(Add trackers) |
|||
Line 36: | Line 36: | ||
--> | --> | ||
* FESCo issue: [https://pagure.io/fesco/issue/2559 #2559] | * FESCo issue: [https://pagure.io/fesco/issue/2559 #2559] | ||
* Tracker bug: | * Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1922343 #1922343] | ||
* Release notes tracker: | * Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/646 #646] | ||
== Detailed Description == | == Detailed Description == |
Latest revision as of 16:27, 29 January 2021
BIND 9.16
Summary
BIND 9 would be updated to the upcoming stable version BIND 9.16.
Owner
- Name: Petr Menšík
- Email: pemensik at redhat.com, dns-sig at fedoraproject dot org
Current status
- Targeted release: Fedora 34
- Last updated: 2021-01-29
- FESCo issue: #2559
- Tracker bug: #1922343
- Release notes tracker: #646
Detailed Description
ISC BIND 9 stayed longer time on 9.11 Extended Support Version because dhcp and freeipa depended on it. DHCP package no longer requires bind-export-libs, which new BIND 9.16 does not support. FreeIPA part bind-dyndb-ldap were also modified to support new version.
BIND 9.16 includes more easy way to provide DNSSEC (KASP).
Feedback
Benefit to Fedora
Stable version under most the active development is packaged again. Introduces DNSSEC Key and Signing Policy without external tools like opendnssec. Also client tools from bind-utils now support yaml export format (dig, mdig, delv).
Scope
- Proposal owners:
- Other developers: N/A
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- Policies and guidelines: N/A
- Trademark approval: N/A
- Alignment with Objectives:
Upgrade/compatibility impact
N/A (not a System Wide Change)
- lightweight resolver (lwres) server and nss client plugin are no longer provided.
- named version with database backends support (bind-sdb) is also no longer provided as a subpackage. Instead several bind-dlz-* plugins are offered as runtime loadable plugins, which require modification to named configuration. They offer the same functionality with just bind package and selected plugin.
- dnssec-enabled option is not supported anymore, it is always set to yes. dnssec-validation can be still turned off.
How To Test
System administrators would receive the most recent stable version of BIND, with improved performance and features. Prerelease is available on COPR.
User Experience
- named service supports dnssec-policy option, merging dnssec-keymgr into named.
- DNSSEC trust anchors were merged into trust-anchors section, replacing previous trusted-keys and managed-keys.
- dig +yaml provides machine parseable output in YAML format
Dependencies
- bind-dyndb-ldap (required by freeipa)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
- Upstream BIND 9.16 Release Notes
- Added and removed features
- Upstream BIND 9.14 Release Notes