source: trunk/third/bind/README @ 21744

Revision 21744, 11.0 KB checked in by ghudson, 20 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r21743, which included commits to RCS files with non-trunk default branches.
Line 
1BIND 9
2
3        BIND version 9 is a major rewrite of nearly all aspects of the
4        underlying BIND architecture.  Some of the important features of
5        BIND 9 are:
6
7                - DNS Security
8                        DNSSEC (signed zones)
9                        TSIG (signed DNS requests)
10
11                - IP version 6
12                        Answers DNS queries on IPv6 sockets
13                        IPv6 resource records (AAAA)
14                        Experimental IPv6 Resolver Library
15
16                - DNS Protocol Enhancements
17                        IXFR, DDNS, Notify, EDNS0
18                        Improved standards conformance
19
20                - Views
21                        One server process can provide multiple "views" of
22                        the DNS namespace, e.g. an "inside" view to certain
23                        clients, and an "outside" view to others.
24
25                - Multiprocessor Support
26
27                - Improved Portability Architecture
28
29
30        BIND version 9 development has been underwritten by the following
31        organizations:
32
33                Sun Microsystems, Inc.
34                Hewlett Packard
35                Compaq Computer Corporation
36                IBM
37                Process Software Corporation
38                Silicon Graphics, Inc.
39                Network Associates, Inc.
40                U.S. Defense Information Systems Agency
41                USENIX Association
42                Stichting NLnet - NLnet Foundation
43                Nominum, Inc.
44
45
46BIND 9.3.1
47
48        BIND 9.3.1 is a maintenance release, containing fixes for
49        a number of bugs in 9.3.0.
50
51        libbind: corresponds to that from BIND 8.4.6-REL.
52
53BIND 9.3.0
54
55        BIND 9.3.0 has a number of new features over 9.2,
56        including:
57
58        DNSSEC is now DS based (RFC 3658).
59        See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
60
61        DNSSEC lookaside validation.
62
63        check-names is now implemented.
64        rrset-order in more complete.
65
66        IPv4/IPv6 transition support, dual-stack-servers.
67
68        IXFR deltas can now be generated when loading master files,
69        ixfr-from-differences.
70
71        It is now possible to specify the size of a journal, max-journal-size.
72
73        It is now possible to define a named set of master servers to be
74        used in masters clause, masters.
75
76        The advertised EDNS UDP size can now be set, edns-udp-size.
77
78        allow-v6-synthesis has been obsoleted.
79
80        NOTE:
81        * Zones containing MD and MF will now be rejected.
82        * dig, nslookup name. now report "Not Implemented" as
83          NOTIMP rather than NOTIMPL.  This will have impact on scripts
84          that are looking for NOTIMPL.
85
86        libbind: corresponds to that from BIND 8.4.5.
87
88BIND 9.2.0
89
90        BIND 9.2.0 has a number of new features over 9.1,
91        including:
92
93          - The size of the cache can now be limited using the
94            "max-cache-size" option.
95
96          - The server can now automatically convert RFC1886-style
97            recursive lookup requests into RFC2874-style lookups,
98            when enabled using the new option "allow-v6-synthesis".
99            This allows stub resolvers that support AAAA records
100            but not A6 record chains or binary labels to perform
101            lookups in domains that make use of these IPv6 DNS
102            features.
103
104          - Performance has been improved.
105
106          - The man pages now use the more portable "man" macros
107            rather than the "mandoc" macros, and are installed
108            by "make install".
109
110          - The named.conf parser has been completely rewritten.
111            It now supports "include" directives in more
112            places such as inside "view" statements, and it no
113            longer has any reserved words.
114
115          - The "rndc status" command is now implemented.
116
117          - rndc can now be configured automatically.
118
119          - A BIND 8 compatible stub resolver library is now
120            included in lib/bind.
121
122          - OpenSSL has been removed from the distribution.  This
123            means that to use DNSSEC, OpenSSL must be installed and
124            the --with-openssl option must be supplied to configure.
125            This does not apply to the use of TSIG, which does not
126            require OpenSSL.
127
128          - The source distribution now builds on Windows NT/2000.
129            See win32utils/readme1.txt and win32utils/win32-build.txt
130            for details.
131
132        This distribution also includes a new lightweight stub
133        resolver library and associated resolver daemon that fully
134        support forward and reverse lookups of both IPv4 and IPv6
135        addresses.  This library is considered experimental and
136        is not a complete replacement for the BIND 8 resolver library.
137        Applications that use the BIND 8 res_* functions to perform
138        DNS lookups or dynamic updates still need to be linked against
139        the BIND 8 libraries.  For DNS lookups, they can also use the
140        new "getrrsetbyname()" API.
141
142        BIND 9.2 is capable of acting as an authoritative server
143        for DNSSEC secured zones.  This functionality is believed to
144        be stable and complete except for lacking support for
145        verifications involving wildcard records in secure zones.
146
147        When acting as a caching server, BIND 9.2 can be configured
148        to perform DNSSEC secure resolution on behalf of its clients.
149        This part of the DNSSEC implementation is still considered
150        experimental.  For detailed information about the state of the
151        DNSSEC implementation, see the file doc/misc/dnssec.
152
153        There are a few known bugs:
154
155                On some systems, IPv6 and IPv4 sockets interact in
156                unexpected ways.  For details, see doc/misc/ipv6.
157                To reduce the impact of these problems, the server
158                no longer listens for requests on IPv6 addresses
159                by default.  If you need to accept DNS queries over
160                IPv6, you must specify "listen-on-v6 { any; };"
161                in the named.conf options statement.
162
163                FreeBSD prior to 4.2 (and 4.2 if running as non-root)
164                and OpenBSD prior to 2.8 log messages like
165                "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
166                This is due to a bug in "/dev/random" and impacts the
167                server's DNSSEC support.
168
169                OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
170                OS X 10.2 (Darwin 6.0) reports errors like
171                "fcntl(3, F_SETFL, 4): Operation not supported by device".
172                This is due to a bug in "/dev/random" and impacts the
173                server's DNSSEC support.
174
175                --with-libtool does not work on AIX.
176
177        A bug in the Windows 2000 DNS server can cause zone transfers
178        from a BIND 9 server to a W2K server to fail.  For details,
179        see the "Zone Transfers" section in doc/misc/migration.
180
181        For a detailed list of user-visible changes from
182        previous releases, see the CHANGES file.
183
184
185Building
186
187        BIND 9 currently requires a UNIX system with an ANSI C compiler,
188        basic POSIX support, and a 64 bit integer type.
189
190        We've had successful builds and tests on the following systems:
191
192                COMPAQ Tru64 UNIX 5.1B
193                FreeBSD 4.10, 5.2.1
194                HP-UX 11.11
195                NetBSD 1.5
196                Slackware Linux 8.1
197                Solaris 8, 9, 9 (x86)
198                Windows NT/2000/XP/2003
199
200        Additionally, we have unverified reports of success building
201        previous versions of BIND 9 from users of the following systems:
202
203                AIX 5L
204                SuSE Linux 7.0
205                Slackware Linux 7.x, 8.0
206                Red Hat Linux 7.1
207                Debian GNU/Linux 2.2 and 3.0
208                Mandrake 8.1
209                OpenBSD 2.6, 2.8, 2.9
210                UnixWare 7.1.1
211                HP-UX 10.20
212                BSD/OS 4.2
213                Mac OS X 10.1
214
215        To build, just
216
217                ./configure
218                make
219
220        Do not use a parallel "make".
221
222        Several environment variables that can be set before running
223        configure will affect compilation:
224
225            CC
226                The C compiler to use.  configure tries to figure
227                out the right one for supported systems.
228
229            CFLAGS
230                C compiler flags.  Defaults to include -g and/or -O2
231                as supported by the compiler. 
232
233            STD_CINCLUDES
234                System header file directories.  Can be used to specify
235                where add-on thread or IPv6 support is, for example.
236                Defaults to empty string.
237
238            STD_CDEFINES
239                Any additional preprocessor symbols you want defined.
240                Defaults to empty string.
241
242                Possible settings:
243                Change the default syslog facility of named/lwresd.
244                  -DISC_FACILITY=LOG_LOCAL0     
245                Enable DNSSEC signature chasing support in dig.
246                  -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
247                                    -DDIG_SIGCHASE_BU=1)
248
249            LDFLAGS
250                Linker flags. Defaults to empty string.
251
252        To build shared libraries, specify "--with-libtool" on the
253        configure command line.
254
255        For the server to support DNSSEC, you need to build it
256        with crypto support.  You must have OpenSSL 0.9.5a
257        or newer installed and specify "--with-openssl" on the
258        configure command line.  If OpenSSL is installed under
259        a nonstandard prefix, you can tell configure where to
260        look for it using "--with-openssl=/prefix".
261
262        To build libbind (the BIND 8 resolver library), specify
263        "--enable-libbind" on the configure command line.
264
265        On some platforms, BIND 9 can be built with multithreading
266        support, allowing it to take advantage of multiple CPUs.
267        You can specify whether to build a multithreaded BIND 9
268        by specifying "--enable-threads" or "--disable-threads"
269        on the configure command line.  The default is operating
270        system dependent.
271
272        If your operating system has integrated support for IPv6, it
273        will be used automatically.  If you have installed KAME IPv6
274        separately, use "--with-kame[=PATH]" to specify its location.
275
276        "make install" will install "named" and the various BIND 9 libraries.
277        By default, installation is into /usr/local, but this can be changed
278        with the "--prefix" option when running "configure".
279
280        You may specify the option "--sysconfdir" to set the directory
281        where configuration files like "named.conf" go by default,
282        and "--localstatedir" to set the default parent directory
283        of "run/named.pid".   For backwards compatibility with BIND 8,
284        --sysconfdir defaults to "/etc" and --localstatedir defaults to
285        "/var" if no --prefix option is given.  If there is a --prefix
286        option, sysconfdir defaults to "$prefix/etc" and localstatedir
287        defaults to "$prefix/var".
288
289        To see additional configure options, run "configure --help".
290        Note that the help message does not reflect the BIND 8
291        compatibility defaults for sysconfdir and localstatedir.
292
293        If you're planning on making changes to the BIND 9 source, you
294        should also "make depend".  If you're using Emacs, you might find
295        "make tags" helpful.
296
297        If you need to re-run configure please run "make distclean" first.
298        This will ensure that all the option changes take.
299
300        Building with gcc is not supported, unless gcc is the vendor's usual
301        compiler (e.g. the various BSD systems, Linux).
302       
303        * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
304        * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
305        * gcc-3.3.5 powerpc generates incorrect code at -02.
306
307        A limited test suite can be run with "make test".  Many of
308        the tests require you to configure a set of virtual IP addresses
309        on your system, and some require Perl; see bin/tests/system/README
310        for details.
311
312
313Documentation
314
315        The BIND 9 Administrator Reference Manual is included with the
316        source distribution in DocBook XML and HTML format, in the
317        doc/arm directory.
318
319        Some of the programs in the BIND 9 distribution have man pages
320        in their directories.  In particular, the command line
321        options of "named" are documented in /bin/named/named.8.
322        There is now also a set of man pages for the lwres library.
323
324        If you are upgrading from BIND 8, please read the migration
325        notes in doc/misc/migration.  If you are upgrading from
326        BIND 4, read doc/misc/migration-4to9.
327
328        Frequently asked questions and their answers can be found in
329        FAQ.
330
331
332Bug Reports and Mailing Lists
333
334        Bugs reports should be sent to
335
336                bind9-bugs@isc.org
337
338        To join the BIND Users mailing list, send mail to
339
340                bind-users-request@isc.org
341
342        archives of which can be found via
343
344                http://www.isc.org/ops/lists/
345
346        If you're planning on making changes to the BIND 9 source
347        code, you might want to join the BIND Workers mailing list.
348        Send mail to
349
350                bind-workers-request@isc.org
351
352
Note: See TracBrowser for help on using the repository browser.