The Internet Systems Consortium (ISC) has released new maintenance versions of BIND 9, including 9.20.13 and 9.21.12, which address several security vulnerabilities and provide important updates for DNS administrators. The releases include a new manual mode for DNSSEC policy, a servfail-until-ready option in response-policy zones, support for parsing HHIT and BRID records, and the deprecation of the tkey-gssapi-credential statement.
New BIND Releases Available: 9.20.13 and 9.21.12
The Internet Systems Consortium (ISC) has announced the release of two new maintenance versions of BIND 9, including 9.20.13 and 9.21.12.
You can now download these releases from the ISC software download page, and ISC will release package updates later today.
The release notes outline several key changes, including:
BIND 9.20.13
- Manual Mode for DNSSEC Policy: A new option manual-mode has been added to dnssec-policy, which prevents named from modifying DNSSEC keys or key states automatically.
- Servfail-Until-Ready Option: A new option servfail-until-ready has been introduced in response-policy zones, instructing named to respond with SERVFAIL until all response policy zones are processed and ready.
- Support for Parsing HHIT and BRID Records: Support for parsing HHIT and BRID records has been added.
- Deprecation of TKEY-GSSAPI-CREDENTIAL Statement: The tkey-gssapi-credential statement has been deprecated, and users are advised to use the tkey-gssapi-keytab statement instead.
BIND 9.21.12
The release notes for BIND 9.21.12 list similar changes as those in the 9.20.13 release, indicating that many of these updates have also been applied to the experimental development branch.
It is essential for DNS administrators to review these updates and apply them to their systems promptly to ensure the security and stability of their infrastructure.
