README revision 35726c47452007a538c2a9215b5f24b0317d9f91
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 is a major rewrite of nearly all aspects of the
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson underlying BIND architecture. Some of the important features of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Security
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson DNSSEC (signed zones)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson TSIG (signed DNS requests)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - IP version 6
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Answers DNS queries on IPv6 sockets
fd9b6f253eac9dae2e1ad19d49aaa922d5d4f274Mark Andrews IPv6 resource records (AAAA)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Experimental IPv6 Resolver Library
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Protocol Enhancements
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IXFR, DDNS, Notify, EDNS0
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Improved standards conformance
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson One server process can provide multiple "views" of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson the DNS namespace, e.g. an "inside" view to certain
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson clients, and an "outside" view to others.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Multiprocessor Support
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Improved Portability Architecture
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley organizations:
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Sun Microsystems, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Hewlett Packard
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Compaq Computer Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Process Software Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Silicon Graphics, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Network Associates, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson U.S. Defense Information Systems Agency
70680fa51b0147c726b939b72b2420249429756aBob Halley USENIX Association
70680fa51b0147c726b939b72b2420249429756aBob Halley Stichting NLnet - NLnet Foundation
276a77c22af98c78403883b16a82646a0d5b29abPaul Vixie Nominum, Inc.
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt BIND 9.6.0 includes a number of changes from BIND 9.5 and earlier
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt releases, including:
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt Full NSEC3 support
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt Automatic zone re-signing
bcfb2cead57dcc6b678abbf0161c1cab989d6de1Mark Andrews New update-policy methods tcp-self and 6to4-self
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt The BIND 8 resolver library, libbind, has been removed from the
6cdaeb94d4d12b72b919f3c7099f7c47c172b59bEvan Hunt BIND 9 distribution and is now available as a separate download.
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews Change the default pid file location from /var/run to
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews /var/run/{named,lwresd} for improved chroot/setuid support.
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews BIND 9.5.0 has a number of new features over 9.4,
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews GSS-TSIG support (RFC 3645).
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews DHCID support.
5a8bebe00df211d4fdac3edc36cf35e1d5af42e0Mark Andrews Experimental http server and statistics support for named via xml.
2fff8b8280779a25fbdb891b2d3d9b435d2084f0Tatuya JINMEI 神明達哉 More detailed statistics counters including those supported in BIND 8.
19bcb91965916ed8f0a47da2284ddaecce70bc69Evan Hunt Faster ACL processing.
9c114f36dab6bc6fc024b46680cfdd246efc880cEvan Hunt Use Doxygen to generate internal documentation.
ffc65cc90db78a67171e3d91f63f2e92d09d2d38Evan Hunt Efficient LRU cache-cleaning mechanism.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt NSID support.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews BIND 9.4.0 has a number of new features over 9.3,
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Implemented "additional section caching (or acache)", an
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews internal cache framework for additional section content to
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews improve response performance. Several configuration options
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews were provided to control the behavior.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New notify type 'master-only'. Enable notify for master
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Accept 'notify-source' style syntax for query-source.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews rndc now allows addresses to be set in the server clauses.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New option "allow-query-cache". This lets allow-query be
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews used to specify the default zone access level rather than
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews having to have every zone override the global value.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews allow-query-cache can be set at both the options and view
9ab3b369d941e5b97fd6694ca3f3aedf5c7f3a7bMark Andrews levels. If allow-query-cache is not set then allow-recursion
9ab3b369d941e5b97fd6694ca3f3aedf5c7f3a7bMark Andrews is used if set, otherwise allow-query is used if set, otherwise
9ab3b369d941e5b97fd6694ca3f3aedf5c7f3a7bMark Andrews the default (localhost; localnets;) is used.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews rndc: the source address can now be specified.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews ixfr-from-differences now takes master and slave in addition
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews to yes and no at the options and view levels.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Allow the journal's name to be changed via named.conf.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews 'rndc notify zone [class [view]]' resend the NOTIFY messages
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews for the specified zone.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews 'dig +trace' now randomly selects the next servers to try.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Report if there is a bad delegation.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Improve check-names error messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Make public the function to read a key file, dst_key_read_public().
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now returns the byte count for axfr/ixfr.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews allow-update is now settable at the options / view level.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now checks the logging configuration.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews host now can turn on memory debugging flags with '-m'.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Don't send notify messages to self.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Perform sanity checks on NS records which refer to 'in zone' names.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New zone option "notify-delay". Specify a minimum delay
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews between sets of NOTIFY messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Extend adjusting TTL warning messages.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Named and named-checkzone can now both check for non-terminal
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews wildcard records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews "rndc freeze/thaw" now freezes/thaws all zones.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now check acls to verify that they only
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews refer to existing acls.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews The server syntax has been extended to support a range of
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Report differences between hints and real NS rrset and
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews associated address records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Preserve the case of domain names in rdata during zone
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Restructured the data locking framework using architecture
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dependent atomic operations (when available), improving
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews response performance on multi-processor machines significantly.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews x86, x86_64, alpha, powerpc, and mips are currently supported.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews UNIX domain controls are now supported.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add support for additional zone file formats for improving
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews loading performance. The masterfile-format option in
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named.conf can be used to specify a non-default format. A
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews separate command named-compilezone was provided to generate
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews zone files in the new format. Additionally, the -I and -O
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews options for dnssec-signzone specify the input and output
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dnssec-signzone can now randomize signature end times
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews (dnssec-signzone -j jitter).
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add support for CH A record.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Add additional zone data constancy checks. named-checkzone
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews has extended checking of NS, MX and SRV record and the hosts
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews they reference. named has extended post zone load checks.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New zone options: check-mx and integrity-check.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews edns-udp-size can now be overridden on a per server basis.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig can now specify the EDNS version when making a query.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Added framework for handling multiple EDNS versions.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Additional memory debugging support to track size and mctx
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Detect duplicates of UDP queries we are recursing on and
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews drop them. New stats category "duplicates".
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews "USE INTERNAL MALLOC" is now runtime selectable.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews The lame cache is now done on a <qname,qclass,qtype> basis
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews as some servers only appear to be lame for certain query
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Limit the number of recursive clients that can be waiting
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews for a single query (<qname,qtype,qclass>) to resolve. New
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews options clients-per-query and max-clients-per-query.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig: report the number of extra bytes still left in the
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews packet after processing all the records.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Support for IPSECKEY rdata type.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Raise the UDP recieve buffer size to 32k if it is less than 32k.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews x86 and x86_64 now have seperate atomic locking implementations.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews named-checkconf now validates update-policy entries.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Attempt to make the amount of work performed in a iteration
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews self tuning. The covers nodes clean from the cache per
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews iteration, nodes written to disk when rewriting a master
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews file and nodes destroyed per iteration when destroying a
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews zone or a cache.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews ISC string copy API.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Automatic empty zone creation for D.F.IP6.ARPA and friends.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Note: RFC 1918 zones are not yet covered by this but are
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews likely to be in a future release.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews New options: empty-server, empty-contact, empty-zones-enable
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews and disable-empty-zone.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now has a '-q queryname' and '+showsearch' options.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews host/nslookup now continue (default)/fail on SERVFAIL.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews dig now warns if 'RA' is not set in the answer when 'RD'
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews was set in the query. host/nslookup skip servers that fail
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews to set 'RA' when 'RD' is set unless a server is explicitly
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Integrate contibuted DLZ code into named.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews Integrate contibuted IDN code from JPNIC.
309a3b5808b3e7666d219665c28768e5c0997f14Mark Andrews libbind: corresponds to that from BIND 8.4.7.
c45ca0b839adc61c7902aad0969de36921b292b0Mark Andrews BIND 9.3.0 has a number of new features over 9.2,
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews DNSSEC is now DS based (RFC 3658).
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews DNSSEC lookaside validation.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews check-names is now implemented.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews rrset-order in more complete.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews IPv4/IPv6 transition support, dual-stack-servers.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews IXFR deltas can now be generated when loading master files,
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews ixfr-from-differences.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews It is now possible to specify the size of a journal, max-journal-size.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews It is now possible to define a named set of master servers to be
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews used in masters clause, masters.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews The advertised EDNS UDP size can now be set, edns-udp-size.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews allow-v6-synthesis has been obsoleted.
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews * Zones containing MD and MF will now be rejected.
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews * dig, nslookup name. now report "Not Implemented" as
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews NOTIMP rather than NOTIMPL. This will have impact on scripts
c3e0aed7da9ca312a3b25a4eee13573dca04c318Mark Andrews that are looking for NOTIMPL.
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews libbind: corresponds to that from BIND 8.4.5.
1c9afb96b58f450f8861007e5135dee1447e680fAndreas Gustafsson BIND 9.2.0 has a number of new features over 9.1,
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The size of the cache can now be limited using the
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson "max-cache-size" option.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The server can now automatically convert RFC1886-style
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson recursive lookup requests into RFC2874-style lookups,
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson when enabled using the new option "allow-v6-synthesis".
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson This allows stub resolvers that support AAAA records
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson but not A6 record chains or binary labels to perform
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson lookups in domains that make use of these IPv6 DNS
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - Performance has been improved.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson - The man pages now use the more portable "man" macros
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson rather than the "mandoc" macros, and are installed
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson by "make install".
8a01f10278e0c794fe1d488bab2f97185f272e26Andreas Gustafsson - The named.conf parser has been completely rewritten.
8a01f10278e0c794fe1d488bab2f97185f272e26Andreas Gustafsson It now supports "include" directives in more
b587e1d83f007ce68a9ae93097c461d8eb7aa373Mark Andrews places such as inside "view" statements, and it no
8a01f10278e0c794fe1d488bab2f97185f272e26Andreas Gustafsson longer has any reserved words.
18b393da86f452303036b5fe6feb6c1e5f6b2c02Andreas Gustafsson - The "rndc status" command is now implemented.
81fb2f5544552e67d7be673e353e399789e203e7Brian Wellington - rndc can now be configured automatically.
00205e27e84603f75eed46268a5100e86883f06bAndreas Gustafsson - A BIND 8 compatible stub resolver library is now
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson - OpenSSL has been removed from the distribution. This
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson means that to use DNSSEC, OpenSSL must be installed and
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson the --with-openssl option must be supplied to configure.
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson This does not apply to the use of TSIG, which does not
317ebe84d581e59f5cb63bc6c1556a479bbb179aAndreas Gustafsson require OpenSSL.
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt - The source distribution now builds on Windows.
cca68b1ff68cd4342705b71015f603c7389d040cAndreas Gustafsson See win32utils/readme1.txt and win32utils/win32-build.txt
ecbfd32d3710d539f19a9323f16cf43a095580bdAndreas Gustafsson This distribution also includes a new lightweight stub
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson resolver library and associated resolver daemon that fully
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson support forward and reverse lookups of both IPv4 and IPv6
ecbfd32d3710d539f19a9323f16cf43a095580bdAndreas Gustafsson addresses. This library is considered experimental and
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson is not a complete replacement for the BIND 8 resolver library.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson Applications that use the BIND 8 res_* functions to perform
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson DNS lookups or dynamic updates still need to be linked against
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson the BIND 8 libraries. For DNS lookups, they can also use the
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson new "getrrsetbyname()" API.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson BIND 9.2 is capable of acting as an authoritative server
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson for DNSSEC secured zones. This functionality is believed to
c54c1eaf26d5a7fc123c4af3712353156a766df1Mark Andrews be stable and complete except for lacking support for
c54c1eaf26d5a7fc123c4af3712353156a766df1Mark Andrews verifications involving wildcard records in secure zones.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson When acting as a caching server, BIND 9.2 can be configured
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson to perform DNSSEC secure resolution on behalf of its clients.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson This part of the DNSSEC implementation is still considered
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson experimental. For detailed information about the state of the
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson DNSSEC implementation, see the file doc/misc/dnssec.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson There are a few known bugs:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson On some systems, IPv6 and IPv4 sockets interact in
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson unexpected ways. For details, see doc/misc/ipv6.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson To reduce the impact of these problems, the server
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson no longer listens for requests on IPv6 addresses
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson by default. If you need to accept DNS queries over
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson IPv6, you must specify "listen-on-v6 { any; };"
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson in the named.conf options statement.
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington FreeBSD prior to 4.2 (and 4.2 if running as non-root)
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington and OpenBSD prior to 2.8 log messages like
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington This is due to a bug in "/dev/random" and impacts the
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington server's DNSSEC support.
3e480b2f811fb4898af49983abf43f0894bb29e5Mark Andrews OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
3e480b2f811fb4898af49983abf43f0894bb29e5Mark Andrews OS X 10.2 (Darwin 6.0) reports errors like
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews "fcntl(3, F_SETFL, 4): Operation not supported by device".
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews This is due to a bug in "/dev/random" and impacts the
dc95bcfa9c8437045df06b94e892a329e615bb16Mark Andrews server's DNSSEC support.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson --with-libtool does not work on AIX.
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt A bug in some versions of the Microsoft DNS server can cause zone
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt transfers from a BIND 9 server to a W2K server to fail. For details,
0ec9b06f0bd6cc3ce327a3c70db53672957fa372Andreas Gustafsson see the "Zone Transfers" section in doc/misc/migration.
e5256e34b4a26a26088b2dc5ca621b42c0750256Andreas Gustafsson For a detailed list of user-visible changes from
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence previous releases, see the CHANGES file.
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley BIND 9 currently requires a UNIX system with an ANSI C compiler,
76860484adfbadeecfeb3a7132ede916ee2102ffBrian Wellington basic POSIX support, and a 64 bit integer type.
501da430e2f16f496f8e8d1b57ab77f78428c682David Lawrence We've had successful builds and tests on the following systems:
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews COMPAQ Tru64 UNIX 5.1B
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Fedora Core 6
65085946d4f92481699678e276e3ced04bcfdafbMark Andrews FreeBSD 4.10, 5.2.1, 6.2
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Mac OS X 10.5
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey NetBSD 3.x and 4.0-beta
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey OpenBSD 3.3 and up
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Solaris 8, 9, 9 (x86), 10
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Ubuntu 7.04, 7.10
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt Windows XP/2003/2008
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt Windows, including Windows NT and Windows 2000, are no longer
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey We have recent reports from the user community that a supported
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey version of BIND will build and run on the following systems:
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey CentOS 4, 4.5, 5
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Darwin 9.0.0d1/ARM
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Fedora Core 5, 7
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey HP-UX 11.23 PA
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey MacOS X 10.4, 10.5
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Red Hat Enterprise Linux 4, 5
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey SCO OpenServer 5.0.6
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Slackware 9, 10
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To build, just
8eb5937a7e4cb8b5d7fcc1be17d34fdd014bbbb1Andreas Gustafsson Do not use a parallel "make".
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Several environment variables that can be set before running
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson configure will affect compilation:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson The C compiler to use. configure tries to figure
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson out the right one for supported systems.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson C compiler flags. Defaults to include -g and/or -O2
ff69418be422164cad3be4a14a7ca56e668251edMark Andrews as supported by the compiler.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson System header file directories. Can be used to specify
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson where add-on thread or IPv6 support is, for example.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Defaults to empty string.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Any additional preprocessor symbols you want defined.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Defaults to empty string.
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews Possible settings:
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews Change the default syslog facility of named/lwresd.
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews -DISC_FACILITY=LOG_LOCAL0
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews Enable DNSSEC signature chasing support in dig.
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews -DDIG_SIGCHASE_BU=1)
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews Disable dropping queries from particular well known ports.
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews -DNS_CLIENT_DROPPORT=0
831fb092e870ed921d0d6fd67b551d9d03857a55Mark Andrews Sibling glue checking in named-checkzone is enabled by default.
831fb092e870ed921d0d6fd67b551d9d03857a55Mark Andrews To disable the default check set. -DCHECK_SIBLING=0
831fb092e870ed921d0d6fd67b551d9d03857a55Mark Andrews named-checkzone checks out-of-zone addresses by default.
831fb092e870ed921d0d6fd67b551d9d03857a55Mark Andrews To disable this default set. -DCHECK_LOCAL=0
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews To create the default pid files in ${localstatedir}/run rather
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews than ${localstatedir}/run/{named,lwresd}/ set.
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews -DNS_RUN_PID_DIR=0
35726c47452007a538c2a9215b5f24b0317d9f91Tatuya JINMEI 神明達哉 Enable workaround for Solaris kernel bug about /dev/poll
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉 -DISC_SOCKET_USE_POLLWATCH=1
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉 The watch timeout is also configurable, e.g.,
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉 -DISC_SOCKET_POLLWATCH_TIMEOUT=20
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews Linker flags. Defaults to empty string.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews The following need to be set when cross compiling.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews The native C compiler.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_CFLAGS (optional)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_CPPFLAGS (optional)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews Possible Settings:
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_LDFLAGS (optional)
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews BUILD_LIBS (optional)
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson To build shared libraries, specify "--with-libtool" on the
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson configure command line.
29c9e88c6ce6c88d9a3e3a9629dbb0df29168ebfAndreas Gustafsson For the server to support DNSSEC, you need to build it
29c9e88c6ce6c88d9a3e3a9629dbb0df29168ebfAndreas Gustafsson with crypto support. You must have OpenSSL 0.9.5a
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson or newer installed and specify "--with-openssl" on the
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson configure command line. If OpenSSL is installed under
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson a nonstandard prefix, you can tell configure where to
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson look for it using "--with-openssl=/prefix".
e2a24b6e79572bd578d67b976208e19caf62e0f7Mark Andrews On some platforms it is necessary to explictly request large
e2a24b6e79572bd578d67b976208e19caf62e0f7Mark Andrews file support to handle files bigger than 2GB. This can be
e2a24b6e79572bd578d67b976208e19caf62e0f7Mark Andrews done by "--enable-largefile" on the configure command line.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson On some platforms, BIND 9 can be built with multithreading
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson support, allowing it to take advantage of multiple CPUs.
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson You can specify whether to build a multithreaded BIND 9
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson by specifying "--enable-threads" or "--disable-threads"
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson on the configure command line. The default is operating
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson system dependent.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt Support for the "fixed" rrset-order option can be enabled
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt or disabled by specifying "--enable-fixed-rrset" or
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt "--disable-fixed-rrset" on the configure command line.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt The default is "disabled", to reduce memory footprint.
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson If your operating system has integrated support for IPv6, it
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson will be used automatically. If you have installed KAME IPv6
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson separately, use "--with-kame[=PATH]" to specify its location.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "make install" will install "named" and the various BIND 9 libraries.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley By default, installation is into /usr/local, but this can be changed
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley with the "--prefix" option when running "configure".
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson You may specify the option "--sysconfdir" to set the directory
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson where configuration files like "named.conf" go by default,
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson and "--localstatedir" to set the default parent directory
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson of "run/named.pid". For backwards compatibility with BIND 8,
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson --sysconfdir defaults to "/etc" and --localstatedir defaults to
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson "/var" if no --prefix option is given. If there is a --prefix
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson option, sysconfdir defaults to "$prefix/etc" and localstatedir
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson defaults to "$prefix/var".
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson To see additional configure options, run "configure --help".
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson Note that the help message does not reflect the BIND 8
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson compatibility defaults for sysconfdir and localstatedir.
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley If you're planning on making changes to the BIND 9 source, you
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley should also "make depend". If you're using Emacs, you might find
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley "make tags" helpful.
b3ebf6f2756b0f4061fdf84c098bad175ea3ab65Mark Andrews If you need to re-run configure please run "make distclean" first.
b3ebf6f2756b0f4061fdf84c098bad175ea3ab65Mark Andrews This will ensure that all the option changes take.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Building with gcc is not supported, unless gcc is the vendor's usual
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley compiler (e.g. the various BSD systems, Linux).
260be76e8e176872d61949a5eaa1e98cafe33a88Mark Andrews Known compiler issues:
ff69418be422164cad3be4a14a7ca56e668251edMark Andrews * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
4d1ade93431ef24931fcbd2ad4e27de2c4f94876Mark Andrews * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
cc4eef2a533c338310738f57898845784ce48433Mark Andrews * gcc-3.3.5 powerpc generates incorrect code at -02.
673b53417fa1f9d2ab3e0c575baff605d202a489Mark Andrews * Irix, MipsPRO 7.4.1m is known to cause problems.
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson A limited test suite can be run with "make test". Many of
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson the tests require you to configure a set of virtual IP addresses
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson on your system, and some require Perl; see bin/tests/system/README
0f3264c8d1b66de8dedd137d53615b8a8556adfaMark Andrews SunOS 4 requires "printf" to be installed to make the shared
0f3264c8d1b66de8dedd137d53615b8a8556adfaMark Andrews libraries. sh-utils-1.16 provides a "printf" which compiles
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson The BIND 9 Administrator Reference Manual is included with the
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson source distribution in DocBook XML and HTML format, in the
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson Some of the programs in the BIND 9 distribution have man pages
ff1e17749c7bf976f7127467c1816abeb3f4b998Brian Wellington in their directories. In particular, the command line
ff1e17749c7bf976f7127467c1816abeb3f4b998Brian Wellington options of "named" are documented in /bin/named/named.8.
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson There is now also a set of man pages for the lwres library.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson If you are upgrading from BIND 8, please read the migration
672a41b5fef7722803645c1f0ca132972f0f940aAndreas Gustafsson notes in doc/misc/migration. If you are upgrading from
268755d80313f3c4fab6ffc7e70099310873233eAndreas Gustafsson Frequently asked questions and their answers can be found in
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas GustafssonBug Reports and Mailing Lists
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Bugs reports should be sent to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bind9-bugs@isc.org
8d0d941054982cff5235a9033040ac35c3f06a50Mark Andrews To join the BIND Users mailing list, send mail to
8d0d941054982cff5235a9033040ac35c3f06a50Mark Andrews bind-users-request@isc.org
469a5f80aebc46e720b073e3a2cceb70709797b6Mark Andrews archives of which can be found via
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley If you're planning on making changes to the BIND 9 source
614a25ce3c57c34c3020c247b3234c593bfb208cMark Andrews code, you might want to join the BIND Workers mailing list.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Send mail to
614a25ce3c57c34c3020c247b3234c593bfb208cMark Andrews bind-workers-request@isc.org