README revision 19bcb91965916ed8f0a47da2284ddaecce70bc69
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 is a major rewrite of nearly all aspects of the
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson underlying BIND architecture. Some of the important features of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Security
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson DNSSEC (signed zones)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson TSIG (signed DNS requests)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - IP version 6
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Answers DNS queries on IPv6 sockets
fd9b6f253eac9dae2e1ad19d49aaa922d5d4f274Mark Andrews IPv6 resource records (AAAA)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Experimental IPv6 Resolver Library
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Protocol Enhancements
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IXFR, DDNS, Notify, EDNS0
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Improved standards conformance
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson One server process can provide multiple "views" of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson the DNS namespace, e.g. an "inside" view to certain
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson clients, and an "outside" view to others.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Multiprocessor Support
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Improved Portability Architecture
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley organizations:
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Sun Microsystems, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Hewlett Packard
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Compaq Computer Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Process Software Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Silicon Graphics, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Network Associates, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson U.S. Defense Information Systems Agency
70680fa51b0147c726b939b72b2420249429756aBob Halley USENIX Association
70680fa51b0147c726b939b72b2420249429756aBob Halley Stichting NLnet - NLnet Foundation
276a77c22af98c78403883b16a82646a0d5b29abPaul Vixie Nominum, Inc.
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt BIND 9.5.0 has a number of new features over 9.4,
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt GSS-TSIG support (RFC 3645).
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt DHCID support.
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt Experimental http server and statistics support for named via xml.
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews Faster ACL processing.
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews Use Doxygen to generate internal documention.
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews BIND 9.4.0 has a number of new features over 9.3,
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews Implemented "additional section caching (or acache)", an
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews internal cache framework for additional section content to
2fff8b8280779a25fbdb891b2d3d9b435d2084f0Tatuya JINMEI 神明達哉 improve response performance. Several configuration options
2fff8b8280779a25fbdb891b2d3d9b435d2084f0Tatuya JINMEI 神明達哉 were provided to control the behavior.
19bcb91965916ed8f0a47da2284ddaecce70bc69Evan Hunt New notify type 'master-only'. Enable notify for master
ffc65cc90db78a67171e3d91f63f2e92d09d2d38Evan Hunt Accept 'notify-source' style syntax for query-source.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt rndc now allows addresses to be set in the server clauses.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New option "allow-query-cache". This lets allow-query be
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews used to specify the default zone access level rather than
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews having to have every zone override the global value.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews allow-query-cache can be set at both the options and view
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews levels. If allow-query-cache is not set then allow-recursion
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews is used if set, otherwise allow-query is used if set, otherwise
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews the default (localhost; localnets;) is used.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews rndc: the source address can now be specified.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews ixfr-from-differences now takes master and slave in addition
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews to yes and no at the options and view levels.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Allow the journal's name to be changed via named.conf.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews 'rndc notify zone [class [view]]' resend the NOTIFY messages
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews for the specified zone.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews 'dig +trace' now randomly selects the next servers to try.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Report if there is a bad delegation.
9ab3b369d941e5b97fd6694ca3f3aedf5c7f3a7bMark Andrews Improve check-names error messages.
9ab3b369d941e5b97fd6694ca3f3aedf5c7f3a7bMark Andrews Make public the function to read a key file, dst_key_read_public().
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now returns the byte count for axfr/ixfr.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews allow-update is now settable at the options / view level.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now checks the logging configuration.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews host now can turn on memory debugging flags with '-m'.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Don't send notify messages to self.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Perform sanity checks on NS records which refer to 'in zone' names.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New zone option "notify-delay". Specify a minimum delay
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews between sets of NOTIFY messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Extend adjusting TTL warning messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Named and named-checkzone can now both check for non-terminal
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews wildcard records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews "rndc freeze/thaw" now freezes/thaws all zones.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now check acls to verify that they only
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews refer to existing acls.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews The server syntax has been extended to support a range of
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Report differences between hints and real NS rrset and
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews associated address records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Preserve the case of domain names in rdata during zone
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Restructured the data locking framework using architecture
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dependent atomic operations (when available), improving
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews response performance on multi-processor machines significantly.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews x86, x86_64, alpha, powerpc, and mips are currently supported.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews UNIX domain controls are now supported.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add support for additional zone file formats for improving
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews loading performance. The masterfile-format option in
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named.conf can be used to specify a non-default format. A
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews separate command named-compilezone was provided to generate
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews zone files in the new format. Additionally, the -I and -O
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews options for dnssec-signzone specify the input and output
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dnssec-signzone can now randomize signature end times
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews (dnssec-signzone -j jitter).
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add support for CH A record.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add additional zone data constancy checks. named-checkzone
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews has extended checking of NS, MX and SRV record and the hosts
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews they reference. named has extended post zone load checks.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New zone options: check-mx and integrity-check.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews edns-udp-size can now be overridden on a per server basis.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig can now specify the EDNS version when making a query.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Added framework for handling multiple EDNS versions.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Additional memory debugging support to track size and mctx
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Detect duplicates of UDP queries we are recursing on and
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews drop them. New stats category "duplicates".
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews "USE INTERNAL MALLOC" is now runtime selectable.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews The lame cache is now done on a <qname,qclass,qtype> basis
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews as some servers only appear to be lame for certain query
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Limit the number of recursive clients that can be waiting
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews for a single query (<qname,qtype,qclass>) to resolve. New
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews options clients-per-query and max-clients-per-query.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig: report the number of extra bytes still left in the
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews packet after processing all the records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Support for IPSECKEY rdata type.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Raise the UDP recieve buffer size to 32k if it is less than 32k.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews x86 and x86_64 now have seperate atomic locking implementations.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now validates update-policy entries.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Attempt to make the amount of work performed in a iteration
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews self tuning. The covers nodes clean from the cache per
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews iteration, nodes written to disk when rewriting a master
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews file and nodes destroyed per iteration when destroying a
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews zone or a cache.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews ISC string copy API.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Automatic empty zone creation for D.F.IP6.ARPA and friends.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Note: RFC 1918 zones are not yet covered by this but are
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews likely to be in a future release.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New options: empty-server, empty-contact, empty-zones-enable
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews and disable-empty-zone.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now has a '-q queryname' and '+showsearch' options.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews host/nslookup now continue (default)/fail on SERVFAIL.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now warns if 'RA' is not set in the answer when 'RD'
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews was set in the query. host/nslookup skip servers that fail
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews to set 'RA' when 'RD' is set unless a server is explicitly
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Integrate contibuted DLZ code into named.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Integrate contibuted IDN code from JPNIC.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews libbind: corresponds to that from BIND 8.4.7.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews BIND 9.3.0 has a number of new features over 9.2,
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews DNSSEC is now DS based (RFC 3658).
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews DNSSEC lookaside validation.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews check-names is now implemented.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews rrset-order in more complete.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews IPv4/IPv6 transition support, dual-stack-servers.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews IXFR deltas can now be generated when loading master files,
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews ixfr-from-differences.
c45ca0b839adc61c7902aad0969de36921b292b0Mark Andrews It is now possible to specify the size of a journal, max-journal-size.
c45ca0b839adc61c7902aad0969de36921b292b0Mark Andrews It is now possible to define a named set of master servers to be
c45ca0b839adc61c7902aad0969de36921b292b0Mark Andrews used in masters clause, masters.
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews The advertised EDNS UDP size can now be set, edns-udp-size.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews allow-v6-synthesis has been obsoleted.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews * Zones containing MD and MF will now be rejected.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews * dig, nslookup name. now report "Not Implemented" as
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews NOTIMP rather than NOTIMPL. This will have impact on scripts
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews that are looking for NOTIMPL.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews libbind: corresponds to that from BIND 8.4.5.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews BIND 9.2.0 has a number of new features over 9.1,
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews - The size of the cache can now be limited using the
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews "max-cache-size" option.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews - The server can now automatically convert RFC1886-style
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews recursive lookup requests into RFC2874-style lookups,
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews when enabled using the new option "allow-v6-synthesis".
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews This allows stub resolvers that support AAAA records
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews but not A6 record chains or binary labels to perform
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews lookups in domains that make use of these IPv6 DNS
c45ca0b839adc61c7902aad0969de36921b292b0Mark Andrews - Performance has been improved.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The man pages now use the more portable "man" macros
1c9afb96b58f450f8861007e5135dee1447e680fAndreas Gustafsson rather than the "mandoc" macros, and are installed
1c9afb96b58f450f8861007e5135dee1447e680fAndreas Gustafsson by "make install".
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The named.conf parser has been completely rewritten.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson It now supports "include" directives in more
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson places such as inside "view" statements, and it no
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson longer has any reserved words.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The "rndc status" command is now implemented.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - rndc can now be configured automatically.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - A BIND 8 compatible stub resolver library is now
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - OpenSSL has been removed from the distribution. This
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson means that to use DNSSEC, OpenSSL must be installed and
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson the --with-openssl option must be supplied to configure.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson This does not apply to the use of TSIG, which does not
672a41b5fef7722803645c1f0ca132972f0f940aAndreas Gustafsson require OpenSSL.
8a01f10278e0c794fe1d488bab2f97185f272e26Andreas Gustafsson - The source distribution now builds on Windows NT/2000.
b587e1d83f007ce68a9ae93097c461d8eb7aa373Mark Andrews See win32utils/readme1.txt and win32utils/win32-build.txt
18b393da86f452303036b5fe6feb6c1e5f6b2c02Andreas Gustafsson This distribution also includes a new lightweight stub
18b393da86f452303036b5fe6feb6c1e5f6b2c02Andreas Gustafsson resolver library and associated resolver daemon that fully
81fb2f5544552e67d7be673e353e399789e203e7Brian Wellington support forward and reverse lookups of both IPv4 and IPv6
81fb2f5544552e67d7be673e353e399789e203e7Brian Wellington addresses. This library is considered experimental and
00205e27e84603f75eed46268a5100e86883f06bAndreas Gustafsson is not a complete replacement for the BIND 8 resolver library.
00205e27e84603f75eed46268a5100e86883f06bAndreas Gustafsson Applications that use the BIND 8 res_* functions to perform
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson DNS lookups or dynamic updates still need to be linked against
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson the BIND 8 libraries. For DNS lookups, they can also use the
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson new "getrrsetbyname()" API.
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson BIND 9.2 is capable of acting as an authoritative server
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson for DNSSEC secured zones. This functionality is believed to
faca6b801dcace871c8a98c8ee1bba8d7e2994a5Brian Wellington be stable and complete except for lacking support for
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt verifications involving wildcard records in secure zones.
cca68b1ff68cd4342705b71015f603c7389d040cAndreas Gustafsson When acting as a caching server, BIND 9.2 can be configured
5f25ebaaa087893f8f57cc558c4b36eab6c26988Andreas Gustafsson to perform DNSSEC secure resolution on behalf of its clients.
ecbfd32d3710d539f19a9323f16cf43a095580bdAndreas Gustafsson This part of the DNSSEC implementation is still considered
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson experimental. For detailed information about the state of the
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson DNSSEC implementation, see the file doc/misc/dnssec.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson There are a few known bugs:
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson On some systems, IPv6 and IPv4 sockets interact in
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson unexpected ways. For details, see doc/misc/ipv6.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson To reduce the impact of these problems, the server
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson no longer listens for requests on IPv6 addresses
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson by default. If you need to accept DNS queries over
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson IPv6, you must specify "listen-on-v6 { any; };"
c54c1eaf26d5a7fc123c4af3712353156a766df1Mark Andrews in the named.conf options statement.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson FreeBSD prior to 4.2 (and 4.2 if running as non-root)
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson and OpenBSD prior to 2.8 log messages like
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson This is due to a bug in "/dev/random" and impacts the
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson server's DNSSEC support.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson OS X 10.2 (Darwin 6.0) reports errors like
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson "fcntl(3, F_SETFL, 4): Operation not supported by device".
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson This is due to a bug in "/dev/random" and impacts the
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson server's DNSSEC support.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson --with-libtool does not work on AIX.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson --with-libtool does not work on SunOS 4. configure
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson requires "printf" which is not available.
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington A bug in the Windows 2000 DNS server can cause zone transfers
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington from a BIND 9 server to a W2K server to fail. For details,
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington see the "Zone Transfers" section in doc/misc/migration.
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington For a detailed list of user-visible changes from
7c956aeeeb8da3fd3912b1fb8024ff274e3b07ebAndreas Gustafsson previous releases, see the CHANGES file.
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews BIND 9 currently requires a UNIX system with an ANSI C compiler,
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews basic POSIX support, and a 64 bit integer type.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley We've had successful builds and tests on the following systems:
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt COMPAQ Tru64 UNIX 5.1B
0ec9b06f0bd6cc3ce327a3c70db53672957fa372Andreas Gustafsson FreeBSD 4.10, 5.2.1, 6.2
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence Slackware Linux 8.1
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Solaris 8, 9, 9 (x86)
276a77c22af98c78403883b16a82646a0d5b29abPaul Vixie Windows NT/2000/XP/2003
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley Additionally, we have unverified reports of success building
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley previous versions of BIND 9 from users of the following systems:
501da430e2f16f496f8e8d1b57ab77f78428c682David Lawrence SuSE Linux 7.0
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Slackware Linux 7.x, 8.0
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews Red Hat Linux 7.1
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Debian GNU/Linux 2.2 and 3.0
65085946d4f92481699678e276e3ced04bcfdafbMark Andrews Mandrake 8.1
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey UnixWare 7.1.1
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Mac OS X 10.1, 10.3.8
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt To build, just
d80ccd47ad4b526f82590b6c182b4dd80006712eAndreas Gustafsson Do not use a parallel "make".
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Several environment variables that can be set before running
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey configure will affect compilation:
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey The C compiler to use. configure tries to figure
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey out the right one for supported systems.
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey C compiler flags. Defaults to include -g and/or -O2
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey as supported by the compiler.
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey STD_CINCLUDES
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey System header file directories. Can be used to specify
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey where add-on thread or IPv6 support is, for example.
a0cad57966364095e4367f568389a8bd84afb2afAndreas Gustafsson Defaults to empty string.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley STD_CDEFINES
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Any additional preprocessor symbols you want defined.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Defaults to empty string.
8eb5937a7e4cb8b5d7fcc1be17d34fdd014bbbb1Andreas Gustafsson Possible settings:
8eb5937a7e4cb8b5d7fcc1be17d34fdd014bbbb1Andreas Gustafsson Change the default syslog facility of named/lwresd.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson -DISC_FACILITY=LOG_LOCAL0
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Enable DNSSEC signature chasing support in dig.
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson -DDIG_SIGCHASE_BU=1)
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Disable dropping queries from particular well known ports.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson -DNS_CLIENT_DROPPORT=0
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence Disable support for "rrset-order fixed".
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson -DDNS_RDATASET_FIXED=0
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence Linker flags. Defaults to empty string.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson The following need to be set when cross compiling.
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence The native C compiler.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson BUILD_CFLAGS (optional)
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson BUILD_CPPFLAGS (optional)
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Possible Settings:
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews BUILD_LDFLAGS (optional)
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews BUILD_LIBS (optional)
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews To build shared libraries, specify "--with-libtool" on the
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews configure command line.
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews For the server to support DNSSEC, you need to build it
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews with crypto support. You must have OpenSSL 0.9.5a
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews or newer installed and specify "--with-openssl" on the
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews configure command line. If OpenSSL is installed under
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews a nonstandard prefix, you can tell configure where to
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews look for it using "--with-openssl=/prefix".
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews To build libbind (the BIND 8 resolver library), specify
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews "--enable-libbind" on the configure command line.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews On some platforms, BIND 9 can be built with multithreading
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews support, allowing it to take advantage of multiple CPUs.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews You can specify whether to build a multithreaded BIND 9
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews by specifying "--enable-threads" or "--disable-threads"
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews on the configure command line. The default is operating
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews system dependent.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson If your operating system has integrated support for IPv6, it
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson will be used automatically. If you have installed KAME IPv6
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson separately, use "--with-kame[=PATH]" to specify its location.
29c9e88c6ce6c88d9a3e3a9629dbb0df29168ebfAndreas Gustafsson "make install" will install "named" and the various BIND 9 libraries.
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson By default, installation is into /usr/local, but this can be changed
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson with the "--prefix" option when running "configure".
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson You may specify the option "--sysconfdir" to set the directory
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson where configuration files like "named.conf" go by default,
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson and "--localstatedir" to set the default parent directory
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson of "run/named.pid". For backwards compatibility with BIND 8,
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson --sysconfdir defaults to "/etc" and --localstatedir defaults to
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson "/var" if no --prefix option is given. If there is a --prefix
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson option, sysconfdir defaults to "$prefix/etc" and localstatedir
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson defaults to "$prefix/var".
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt To see additional configure options, run "configure --help".
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt Note that the help message does not reflect the BIND 8
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt compatibility defaults for sysconfdir and localstatedir.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt If you're planning on making changes to the BIND 9 source, you
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson should also "make depend". If you're using Emacs, you might find
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson "make tags" helpful.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence If you need to re-run configure please run "make distclean" first.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley This will ensure that all the option changes take.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Building with gcc is not supported, unless gcc is the vendor's usual
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley compiler (e.g. the various BSD systems, Linux).
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson Known compiler issues:
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson * gcc-3.3.5 powerpc generates incorrect code at -02.
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson * Irix, MipsPRO 7.4.1m is known to cause problems.
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson A limited test suite can be run with "make test". Many of
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson the tests require you to configure a set of virtual IP addresses
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson on your system, and some require Perl; see bin/tests/system/README
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob HalleyDocumentation
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley The BIND 9 Administrator Reference Manual is included with the
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley source distribution in DocBook XML and HTML format, in the
b3ebf6f2756b0f4061fdf84c098bad175ea3ab65Mark Andrews Some of the programs in the BIND 9 distribution have man pages
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley in their directories. In particular, the command line
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley options of "named" are documented in /bin/named/named.8.
ff69418be422164cad3be4a14a7ca56e668251edMark Andrews There is now also a set of man pages for the lwres library.
ff69418be422164cad3be4a14a7ca56e668251edMark Andrews If you are upgrading from BIND 8, please read the migration
4d1ade93431ef24931fcbd2ad4e27de2c4f94876Mark Andrews notes in doc/misc/migration. If you are upgrading from
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Frequently asked questions and their answers can be found in
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas GustafssonBug Reports and Mailing Lists
0f3264c8d1b66de8dedd137d53615b8a8556adfaMark Andrews Bugs reports should be sent to
0f3264c8d1b66de8dedd137d53615b8a8556adfaMark Andrews bind9-bugs@isc.org
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson To join the BIND Users mailing list, send mail to
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson bind-users-request@isc.org
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson archives of which can be found via
ff1e17749c7bf976f7127467c1816abeb3f4b998Brian Wellington If you're planning on making changes to the BIND 9 source
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson code, you might want to join the BIND Workers mailing list.
672a41b5fef7722803645c1f0ca132972f0f940aAndreas Gustafsson bind-workers-request@isc.org