xref/bind-9.11.3/README

	README revision 5f5bb44065a3e7f506e4afd4d81c89da2931bf1b

BIND 9

    BIND version 9 is a major rewrite of nearly all aspects of the
    underlying BIND architecture. This re-architecting of BIND was
    necessitated by the expected demands of:

        - Domain name system growth, particularly in very large
          zones such as .COM
        - Protocol enhancements necessary to securely query and
          update zones
        - Protocol enhancements necessary to take advantage of
          certain architectural features of IP version 6

    These demands implied performance requirements that were not
    necessarily easy to attain with the BIND version 8
    architecture.  In particular, BIND must not only be able to
    run on multi-processor multi-threaded systems, but must take
    full advantage of the performance enhancements these
    architectures can provide. In addition, the underlying data
    storage architecture of BIND version 8 does not lend itself to
    implementing alternative back end databases, such as would be
    desirable for the support of multi-gigabyte zones. As such
    zones are easily foreseeable in the relatively near future,
    the data storage architecture needed revision. The feature
    requirements for BIND version 9 included:

        - Scalability
            Thread safety
                Multi-processor scalability
                Support for very large zones

        - Security
                Support for DNSSEC
                Support for TSIG
                Auditability (code and operation)
                Firewall support (split DNS)

        - Portability

        - Maintainability

        - Protocol Enhancements
                IXFR, DDNS, Notify, EDNS0
                Improved standards conformance

        - Operational enhancements
                High availability and reliability
                Support for alternative back end databases

        - IP version 6 support
                IPv6 resource records (A6, DNAME, etc.)
                Bitstring labels
                APIs

    BIND version 9 development has been underwritten by the following
    organizations:

            Sun Microsystems, Inc.
            Hewlett Packard
            Compaq Computer Corporation
            IBM
            Process Software Corporation
            Silicon Graphics, Inc.
            Network Associates, Inc.
            U.S. Defense Information Systems Agency
        USENIX Association
        Stichting NLnet - NLnet Foundation


BIND 9.0.0b1

    BIND 9.0.0b1 is the first public release of BIND 9 code.  It will
    be most useful to advanced users working with IPv6 or DNSSEC.

    BIND 9.0.0b1 is not functionally complete, and is not a release
    candidate for BIND 9.0.0.  The ISC anticipates a number of additional
    beta releases between now and May, when BIND 9.0.0 is scheduled to
    be released.

    The ISC does not recommend using BIND 9.0.0b1 for "production"
    services.

    We hope users of BIND 9.0.0b1 will provide feedback, bug fixes, and
    enhancements.  If you are not in a position to do so, it would
    probably be better to wait until subsequent releases.

    Much of the core technology planned for BIND 9.0.0 is in this beta
    release.  Some of the highlights are:

        IPv6

            Support for bitstring labels, DNAME, and A6 records.

            IPv6-aware resolver (follows A6 chains, can use IPv6 to
            talk to other nameservers).

            The nameserver listens on an IPv6 socket.

        DNSSEC

            All new RR types supported.

            The server generates DNSSEC responses for secure zones.

        EDNS0

            DNS messages using UDP have been limited to 512
            bytes.  This is too small for DNSSEC replies, whose
            signature and key records can be large.  EDNS0 allows
            larger UDP messages to be sent.

            EDNS0 is understood by the server, and used by the
            resolver.

    Some of the more significant items that will be implemented or
    enhanced in a future beta are

        DNSSEC validation

            The server does not currently validate DNSSEC
            signatures.

        Notify

            Notify is not yet implemented.

        Configuration File

            Some config file items are not yet implemented.
            See doc/misc/options for a summary of the current
            status.

        Selective Forwarding

        Documentation

            Future releases will contain a lot more documentation,
            but a preliminary version of the Administrator's
            Reference Manual is in the doc/arm subdirectory.


Building

    BIND 9 currently requires a UNIX system with an ANSI C compiler,
    basic POSIX support, and a good pthreads implementation.

    We've had successful builds and tests on the following systems

        AIX 4.3
        COMPAQ Tru64 UNIX 4.0D
        FreeBSD 3.4-STABLE
        HP-UX 11
        IRIX64 6.5
        NetBSD current (with "unproven" pthreads)
        Red Hat Linux 6.0, 6.1
        Solaris 2.6, 7, 8 (beta)

    To build, just

        ./configure
        make

    "make install" will install "named" and the various BIND 9 libraries.
    By default, installation is into /usr/local, but this can be changed
    with the "--prefix" option when running "configure".

    Shared libraries will be built if "--with-libtool" is added to the
    "configure" command.

    If you're planning on making changes to the BIND 9 source, you
    should also "make depend".  If you're using Emacs, you might find
    "make tags" helpful.

    Building with gcc is not supported, unless gcc is the vendor's usual
    compiler (e.g. the various BSD systems, Linux).

    Parts of the library can be tested by running "make test" from the
    bin/tests subdirectory.


Bug Reports and Mailing Lists

    Bugs reports should be sent to

        bind9-bugs@isc.org

    To join the BIND 9 Users mailing list, send mail to

        bind9-users-request@isc.org

    If you're planning on making changes to the BIND 9 source
    code, you might want to join the BIND 9 Workers mailing list.
    Send mail to

        bind9-workers-request@isc.org


"named" command line options

    -c <config_file>

    -d <debug_level>

    -f              Run in the foreground.

    -N <number_of_cpus>

    -t <directory>          Chroot to <directory> before running.

    -u <username>           Run as user <username> after binding
                    to privileged ports.

    Use of the "-t" option while still running as "root" doesn't
    enhance security on most systems.  The way chroot() is defined
    allows a process with root privileges to escape the chroot jail.

    The "-u" option is not currently useful on Linux.  Linux threads
    are actually processes sharing a common address space.  An unfortunate
    side effect of this is that some system calls, e.g. setuid() that
    in a typical pthreads environment would affect all threads only affect
    the calling thread/process on Linux.  The good news is that BIND 9
    uses the Linux kernel's capability mechanism to drop all root
    powers except the ability to bind() to a privileged port.

    On systems with more than one CPU, the "-N" option should be used
    to indicate how many CPUs there are.


Note to Programmers

    The APIs for the libraries in BIND 9 are not yet frozen.
    We expect the existing library interfaces in the release to be
    quite stable, however, and unless we've specifically indicated that
    an interface is temporary, we don't anticipate major changes in
    future releases.