bind bug fix and enhancement update

Updated bind packages that fix several bugs and add various enhancements are now available for Red
Hat Enterprise Linux 5.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named), a resolver
library (routines for applications to use when interfacing with DNS), and
tools for verifying that the DNS server is operating correctly.

This update upgrades the bind packages to upstream version 9.3.6-P1, which
contains bug fixes and enhancements over the previous version.

Notably, this updated BIND is able to handle a much larger number of
requests simultaneously. (BZ#457036)

These updated bind packages provide fixes for the following bugs:

* named occasionally crashed due to an assertion failure, and logged this
error message to the system log:

named[PID]: socket.c:1649: INSIST(!sock->pending_recv) failed
named[PID]: exiting

This crash was caused by sockets being closed too early. With these updated
packages, this assertion failure no longer occurs. (BZ#455802)

* when using the '-4' option with the "host" and "dig" utilities to force
them to use an IPv4 transport, the order in which IPv4 and IPv6 nameservers
were listed in the /etc/resolv.conf configuration file affected whether the
command would fail or succeed. This has been fixed so that these utilities
continue to look for an IPv4 address, even past listed IPv6 addresses, when
the '-4' option is supplied. (BZ#469441)

* the "named-checkconf" utility ignored the "check-names" option in the
/etc/named.conf configuration file, which caused the named daemon to fail
to start, even if the configuration was valid. With these updated packages,
"named-checkconf" no longer ignores the "check-names" option, and named
starts up as expected. (BZ#491400)

* the named init script did not handle the named_write_master_zones SELinux
boolean or the permissions on the /var/named/ directory as documented.
(BZ#494370)

In addition, these updated packages provide the following enhancements:

* a new configuration directive which informs secondary servers not to send
DNS notify messages, "notify master-only", is now supported. (BZ#477651)

* dynamic loading of database back-ends is now supported with these updated
packages. (BZ#479273)

* the "allow-query-cache" option, which allows control over access to
non-authoritative data (such as cached data and root hints), is now
supported. (BZ#483708)

* the sample /etc/named.conf configuration file provided with these
packages has been improved. (BZ#485393)

Users are advised to upgrade to these updated bind packages, which resolve
these issues and add these enhancements.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

455802 - named service crashes with an assertion failed message
457036 - Latest security patches have downgraded performance on big recursors
469441 - 'host -4 hostname' fails even though ipv4 nameservers are available.
479273 - Add support for dynamic loading of database backends
483708 - bind: backport support for allow-query-cache* configuration directives [RHEL-5]
485393 - Update sample configuration file to address recent "DNS reflector" attack
490837 - poor logging at file read
491655 - bind doesn't handle unknown DLV algorithms well
494370 - bind init script references obsolete SELinux's booleans and points to wrong booleans.local location
496495 - configtest does not catch un-defined ACLs

allow-query-cache, crash, DLV, named-checkconf, rebase