README revision 40f53fa8d9c6a4fc38c0014495e7a42b08f52481
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 is a major rewrite of nearly all aspects of the
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley underlying BIND architecture. This re-architecting of BIND was
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley necessitated by the expected demands of:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Domain name system growth, particularly in very large
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley zones such as .COM
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Protocol enhancements necessary to securely query and
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley update zones
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Protocol enhancements necessary to take advantage of
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley certain architectural features of IP version 6
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley These demands implied performance requirements that were not
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley necessarily easy to attain with the BIND version 8
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley architecture. In particular, BIND must not only be able to
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley run on multi-processor multi-threaded systems, but must take
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley full advantage of the performance enhancements these
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley architectures can provide. In addition, the underlying data
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley storage architecture of BIND version 8 does not lend itself to
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley implementing alternative back end databases, such as would be
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley desirable for the support of multi-gigabyte zones. As such
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley zones are easily foreseeable in the relatively near future,
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley the data storage architecture needed revision. The feature
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley requirements for BIND version 9 included:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Scalability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Thread safety
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Multi-processor scalability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for very large zones
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for DNSSEC
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for TSIG
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Auditability (code and operation)
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Firewall support (split DNS)
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Portability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Maintainability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Protocol Enhancements
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley IXFR, DDNS, Notify, EDNS0
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Improved standards conformance
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Operational enhancements
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley High availability and reliability
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Support for alternative back end databases
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - IP version 6 support
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley IPv6 resource records (A6, DNAME, etc.)
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Bitstring labels
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley organizations:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Sun Microsystems, Inc.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Hewlett Packard
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Compaq Computer Corporation
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Process Software Corporation
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Silicon Graphics, Inc.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Network Associates, Inc.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley U.S. Defense Information Systems Agency
70680fa51b0147c726b939b72b2420249429756aBob Halley USENIX Association
70680fa51b0147c726b939b72b2420249429756aBob Halley Stichting NLnet - NLnet Foundation
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley This is an unreleased alpha version of BIND 9.1.0.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley For a detailed list of user-visible changes from
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley previous releases, see the CHANGES file.
52966d52c3e8b05bd9064294e2c37952fdc17ec0Bob Halley BIND 9 currently requires a UNIX system with an ANSI C compiler,
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley basic POSIX support, and a good pthreads implementation.
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley We've had successful builds and tests on the following systems:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley COMPAQ Tru64 UNIX 4.0D
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley FreeBSD 3.4-STABLE
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley NetBSD-current (with "unproven" pthreads)
3a481d0d4a73e3baec3da25ca0f9d079fd74076fBob Halley Red Hat Linux 6.0, 6.1, 6.2
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley Solaris 2.6, 7, 8 (beta)
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley To build, just
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Several environment variables that can be set before running
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley configure will affect compilation:
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley The C compiler to use. configure tries to figure
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley out the right one for supported systems.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley C compiler flags. Defaults to include -g and/or -O2
3a481d0d4a73e3baec3da25ca0f9d079fd74076fBob Halley as supported by the compiler.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley STD_CINCLUDES
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley System header file directories. Can be used to specify
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley where add-on thread or IPv6 support is, for example.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley Defaults to empty string.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley STD_CDEFINES
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Any additional preprocessor symbols you want defined.
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Defaults to empty string.
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley To build shared libraries, specify "--with-libtool" on the
32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halley configure command line.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley If your operating system has integrated support for IPv6, it
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley will be used automatically. If you have installed KAME IPv6
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley separately, use "--with-kame[=PATH]" to specify its location.
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley To see additional configure options, run "configure --help".
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "make install" will install "named" and the various BIND 9 libraries.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley By default, installation is into /usr/local, but this can be changed
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley with the "--prefix" option when running "configure".
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley If you're planning on making changes to the BIND 9 source, you
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley should also "make depend". If you're using Emacs, you might find
09dfc8c60ef885ea9ce05882e98537e5686a7b4bBob Halley "make tags" helpful.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Building with gcc is not supported, unless gcc is the vendor's usual
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley compiler (e.g. the various BSD systems, Linux).
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Parts of the library can be tested by running "make test" from the
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bin/tests subdirectory.
b70fc17acec2c036bb35a937ba00fbcf10848859David LawrenceBug Reports and Mailing Lists
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence Bugs reports should be sent to
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence bind9-bugs@isc.org
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence To join the BIND 9 Users mailing list, send mail to
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence bind9-users-request@isc.org
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence If you're planning on making changes to the BIND 9 source
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence code, you might want to join the BIND 9 Workers mailing list.
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence bind9-workers-request@isc.org
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence"named" command line options
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence -c <config_file>
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson -d <debug_level>
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson -f Run in the foreground.
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson -g Run in the foreground and log
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson to stderr, ignoring any "logging"
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson statement in in the config file.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley -n <number_of_cpus>
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley -t <directory> Chroot to <directory> before running.
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley -u <username> Run as user <username> after binding
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley to privileged ports.
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley Use of the "-t" option while still running as "root" doesn't
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley enhance security on most systems. The way chroot() is defined
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley allows a process with root privileges to escape the chroot jail.
fe82c227f69c4a95d9db2f64f07e55daaf9499e6Bob Halley The "-u" option is not currently useful on Linux kernels older
9e87fd676ee62e6e11d29611731b80839fc305b3David Lawrence than 2.3.99-pre3. Linux threads are actually processes sharing a
9e87fd676ee62e6e11d29611731b80839fc305b3David Lawrence common address space. An unfortunate side effect of this is that
9e87fd676ee62e6e11d29611731b80839fc305b3David Lawrence some system calls, e.g. setuid() that in a typical pthreads
9e87fd676ee62e6e11d29611731b80839fc305b3David Lawrence environment would affect all threads only affect the calling
9e87fd676ee62e6e11d29611731b80839fc305b3David Lawrence thread/process on Linux. The good news is that BIND 9 uses the
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Linux kernel's capability mechanism to drop all root powers except
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley the ability to bind() to a privileged port. 2.3.99-pre3 and later
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley kernels allow a process to say that its capabilities should be
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley retained after setuid(). If BIND 9 is compiled with 2.3.99-pre3 or
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley later kernel .h files, the "-u" option will cause the server to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley run with the specified user id, but it will retain the capability
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley to bind() to privileged ports.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley On systems with more than one CPU, the "-n" option should be used
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley to indicate how many CPUs there are. If the "-n" option is not
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley provided, named will attempt to determine the number of available
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley CPUs and use all of them.