From Fedora Project Wiki
No edit summary
(Announcing the Change proposal)
Line 14: Line 14:
-->
-->
* Name: [[User:pemensik| Petr Menšík]]
* Name: [[User:pemensik| Petr Menšík]]
<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. -->
* Email: pemensik at redhat.com, dns-sig at fedoraproject dot org
* Email: pemensik at redhat.com
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
-->
<!--- UNCOMMENT only if this Change aims specific product, working group (Cloud, Workstation, Server, Base, Env & Stacks)
* Product:
* Responsible WG:
-->
* Email: dns-sig at fedoraproject dot org


== Current status ==
== Current status ==
[[Category:ChangeReadyForWrangler]]
[[Category:ChangeAnnounced]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Revision as of 19:18, 14 January 2021


BIND 9.16

Summary

BIND 9 would be updated to upcoming stable version BIND 9.16.

Owner

  • Name: Petr Menšík
  • Email: pemensik at redhat.com, dns-sig at fedoraproject dot org

Current status

  • Targeted release: Fedora 34
  • Last updated: 2021-01-14
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

ISC BIND 9 stayed longer time on 9.11 Extended Support Version, because dhcp and freeipa depended on it. DHCP package no longer requires bind-export-libs, which new BIND 9.16 does not support. FreeIPA part bind-dyndb-ldap were also modified to support new version.

BIND 9.16 includes more easy way to provide DNSSEC (KASP).

Feedback

Benefit to Fedora

Stable version under most the active development is packaged again. Introduces DNSSEC Key and Signing Policy without external tools like opendnssec. Also client tools from bind-utils now support yaml export format (dig, mdig, delv).

Scope

  • Proposal owners:
  • Other developers: N/A
  • Policies and guidelines: N/A
  • Trademark approval: N/A
  • Alignment with Objectives:

Upgrade/compatibility impact

N/A (not a System Wide Change)

  • lightweight resolver (lwres) server and nss client plugin are no longer provided.
  • named version with database backends support (bind-sdb) is also no longer provided as subpackage. Instead several bind-dlz-* plugins are offered as runtime loadable plugins, which require modification to named configuration. They offer the same functionality with just bind package and selected plugin.
  • dnssec-enabled option is not supported anymore, it is always set to yes. dnssec-validation can be still turned off.

How To Test

System administrators would receive the most recent stable version of BIND, with improved performance and features. Prerelease is available on COPR.

User Experience

  • named service supports dnssec-policy option, merging dnssec-keymgr into named.
  • DNSSEC trust anchors were merged into trust-anchors section, replacing previous trusted-keys and managed-keys.
  • dig +yaml provides machine parseable output in YAML format

Dependencies

  • bind-dyndb-ldap (required by freeipa)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

Release Notes