< Changes
m (typos) |
(Change submitted to FESCo) |
||
| Line 17: | Line 17: | ||
== Current status == | == Current status == | ||
[[Category: | [[Category:ChangeReadyForFesco]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | ||
| Line 35: | Line 35: | ||
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | ||
--> | --> | ||
* FESCo issue: | * FESCo issue: [https://pagure.io/fesco/issue/2559 #2559] | ||
* Tracker bug: <will be assigned by the Wrangler> | * Tracker bug: <will be assigned by the Wrangler> | ||
* Release notes tracker: <will be assigned by the Wrangler> | * Release notes tracker: <will be assigned by the Wrangler> | ||
Revision as of 14:56, 22 January 2021
BIND 9.16
Summary
BIND 9 would be updated to the upcoming stable version BIND 9.16.
Owner
- Name: Petr Menšík
- Email: pemensik at redhat.com, dns-sig at fedoraproject dot org
Current status
- Targeted release: Fedora 34
- Last updated: 2021-01-22
- FESCo issue: #2559
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
ISC BIND 9 stayed longer time on 9.11 Extended Support Version because dhcp and freeipa depended on it. DHCP package no longer requires bind-export-libs, which new BIND 9.16 does not support. FreeIPA part bind-dyndb-ldap were also modified to support new version.
BIND 9.16 includes more easy way to provide DNSSEC (KASP).
Feedback
Benefit to Fedora
Stable version under most the active development is packaged again. Introduces DNSSEC Key and Signing Policy without external tools like opendnssec. Also client tools from bind-utils now support yaml export format (dig, mdig, delv).
Scope
- Proposal owners:
- Other developers: N/A
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- Policies and guidelines: N/A
- Trademark approval: N/A
- Alignment with Objectives:
Upgrade/compatibility impact
N/A (not a System Wide Change)
- lightweight resolver (lwres) server and nss client plugin are no longer provided.
- named version with database backends support (bind-sdb) is also no longer provided as a subpackage. Instead several bind-dlz-* plugins are offered as runtime loadable plugins, which require modification to named configuration. They offer the same functionality with just bind package and selected plugin.
- dnssec-enabled option is not supported anymore, it is always set to yes. dnssec-validation can be still turned off.
How To Test
System administrators would receive the most recent stable version of BIND, with improved performance and features. Prerelease is available on COPR.
User Experience
- named service supports dnssec-policy option, merging dnssec-keymgr into named.
- DNSSEC trust anchors were merged into trust-anchors section, replacing previous trusted-keys and managed-keys.
- dig +yaml provides machine parseable output in YAML format
Dependencies
- bind-dyndb-ldap (required by freeipa)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
- Upstream BIND 9.16 Release Notes
- Added and removed features
- Upstream BIND 9.14 Release Notes