After two and a half years of development, the ISC presented the first stable release of the new significant branch of the Bind 9.20 DNS server. This release incorporated changes that developed in the experimental branch Bind 9.19. Support for branch 9.20 will be carried out as part of an expanded escort cycle until the first quarter of 2028. Support for branch 9.18 will stop in the 2nd quarter of 2025. To develop the functionality of the next stable version, the experimental branch will be formed bind 9.21.0. The project code is written in the language of si and spreads under the license mpl 2.0.
The main changes include:
- The nucleus of the application connecting all the components is now using an event processing cycle implemented on the basis of the library libuv. In the branch 9.16, Libuv, the manager of network connections in BIND was transferred. Bind assembly now requires at least Libuv 1.34.0.
- A new backend called “qp trie” has been proposed for working with the database. The RBTDB (Red-Black Tree Database) is replaced and is involved by default for storage of the cache and the DNS zone base. For multi-flow work in Qp Trie, the library liburcu is involved.
- An updated mechanism for compressing domain names is being used, utilizing a more compact method of encoding names with a large number of labels.
- DNSSEC capabilities are expanded to use signed zones. Support for PKCS#11 based on Openssl 3.0.0 Engine API is resumed. In “DNSSEC-POLICY” added HSM (Hardware Security Module).
- Added support for the second version of the zone catalog (Catalog Zone, RFC 9432).
/Reports, release notes, official announcements.