAMED ECO kit Rev 4.1 for MultiNet V5.3A 15-Apr-2010
Copyright © 2010 Process Software, LLC
This kit updates MultiNet versions 5.3 Rev A and version 5.2 Rev A with
version 9.6.1-p3 of the Bind 9 Nameserver (NAMED.EXE), RNDC, and
NSUPDATE images.
NOTE : Due to the size of the Nameserver component, the supporting tools
(including DIG.EXE, DNSSEC-KEYGEN.EXE, DNSSEC-SIGNZONE.EXE, HOST.EXE,
NAMED-CHECKCONF.EXE, NAMED-CHECKZONE.EXE, and NSLOOKUP.EXE) can be found
in the ECO NAMED-TOOLS-010_A053 or later. The two ECOs are independent of
each other and can be installed at any time.
The ranking for this ECO is 1. The overall ranking for it is 0.
NAMED-041_A053 -- ECO Rank 1
-------------------------------------------------------------------------
The following changes have been made in this kit:
- Corrects a linker problem with the Itanium NAMED image which caused
the image to crash when the Cluster Service functionality was configured
(D/E 11009)
This kit also includes changes from previous ECOs:
- Corrects problem when using RNDC from a remote host to control a
MultiNet NAMED server. (NAMED-040_A053 D/E 10983)
- Incorporated BIND 9.6.1-P3 updates, which is a SECURITY PATCH for BIND
9.6.1. It addresses two potential cache poisoning vulnerabilities, both
of which could allow a validating recursive nameserver to cache data
which had not been authenticated or was invalid.
(NAMED-040_A053 D/E 10981)
- Addresses performance issues for NAMED server on VAX
(NAMED-040_A053 D/E 10946)
- When validating with DNSSEC, track whether pending data was from
the additional section or not and only return it if it validates as
secure (CVE-2009-4022). (NAMED-040_A053 D/E 10945)
- Added support for SPF and IPSEC RR data types
(NAMED-040_A053 D/E 10931)
- Corrects problem when receiving queries over IPv6 network connections
(NAMED-030_A053 D/E 10917)
- Corrects intermittent fatal error in supporting socket library
(NAMED-020_A053 D/E 10902)
- Implemented ISC security fix to protect against DoS attacks with dynamic
updates (ISC BIND 9.6.1-p1)
(NAMED-010_A053 D/E 10893)
- Upgraded to version 9.6.1 of the Bind 9 codebase, the most recent ISC
release.
(NAMED-010_A053 D/E 10883)
Bind 9.6.1 has a number of new features over previous versions,
including, but not limited to:
- Full NSEC3 support
- Automatic zone re-signing
- New update-policy methods tcp-self and 6to4-self
- Improved statistics reporting
- Added support for MULTINET NSUPDATE command line parsing
(NAMED-010_A053 D/E 10547)
- Added functionality to specify a specific operator class for OPCOM
messages. Using the logical MULTINET_NAMED_OPCOM_TARGET a system
administrator can define a value from OPER1 through OPER12. For
example, to direct the opcoms to OPER8, use the command :
$ DEFINE/SYSTEM/EXEC MULTINET_NAMED_OPCOM_TARGET "OPER8"
To then see the opcom messages :
$ REPLY/ENABLE=OPER8
The default or undefined value is the NETWORK class.
(NAMED-010_A053 D/E 10409)
--------------------------------------------------------------------------
See SYS$HELP:NAMED-*.RELEASE_NOTES for further information on this kit and
earlier MultiNet 5.2 NAME ECOs
For further information on using RNDC and other BIND tools,
we recommend referring to the latest edition of O'Reilly's DNS
and BIND.
To run any of the support tools, define symbols, i.e.:
$ nsupdate :== $multinet:nsupdate.exe
$ rndc :== $multinet:rndc.exe
$ rndcconfgen :== $multinet:rndc-confgen.exe
You need to restart the Nameserver for these changes to take effect.
The following command will do it:
$ multinet netcontrol domain restart