设为首页收藏本站

LinuxTone | 运维专家网论坛 - 最棒的Linux运维与开源架构技术交流社区!

 找回密码
 注册

QQ登录

只需一步,快速开始

#公告#抱歉,网站将关闭,不再开放。由于PC时代已远逝 。在这个后移动互联网时代,我们继续携手前行,保持对技术的热情。共同构建linuxtone知识星球欢迎加入,一起讨论技术、招聘人才、分享资源。请新老linuxtone人 扫码移步到 知识星球:linuxtone

学习是一种信仰!分享是一种快乐!能力= 心态 * 沟通 * 知识 (你的每一天需要正能量!)

 网站的发展需要你贡献一份力量!希望你能每天坚持看贴1小时,并回答网友的问题!祝你在浏览论坛的过程中取得进步!谢谢!linuxtone加油!大家加油! 友情提示: 你今天学习了吗?你今天进步了吗?少一点抱怨!多一点进步!Life is short ! Why not linuxtone ?  

网站的发展、感谢每位坛友的努力!

查看: 2985|回复: 0

bind 9.9.0 release [复制链接]

Rank: 8Rank: 8

签到
645
注册时间
2011-3-5
最后登录
2015-7-22
在线时间
459 小时
阅读权限
90
积分
66622
帖子
141
主题
10
精华
0
UID
12263
发表于 2012-3-1 11:18:11 |显示全部楼层
本帖最后由 zflczx 于 2012-3-1 11:19 编辑

Inline Signing

This feature greatly simplifies the deployment of DNSSEC by allowing completely automatic, fully transparent signing of zones. Using the new ‘inline-signing’ option in a master server allows named to switch on DNSSEC in a zone without modifying the original zone file in any way.  Using it in a slave server allows a zone to be signed even if it’s served from a master database that doesn’t support DNSSEC.

Some example configurations may be found at
https://kb.isc.org/article/AA-00626/0/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html

NXDOMAIN Redirection

This is a mechanism for resolver operators to redirect users when a query would have otherwise resulted in “no such domain”.  This allows an ISP, for example, to provide alternate suggestions for misspelled domain names.  (Whenever DNSSEC validation is requested by the client and requested name is in a DNSSEC-signed domain, NXDOMAIN redirection will not take place.)

Multiprocessing Performance Improvements

When built with thread support and when running on multicore UNIX or Linux systems, named can now use multiple threads to listen for incoming UDP traffic.  On some architectures, this allows a significant improvement in query performance.
Further information at:
https://kb.isc.org/article/AA-00629/109/Performance%3A-Multi-threaded-I-O.html

This release includes a substantially reworked recursive client management system, improving hardware scalability. Prior releases showed some degradation in performance when running with more than eight processor cores.

Startup and Reconfiguration Performance Improvements

BIND 9.9 includes a fix that greatly improves startup performance on authoritative systems using large numbers of zones.  The zone task table is sized based on the number of configured zones; previously it used a hard-coded size.  Customers have reported speedups ranging from 3x to 20x as a result of this fix.

Slave zones are now cached in raw (binary) format instead of text format by default; this cuts load time for slave zones by roughly 50%.

‘rndc reconfig’ has been modified to minimze the time during which name service is interrupted.

Improved RNDC Commands

The new ‘rndc flushtree’ command clears the DNS cache of all names beneath a specified name.

‘rndc freeze’ and ‘rndc thaw’ no longer remove a zone’s journal file; this allows ‘ixfr-from-differences’ to be used with dynamic zones. To sync and remove a journal file, use ‘rndc sync -clean’.

General DNSSEC Improvements

The new ‘rndc signing’ command provides greater visibility and control of the automatic DNSSEC signing process.  When a zone is being signed by named, records are inserted into the zone indicating which keys are currently in the process of signing and which have finished (this enables named to resume the process correctly if there is a crash before the zone is fully signed).  With ‘rndc signing’ it is possible to view this status information, remove the records indicating that signing is complete.

‘rndc signing’ also allows configuration of the NSEC3 parameters of a zone.  This can be done even before a zone is signed, enabling named to sign zones with NSEC3 without the need to use NSEC first.

General Improvements

The ‘also-notify’ option now takes uses the same syntax as the ‘masters’ option.  This allows, for example, TSIG keys to be specified for use with notifies.

The new ‘serial-update-method’ option allows you to choose, in dynamic zones, whether changes should cause the SOA serial number to be incremented by one, or set to the current time.

Download
bind-9.9.0.tar.gz
BIND9.9.0.zip

个人博客:http://m114.org/
您需要登录后才可以回帖 登录 | 注册

IT运维专家网感谢您的支持

合作联系: QQ:67888954/MSN:cnseek@msn.com/mail:netseek@linuxtone.org

Archiver|手机版|感谢所有关心和支持过LinuxTone的朋友们 转载本站内容请注明原作者名及出处 ( 京ICP备08103151 )   |

GMT+8, 2020-3-30 13:10 , Processed in 0.020746 second(s), 13 queries , Apc On.

Powered by Discuz! X2 Licensed

© 2001-2011 Comsenz Inc.

回顶部