README revision 09158ff8e47827f22547c4c0aa81f93127aae05c
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt BIND version 9 is a major rewrite of nearly all aspects of the
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt underlying BIND architecture. Some of the important features of
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - DNS Security
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt DNSSEC (signed zones)
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt TSIG (signed DNS requests)
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - IP version 6
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Answers DNS queries on IPv6 sockets
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt IPv6 resource records (AAAA)
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Experimental IPv6 Resolver Library
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - DNS Protocol Enhancements
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt IXFR, DDNS, Notify, EDNS0
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Improved standards conformance
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt One server process can provide multiple "views" of
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt the DNS namespace, e.g. an "inside" view to certain
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt clients, and an "outside" view to others.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - Multiprocessor Support
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - Improved Portability Architecture
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt BIND version 9 development has been underwritten by the following
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt organizations:
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Sun Microsystems, Inc.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Hewlett Packard
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Compaq Computer Corporation
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Process Software Corporation
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Silicon Graphics, Inc.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Network Associates, Inc.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt U.S. Defense Information Systems Agency
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt USENIX Association
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Stichting NLnet - NLnet Foundation
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt Nominum, Inc.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt For a summary of functional enhancements in previous
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt releases, see the HISTORY file.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt For a detailed list of user-visible changes from
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt previous releases, see the CHANGES file.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt For up-to-date release notes and errata, see
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt releases. New features include:
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt - DNS Response-rate limiting (DNS RRL), which blunts the
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt impact of reflection and amplification attacks, is
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt always compiled in and no longer requires a compile-time
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt option to enable it.
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt - A new zone file format, "map", allows zone data to be
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt stored in a format that can be mapped directly into memory,
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt allowing much faster zone loading.
45e74d65bd981a97c5da2f86e8557c9843a0c7c0Evan Hunt - Improved EDNS(0) processing for better resolver performance
45e74d65bd981a97c5da2f86e8557c9843a0c7c0Evan Hunt and reliability over slow or lossy connections.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - Substantial improvement in response-policy zone (RPZ)
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt performance. Up to 32 response-policy zones can be
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt configured with minimal performance loss.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - To improve recursive resolver performance, cache records
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt which are still being requested by clients can now be
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt automatically refreshed from the authoritative server
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt before they expire, reducing or eliminating the time
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt window in which no answer is available in the cache.
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt - New "rpz-client-ip" triggers and drop policies allowing
9d1f3953d3226a9e85d26bc59e62b29c16d14e77Evan Hunt response policies based on the IP address of the client.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - ACLs can now be specified based on geographic location
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt using the MaxMind GeoIP databases.
45e74d65bd981a97c5da2f86e8557c9843a0c7c0Evan Hunt - Zone data can now be shared between views, allowing
45e74d65bd981a97c5da2f86e8557c9843a0c7c0Evan Hunt multiple views to serve the same zones authoritatively
daa098822e9798fa22fa704cfb1dddf96c8f253bJeremy C. Reed without storing multiple copies in memory.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - New XML schema (version 3) for the statistics channel
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt includes many new statistics and uses a flattened XML tree
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt for faster parsing.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - A new stylesheet, based on the Google Charts API, displays
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt XML statistics in charts and graphs on javascript-enabled
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - The statistics channel can now provide data in JSON
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt format as well as XML.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - The internal and export versions of the BIND libraries
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt (libisc, libdns, etc) have been unified so that external
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt library clients can use the same libraries as BIND itself.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt - A new compile-time option allows the BIND 9 cryptography
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt functions to use the PKCS#11 API natively, so that BIND
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt can drive a cryptographic hardware service module directly
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt instead of using a modified OpenSSL as an intermediary.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt This has been tested with the Thales nShield HSM and with
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt SoftHSMv2 from the Open DNSSEC project.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - New 'dnssec-coverage' tool to check DNSSEC key coverage
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt for a zone and report if a lapse in signing coverage has
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt been inadvertently scheduled.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - Signing algorithm flexibility and other improvements
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt for the "rndc" control channel.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - 'named-checkzone' and 'named-compilezone' can now read
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt journal files, allowing them to process dynamic zones.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - Multiple DLZ databases can now be configured. Individual
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt zones can be configured to be served from a specific DLZ
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt database. DLZ databases now serve zones of type "master"
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt and "redirect".
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - "rndc zonestatus" reports information about a specified zone.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - "named" now listens on IPv6 as well as IPv4 interfaces
dc3ac7e79aee3821d1877a41adcd6d6eec5a4395Evan Hunt - "named" now preserves the capitalization of names when
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt responding to queries.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - new "dnssec-importkey" command allows the use of offline
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt DNSSEC keys with automatic DNSKEY management.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - New 'named-rrchecker' tool to verify the syntactic
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt correctness of individual resource records.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - When re-signing a zone, the new "dnssec-signzone -Q" option
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt drops signatures from keys that are still published but are
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt no longer active.
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt - "named-checkconf -px" will print the contents of configuration
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt files with the shared secrets obscured, making it easier to
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt share configuration (e.g. when submitting a bug report)
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt without revealing private information.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt releases. New features include:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Inline signing, allowing automatic DNSSEC signing of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt master zones without modification of the zonefile, or
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "bump in the wire" signing in slaves.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - NXDOMAIN redirection.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New 'rndc flushtree' command clears all data under a given
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt name from the DNS cache.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New 'rndc sync' command dumps pending changes in a dynamic
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt zone to disk without a freeze/thaw cycle.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New 'rndc signing' command displays or clears signing status
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt records in 'auto-dnssec' zones.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - NSEC3 parameters for 'auto-dnssec' zones can now be set prior
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to signing, eliminating the need to initially sign with NSEC.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Startup time improvements on large authoritative servers.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Slave zones are now saved in raw format by default.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Several improvements to response policy zones (RPZ).
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Improved hardware scalability by using multiple threads
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to listen for queries and using finer-grained client locking
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - The 'also-notify' option now takes the same syntax as
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt 'masters', so it can used named masterlists and TSIG keys.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dnssec-signzone -D' writes an output file containing only DNSSEC
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt data, which can be included by the primary zone file.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dnssec-signzone -R' forces removal of signatures that are
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt not expired but were created by a key which no longer exists.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dnssec-signzone -X' allows a separate expiration date to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt be specified for DNSKEY signatures from other signatures.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New '-L' option to dnssec-keygen, dnssec-settime, and
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt dnssec-keyfromlabel sets the default TTL for the key.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - dnssec-dsfromkey now supports reading from standard input,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to make it easier to convert DNSKEY to DS.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - RFC 1918 reverse zones have been added to the empty-zones
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt table per RFC 6303.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Dynamic updates can now optionally set the zone's SOA serial
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt number to the current UNIX time.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - DLZ modules can now retrieve the source IP address of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt the querying client.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'request-ixfr' option can now be set at the per-zone level.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dig +rrcomments' turns on comments about DNSKEY records,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt indicating their key ID, algorithm and function
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Simplified nsupdate syntax and added readline support
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BIND 9 currently requires a UNIX system with an ANSI C compiler,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt basic POSIX support, and a 64 bit integer type.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt We've had successful builds and tests on the following systems:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt COMPAQ Tru64 UNIX 5.1B
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Fedora Core 6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt FreeBSD 4.10, 5.2.1, 6.2
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Mac OS X 10.5
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt NetBSD 3.x, 4.0-beta, 5.0-beta
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt OpenBSD 3.3 and up
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Solaris 8, 9, 9 (x86), 10
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Ubuntu 7.04, 7.10
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Windows XP/2003/2008
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Windows, including Windows NT and Windows 2000, are no longer
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt We have recent reports from the user community that a supported
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt version of BIND will build and run on the following systems:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt CentOS 4, 4.5, 5
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Darwin 9.0.0d1/ARM
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Debian 4, 5, 6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Fedora Core 5, 7, 8
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt FreeBSD 6, 7, 8
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt HP-UX 11.23 PA
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt MacOS X 10.5, 10.6, 10.7
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Red Hat Enterprise Linux 4, 5, 6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt SCO OpenServer 5.0.6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Slackware 9, 10
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To build, just
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Do not use a parallel "make".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Several environment variables that can be set before running
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt configure will affect compilation:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The C compiler to use. configure tries to figure
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt out the right one for supported systems.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt C compiler flags. Defaults to include -g and/or -O2
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt as supported by the compiler. Please include '-g'
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt if you need to set CFLAGS.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt STD_CINCLUDES
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt System header file directories. Can be used to specify
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt where add-on thread or IPv6 support is, for example.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Defaults to empty string.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt STD_CDEFINES
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Any additional preprocessor symbols you want defined.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Defaults to empty string.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Possible settings:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Change the default syslog facility of named/lwresd.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DISC_FACILITY=LOG_LOCAL0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Enable DNSSEC signature chasing support in dig.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DDIG_SIGCHASE_BU=1)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Disable dropping queries from particular well known ports.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DNS_CLIENT_DROPPORT=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Sibling glue checking in named-checkzone is enabled by default.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To disable the default check set. -DCHECK_SIBLING=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt named-checkzone checks out-of-zone addresses by default.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To disable this default set. -DCHECK_LOCAL=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To create the default pid files in ${localstatedir}/run rather
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt than ${localstatedir}/run/{named,lwresd}/ set.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DNS_RUN_PID_DIR=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Enable workaround for Solaris kernel bug about /dev/poll
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DISC_SOCKET_USE_POLLWATCH=1
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The watch timeout is also configurable, e.g.,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DISC_SOCKET_POLLWATCH_TIMEOUT=20
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Linker flags. Defaults to empty string.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The following need to be set when cross compiling.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The native C compiler.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_CFLAGS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_CPPFLAGS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Possible Settings:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_LDFLAGS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_LIBS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt On most platforms, BIND 9 is built with multithreading
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt support, allowing it to take advantage of multiple CPUs.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt You can configure this by specifying "--enable-threads" or
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "--disable-threads" on the configure command line. The default
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt is to enable threads, except on some older operating systems
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt on which threads are known to have had problems in the past.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt (Note: Prior to BIND 9.10, the default was to disable threads on
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Linux systems; this has been reversed. On Linux systems, the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt threaded build is known to change BIND's behavior with respect
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to file permissions; it may be necessary to specify a user with
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt the -u option when running named.)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To build shared libraries, specify "--with-libtool" on the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt configure command line.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt For the server to support DNSSEC, you need to build it
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt with crypto support. You must have OpenSSL 0.9.5a
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt or newer installed and specify "--with-openssl" on the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt configure command line. If OpenSSL is installed under
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt a nonstandard prefix, you can tell configure where to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt look for it using "--with-openssl=/prefix".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To support the HTTP statistics channel, the server must
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt be linked with at least one of the following: libxml2
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt (http://xmlsoft.org) or json-c (https://github.com/json-c).
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If these are installed at a nonstandard prefix, use
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "--with-libxml2=/prefix" or "--with-libjson=/prefix".
daa098822e9798fa22fa704cfb1dddf96c8f253bJeremy C. Reed On some platforms it is necessary to explicitly request large
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt file support to handle files bigger than 2GB. This can be
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt done by "--enable-largefile" on the configure command line.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Support for the "fixed" rrset-order option can be enabled
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt or disabled by specifying "--enable-fixed-rrset" or
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "--disable-fixed-rrset" on the configure command line.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The default is "disabled", to reduce memory footprint.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If your operating system has integrated support for IPv6, it
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt will be used automatically. If you have installed KAME IPv6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt separately, use "--with-kame[=PATH]" to specify its location.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "make install" will install "named" and the various BIND 9 libraries.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt By default, installation is into /usr/local, but this can be changed
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt with the "--prefix" option when running "configure".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt You may specify the option "--sysconfdir" to set the directory
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt where configuration files like "named.conf" go by default,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt and "--localstatedir" to set the default parent directory
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt of "run/named.pid". For backwards compatibility with BIND 8,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt --sysconfdir defaults to "/etc" and --localstatedir defaults to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "/var" if no --prefix option is given. If there is a --prefix
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt option, sysconfdir defaults to "$prefix/etc" and localstatedir
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt defaults to "$prefix/var".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To see additional configure options, run "configure --help".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Note that the help message does not reflect the BIND 8
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt compatibility defaults for sysconfdir and localstatedir.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you're planning on making changes to the BIND 9 source, you
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt should also "make depend". If you're using Emacs, you might find
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "make tags" helpful.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you need to re-run configure please run "make distclean" first.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt This will ensure that all the option changes take.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Building with gcc is not supported, unless gcc is the vendor's usual
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt compiler (e.g. the various BSD systems, Linux).
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Known compiler issues:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * gcc-3.3.5 powerpc generates incorrect code at -02.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * Irix, MipsPRO 7.4.1m is known to cause problems.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt A limited test suite can be run with "make test". Many of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt the tests require you to configure a set of virtual IP addresses
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt on your system, and some require Perl; see bin/tests/system/README
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt for details.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt SunOS 4 requires "printf" to be installed to make the shared
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt libraries. sh-utils-1.16 provides a "printf" which compiles
c5e2e93f62e83ff6e3d85ea05ab5a9f468300a32Mark AndrewsKnown limitations
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Linux requires kernel build 2.6.39 or later to get the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt performance benefits from using multiple sockets.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The BIND 9 Administrator Reference Manual is included with the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt source distribution in DocBook XML and HTML format, in the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Some of the programs in the BIND 9 distribution have man pages
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in their directories. In particular, the command line
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt options of "named" are documented in /bin/named/named.8.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt There is now also a set of man pages for the lwres library.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you are upgrading from BIND 8, please read the migration
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt notes in doc/misc/migration. If you are upgrading from
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Frequently asked questions and their answers can be found in
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Additional information on various subjects can be found
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in the other README files.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt A detailed list of all changes to BIND 9 is included in the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt file CHANGES, with the most recent changes listed first.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Change notes include tags indicating the category of the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt change that was made; these categories are:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [func] New feature
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [bug] General bug fix
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [security] Fix for a significant security flaw
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [experimental] Used for new features when the syntax
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt or other aspects of the design are still
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in flux and may change
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [port] Portability enhancement
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [maint] Updates to built-in data such as root
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt server addresses and keys
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [tuning] Changes to built-in configuration defaults
daa098822e9798fa22fa704cfb1dddf96c8f253bJeremy C. Reed and constants to improve performance
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [protocol] Updates to the DNS protocol such as new
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [test] Changes to the automatic tests, not
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt affecting server functionality
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [cleanup] Minor corrections and refactoring
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [doc] Documentation
09158ff8e47827f22547c4c0aa81f93127aae05cEvan Hunt [contrib] Changes to the contributed tools and
09158ff8e47827f22547c4c0aa81f93127aae05cEvan Hunt libraries in the 'contrib' subdirectory
ff0b3538a430cfaf617921ce59ff36c31c189986Evan Hunt [placeholder] Used in the master development branch to
ff0b3538a430cfaf617921ce59ff36c31c189986Evan Hunt reserve change numbers for use in other
ff0b3538a430cfaf617921ce59ff36c31c189986Evan Hunt branches, e.g. when fixing a bug that only
ff0b3538a430cfaf617921ce59ff36c31c189986Evan Hunt exists in older releases
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt In general, [func] and [experimental] tags will only appear
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in new-feature releases (i.e., those with version numbers
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt ending in zero). Some new functionality may be backported to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt older releases on a case-by-case basis. All other change
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt types may be applied to all currently-supported releases.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas GustafssonBug Reports and Mailing Lists
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Bugs reports should be sent to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt bind9-bugs@isc.org
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To join the BIND Users mailing list, send mail to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt bind-users-request@isc.org
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt archives of which can be found via
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you're planning on making changes to the BIND 9 source
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt code, you might want to join the BIND Workers mailing list.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Send mail to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt bind-workers-request@isc.org
ba41a196662a56fad56a2b087b6fc0b581bfc5ffEvan HuntAcknowledgments
ba41a196662a56fad56a2b087b6fc0b581bfc5ffEvan Hunt - This product includes software developed by the OpenSSL Project
ba41a196662a56fad56a2b087b6fc0b581bfc5ffEvan Hunt for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/).
ba41a196662a56fad56a2b087b6fc0b581bfc5ffEvan Hunt - This product includes cryptographic software written by Eric
ba41a196662a56fad56a2b087b6fc0b581bfc5ffEvan Hunt Young (eay@cryptsoft.com).
ba41a196662a56fad56a2b087b6fc0b581bfc5ffEvan Hunt - This product includes software written by Tim Hudson
ba41a196662a56fad56a2b087b6fc0b581bfc5ffEvan Hunt (tjh@cryptsoft.com).