1 files changed, 350 insertions, 0 deletions
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
new file mode 100644
index 0000000..49a6454
--- /dev/null
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -0,0 +1,350 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
+ - 
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+-->
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Appendix A. Release Notes</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter 8. Troubleshooting">
+<link rel="next" href="Bv9ARM.ch10.html" title="Appendix B. A Brief History of the DNS and BIND">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<div class="navheader">
+<table width="100%" summary="Navigation header">
+<tr><th colspan="3" align="center">Appendix A. Release Notes</th></tr>
+<tr>
+<td width="20%" align="left">
+<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a> </td>
+<th width="60%" align="center"> </th>
+<td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
+</td>
+</tr>
+</table>
+<hr>
+</div>
+<div class="appendix">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>
+<div class="toc">
+<p><b>Table of Contents</b></p>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.5-P4</a></span></dt>
+<dd><dl>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
+</dl></dd>
+</dl>
+</div>
+      <div class="section">
+<div class="titlepage"><div><div><h2 class="title" style="clear: both">
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.5-P4</h2></div></div></div>
+  
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
+    <p>
+      This document summarizes changes since the last production
+      release on the BIND 9.11 (Extended Support Version) branch.
+      Please see the <code class="filename">CHANGES</code> file for a further
+      list of bug fixes and other changes.
+    </p>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_download"></a>Download</h3></div></div></div>
+    <p>
+      The latest versions of BIND 9 software can always be found at
+      <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
+      There you will find additional information about each release,
+      source code, and pre-compiled versions for Microsoft Windows
+      operating systems.
+    </p>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_license"></a>License Change</h3></div></div></div>
+    <p>
+      With the release of BIND 9.11.0, ISC changed to the open
+      source license for BIND from the ISC license to the Mozilla
+      Public License (MPL 2.0).
+    </p>
+    <p>
+      The MPL-2.0 license requires that if you make changes to
+      licensed software (e.g. BIND) and distribute them outside
+      your organization, that you publish those changes under that
+      same license. It does not require that you publish or disclose
+      anything other than the changes you made to our software.
+    </p>
+    <p>
+      This requirement will not affect anyone who is using BIND, with
+      or without modifications, without redistributing it, nor anyone
+      redistributing it without changes. Therefore, this change will be
+      without consequence for most individuals and organizations who are
+      using BIND.
+    </p>
+    <p>
+      Those unsure whether or not the license change affects their
+      use of BIND, or who wish to discuss how to comply with the
+      license may contact ISC at <a class="link" href="https://www.isc.org/mission/contact/" target="_top">
+      https://www.isc.org/mission/contact/</a>.
+    </p>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="win_support"></a>Legacy Windows No Longer Supported</h3></div></div></div>
+    <p>
+      As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
+      platforms for BIND; "XP" binaries are no longer available for download
+      from ISC.
+    </p>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> could crash during recursive processing
+	  of DNAME records when <span class="command"><strong>deny-answer-aliases</strong></span> was
+	  in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  When recursion is enabled but the <span class="command"><strong>allow-recursion</strong></span>
+	  and <span class="command"><strong>allow-query-cache</strong></span> ACLs are not specified, they
+	  should be limited to local networks, but they were inadvertently set
+	  to match the default <span class="command"><strong>allow-query</strong></span>, thus allowing
+	  remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  Code change #4964, intended to prevent double signatures
+	  when deleting an inactive zone DNSKEY in some situations,
+	  introduced a new problem during zone processing in which
+	  some delegation glue RRsets are incorrectly identified
+	  as needing RRSIGs, which are then created for them using
+	  the current active ZSK for the zone. In some, but not all
+	  cases, the newly-signed RRsets are added to the zone's
+	  NSEC/NSEC3 chain, but incompletely -- this can result in
+	  a broken chain, affecting validation of proof of nonexistence
+	  for records in the zone. [GL #771]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> could crash if it managed a DNSSEC
+	  security root with <span class="command"><strong>managed-keys</strong></span> and the
+	  authoritative zone rolled the key to an algorithm not supported
+	  by BIND 9.  This flaw is disclosed in CVE-2018-5745. [GL #780]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> leaked memory when processing a
+	  request with multiple Key Tag EDNS options present. ISC
+	  would like to thank Toshifumi Sakaguchi for bringing this
+	  to our attention.  This flaw is disclosed in CVE-2018-5744.
+	  [GL #772]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  Zone transfer controls for writable DLZ zones were not
+	  effective as the <span class="command"><strong>allowzonexfr</strong></span> method was
+	  not being called for such zones. This flaw is disclosed in
+	  CVE-2019-6465. [GL #790]
+	</p>
+      </li>
+</ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> now supports the "root key sentinel"
+	  mechanism. This enables validating resolvers to indicate
+	  which trust anchors are configured for the root, so that
+	  information about root key rollover status can be gathered.
+	  To disable this feature, add
+	  <span class="command"><strong>root-key-sentinel no;</strong></span> to
+	  <code class="filename">named.conf</code>.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  Added the ability not to return a DNS COOKIE option when one
+	  is present in the request.  To prevent a cookie being returned,
+	  add <span class="command"><strong>answer-cookie no;</strong></span> to
+	  <code class="filename">named.conf</code>. [GL #173]
+	</p>
+	<p>
+	  <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
+	  temporary measure, for use when <span class="command"><strong>named</strong></span>
+	  shares an IP address with other servers that do not yet
+	  support DNS COOKIE.  A mismatch between servers on the
+	  same address is not expected to cause operational problems,
+	  but the option to disable COOKIE responses so that all
+	  servers have the same behavior is provided out of an
+	  abundance of caution. DNS COOKIE is an important security
+	  mechanism, and should not be disabled unless absolutely
+	  necessary.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  Two new update policy rule types have been added
+	  <span class="command"><strong>krb5-selfsub</strong></span> and <span class="command"><strong>ms-selfsub</strong></span>
+	  which allow machines with Kerberos principals to update
+	  the name space at or below the machine names identified
+	  in the respective principals.
+	</p>
+      </li>
+</ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> will now log a warning if the old
+	  BIND now can be compiled against libidn2 library to add
+	  IDNA2008 support.  Previously BIND only supported IDNA2003
+	  using (now obsolete) idnkit-1 library.
+	</p>
+      </li></ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>dig +noidnin</strong></span> can be used to disable IDN
+	  processing on the input domain name, when BIND is compiled
+	  with IDN support.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  Multiple <span class="command"><strong>cookie-secret</strong></span> clause are now
+	  supported.  The first <span class="command"><strong>cookie-secret</strong></span> in
+	  <code class="filename">named.conf</code> is used to generate new
+	  server cookies.  Any others are used to accept old server
+	  cookies or those generated by other servers using the
+	  matching <span class="command"><strong>cookie-secret</strong></span>.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  The <span class="command"><strong>rndc nta</strong></span> command could not differentiate
+	  between views of the same name but different class; this
+	  has been corrected with the addition of a <span class="command"><strong>-class</strong></span>
+	  option. [GL #105]
+	</p>
+      </li>
+</ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  When a negative trust anchor was added to multiple views
+	  using <span class="command"><strong>rndc nta</strong></span>, the text returned via
+	  <span class="command"><strong>rndc</strong></span> was incorrectly truncated after the
+	  first line, making it appear that only one NTA had been
+	  added. This has been fixed. [GL #105]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> now rejects excessively large
+	  incremental (IXFR) zone transfers in order to prevent
+	  possible corruption of journal files which could cause
+	  <span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
+	  to leak memory if it was invoked before the zone loading actions
+	  from a previous <span class="command"><strong>rndc reload</strong></span> command were
+	  completed. [RT #47076]
+	</p>
+      </li>
+</ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="end_of_life"></a>End of Life</h3></div></div></div>
+    <p>
+      BIND 9.11 (Extended Support Version) will be supported until at
+      least December, 2021.
+      See <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a> for details of ISC's software support policy.
+    </p>
+  </div>
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
+
+    <p>
+      Thank you to everyone who assisted us in making this release possible.
+      If you would like to contribute to ISC to assist us in continuing to
+      make quality open source software, please visit our donations page at
+      <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
+    </p>
+  </div>
+</div>
+    </div>
+<div class="navfooter">
+<hr>
+<table width="100%" summary="Navigation footer">
+<tr>
+<td width="40%" align="left">
+<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a> </td>
+<td width="20%" align="center"> </td>
+<td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
+</td>
+</tr>
+<tr>
+<td width="40%" align="left" valign="top">Chapter 8. Troubleshooting </td>
+<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
+<td width="40%" align="right" valign="top"> Appendix B. A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
+</td>
+</tr>
+</table>
+</div>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.5-P4 (Extended Support Version)</p>
+</body>
+</html>