1 | BIND 9 |
---|
2 | |
---|
3 | BIND version 9 is a major rewrite of nearly all aspects of the |
---|
4 | underlying BIND architecture. Some of the important features of |
---|
5 | BIND 9 are: |
---|
6 | |
---|
7 | - DNS Security |
---|
8 | DNSSEC (signed zones) |
---|
9 | TSIG (signed DNS requests) |
---|
10 | |
---|
11 | - IP version 6 |
---|
12 | Answers DNS queries on IPv6 sockets |
---|
13 | IPv6 resource records (AAAA) |
---|
14 | Experimental IPv6 Resolver Library |
---|
15 | |
---|
16 | - DNS Protocol Enhancements |
---|
17 | IXFR, DDNS, Notify, EDNS0 |
---|
18 | Improved standards conformance |
---|
19 | |
---|
20 | - Views |
---|
21 | One server process can provide multiple "views" of |
---|
22 | the DNS namespace, e.g. an "inside" view to certain |
---|
23 | clients, and an "outside" view to others. |
---|
24 | |
---|
25 | - Multiprocessor Support |
---|
26 | |
---|
27 | - Improved Portability Architecture |
---|
28 | |
---|
29 | |
---|
30 | BIND version 9 development has been underwritten by the following |
---|
31 | organizations: |
---|
32 | |
---|
33 | Sun Microsystems, Inc. |
---|
34 | Hewlett Packard |
---|
35 | Compaq Computer Corporation |
---|
36 | IBM |
---|
37 | Process Software Corporation |
---|
38 | Silicon Graphics, Inc. |
---|
39 | Network Associates, Inc. |
---|
40 | U.S. Defense Information Systems Agency |
---|
41 | USENIX Association |
---|
42 | Stichting NLnet - NLnet Foundation |
---|
43 | Nominum, Inc. |
---|
44 | |
---|
45 | |
---|
46 | BIND 9.3.1 |
---|
47 | |
---|
48 | BIND 9.3.1 is a maintenance release, containing fixes for |
---|
49 | a number of bugs in 9.3.0. |
---|
50 | |
---|
51 | libbind: corresponds to that from BIND 8.4.6-REL. |
---|
52 | |
---|
53 | BIND 9.3.0 |
---|
54 | |
---|
55 | BIND 9.3.0 has a number of new features over 9.2, |
---|
56 | including: |
---|
57 | |
---|
58 | DNSSEC is now DS based (RFC 3658). |
---|
59 | See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*. |
---|
60 | |
---|
61 | DNSSEC lookaside validation. |
---|
62 | |
---|
63 | check-names is now implemented. |
---|
64 | rrset-order in more complete. |
---|
65 | |
---|
66 | IPv4/IPv6 transition support, dual-stack-servers. |
---|
67 | |
---|
68 | IXFR deltas can now be generated when loading master files, |
---|
69 | ixfr-from-differences. |
---|
70 | |
---|
71 | It is now possible to specify the size of a journal, max-journal-size. |
---|
72 | |
---|
73 | It is now possible to define a named set of master servers to be |
---|
74 | used in masters clause, masters. |
---|
75 | |
---|
76 | The advertised EDNS UDP size can now be set, edns-udp-size. |
---|
77 | |
---|
78 | allow-v6-synthesis has been obsoleted. |
---|
79 | |
---|
80 | NOTE: |
---|
81 | * Zones containing MD and MF will now be rejected. |
---|
82 | * dig, nslookup name. now report "Not Implemented" as |
---|
83 | NOTIMP rather than NOTIMPL. This will have impact on scripts |
---|
84 | that are looking for NOTIMPL. |
---|
85 | |
---|
86 | libbind: corresponds to that from BIND 8.4.5. |
---|
87 | |
---|
88 | BIND 9.2.0 |
---|
89 | |
---|
90 | BIND 9.2.0 has a number of new features over 9.1, |
---|
91 | including: |
---|
92 | |
---|
93 | - The size of the cache can now be limited using the |
---|
94 | "max-cache-size" option. |
---|
95 | |
---|
96 | - The server can now automatically convert RFC1886-style |
---|
97 | recursive lookup requests into RFC2874-style lookups, |
---|
98 | when enabled using the new option "allow-v6-synthesis". |
---|
99 | This allows stub resolvers that support AAAA records |
---|
100 | but not A6 record chains or binary labels to perform |
---|
101 | lookups in domains that make use of these IPv6 DNS |
---|
102 | features. |
---|
103 | |
---|
104 | - Performance has been improved. |
---|
105 | |
---|
106 | - The man pages now use the more portable "man" macros |
---|
107 | rather than the "mandoc" macros, and are installed |
---|
108 | by "make install". |
---|
109 | |
---|
110 | - The named.conf parser has been completely rewritten. |
---|
111 | It now supports "include" directives in more |
---|
112 | places such as inside "view" statements, and it no |
---|
113 | longer has any reserved words. |
---|
114 | |
---|
115 | - The "rndc status" command is now implemented. |
---|
116 | |
---|
117 | - rndc can now be configured automatically. |
---|
118 | |
---|
119 | - A BIND 8 compatible stub resolver library is now |
---|
120 | included in lib/bind. |
---|
121 | |
---|
122 | - OpenSSL has been removed from the distribution. This |
---|
123 | means that to use DNSSEC, OpenSSL must be installed and |
---|
124 | the --with-openssl option must be supplied to configure. |
---|
125 | This does not apply to the use of TSIG, which does not |
---|
126 | require OpenSSL. |
---|
127 | |
---|
128 | - The source distribution now builds on Windows NT/2000. |
---|
129 | See win32utils/readme1.txt and win32utils/win32-build.txt |
---|
130 | for details. |
---|
131 | |
---|
132 | This distribution also includes a new lightweight stub |
---|
133 | resolver library and associated resolver daemon that fully |
---|
134 | support forward and reverse lookups of both IPv4 and IPv6 |
---|
135 | addresses. This library is considered experimental and |
---|
136 | is not a complete replacement for the BIND 8 resolver library. |
---|
137 | Applications that use the BIND 8 res_* functions to perform |
---|
138 | DNS lookups or dynamic updates still need to be linked against |
---|
139 | the BIND 8 libraries. For DNS lookups, they can also use the |
---|
140 | new "getrrsetbyname()" API. |
---|
141 | |
---|
142 | BIND 9.2 is capable of acting as an authoritative server |
---|
143 | for DNSSEC secured zones. This functionality is believed to |
---|
144 | be stable and complete except for lacking support for |
---|
145 | verifications involving wildcard records in secure zones. |
---|
146 | |
---|
147 | When acting as a caching server, BIND 9.2 can be configured |
---|
148 | to perform DNSSEC secure resolution on behalf of its clients. |
---|
149 | This part of the DNSSEC implementation is still considered |
---|
150 | experimental. For detailed information about the state of the |
---|
151 | DNSSEC implementation, see the file doc/misc/dnssec. |
---|
152 | |
---|
153 | There are a few known bugs: |
---|
154 | |
---|
155 | On some systems, IPv6 and IPv4 sockets interact in |
---|
156 | unexpected ways. For details, see doc/misc/ipv6. |
---|
157 | To reduce the impact of these problems, the server |
---|
158 | no longer listens for requests on IPv6 addresses |
---|
159 | by default. If you need to accept DNS queries over |
---|
160 | IPv6, you must specify "listen-on-v6 { any; };" |
---|
161 | in the named.conf options statement. |
---|
162 | |
---|
163 | FreeBSD prior to 4.2 (and 4.2 if running as non-root) |
---|
164 | and OpenBSD prior to 2.8 log messages like |
---|
165 | "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device". |
---|
166 | This is due to a bug in "/dev/random" and impacts the |
---|
167 | server's DNSSEC support. |
---|
168 | |
---|
169 | OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and |
---|
170 | OS X 10.2 (Darwin 6.0) reports errors like |
---|
171 | "fcntl(3, F_SETFL, 4): Operation not supported by device". |
---|
172 | This is due to a bug in "/dev/random" and impacts the |
---|
173 | server's DNSSEC support. |
---|
174 | |
---|
175 | --with-libtool does not work on AIX. |
---|
176 | |
---|
177 | A bug in the Windows 2000 DNS server can cause zone transfers |
---|
178 | from a BIND 9 server to a W2K server to fail. For details, |
---|
179 | see the "Zone Transfers" section in doc/misc/migration. |
---|
180 | |
---|
181 | For a detailed list of user-visible changes from |
---|
182 | previous releases, see the CHANGES file. |
---|
183 | |
---|
184 | |
---|
185 | Building |
---|
186 | |
---|
187 | BIND 9 currently requires a UNIX system with an ANSI C compiler, |
---|
188 | basic POSIX support, and a 64 bit integer type. |
---|
189 | |
---|
190 | We've had successful builds and tests on the following systems: |
---|
191 | |
---|
192 | COMPAQ Tru64 UNIX 5.1B |
---|
193 | FreeBSD 4.10, 5.2.1 |
---|
194 | HP-UX 11.11 |
---|
195 | NetBSD 1.5 |
---|
196 | Slackware Linux 8.1 |
---|
197 | Solaris 8, 9, 9 (x86) |
---|
198 | Windows NT/2000/XP/2003 |
---|
199 | |
---|
200 | Additionally, we have unverified reports of success building |
---|
201 | previous versions of BIND 9 from users of the following systems: |
---|
202 | |
---|
203 | AIX 5L |
---|
204 | SuSE Linux 7.0 |
---|
205 | Slackware Linux 7.x, 8.0 |
---|
206 | Red Hat Linux 7.1 |
---|
207 | Debian GNU/Linux 2.2 and 3.0 |
---|
208 | Mandrake 8.1 |
---|
209 | OpenBSD 2.6, 2.8, 2.9 |
---|
210 | UnixWare 7.1.1 |
---|
211 | HP-UX 10.20 |
---|
212 | BSD/OS 4.2 |
---|
213 | Mac OS X 10.1 |
---|
214 | |
---|
215 | To build, just |
---|
216 | |
---|
217 | ./configure |
---|
218 | make |
---|
219 | |
---|
220 | Do not use a parallel "make". |
---|
221 | |
---|
222 | Several environment variables that can be set before running |
---|
223 | configure will affect compilation: |
---|
224 | |
---|
225 | CC |
---|
226 | The C compiler to use. configure tries to figure |
---|
227 | out the right one for supported systems. |
---|
228 | |
---|
229 | CFLAGS |
---|
230 | C compiler flags. Defaults to include -g and/or -O2 |
---|
231 | as supported by the compiler. |
---|
232 | |
---|
233 | STD_CINCLUDES |
---|
234 | System header file directories. Can be used to specify |
---|
235 | where add-on thread or IPv6 support is, for example. |
---|
236 | Defaults to empty string. |
---|
237 | |
---|
238 | STD_CDEFINES |
---|
239 | Any additional preprocessor symbols you want defined. |
---|
240 | Defaults to empty string. |
---|
241 | |
---|
242 | Possible settings: |
---|
243 | Change the default syslog facility of named/lwresd. |
---|
244 | -DISC_FACILITY=LOG_LOCAL0 |
---|
245 | Enable DNSSEC signature chasing support in dig. |
---|
246 | -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and |
---|
247 | -DDIG_SIGCHASE_BU=1) |
---|
248 | |
---|
249 | LDFLAGS |
---|
250 | Linker flags. Defaults to empty string. |
---|
251 | |
---|
252 | To build shared libraries, specify "--with-libtool" on the |
---|
253 | configure command line. |
---|
254 | |
---|
255 | For the server to support DNSSEC, you need to build it |
---|
256 | with crypto support. You must have OpenSSL 0.9.5a |
---|
257 | or newer installed and specify "--with-openssl" on the |
---|
258 | configure command line. If OpenSSL is installed under |
---|
259 | a nonstandard prefix, you can tell configure where to |
---|
260 | look for it using "--with-openssl=/prefix". |
---|
261 | |
---|
262 | To build libbind (the BIND 8 resolver library), specify |
---|
263 | "--enable-libbind" on the configure command line. |
---|
264 | |
---|
265 | On some platforms, BIND 9 can be built with multithreading |
---|
266 | support, allowing it to take advantage of multiple CPUs. |
---|
267 | You can specify whether to build a multithreaded BIND 9 |
---|
268 | by specifying "--enable-threads" or "--disable-threads" |
---|
269 | on the configure command line. The default is operating |
---|
270 | system dependent. |
---|
271 | |
---|
272 | If your operating system has integrated support for IPv6, it |
---|
273 | will be used automatically. If you have installed KAME IPv6 |
---|
274 | separately, use "--with-kame[=PATH]" to specify its location. |
---|
275 | |
---|
276 | "make install" will install "named" and the various BIND 9 libraries. |
---|
277 | By default, installation is into /usr/local, but this can be changed |
---|
278 | with the "--prefix" option when running "configure". |
---|
279 | |
---|
280 | You may specify the option "--sysconfdir" to set the directory |
---|
281 | where configuration files like "named.conf" go by default, |
---|
282 | and "--localstatedir" to set the default parent directory |
---|
283 | of "run/named.pid". For backwards compatibility with BIND 8, |
---|
284 | --sysconfdir defaults to "/etc" and --localstatedir defaults to |
---|
285 | "/var" if no --prefix option is given. If there is a --prefix |
---|
286 | option, sysconfdir defaults to "$prefix/etc" and localstatedir |
---|
287 | defaults to "$prefix/var". |
---|
288 | |
---|
289 | To see additional configure options, run "configure --help". |
---|
290 | Note that the help message does not reflect the BIND 8 |
---|
291 | compatibility defaults for sysconfdir and localstatedir. |
---|
292 | |
---|
293 | If you're planning on making changes to the BIND 9 source, you |
---|
294 | should also "make depend". If you're using Emacs, you might find |
---|
295 | "make tags" helpful. |
---|
296 | |
---|
297 | If you need to re-run configure please run "make distclean" first. |
---|
298 | This will ensure that all the option changes take. |
---|
299 | |
---|
300 | Building with gcc is not supported, unless gcc is the vendor's usual |
---|
301 | compiler (e.g. the various BSD systems, Linux). |
---|
302 | |
---|
303 | * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86. |
---|
304 | * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02. |
---|
305 | * gcc-3.3.5 powerpc generates incorrect code at -02. |
---|
306 | |
---|
307 | A limited test suite can be run with "make test". Many of |
---|
308 | the tests require you to configure a set of virtual IP addresses |
---|
309 | on your system, and some require Perl; see bin/tests/system/README |
---|
310 | for details. |
---|
311 | |
---|
312 | |
---|
313 | Documentation |
---|
314 | |
---|
315 | The BIND 9 Administrator Reference Manual is included with the |
---|
316 | source distribution in DocBook XML and HTML format, in the |
---|
317 | doc/arm directory. |
---|
318 | |
---|
319 | Some of the programs in the BIND 9 distribution have man pages |
---|
320 | in their directories. In particular, the command line |
---|
321 | options of "named" are documented in /bin/named/named.8. |
---|
322 | There is now also a set of man pages for the lwres library. |
---|
323 | |
---|
324 | If you are upgrading from BIND 8, please read the migration |
---|
325 | notes in doc/misc/migration. If you are upgrading from |
---|
326 | BIND 4, read doc/misc/migration-4to9. |
---|
327 | |
---|
328 | Frequently asked questions and their answers can be found in |
---|
329 | FAQ. |
---|
330 | |
---|
331 | |
---|
332 | Bug Reports and Mailing Lists |
---|
333 | |
---|
334 | Bugs reports should be sent to |
---|
335 | |
---|
336 | bind9-bugs@isc.org |
---|
337 | |
---|
338 | To join the BIND Users mailing list, send mail to |
---|
339 | |
---|
340 | bind-users-request@isc.org |
---|
341 | |
---|
342 | archives of which can be found via |
---|
343 | |
---|
344 | http://www.isc.org/ops/lists/ |
---|
345 | |
---|
346 | If you're planning on making changes to the BIND 9 source |
---|
347 | code, you might want to join the BIND Workers mailing list. |
---|
348 | Send mail to |
---|
349 | |
---|
350 | bind-workers-request@isc.org |
---|
351 | |
---|
352 | |
---|