README revision 118394ef2ec7cef253c55359a3d70d202ddc2fa0
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 is a major rewrite of nearly all aspects of the
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson underlying BIND architecture. Some of the important features of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Security
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson DNSSEC (signed zones)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson TSIG (signed DNS requests)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - IP version 6
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Answers DNS queries on IPv6 sockets
fd9b6f253eac9dae2e1ad19d49aaa922d5d4f274Mark Andrews IPv6 resource records (AAAA)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Experimental IPv6 Resolver Library
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Protocol Enhancements
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IXFR, DDNS, Notify, EDNS0
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Improved standards conformance
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson One server process can provide multiple "views" of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson the DNS namespace, e.g. an "inside" view to certain
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson clients, and an "outside" view to others.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Multiprocessor Support
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Improved Portability Architecture
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley organizations:
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Sun Microsystems, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Hewlett Packard
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Compaq Computer Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Process Software Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Silicon Graphics, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Network Associates, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson U.S. Defense Information Systems Agency
70680fa51b0147c726b939b72b2420249429756aBob Halley USENIX Association
70680fa51b0147c726b939b72b2420249429756aBob Halley Stichting NLnet - NLnet Foundation
276a77c22af98c78403883b16a82646a0d5b29abPaul Vixie Nominum, Inc.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews BIND 9.4.0 has a number of new features over 9.3,
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Implemented "additional section caching (or acache)", an
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews internal cache framework for additional section content to
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews improve response performance. Several configuration options
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews were provided to control the behavior.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New notify type 'master-only'. Enable notify for master
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Accept 'notify-source' style syntax for query-source.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews rndc now allows addresses to be set in the server clauses.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New option "allow-query-cache". This lets allow-query be
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews used to specify the default zone access level rather than
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews having to have every zone override the global value.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews allow-query-cache can be set at both the options and view
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews levels. If allow-query-cache is not set allow-query applies.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews rndc: the source address can now be specified.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews ixfr-from-differences now takes master and slave in addition
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews to yes and no at the options and view levels.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Allow the journal's name to be changed via named.conf.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews 'rndc notify zone [class [view]]' resend the NOTIFY messages
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews for the specified zone.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews 'dig +trace' now randomly selects the next servers to try.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Report if there is a bad delegation.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Improve check-names error messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Make public the function to read a key file, dst_key_read_public().
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now returns the byte count for axfr/ixfr.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews allow-update is now settable at the options / view level.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now checks the logging configuration.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews host now can turn on memory debugging flags with '-m'.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Don't send notify messages to self.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Perform sanity checks on NS records which refer to 'in zone' names.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New zone option "notify-delay". Specify a minimum delay
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews between sets of NOTIFY messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Extend adjusting TTL warning messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Named and named-checkzone can now both check for non-terminal
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews wildcard records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews "rndc freeze/thaw" now freezes/thaws all zones.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now check acls to verify that they only
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews refer to existing acls.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews The server syntax has been extended to support a range of
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Report differences between hints and real NS rrset and
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews associated address records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Preserve the case of domain names in rdata during zone
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Restructured the data locking framework using architecture
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dependent atomic operations (when available), improving
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews response performance on multi-processor machines significantly.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews x86, x86_64, alpha, powerpc, and mips are currently supported.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews UNIX domain controls are now supported.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add support for additional zone file formats for improving
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews loading performance. The masterfile-format option in
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named.conf can be used to specify a non-default format. A
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews separate command named-compilezone was provided to generate
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews zone files in the new format. Additionally, the -I and -O
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews options for dnssec-signzone specify the input and output
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dnssec-signzone can now randomize signature end times
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews (dnssec-signzone -j jitter).
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add support for CH A record.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add additional zone data constancy checks. named-checkzone
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews has extended checking of NS, MX and SRV record and the hosts
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews they reference. named has extended post zone load checks.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New zone options: check-mx and integrity-check.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews edns-udp-size can now be overridden on a per server basis.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig can now specify the EDNS version when making a query.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Added framework for handling multiple EDNS versions.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Additional memory debugging support to track size and mctx
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Detect duplicates of UDP queries we are recursing on and
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews drop them. New stats category "duplicates".
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews "USE INTERNAL MALLOC" is now runtime selectable.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews The lame cache is now done on a <qname,qclass,qtype> basis
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews as some servers only appear to be lame for certain query
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Limit the number of recursive clients that can be waiting
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews for a single query (<qname,qtype,qclass>) to resolve. New
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews options clients-per-query and max-clients-per-query.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig: report the number of extra bytes still left in the
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews packet after processing all the records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Support for IPSECKEY rdata type.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Raise the UDP recieve buffer size to 32k if it is less than 32k.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews x86 and x86_64 now have seperate atomic locking implementations.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now validates update-policy entries.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Attempt to make the amount of work performed in a iteration
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews self tuning. The covers nodes clean from the cache per
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews iteration, nodes written to disk when rewriting a master
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews file and nodes destroyed per iteration when destroying a
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews zone or a cache.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews ISC string copy API.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Automatic empty zone creation for D.F.IP6.ARPA and friends.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Note: RFC 1918 zones are not yet covered by this but are
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews likely to be in a future release.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New options: empty-server, empty-contact, empty-zones-enable
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews and disable-empty-zone.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now has a '-q queryname' and '+showsearch' options.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews host/nslookup now continue (default)/fail on SERVFAIL.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now warns if 'RA' is not set in the answer when 'RD'
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews was set in the query. host/nslookup skip servers that fail
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews to set 'RA' when 'RD' is set unless a server is explicitly
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Integrate contibuted DLZ code into named.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Integrate contibuted IDN code from JPNIC.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews libbind: corresponds to that from BIND 8.4.7.
c45ca0b839adc61c7902aad0969de36921b292b0Mark Andrews BIND 9.3.0 has a number of new features over 9.2,
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews DNSSEC is now DS based (RFC 3658).
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews DNSSEC lookaside validation.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews check-names is now implemented.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews rrset-order in more complete.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews IPv4/IPv6 transition support, dual-stack-servers.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews IXFR deltas can now be generated when loading master files,
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews ixfr-from-differences.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews It is now possible to specify the size of a journal, max-journal-size.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews It is now possible to define a named set of master servers to be
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews used in masters clause, masters.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews The advertised EDNS UDP size can now be set, edns-udp-size.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews allow-v6-synthesis has been obsoleted.
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews * Zones containing MD and MF will now be rejected.
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews * dig, nslookup name. now report "Not Implemented" as
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews NOTIMP rather than NOTIMPL. This will have impact on scripts
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews that are looking for NOTIMPL.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews libbind: corresponds to that from BIND 8.4.5.
1c9afb96b58f450f8861007e5135dee1447e680fAndreas Gustafsson BIND 9.2.0 has a number of new features over 9.1,
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The size of the cache can now be limited using the
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson "max-cache-size" option.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The server can now automatically convert RFC1886-style
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson recursive lookup requests into RFC2874-style lookups,
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson when enabled using the new option "allow-v6-synthesis".
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson This allows stub resolvers that support AAAA records
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson but not A6 record chains or binary labels to perform
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson lookups in domains that make use of these IPv6 DNS
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - Performance has been improved.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The man pages now use the more portable "man" macros
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson rather than the "mandoc" macros, and are installed
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson by "make install".
8a01f10278e0c794fe1d488bab2f97185f272e26Andreas Gustafsson - The named.conf parser has been completely rewritten.
8a01f10278e0c794fe1d488bab2f97185f272e26Andreas Gustafsson It now supports "include" directives in more
b587e1d83f007ce68a9ae93097c461d8eb7aa373Mark Andrews places such as inside "view" statements, and it no
8a01f10278e0c794fe1d488bab2f97185f272e26Andreas Gustafsson longer has any reserved words.
18b393da86f452303036b5fe6feb6c1e5f6b2c02Andreas Gustafsson - The "rndc status" command is now implemented.
81fb2f5544552e67d7be673e353e399789e203e7Brian Wellington - rndc can now be configured automatically.
00205e27e84603f75eed46268a5100e86883f06bAndreas Gustafsson - A BIND 8 compatible stub resolver library is now
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson - OpenSSL has been removed from the distribution. This
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson means that to use DNSSEC, OpenSSL must be installed and
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson the --with-openssl option must be supplied to configure.
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson This does not apply to the use of TSIG, which does not
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson require OpenSSL.
5f25ebaaa087893f8f57cc558c4b36eab6c26988Andreas Gustafsson - The source distribution now builds on Windows NT/2000.
cca68b1ff68cd4342705b71015f603c7389d040cAndreas Gustafsson See win32utils/readme1.txt and win32utils/win32-build.txt
ecbfd32d3710d539f19a9323f16cf43a095580bdAndreas Gustafsson This distribution also includes a new lightweight stub
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson resolver library and associated resolver daemon that fully
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson support forward and reverse lookups of both IPv4 and IPv6
ecbfd32d3710d539f19a9323f16cf43a095580bdAndreas Gustafsson addresses. This library is considered experimental and
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson is not a complete replacement for the BIND 8 resolver library.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson Applications that use the BIND 8 res_* functions to perform
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson DNS lookups or dynamic updates still need to be linked against
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson the BIND 8 libraries. For DNS lookups, they can also use the
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson new "getrrsetbyname()" API.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson BIND 9.2 is capable of acting as an authoritative server
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson for DNSSEC secured zones. This functionality is believed to
c54c1eaf26d5a7fc123c4af3712353156a766df1Mark Andrews be stable and complete except for lacking support for
c54c1eaf26d5a7fc123c4af3712353156a766df1Mark Andrews verifications involving wildcard records in secure zones.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson When acting as a caching server, BIND 9.2 can be configured
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson to perform DNSSEC secure resolution on behalf of its clients.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson This part of the DNSSEC implementation is still considered
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson experimental. For detailed information about the state of the
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson DNSSEC implementation, see the file doc/misc/dnssec.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson There are a few known bugs:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson On some systems, IPv6 and IPv4 sockets interact in
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson unexpected ways. For details, see doc/misc/ipv6.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson To reduce the impact of these problems, the server
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson no longer listens for requests on IPv6 addresses
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson by default. If you need to accept DNS queries over
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson IPv6, you must specify "listen-on-v6 { any; };"
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson in the named.conf options statement.
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington FreeBSD prior to 4.2 (and 4.2 if running as non-root)
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington and OpenBSD prior to 2.8 log messages like
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington This is due to a bug in "/dev/random" and impacts the
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington server's DNSSEC support.
3e480b2f811fb4898af49983abf43f0894bb29e5Mark Andrews OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
3e480b2f811fb4898af49983abf43f0894bb29e5Mark Andrews OS X 10.2 (Darwin 6.0) reports errors like
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews "fcntl(3, F_SETFL, 4): Operation not supported by device".
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews This is due to a bug in "/dev/random" and impacts the
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews server's DNSSEC support.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson --with-libtool does not work on AIX.
0ec9b06f0bd6cc3ce327a3c70db53672957fa372Andreas Gustafsson A bug in the Windows 2000 DNS server can cause zone transfers
0ec9b06f0bd6cc3ce327a3c70db53672957fa372Andreas Gustafsson from a BIND 9 server to a W2K server to fail. For details,
0ec9b06f0bd6cc3ce327a3c70db53672957fa372Andreas Gustafsson see the "Zone Transfers" section in doc/misc/migration.
e5256e34b4a26a26088b2dc5ca621b42c0750256Andreas Gustafsson For a detailed list of user-visible changes from
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence previous releases, see the CHANGES file.
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley BIND 9 currently requires a UNIX system with an ANSI C compiler,
76860484adfbadeecfeb3a7132ede916ee2102ffBrian Wellington basic POSIX support, and a 64 bit integer type.
501da430e2f16f496f8e8d1b57ab77f78428c682David Lawrence We've had successful builds and tests on the following systems:
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews COMPAQ Tru64 UNIX 5.1B
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews FreeBSD 4.10, 5.2.1
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews Slackware Linux 8.1
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews Solaris 8, 9, 9 (x86)
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews Windows NT/2000/XP/2003
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Additionally, we have unverified reports of success building
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson previous versions of BIND 9 from users of the following systems:
a9bd2eab109801125605b1db8a69f625c3610aebDavid Lawrence SuSE Linux 7.0
a158d032df9d09fd89a03767bcea28ac58c61180Andreas Gustafsson Slackware Linux 7.x, 8.0
97c5be1daa4257ff54ea05ddb683867cadd5823fAndreas Gustafsson Red Hat Linux 7.1
5d7c50da51174c01291712e4c2a08fce7e6e8883Andreas Gustafsson Debian GNU/Linux 2.2 and 3.0
b1c6a6c514b05a0ebb65656f154be54a3ee01ab5Mark Andrews Mandrake 8.1
dd9569905456bc5ba916122a73016c99fb058dc7Andreas Gustafsson OpenBSD 2.6, 2.8, 2.9
e544b507b8019a62c5d2716281f6832519a8791dDavid Lawrence UnixWare 7.1.1
f829b1f42a8df97d004eed41f41c348f1c92c5a7Mark Andrews Mac OS X 10.1, 10.3.8
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To build, just
8eb5937a7e4cb8b5d7fcc1be17d34fdd014bbbb1Andreas Gustafsson Do not use a parallel "make".
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Several environment variables that can be set before running
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson configure will affect compilation:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson The C compiler to use. configure tries to figure
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson out the right one for supported systems.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson C compiler flags. Defaults to include -g and/or -O2
ff69418be422164cad3be4a14a7ca56e668251edMark Andrews as supported by the compiler.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson System header file directories. Can be used to specify
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson where add-on thread or IPv6 support is, for example.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Defaults to empty string.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Any additional preprocessor symbols you want defined.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Defaults to empty string.
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews Possible settings:
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews Change the default syslog facility of named/lwresd.
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews -DISC_FACILITY=LOG_LOCAL0
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews Enable DNSSEC signature chasing support in dig.
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews -DDIG_SIGCHASE_BU=1)
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews Disable dropping queries from particular well known ports.
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews -DNS_CLIENT_DROPPORT=0
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews Linker flags. Defaults to empty string.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews The following need to be set when cross compiling.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews The native C compiler.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_CFLAGS (optional)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_CPPFLAGS (optional)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews Possible Settings:
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_LDFLAGS (optional)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_LIBS (optional)
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson To build shared libraries, specify "--with-libtool" on the
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson configure command line.
29c9e88c6ce6c88d9a3e3a9629dbb0df29168ebfAndreas Gustafsson For the server to support DNSSEC, you need to build it
29c9e88c6ce6c88d9a3e3a9629dbb0df29168ebfAndreas Gustafsson with crypto support. You must have OpenSSL 0.9.5a
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson or newer installed and specify "--with-openssl" on the
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson configure command line. If OpenSSL is installed under
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson a nonstandard prefix, you can tell configure where to
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson look for it using "--with-openssl=/prefix".
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson To build libbind (the BIND 8 resolver library), specify
5c5a746d5745802c3b825bb68d03fb1e97759cddMark Andrews "--enable-libbind" on the configure command line.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson On some platforms, BIND 9 can be built with multithreading
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson support, allowing it to take advantage of multiple CPUs.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson You can specify whether to build a multithreaded BIND 9
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson by specifying "--enable-threads" or "--disable-threads"
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson on the configure command line. The default is operating
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson system dependent.
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson If your operating system has integrated support for IPv6, it
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson will be used automatically. If you have installed KAME IPv6
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson separately, use "--with-kame[=PATH]" to specify its location.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "make install" will install "named" and the various BIND 9 libraries.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley By default, installation is into /usr/local, but this can be changed
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley with the "--prefix" option when running "configure".
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson You may specify the option "--sysconfdir" to set the directory
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson where configuration files like "named.conf" go by default,
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson and "--localstatedir" to set the default parent directory
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson of "run/named.pid". For backwards compatibility with BIND 8,
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson --sysconfdir defaults to "/etc" and --localstatedir defaults to
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson "/var" if no --prefix option is given. If there is a --prefix
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson option, sysconfdir defaults to "$prefix/etc" and localstatedir
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson defaults to "$prefix/var".
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson To see additional configure options, run "configure --help".
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson Note that the help message does not reflect the BIND 8
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson compatibility defaults for sysconfdir and localstatedir.
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley If you're planning on making changes to the BIND 9 source, you
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley should also "make depend". If you're using Emacs, you might find
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley "make tags" helpful.
b3ebf6f2756b0f4061fdf84c098bad175ea3ab65Mark Andrews If you need to re-run configure please run "make distclean" first.
b3ebf6f2756b0f4061fdf84c098bad175ea3ab65Mark Andrews This will ensure that all the option changes take.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Building with gcc is not supported, unless gcc is the vendor's usual
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley compiler (e.g. the various BSD systems, Linux).
260be76e8e176872d61949a5eaa1e98cafe33a88Mark Andrews Known compiler issues:
ff69418be422164cad3be4a14a7ca56e668251edMark Andrews * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
4d1ade93431ef24931fcbd2ad4e27de2c4f94876Mark Andrews * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
cc4eef2a533c338310738f57898845784ce48433Mark Andrews * gcc-3.3.5 powerpc generates incorrect code at -02.
673b53417fa1f9d2ab3e0c575baff605d202a489Mark Andrews * Irix, MipsPRO 7.4.1m is known to cause problems.
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson A limited test suite can be run with "make test". Many of
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson the tests require you to configure a set of virtual IP addresses
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson on your system, and some require Perl; see bin/tests/system/README
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson The BIND 9 Administrator Reference Manual is included with the
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson source distribution in DocBook XML and HTML format, in the
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson Some of the programs in the BIND 9 distribution have man pages
ff1e17749c7bf976f7127467c1816abeb3f4b998Brian Wellington in their directories. In particular, the command line
ff1e17749c7bf976f7127467c1816abeb3f4b998Brian Wellington options of "named" are documented in /bin/named/named.8.
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson There is now also a set of man pages for the lwres library.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson If you are upgrading from BIND 8, please read the migration
672a41b5fef7722803645c1f0ca132972f0f940aAndreas Gustafsson notes in doc/misc/migration. If you are upgrading from
268755d80313f3c4fab6ffc7e70099310873233eAndreas Gustafsson Frequently asked questions and their answers can be found in
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas GustafssonBug Reports and Mailing Lists
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Bugs reports should be sent to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bind9-bugs@isc.org
8d0d941054982cff5235a9033040ac35c3f06a50Mark Andrews To join the BIND Users mailing list, send mail to
8d0d941054982cff5235a9033040ac35c3f06a50Mark Andrews bind-users-request@isc.org
469a5f80aebc46e720b073e3a2cceb70709797b6Mark Andrews archives of which can be found via
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley If you're planning on making changes to the BIND 9 source
614a25ce3c57c34c3020c247b3234c593bfb208cMark Andrews code, you might want to join the BIND Workers mailing list.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Send mail to
614a25ce3c57c34c3020c247b3234c593bfb208cMark Andrews bind-workers-request@isc.org