1.8.1. RHBA-2011:0032: bug fix and enhancement update
Updated bind packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), a resolver library (routines for applications to use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly.
This update fixes the following bugs:
* initscript killed all processes with the name "named" when stopping the named daemon. With this update, initscript kills only the one it started. ( BZ#500535)
* The bind-chroot-admin script could break the configuration with non-standard chroot layout. With this update, the script terminates without touching the configuration. ( BZ#517279)
* The named initscript always returned zero, even if the configuration was incorrect. With this update, the exit code is corrected. ( BZ#530214)
* A redundant patch was included in the source rpm. With this update, no more redundant patches are included. ( BZ#546477)
* The named daemon, configured as recursive nameserver, could continuously ask for missing DNSKEY keys, which could potentially lead to blocking of DNS queries for particular host from the side of authoritative DNS server due excessive bandwith consumption. With this update, the named daemon caches the DNSKEY and asks for it again only in case, it is not fetched. ( BZ#572848)
* The host/dig/nslookup utilities queried only servers from resolv.conf. With this update, the utilities query the servers specified on command line instead of in resolv.conf and the issue is resolved. ( BZ#561299)
* The daemon named, started with the "-D" option, could crash if it failed to connect to D-Bus. With this update, the crash no longer occurs and the issue is resolved. ( BZ#523052)
* The named_sdb PostgreSQL database backend did not reconnect to the database when the connection failed during named_sdb startup. With this update, the named daemon writes the error message to the system log and tries to reconnect during every lookup. ( BZ#533229)
* BIND could have destroyed fetch too early which would end with assertion failure. With this update, this issue is resolved. ( BZ#555848)
* The dig utility incorrectly performed recursive resolution when it received responses with referral. With this update, dig does not anymore attempt to recurse. ( BZ#625240)
* BIND could have returned SERVFAIL instead of NXDOMAIN responses for nonexistent resource records from the unsigned child zone if the parent zone was signed. ( BZ#643012)
* The host utility, started with the '-4' parameter, could have failed to query IPv4 servers listed in /etc/resolv.conf. ( BZ#643430)
In addition, this update adds the following enhancements:
* Manual pages for following commands have been added: ldap2zone, named-sdb and zonetodb. ( BZ#556798)
* The host utility now honours "debug", "attempts" and "timeout" options in resolv.conf. ( BZ#570851)
* A new option, called DISABLE_ZONE_CHECKING, has been added to /etc/sysconfig/named. This option adds the possibility to bypass zone validation via the named-checkzone utility in initscript and allows to start named with misconfigured zones. ( BZ#500896)
* Size, MD5 and the modification time of /etc/sysconfig/named configuration file is no longer checked via the `rpm -V bind` command. ( BZ#556770)
Users are advised to upgrade to these updated bind packages, which resolve these issues and add these enhancements.