New major version 9.20 includes improved support for working with provider based keys, which is needed for PKCS11 backend used by freeipa-server-dns. It deprecates few things and uses new event loop internally. That requires significant rework of bind-dyndb-ldap package.
Release notes:
- https://downloads.isc.org/isc/bind9/9.20.1/doc/arm/html/notes.html#release-notes
- Deprecated features: https://downloads.isc.org/isc/bind9/9.20.1/doc/arm/html/notes.html#deprecated-features
- Removed features: https://downloads.isc.org/isc/bind9/9.20.1/doc/arm/html/notes.html#removed-features
- Feature changes: https://downloads.isc.org/isc/bind9/9.20.1/doc/arm/html/notes.html#id3
Notewothy changes:
- Zone transfers are no longer allowed by default
- DNS over TLS is supported also with forwarding queries further.
- blocks
-
RHEL-30556 Package bind-dyndb-ldap: remove dependency on package openssl-pkcs11
- In Progress
-
RHEL-33729 Please stop using OpenSSL ENGINE API in bind
- In Progress
- incorporates
-
RHEL-48798 Rebase bind to 9.18.28
- Planning
- relates to
-
RHEL-6459 [RFE] Support for forwarding queries over encrypted channel (DoT)
- Planning