From Fedora Project Wiki


Change BIND 9.18

Summary

Owner


Current status

  • Targeted release: Fedora Linux 37
  • Last updated: 2022-07-12
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

ISC BIND9 will be upgraded to new major release version 9.18.x. It introduces new features and changes. It will also remove some packages provided before.

Feedback

Benefit to Fedora

The most recent major release will be provided, with some notable features:

  • Support to DNS over TLS and DNS over HTTPS servers. Both authoritative and resolver modes.
  • Reworked internal connection handling using libuv
  • RNDC channel does not support unix sockets [1]
  • Zone transfers over DNS over TLS were added, both incoming and outgoing.
  • dig is now able to send queries using DNS over TLS
  • dig is now able to send queries using DNS over HTTPS


Scope

  • Proposal owners:

The update required update of bind-dyndb-ldap package (part of Freeipa suite), but otherwise it is isolated change.

  • Other developers:

Any developers

  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

Upgrade should be smooth from 9.16.x, without significant issues. Incompatibility existed with bind-dyndb-ldap, but that were resolved.

Native PKCS11 builds in separate *bind-pkcs11* package and *bind-pkcs11-utils* will be not longer built. It used to read directly pkcs11 plugins, but it will be supported only indirectly using OpenSSL pkcs11 engine.

Following commands would be removed:

- pkcs11-keygen - pkcs11-destroy - pkcs11-list - pkcs11-tokens

All their actions should be possible using pkcs11-tool from opensc package or p11tool from gnutls-utils package.

- dnssec-*-pkcs11 commands would be removed too, but they have simple replacement using -E pkcs11 parameter to their respective normal dnssec-* tool.

How To Test

User Experience

Dependencies

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No


Documentation

- Upstream release notes

N/A (not a System Wide Change)

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/BIND_9.18&oldid=649407"