From Fedora Project Wiki
< Changes
(→Scope) |
|||
| Line 96: | Line 96: | ||
<!-- What work do the feature owners have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | <!-- What work do the feature owners have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | ||
* Other developers: N/A | * Other developers: N/A <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
<!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | <!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | ||
| Line 103: | Line 103: | ||
The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication --> | The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication --> | ||
* Policies and guidelines: N/A | * Policies and guidelines: N/A <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
<!-- Do the packaging guidelines or other documents need to be updated for this feature? If so, does it need to happen before or after the implementation is done? If a FPC ticket exists, add a link here. --> | <!-- Do the packaging guidelines or other documents need to be updated for this feature? If so, does it need to happen before or after the implementation is done? If a FPC ticket exists, add a link here. --> | ||
* Trademark approval: N/A | * Trademark approval: N/A | ||
<!-- If your Change may require trademark approval (for example, if it is a new Spin), file a ticket ( https://pagure.io/Fedora-Council/tickets/issues ) requesting trademark approval from the Fedora Council. This approval will be done via the Council's consensus-based process. --> | <!-- If your Change may require trademark approval (for example, if it is a new Spin), file a ticket ( https://pagure.io/Fedora-Council/tickets/issues ) requesting trademark approval from the Fedora Council. This approval will be done via the Council's consensus-based process. --> | ||
Revision as of 15:07, 14 January 2021
BIND 9.16
Summary
BIND 9 would be updated to upcoming stable version BIND 9.16.
Owner
- Name: Petr Menšík
- Email: pemensik at redhat.com
- Email: dns-sig at fedoraproject dot org
Current status
- Targeted release: Fedora 34
- Last updated: 2021-01-14
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
ISC BIND 9 stayed longer time on 9.11 Extended Support Version, because dhcp and freeipa depended on it. DHCP package no longer requires bind-export-libs, which new BIND 9.16 does not support. FreeIPA part bind-dyndb-ldap were also modified to support new version.
BIND 9.16 includes more easy way to provide DNSSEC (KASP).
Feedback
Benefit to Fedora
Stable version under most the active development is packaged again. Introduces DNSSEC Key and Signing Policy without external tools like opendnssec. Also client tools from bind-utils now support yaml export format (dig, mdig, delv).
Scope
- Proposal owners:
- Other developers: N/A
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- Policies and guidelines: N/A
- Trademark approval: N/A
- Alignment with Objectives:
Upgrade/compatibility impact
N/A (not a System Wide Change)
- lightweight resolver (lwres) server and nss client plugin are no longer provided.
- named version with database backends support (bind-sdb) is also no longer provided as subpackage. Instead several bind-dlz-* plugins are offered as runtime loadable plugins, which require modification to named configuration. They offer the same functionality with just bind package and selected plugin.
- dnssec-enabled option is not supported anymore, it is always set to yes. dnssec-validation can be still turned off.
How To Test
System administrators would receive the most recent stable version of BIND, with improved performance and features. Prerelease is available on COPR.
User Experience
- named service supports dnssec-policy option, merging dnssec-keymgr into named.
- DNSSEC trust anchors were merged into trust-anchors section, replacing previous trusted-keys and managed-keys.
- dig +yaml provides machine parseable output in YAML format
Dependencies
- bind-dyndb-ldap (required by freeipa)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
- Upstream BIND 9.16 Release Notes
- Added and removed features
- Upstream BIND 9.14 Release Notes