7.16. bind

Updated bind packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, a resolver library (routines for applications to use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly.

Bug Fixes

BZ#1112356
Previously, the "slip" option was not handled correctly in the Response Rate Limiting (RRL) code in BIND, and the variable counting the number of queries was not reset after each query, but after every other query. As a consequence, when the "slip" value of the RRL feature was set to one, instead of slipping every query, every other query was dropped. To fix this bug, the RRL code has been amended to reset the variable correctly according to the configuration. Now, when the "slip" value of the RRL feature is set to one, every query is slipped as expected.
BZ#1142152
BIND incorrectly handled errors returned by dynamic databases (from dyndbAPI). Consequently, BIND could enter a deadlock situation on shutdown under certain circumstances. The dyndb API has been fixed not to cause a deadlock during BIND shutdown after the dynamic database returns an error, and BIND now shuts down normally in the described situation.
BZ#1146893
Because the Simplified Database Backend (SDB) application interface did not handle unexpected SDB database driver errors properly, BIND used with SDB could terminate unexpectedly when such errors occurred. With this update, the SDB application interface has been cleaned to handle these errors correctly, and BIND used with SDB no longer crashes if they happen.
BZ#1175321
Due to a race condition in the beginexclusive() function, the BIND DNS server (named) could terminate unexpectedly while loading configuration. To fix this bug, a patch has been applied, and the race condition no longer occurs.
BZ#1215687
Previously, when the resolver was under heavy load, some clients could receive a SERVFAIL response from the server and numerous "out of memory/success" log messages in BIND's log. Also, cached records with low TTL (1) could expire prematurely. Internal hardcoded limits in the resolver have been increased, and conditions for expiring cached records with low TTL (1) have been made stricter. This prevents the resolver from reaching the limits when under heavy load, and the "out of memory/success" log messages from being received. Cached records with low TTL (1) no longer expire prematurely.

Enhancement

BZ#1176476
Users can now use RPZ-NSIP and RPZ-NSDNAME records with Response Policy Zone (RPZ) in the BIND configuration.
Users of BIND are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the update, the BIND daemon (named) will be restarted automatically.