The new maintenance releases for the 2 mainstream version of BIND9.3 and BIND9.2 fixes a few bugs but introduces no new features.
Why should you upgrade BIND 9.3.0 to BIND 9.3.1?
Most of all, BIND 9.3.0 has a vulnerability that can allow a hacker to remotely crash the BIND server. This can result in outtages. The only fix in BIND 9.3.0 is disabling dnssec. Upgrade to BIND 9.3.1 to use dnssec without fear.
check-names implementation was pretty shoddy before. The documentation wasn't accurate, and the "response ignore" didn't actually ignore.
If you had microsoft dns server clients who used you as a slave, and they had no NS records, it would cause BIND to reject the downloaded zone file when it reloaded. It would take the evil file and copy it to a tmp file causing a lot of clutter over time. I myself found and reported this bug. Now masters who don't have NS records will not cause trouble to BIND slaves.
BIND IPv6 support was also pretty shoddy. If the OS reported support for IPv6, but there weren't any IPv6 interfaces, then BIND failed to load. Also, when BIND 9.3.0 was first released, shortly after the Verisign COM/NET GTLD servers started publishing IPv6 addresses. This caused intermittant slow-downs in BIND resolution of those domains.
Why should you upgrade BIND 9.3.0 to BIND 9.3.1?
Most of all, BIND 9.3.0 has a vulnerability that can allow a hacker to remotely crash the BIND server. This can result in outtages. The only fix in BIND 9.3.0 is disabling dnssec. Upgrade to BIND 9.3.1 to use dnssec without fear.
check-names implementation was pretty shoddy before. The documentation wasn't accurate, and the "response ignore" didn't actually ignore.
If you had microsoft dns server clients who used you as a slave, and they had no NS records, it would cause BIND to reject the downloaded zone file when it reloaded. It would take the evil file and copy it to a tmp file causing a lot of clutter over time. I myself found and reported this bug. Now masters who don't have NS records will not cause trouble to BIND slaves.
BIND IPv6 support was also pretty shoddy. If the OS reported support for IPv6, but there weren't any IPv6 interfaces, then BIND failed to load. Also, when BIND 9.3.0 was first released, shortly after the Verisign COM/NET GTLD servers started publishing IPv6 addresses. This caused intermittant slow-downs in BIND resolution of those domains.