The Internet Software Consortium has released three new versions of BIND: 9.18.42, 9.20.16, and 9.21.15, which aim to refine the DNS server's performance and reliability. Each version brings specific improvements, including a new rndc command in 9.21.15 that allows administrators to view their running server configuration, as well as bug fixes and feature updates in 9.20.16 and 9.18.42. The updates also include support for Extended DNS Error code 24, improved handling of KEY ID collisions, and prevention of assertion failures during specific dig operations. These new releases can be downloaded from the ISC software download page, ensuring that BIND remains a solid and functional choice for system administrators managing critical DNS infrastructure globally.

BIND 9.18.42, 9.20.16, and 9.21.15 released

The Internet Software Consortium has released three new versions of BIND: 9.18.42, 9.20.16, and the experimental 9.21.15. These updates each bring specific improvements aimed at refining both the software's performance and its reliability as a DNS server.

BIND 9.21.15 introduces 'showconf,' a new rndc command allowing administrators to view their running server configuration. This tool offers flexibility through three options: user, built-in, and effective, enabling tailored output based on the administrator's needs.

The named-checkconf utility also got an update in this latest release with two new flags: -b and -e. The -b flag displays BIND’s internal defaults, while -e shows the final configuration that would apply if you load a specific config file.

This version also includes support for Extended DNS Error code 24 (Invalid Data), as defined in RFC 8914 section 4.25.

Looking at BIND 9.20.16: this release focuses heavily on bug fixes and resolving known issues. One significant fix addresses validation failures that arise when a zone employs mixed DNSSEC algorithms, some of which BIND itself does not support. The update ensures that the server properly handles zones containing unsupported algorithms alongside supported ones while searching for signing keys.

The dnssec-keygen tool received attention too, getting better handling of KEY ID collisions specifically when generating keys with the -T KEY option.

Other noteworthy changes in 9.20.16 improve how the dnssec-verify command operates and prevent certain assertion failures encountered during specific dig operations, like using the EDNS0 flag incorrectly or misbehaving on Windows versions, for instance.

Finally, BIND 9.18.42 has its own set of bug fixes to offer better stability. Notably, it contains a change similar to one in 9.20.16: it now proactively ignores unsupported DNSSEC algorithms when looking for signing keys. This helps prevent validation issues stemming from mixed algorithm zones.

Essentially, these new releases help ensure BIND remains solid and functional for system administrators managing critical DNS infrastructure globally. They tackle specific problems reported by users and add practical tools to improve day-to-day operations and debugging.

The new versions can be downloaded from the ISC software download page.