< Changes
| Line 179: | Line 179: | ||
== Documentation == | == Documentation == | ||
<!-- Is there upstream documentation on this change, or notes you have written yourself? Link to that material here so other interested developers can get involved. --> | <!-- Is there upstream documentation on this change, or notes you have written yourself? Link to that material here so other interested developers can get involved. --> | ||
- Upstream [ | - Upstream [https://bind9.readthedocs.io/en/v9_18_4/notes.html#notes-for-bind-9-18-0 release notes] | ||
<!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
N/A (not a System Wide Change) | N/A (not a System Wide Change) | ||
== Release Notes == | == Release Notes == | ||
Revision as of 11:43, 12 July 2022
Change BIND 9.18
Summary
Owner
- Name: Petr Menšík
- Email: <pemensik@redhat.com>
Current status
- Targeted release: Fedora Linux 37
- Last updated: 2022-07-12
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
ISC BIND9 will be upgraded to new major release version 9.18.x. It introduces new features and changes. It will also remove some packages provided before.
Feedback
Benefit to Fedora
The most recent major release will be provided, with some notable features:
- Support to DNS over TLS and DNS over HTTPS servers. Both authoritative and resolver modes.
- Reworked internal connection handling using libuv
- RNDC channel does not support unix sockets [1]
- Zone transfers over DNS over TLS were added, both incoming and outgoing.
- dig is now able to send queries using DNS over TLS
- dig is now able to send queries using DNS over HTTPS
Scope
- Proposal owners:
The update required update of bind-dyndb-ldap package (part of Freeipa suite), but otherwise it is isolated change.
- Other developers:
Any developers
- Release engineering: #Releng issue number
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives:
Upgrade/compatibility impact
Upgrade should be smooth from 9.16.x, without significant issues. Incompatibility existed with bind-dyndb-ldap, but that were resolved.
Native PKCS11 builds in separate *bind-pkcs11* package and *bind-pkcs11-utils* will be not longer built. It used to read directly pkcs11 plugins, but it will be supported only indirectly using OpenSSL pkcs11 engine.
Following commands would be removed:
- pkcs11-keygen - pkcs11-destroy - pkcs11-list - pkcs11-tokens
All their actions should be possible using pkcs11-tool from opensc package or p11tool from gnutls-utils package.
- dnssec-*-pkcs11 commands would be removed too, but they have simple replacement using -E pkcs11 parameter to their respective normal dnssec-* tool.
How To Test
User Experience
Dependencies
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Documentation
- Upstream release notes
N/A (not a System Wide Change)