The Internet Systems Consortium (ISC) has announced the release of two maintenance versions of BIND 9: 9.20.13 and 9.21.12. These updates are crucial for DNS administrators as they address multiple security vulnerabilities and introduce significant enhancements to the DNS management framework.
Key features and changes in the new releases include:
1. Manual Mode for DNSSEC Policy: The introduction of a new option, `manual-mode`, allows administrators to prevent automatic modifications of DNSSEC keys or states by the named server, giving them greater control over DNSSEC management.
2. Servfail-Until-Ready Option: The new `servfail-until-ready` option in response-policy zones enables named to return a SERVFAIL response until all processing of response policy zones is completed, enhancing the reliability of DNS responses during updates.
3. Parsing Support for HHIT and BRID Records: The releases now support parsing specific record types, HHIT and BRID, thereby expanding the capabilities of BIND in handling diverse DNS records.
4. Deprecation of TKEY-GSSAPI-CREDENTIAL Statement: The `tkey-gssapi-credential` statement has been deprecated. Users are encouraged to transition to the `tkey-gssapi-keytab` statement for enhanced security practices.
Both versions 9.20.13 and 9.21.12 include similar updates, reflecting the ongoing enhancements being made to the development branch of BIND.
DNS administrators are strongly advised to review these updates and apply them to their systems without delay to maintain the security and efficiency of their DNS infrastructure. Timely implementation of these changes is essential to safeguarding against potential vulnerabilities and ensuring optimal performance in DNS services.
In addition, users should keep an eye on the ISC software download page for package updates and further information regarding future releases. Regular updates and maintenance are critical to the resilience of DNS operations, especially in an ever-evolving cyber threat landscape
Key features and changes in the new releases include:
1. Manual Mode for DNSSEC Policy: The introduction of a new option, `manual-mode`, allows administrators to prevent automatic modifications of DNSSEC keys or states by the named server, giving them greater control over DNSSEC management.
2. Servfail-Until-Ready Option: The new `servfail-until-ready` option in response-policy zones enables named to return a SERVFAIL response until all processing of response policy zones is completed, enhancing the reliability of DNS responses during updates.
3. Parsing Support for HHIT and BRID Records: The releases now support parsing specific record types, HHIT and BRID, thereby expanding the capabilities of BIND in handling diverse DNS records.
4. Deprecation of TKEY-GSSAPI-CREDENTIAL Statement: The `tkey-gssapi-credential` statement has been deprecated. Users are encouraged to transition to the `tkey-gssapi-keytab` statement for enhanced security practices.
Both versions 9.20.13 and 9.21.12 include similar updates, reflecting the ongoing enhancements being made to the development branch of BIND.
DNS administrators are strongly advised to review these updates and apply them to their systems without delay to maintain the security and efficiency of their DNS infrastructure. Timely implementation of these changes is essential to safeguarding against potential vulnerabilities and ensuring optimal performance in DNS services.
In addition, users should keep an eye on the ISC software download page for package updates and further information regarding future releases. Regular updates and maintenance are critical to the resilience of DNS operations, especially in an ever-evolving cyber threat landscape
New BIND Releases Available: 9.20.13 and 9.21.12
The Internet Systems Consortium (ISC) has released new maintenance versions of BIND 9, including 9.20.13 and 9.21.12, which address several security vulnerabilities and provide important updates for DNS administrators. The releases include a new manual mode for DNSSEC policy, a servfail-until-ready option in response-policy zones, support for parsing HHIT and BRID records, and the deprecation of the tkey-gssapi-credential statement.
New BIND Releases Available: 9.20.13 and 9.21.12 @ Linux Compatible
