README revision 32b61e553b8fa66762989323ba79675eda8a5c47
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob HalleyBIND 9
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 is a major rewrite of nearly all aspects of the
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley underlying BIND architecture. This re-architecting of BIND was
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley necessitated by the expected demands of:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Domain name system growth, particularly in very large
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley zones such as .COM
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Protocol enhancements necessary to securely query and
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley update zones
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Protocol enhancements necessary to take advantage of
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley certain architectural features of IP version 6
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley These demands implied performance requirements that were not
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley necessarily easy to attain with the BIND version 8
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley architecture. In particular, BIND must not only be able to
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley run on multi-processor multi-threaded systems, but must take
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley full advantage of the performance enhancements these
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley architectures can provide. In addition, the underlying data
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley storage architecture of BIND version 8 does not lend itself to
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley implementing alternative back end databases, such as would be
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley desirable for the support of multi-gigabyte zones. As such
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley zones are easily foreseeable in the relatively near future,
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley the data storage architecture needed revision. The feature
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley requirements for BIND version 9 included:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Scalability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Thread safety
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Multi-processor scalability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for very large zones
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Security
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for DNSSEC
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for TSIG
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Auditability (code and operation)
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Firewall support (split DNS)
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Portability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Maintainability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Protocol Enhancements
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley IXFR, DDNS, Notify, EDNS0
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Improved standards conformance
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Operational enhancements
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley High availability and reliability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for alternative back end databases
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - IP version 6 support
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley IPv6 resource records (A6, DNAME, etc.)
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Bitstring labels
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley APIs
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley organizations:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Sun Microsystems, Inc.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Hewlett Packard
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Compaq Computer Corporation
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley IBM
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Process Software Corporation
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Silicon Graphics, Inc.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Network Associates, Inc.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley U.S. Defense Information Systems Agency
70680fa51b0147c726b939b72b2420249429756aBob Halley USENIX Association
70680fa51b0147c726b939b72b2420249429756aBob Halley Stichting NLnet - NLnet Foundation
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob HalleyBIND 9.0.0b1
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley BIND 9.0.0b1 is the first public release of BIND 9 code. It will
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley be most useful to advanced users working with IPv6 or DNSSEC.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley BIND 9.0.0b1 is not functionally complete, and is not a release
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley candidate for BIND 9.0.0. The ISC anticipates a number of additional
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley beta releases between now and May, when BIND 9.0.0 is scheduled to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley be released.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley The ISC does not recommend using BIND 9.0.0b1 for "production"
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley services.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley We hope users of BIND 9.0.0b1 will provide feedback, bug fixes, and
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley enhancements. If you are not in a position to do so, it would
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley probably be better to wait until subsequent releases.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Much of the core technology planned for BIND 9.0.0 is in this beta
27f61f54eb79881fc394f287b8bf0842681c7b04Bob Halley release. Some of the highlights are:
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley IPv6
3a481d0d4a73e3baec3da25ca0f9d079fd74076fBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Support for bitstring labels, DNAME, and A6 records.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley IPv6-aware resolver (follows A6 chains, can use IPv6 to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley talk to other nameservers).
5ba43259eb4775fda6d771469c3c7db04518b5deBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley The nameserver listens on an IPv6 socket.
5ba43259eb4775fda6d771469c3c7db04518b5deBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley DNSSEC
3a481d0d4a73e3baec3da25ca0f9d079fd74076fBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley All new RR types supported.
5ba43259eb4775fda6d771469c3c7db04518b5deBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley The server generates DNSSEC responses for secure zones.
5ba43259eb4775fda6d771469c3c7db04518b5deBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley EDNS0
3a481d0d4a73e3baec3da25ca0f9d079fd74076fBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley DNS messages using UDP have been limited to 512
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bytes. This is too small for DNSSEC replies, whose
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley signature and key records can be large. EDNS0 allows
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley larger UDP messages to be sent.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley EDNS0 is understood by the server, and used by the
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley resolver.
5ba43259eb4775fda6d771469c3c7db04518b5deBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Some of the more significant items that will be implemented or
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley enhanced in a future beta are
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley DNSSEC validation
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley The server does not currently validate DNSSEC
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley signatures.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Notify
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
3a481d0d4a73e3baec3da25ca0f9d079fd74076fBob Halley Notify is not yet implemented.
3a481d0d4a73e3baec3da25ca0f9d079fd74076fBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Configuration File
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Some config file items are not yet implemented.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley See doc/misc/options for a summary of the current
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley status.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Selective Forwarding
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Documentation
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Future releases will contain a lot more documentation,
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley but a preliminary version of the Administrator's
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Reference Manual is in the doc/arm subdirectory.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob HalleyBuilding
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley BIND 9 currently requires a UNIX system with an ANSI C compiler,
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley basic POSIX support, and a good pthreads implementation.
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley We've had successful builds and tests on the following systems
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley AIX 4.3
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley COMPAQ Tru64 UNIX 4.0D
036608c715045009e5607ae105b2136ea8e47da9Bob Halley FreeBSD 3.4-STABLE
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley HP-UX 11
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley IRIX64 6.5
09dfc8c60ef885ea9ce05882e98537e5686a7b4bBob Halley NetBSD current (with "unproven" pthreads)
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Red Hat Linux 6.0, 6.1
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Solaris 2.6, 7, 8 (beta)
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To build, just
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley ./configure
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley make
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "make install" will install "named" and the various BIND 9 libraries.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley By default, installation is into /usr/local, but this can be changed
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley with the "--prefix" option when running "configure".
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley Shared libraries will be built if "--with-libtool" is added to the
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley "configure" command.
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley If you're planning on making changes to the BIND 9 source, you
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley should also "make depend". If you're using Emacs, you might find
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley "make tags" helpful.
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Building with gcc is not supported, unless gcc is the vendor's usual
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley compiler (e.g. the various BSD systems, Linux).
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
fe82c227f69c4a95d9db2f64f07e55daaf9499e6Bob Halley Parts of the library can be tested by running "make test" from the
fe82c227f69c4a95d9db2f64f07e55daaf9499e6Bob Halley bin/tests subdirectory.
fe82c227f69c4a95d9db2f64f07e55daaf9499e6Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob HalleyBug Reports and Mailing Lists
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Bugs reports should be sent to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bind9-bugs@isc.org
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To join the BIND 9 Users mailing list, send mail to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bind9-users-request@isc.org
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley If you're planning on making changes to the BIND 9 source
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley code, you might want to join the BIND 9 Workers mailing list.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Send mail to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bind9-workers-request@isc.org
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley"named" command line options
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley -c <config_file>
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley -d <debug_level>
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley -f Run in the foreground.
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley
32b61e553b8fa66762989323ba79675eda8a5c47Andreas Gustafsson -g Run in the foreground and log
32b61e553b8fa66762989323ba79675eda8a5c47Andreas Gustafsson to stderr, ignoring any "logging"
32b61e553b8fa66762989323ba79675eda8a5c47Andreas Gustafsson statement in in the config file
32b61e553b8fa66762989323ba79675eda8a5c47Andreas Gustafsson
2f58a0486c42d259ea4e2583a0f6c7b6ded126c6Andreas Gustafsson -n <number_of_cpus>
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley -t <directory> Chroot to <directory> before running.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley -u <username> Run as user <username> after binding
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley to privileged ports.
5ba43259eb4775fda6d771469c3c7db04518b5deBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Use of the "-t" option while still running as "root" doesn't
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley enhance security on most systems. The way chroot() is defined
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley allows a process with root privileges to escape the chroot jail.
5ba43259eb4775fda6d771469c3c7db04518b5deBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley The "-u" option is not currently useful on Linux. Linux threads
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley are actually processes sharing a common address space. An unfortunate
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley side effect of this is that some system calls, e.g. setuid() that
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley in a typical pthreads environment would affect all threads only affect
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley the calling thread/process on Linux. The good news is that BIND 9
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley uses the Linux kernel's capability mechanism to drop all root
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley powers except the ability to bind() to a privileged port.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
2f58a0486c42d259ea4e2583a0f6c7b6ded126c6Andreas Gustafsson On systems with more than one CPU, the "-n" option should be used
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley to indicate how many CPUs there are.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob HalleyNote to Programmers
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley The APIs for the libraries in BIND 9 are not yet frozen.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley We expect the existing library interfaces in the release to be
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley quite stable, however, and unless we've specifically indicated that
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley an interface is temporary, we don't anticipate major changes in
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley future releases.