README revision 5d7c50da51174c01291712e4c2a08fce7e6e8883
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley BIND version 9 is a major rewrite of nearly all aspects of the
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley underlying BIND architecture. Some of the important features of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Security
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson DNSSEC (signed zones)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson TSIG (signed DNS requests)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - IP version 6
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Answers DNS queries on IPv6 sockets
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IPv6 resource records (A6, DNAME, etc.)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Bitstring Labels
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Experimental IPv6 Resolver Library
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Protocol Enhancements
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IXFR, DDNS, Notify, EDNS0
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Improved standards conformance
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson One server process can provide multiple "views" of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson the DNS namespace, e.g. an "inside" view to certain
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson clients, and an "outside" view to others.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Multiprocessor Support
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Improved Portability Architecture
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley organizations:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Sun Microsystems, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Hewlett Packard
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Compaq Computer Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Process Software Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Silicon Graphics, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Network Associates, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson U.S. Defense Information Systems Agency
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson USENIX Association
70680fa51b0147c726b939b72b2420249429756aBob Halley Stichting NLnet - NLnet Foundation
70680fa51b0147c726b939b72b2420249429756aBob Halley Nominum, Inc.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson BIND 9.2.0rc1 is a release candidate for BIND 9.2.0.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson BIND 9.2.0 has a number of new features over 9.1,
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The size of the cache can now be limited using the
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson "max-cache-size" option.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The server can now automatically convert RFC1886-style
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson recursive lookup requests into RFC2874-style lookups,
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson when enabled using the new option "allow-v6-synthesis".
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson This allows stub resolvers that support AAAA records
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson but not A6 record chains or binary labels to perform
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson lookups in domains that make use of these IPv6 DNS
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - Performance has been improved.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The man pages now use the more portable "man" macros
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson rather than the "mandoc" macros, and are installed
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson by "make install".
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The named.conf parser has been completely rewritten.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson It now supports "include" directives in more
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson places such as inside "view" statememnts, and it no
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson longer has any reserved words.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The "rndc status" command is now implemented.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - rndc can now be configured automatically.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - A BIND 8 compatible stub resolver library is now
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - OpenSSL has been removed from the distribution. This
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson means that to use DNSSEC, OpenSSL must be installed and
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson the --with-openssl option must be supplied to configure.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson This does not apply to the use of TSIG, which does not
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson require OpenSSL.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - The source distribution now builds on Windows NT/2000.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson See win32utils/readme1.txt and win32utils/win32-build.txt
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson This distribution also includes a new lightweight stub
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson resolver library and associated resolver daemon that fully
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson support forward and reverse lookups of both IPv4 and IPv6
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson addresses. This library is considered experimental and
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson is not a complete replacement for the BIND 8 resolver library.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Applications that use the BIND 8 res_* functions to perform
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson DNS lookups or dynamic updates still need to be linked against
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson the BIND 8 libraries. For DNS lookups, they can also use the
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson new "getrrsetbyname()" API.
8cc03bfc0c9eaee8c186843fef75c58093616d04Mark Andrews BIND 9.2 is capable of acting as an authoritative server
8cc03bfc0c9eaee8c186843fef75c58093616d04Mark Andrews for DNSSEC secured zones. This functionality is believed to
7c956aeeeb8da3fd3912b1fb8024ff274e3b07ebAndreas Gustafsson be stable and complete except for lacking support for wildcard
8cc03bfc0c9eaee8c186843fef75c58093616d04Mark Andrews records in secure zones.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson When acting as a caching server, BIND 9.2 can be configured
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley to perform DNSSEC secure resolution on behalf of its clients.
e5256e34b4a26a26088b2dc5ca621b42c0750256Andreas Gustafsson This part of the DNSSEC implementation is still considered
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence experimental. For detailed information about the state of the
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley DNSSEC implementation, see the file doc/misc/dnssec.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley There are a few known bugs:
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley On some systems, IPv6 and IPv4 sockets interact in
76860484adfbadeecfeb3a7132ede916ee2102ffBrian Wellington unexpected ways. For details, see doc/misc/ipv6.
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley To reduce the impact of these problems, the server
501da430e2f16f496f8e8d1b57ab77f78428c682David Lawrence no longer listens for requests on IPv6 addresses
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley by default. If you need to accept DNS queries over
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley IPv6, you must specify "listen-on-v6 { any; };"
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley in the named.conf options statement.
2ecf7f63a01ca8a96d76f7d2d4de0fa37f3e3fabOlafur Gudmundsson FreeBSD prior to 4.2 (and 4.2 if running as non-root)
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley and OpenBSD prior to 2.8 log messages like
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
557ab3bef6dbb33623f6ff26e9bbb0566b27d9bfAndreas Gustafsson This is due to a bug in "/dev/random" and impacts the
b3d8bec59201fd0edbe38f909bda5014d7776b89Brian Wellington server's DNSSEC support.
d80ccd47ad4b526f82590b6c182b4dd80006712eAndreas Gustafsson --with-libtool does not work on AIX.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson A bug in the Windows 2000 DNS server can cause zone transfers
a0cad57966364095e4367f568389a8bd84afb2afAndreas Gustafsson from a BIND 9 server to a W2K server to fail. For details,
a0cad57966364095e4367f568389a8bd84afb2afAndreas Gustafsson see the "Zone Transfers" section in doc/misc/migration.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson For a detailed list of user-visible changes from
e544b507b8019a62c5d2716281f6832519a8791dDavid Lawrence previous releases, see the CHANGES file.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley BIND 9 currently requires a UNIX system with an ANSI C compiler,
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley basic POSIX support, and a 64 bit integer type.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson We've had successful builds and tests on the following systems:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson COMPAQ Tru64 UNIX 4.0D
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence Red Hat Linux 6.0, 6.1, 6.2, 7.0
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Solaris 2.6, 7, 8
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Additionally, we have unverified reports of success building
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence previous versions of BIND 9 from users of the following systems:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson SuSE Linux 7.0
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence Slackware Linux 7.x, 8.0
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Red Hat Linux 7.1
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson Debian GNU/Linux 2.2 and 3.0
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson OpenBSD 2.6, 2.8, 2.9
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson UnixWare 7.1.1
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson To build, just
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Do not use a parallel "make".
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Several environment variables that can be set before running
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley configure will affect compilation:
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley The C compiler to use. configure tries to figure
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley out the right one for supported systems.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley C compiler flags. Defaults to include -g and/or -O2
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson as supported by the compiler.
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson System header file directories. Can be used to specify
9b19b39170eaf78ae1baf39acca0be462c2faa4cAndreas Gustafsson where add-on thread or IPv6 support is, for example.
3637ad3b4e59fc92d3c68b5eabc479bb0ebd570eAndreas Gustafsson Defaults to empty string.
3637ad3b4e59fc92d3c68b5eabc479bb0ebd570eAndreas Gustafsson Any additional preprocessor symbols you want defined.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Defaults to empty string.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson Possible settings:
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson Change the default syslog facility of named/lwresd.
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson e.g. -DISC_FACILITY=LOG_LOCAL0
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson To build shared libraries, specify "--with-libtool" on the
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson configure command line.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson For the server to support DNSSEC, you need to build it
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson with crypto support. You must have OpenSSL 0.9.5a
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson or newer installed and specify "--with-openssl" on the
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson configure command line. If OpenSSL is installed under
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson a nonstandard prefix, you can tell configure where to
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson look for it using "--with-openssl=/prefix".
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson To build libbind (the BIND 8 resolver library), specify
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "--enable-libbind" on the configure command line.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson On some platforms, BIND 9 can be built with multithreading
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley support, allowing it to take advantage of multiple CPUs.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley You can specify whether to build a multithreaded BIND 9
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley by specifying "--enable-threads" or "--disable-threads"
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley on the configure command line. The default is operating
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley system dependent.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley If your operating system has integrated support for IPv6, it
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley will be used automatically. If you have installed KAME IPv6
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley separately, use "--with-kame[=PATH]" to specify its location.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "make install" will install "named" and the various BIND 9 libraries.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley By default, installation is into /usr/local, but this can be changed
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley with the "--prefix" option when running "configure".
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley You may specify the option "--sysconfdir" to set the directory
where configuration files like "named.conf" go by default,
of "run/named.pid". For backwards compatibility with BIND 8,
option, sysconfdir defaults to "$prefix/etc" and localstatedir
defaults to "$prefix/var".
compiler (e.g. the various BSD systems, Linux).
on your system, and some require Perl; see bin/tests/system/README
doc/arm directory.
options of "named" are documented in /bin/named/named.8.
notes in doc/misc/migration. If you are upgrading from
BIND 4, read doc/misc/migration-4to9.