README revision 3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND version 9 is a major rewrite of nearly all aspects of the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt underlying BIND architecture. Some of the important features of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - DNS Security
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt DNSSEC (signed zones)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt TSIG (signed DNS requests)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - IP version 6
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Answers DNS queries on IPv6 sockets
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt IPv6 resource records (AAAA)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Experimental IPv6 Resolver Library
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - DNS Protocol Enhancements
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt IXFR, DDNS, Notify, EDNS0
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Improved standards conformance
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt One server process can provide multiple "views" of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt the DNS namespace, e.g. an "inside" view to certain
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt clients, and an "outside" view to others.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Multiprocessor Support
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Improved Portability Architecture
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND version 9 development has been underwritten by the following
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt organizations:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Sun Microsystems, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Hewlett Packard
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Compaq Computer Corporation
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Process Software Corporation
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Silicon Graphics, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Network Associates, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt U.S. Defense Information Systems Agency
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt USENIX Association
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Stichting NLnet - NLnet Foundation
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Nominum, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt For a summary of functional enhancements in previous
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt releases, see the HISTORY file.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt For a detailed list of user-visible changes from
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt previous releases, see the CHANGES file.
62714accee7c8d96e02f40d58751422972e2ed41Evan Hunt For up-to-date release notes and errata, see
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt releases. New features include:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - DNS Response-rate limiting (DNS RRL) blunts the impact of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt reflection and amplification attacks.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - New zone file format "map" is an image of a zone database
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt that can be loaded directly into memory, allowing much faster
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt zone loading.
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt - Substantial improvement in response-policy zone (RPZ)
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt performance. Up to 32 response-policy zones can be
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt configured with minimal performance loss.
aa4cd84a7209cbfbeade7c42d88f49e2cbb323b2Evan Hunt - New RPZ client-IP triggers and drop policies.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - ACLs can now be specified based on geographic location
f1b1a07eca32c737241911df6a925fa161ac0ba4Evan Hunt using the MaxMind GeoIP databases.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - New XML schema (version 3) for the statistics channel
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt includes many new statistics and uses a flattened XML tree
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt for faster parsing.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - A new stylesheet, based on the Google Charts API, displays
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt XML statistics in charts and graphs on javascript-enabled
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - The statistics channel can now provide data in JSON
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt format as well as XML.
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt - The internal and export versions of the BIND libraries
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt (libisc, libdns, etc) have been unified so that external
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt library clients can use the same libraries as BIND itself.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - New 'dnssec-coverage' tool to check DNSSEC key coverage
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt for a zone and report if a lapse in signing coverage has
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt been inadvertently scheduled.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Signing algorithm flexibility and other improvements
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt for the "rndc" control channel.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - 'named-checkzone' and 'named-compilezone' can now read
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt journal files, allowing them to process dynamic zones.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Multiple DLZ databases can now be configured. Individual
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt zones can be configured to be served from a specific DLZ
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt database. DLZ databases now serve zones of type "master"
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt and "redirect".
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - "rndc zonestatus" reports information about a specified zone.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - "named" now listens on IPv6 as well as IPv4 interfaces
dc3ac7e79aee3821d1877a41adcd6d6eec5a4395Evan Hunt - "named" now preserves the capitalization of names when
dc3ac7e79aee3821d1877a41adcd6d6eec5a4395Evan Hunt responding to queries.
15eb0cb8e15fc0f4f02713fd8d993476f0394763Evan Hunt - New 'named-rrchecker' tool to verify the syntactic
15eb0cb8e15fc0f4f02713fd8d993476f0394763Evan Hunt correctness of individual resource records.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - When re-signing a zone, the new "dnssec-signzone -Q" option
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt drops signatures from keys that are still published but are
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt no longer active.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt releases. New features include:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Inline signing, allowing automatic DNSSEC signing of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt master zones without modification of the zonefile, or
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "bump in the wire" signing in slaves.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - NXDOMAIN redirection.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New 'rndc flushtree' command clears all data under a given
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt name from the DNS cache.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New 'rndc sync' command dumps pending changes in a dynamic
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt zone to disk without a freeze/thaw cycle.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New 'rndc signing' command displays or clears signing status
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt records in 'auto-dnssec' zones.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - NSEC3 parameters for 'auto-dnssec' zones can now be set prior
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to signing, eliminating the need to initially sign with NSEC.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Startup time improvements on large authoritative servers.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Slave zones are now saved in raw format by default.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Several improvements to response policy zones (RPZ).
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Improved hardware scalability by using multiple threads
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to listen for queries and using finer-grained client locking
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - The 'also-notify' option now takes the same syntax as
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt 'masters', so it can used named masterlists and TSIG keys.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dnssec-signzone -D' writes an output file containing only DNSSEC
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt data, which can be included by the primary zone file.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dnssec-signzone -R' forces removal of signatures that are
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt not expired but were created by a key which no longer exists.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dnssec-signzone -X' allows a separate expiration date to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt be specified for DNSKEY signatures from other signatures.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - New '-L' option to dnssec-keygen, dnssec-settime, and
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt dnssec-keyfromlabel sets the default TTL for the key.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - dnssec-dsfromkey now supports reading from standard input,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to make it easier to convert DNSKEY to DS.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - RFC 1918 reverse zones have been added to the empty-zones
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt table per RFC 6303.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Dynamic updates can now optionally set the zone's SOA serial
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt number to the current UNIX time.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - DLZ modules can now retrieve the source IP address of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt the querying client.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'request-ixfr' option can now be set at the per-zone level.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - 'dig +rrcomments' turns on comments about DNSKEY records,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt indicating their key ID, algorithm and function
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt - Simplified nsupdate syntax and added readline support
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BIND 9 currently requires a UNIX system with an ANSI C compiler,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt basic POSIX support, and a 64 bit integer type.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt We've had successful builds and tests on the following systems:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt COMPAQ Tru64 UNIX 5.1B
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Fedora Core 6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt FreeBSD 4.10, 5.2.1, 6.2
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Mac OS X 10.5
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt NetBSD 3.x, 4.0-beta, 5.0-beta
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt OpenBSD 3.3 and up
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Solaris 8, 9, 9 (x86), 10
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Ubuntu 7.04, 7.10
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Windows XP/2003/2008
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Windows, including Windows NT and Windows 2000, are no longer
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt We have recent reports from the user community that a supported
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt version of BIND will build and run on the following systems:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt CentOS 4, 4.5, 5
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Darwin 9.0.0d1/ARM
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Debian 4, 5, 6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Fedora Core 5, 7, 8
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt FreeBSD 6, 7, 8
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt HP-UX 11.23 PA
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt MacOS X 10.5, 10.6, 10.7
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Red Hat Enterprise Linux 4, 5, 6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt SCO OpenServer 5.0.6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Slackware 9, 10
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To build, just
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Do not use a parallel "make".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Several environment variables that can be set before running
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt configure will affect compilation:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The C compiler to use. configure tries to figure
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt out the right one for supported systems.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt C compiler flags. Defaults to include -g and/or -O2
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt as supported by the compiler. Please include '-g'
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt if you need to set CFLAGS.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt STD_CINCLUDES
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt System header file directories. Can be used to specify
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt where add-on thread or IPv6 support is, for example.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Defaults to empty string.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt STD_CDEFINES
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Any additional preprocessor symbols you want defined.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Defaults to empty string.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Possible settings:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Change the default syslog facility of named/lwresd.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DISC_FACILITY=LOG_LOCAL0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Enable DNSSEC signature chasing support in dig.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DDIG_SIGCHASE_BU=1)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Disable dropping queries from particular well known ports.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DNS_CLIENT_DROPPORT=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Sibling glue checking in named-checkzone is enabled by default.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To disable the default check set. -DCHECK_SIBLING=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt named-checkzone checks out-of-zone addresses by default.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To disable this default set. -DCHECK_LOCAL=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To create the default pid files in ${localstatedir}/run rather
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt than ${localstatedir}/run/{named,lwresd}/ set.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DNS_RUN_PID_DIR=0
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Enable workaround for Solaris kernel bug about /dev/poll
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DISC_SOCKET_USE_POLLWATCH=1
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The watch timeout is also configurable, e.g.,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DISC_SOCKET_POLLWATCH_TIMEOUT=20
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Linker flags. Defaults to empty string.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The following need to be set when cross compiling.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The native C compiler.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_CFLAGS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_CPPFLAGS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Possible Settings:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_LDFLAGS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt BUILD_LIBS (optional)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt On most platforms, BIND 9 is built with multithreading
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt support, allowing it to take advantage of multiple CPUs.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt You can configure this by specifying "--enable-threads" or
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "--disable-threads" on the configure command line. The default
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt is to enable threads, except on some older operating systems
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt on which threads are known to have had problems in the past.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt (Note: Prior to BIND 9.10, the default was to disable threads on
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Linux systems; this has been reversed. On Linux systems, the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt threaded build is known to change BIND's behavior with respect
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt to file permissions; it may be necessary to specify a user with
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt the -u option when running named.)
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To build shared libraries, specify "--with-libtool" on the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt configure command line.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt For the server to support DNSSEC, you need to build it
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt with crypto support. You must have OpenSSL 0.9.5a
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt or newer installed and specify "--with-openssl" on the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt configure command line. If OpenSSL is installed under
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt a nonstandard prefix, you can tell configure where to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt look for it using "--with-openssl=/prefix".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To support the HTTP statistics channel, the server must
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt be linked with at least one of the following: libxml2
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt (http://xmlsoft.org) or json-c (https://github.com/json-c).
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If these are installed at a nonstandard prefix, use
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "--with-libxml2=/prefix" or "--with-libjson=/prefix".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt On some platforms it is necessary to explictly request large
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt file support to handle files bigger than 2GB. This can be
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt done by "--enable-largefile" on the configure command line.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Support for the "fixed" rrset-order option can be enabled
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt or disabled by specifying "--enable-fixed-rrset" or
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "--disable-fixed-rrset" on the configure command line.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The default is "disabled", to reduce memory footprint.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If your operating system has integrated support for IPv6, it
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt will be used automatically. If you have installed KAME IPv6
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt separately, use "--with-kame[=PATH]" to specify its location.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "make install" will install "named" and the various BIND 9 libraries.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt By default, installation is into /usr/local, but this can be changed
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt with the "--prefix" option when running "configure".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt You may specify the option "--sysconfdir" to set the directory
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt where configuration files like "named.conf" go by default,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt and "--localstatedir" to set the default parent directory
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt of "run/named.pid". For backwards compatibility with BIND 8,
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt --sysconfdir defaults to "/etc" and --localstatedir defaults to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "/var" if no --prefix option is given. If there is a --prefix
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt option, sysconfdir defaults to "$prefix/etc" and localstatedir
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt defaults to "$prefix/var".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To see additional configure options, run "configure --help".
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Note that the help message does not reflect the BIND 8
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt compatibility defaults for sysconfdir and localstatedir.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you're planning on making changes to the BIND 9 source, you
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt should also "make depend". If you're using Emacs, you might find
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt "make tags" helpful.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you need to re-run configure please run "make distclean" first.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt This will ensure that all the option changes take.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Building with gcc is not supported, unless gcc is the vendor's usual
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt compiler (e.g. the various BSD systems, Linux).
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Known compiler issues:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * gcc-3.3.5 powerpc generates incorrect code at -02.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt * Irix, MipsPRO 7.4.1m is known to cause problems.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt A limited test suite can be run with "make test". Many of
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt the tests require you to configure a set of virtual IP addresses
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt on your system, and some require Perl; see bin/tests/system/README
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt for details.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt SunOS 4 requires "printf" to be installed to make the shared
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt libraries. sh-utils-1.16 provides a "printf" which compiles
c5e2e93f62e83ff6e3d85ea05ab5a9f468300a32Mark AndrewsKnown limitations
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Linux requires kernel build 2.6.39 or later to get the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt performance benefits from using multiple sockets.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt The BIND 9 Administrator Reference Manual is included with the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt source distribution in DocBook XML and HTML format, in the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Some of the programs in the BIND 9 distribution have man pages
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in their directories. In particular, the command line
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt options of "named" are documented in /bin/named/named.8.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt There is now also a set of man pages for the lwres library.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you are upgrading from BIND 8, please read the migration
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt notes in doc/misc/migration. If you are upgrading from
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Frequently asked questions and their answers can be found in
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Additional information on various subjects can be found
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in the other README files.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt A detailed list of all changes to BIND 9 is included in the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt file CHANGES, with the most recent changes listed first.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Change notes include tags indicating the category of the
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt change that was made; these categories are:
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [func] New feature
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [bug] General bug fix
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [security] Fix for a significant security flaw
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [experimental] Used for new features when the syntax
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt or other aspects of the design are still
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in flux and may change
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [port] Portability enhancement
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [maint] Updates to built-in data such as root
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt server addresses and keys
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [tuning] Changes to built-in configuration defaults
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt and constants to improve performanceo
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [protocol] Updates to the DNS protocol such as new
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [test] Changes to the automatic tests, not
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt affecting server functionality
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [cleanup] Minor corrections and refactoring
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt [doc] Documentation
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt In general, [func] and [experimental] tags will only appear
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt in new-feature releases (i.e., those with version numbers
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt ending in zero). Some new functionality may be backported to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt older releases on a case-by-case basis. All other change
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt types may be applied to all currently-supported releases.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas GustafssonBug Reports and Mailing Lists
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Bugs reports should be sent to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt bind9-bugs@isc.org
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt To join the BIND Users mailing list, send mail to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt bind-users-request@isc.org
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt archives of which can be found via
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt If you're planning on making changes to the BIND 9 source
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt code, you might want to join the BIND Workers mailing list.
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt Send mail to
3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9Evan Hunt bind-workers-request@isc.org