README revision c5b7873fd2d8a830b76e58071ed52ed4c7bd498e
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico BIND version 9 is a major rewrite of nearly all aspects of the
d048f1c15089c16b8ca1b264513a2f92ff86e703JazzyNico underlying BIND architecture. This re-architecting of BIND was
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico necessitated by the expected demands of:
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico - Domain name system growth, particularly in very large
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico zones such as .COM
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico - Protocol enhancements necessary to securely query and
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico update zones
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico - Protocol enhancements necessary to take advantage of
40e5cf3e8f0ddda79b1650df77d0f847a22822bfJazzyNico certain architectural features of IP version 6
40e5cf3e8f0ddda79b1650df77d0f847a22822bfJazzyNico These demands implied performance requirements that were not
40e5cf3e8f0ddda79b1650df77d0f847a22822bfJazzyNico necessarily easy to attain with the BIND version 8
40e5cf3e8f0ddda79b1650df77d0f847a22822bfJazzyNico architecture. In particular, BIND must not only be able to
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico run on multi-processor multi-threaded systems, but must take
d048f1c15089c16b8ca1b264513a2f92ff86e703JazzyNico full advantage of the performance enhancements these
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico architectures can provide. In addition, the underlying data
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico storage architecture of BIND version 8 does not lend itself to
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico implementing alternative back end databases, such as would be
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico desirable for the support of multi-gigabyte zones. As such
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico zones are easily foreseeable in the relatively near future,
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico the data storage architecture needed revision. The feature
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico requirements for BIND version 9 included:
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico - Scalability
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico Thread safety
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico Multi-processor scalability
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico Support for very large zones
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico Support for DNSSEC
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico Support for TSIG
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico Auditability (code and operation)
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Firewall support (split DNS)
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico - Portability
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico - Maintainability
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico - Protocol Enhancements
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico IXFR, DDNS, Notify, EDNS0
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Improved standards conformance
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico - Operational enhancements
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico High availability and reliability
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Support for alternative back end databases
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico - IP version 6 support
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico IPv6 resource records (A6, DNAME, etc.)
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Bitstring labels
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico BIND version 9 development has been underwritten by the following
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico organizations:
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Sun Microsystems, Inc.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Hewlett Packard
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Compaq Computer Corporation
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Process Software Corporation
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Silicon Graphics, Inc.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Network Associates, Inc.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico U.S. Defense Information Systems Agency
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico USENIX Association
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Stichting NLnet - NLnet Foundation
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico BIND 9.0.0b3 is the third public release of BIND 9 code. It will
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico be most useful to advanced users working with IPv6 or DNSSEC.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico BIND 9.0.0b3 is not functionally complete, and is not a release
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico candidate for BIND 9.0.0. ISC anticipates a number of additional
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico beta releases between now and June, when BIND 9.0.0 is scheduled to
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico be released.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico ISC does not recommend using BIND 9.0.0b3 for "production"
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico We hope users of BIND 9.0.0b3 will provide feedback, bug fixes, and
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico enhancements. If you are not in a position to do so, it would
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico probably be better to wait until subsequent releases.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico There have been many changes since beta 2; the highlights are:
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico The server now supports "views", a mechanism for answering
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico DNS queries differently to different requestors. This
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico will make split DNS setups much easier to build.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Basic support for validation of DNSSEC signatures is
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico has been implemented. This functionality should
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico be considered experimental at this point.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico NOTIFY (RFC1996) has been implemented.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico The "dig" and "host" tools have been completely rewritten
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico and are included in the base distribution.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Bug fixes. Most bugs reported against beta 2 have been
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico There are still some known bugs, including:
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico The random data used in generating DNSSEC keys and
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico signatures contains a significant pseudorandom
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico component and is therefore not cryptographically
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico strong. We do not recommend the use of keys generated
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico by the key generation tools in this distribution
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico in production.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico The option "query-source * port 53;" will not work as
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico expected. Instead of the wildcard address "*", you need
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico to use an explicit source IP address.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico For a detailed list of user-visible changes since beta 2, see
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico the CHANGES file.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Some of the more significant items that will be implemented or
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico enhanced in a future beta are
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Selective Forwarding
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Documentation
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Future releases will contain a lot more documentation,
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico but a preliminary version of the Administrator's
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Reference Manual is in the doc/arm subdirectory in
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico HTML format. A plain text version will be added
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico in a future release.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico BIND 9 currently requires a UNIX system with an ANSI C compiler,
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico basic POSIX support, and a good pthreads implementation.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico We've had successful builds and tests on the following systems
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico COMPAQ Tru64 UNIX 4.0D
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico FreeBSD 3.4-STABLE
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico NetBSD-current (with "unproven" pthreads, foreground only)
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Red Hat Linux 6.0, 6.1, 6.2
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Solaris 2.6, 7, 8 (beta)
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico To build, just
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Several environment variables that can be set before running
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico configure will affect compilation:
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico The C compiler to use. configure tries to figure
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico out the right one for supported systems.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico C compiler flags. Defaults to include -g and/or -O2
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico as supported by the compiler.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico STD_CINCLUDES
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico System header file directories. Can be used to specify
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico where add-on thread or IPv6 support is, for example.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Defaults to empty string.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico STD_CDEFINES
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Any additional preprocessor symbols you want defined.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Defaults to empty string.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico To build shared libraries, specify "--with-libtool" on the
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico configure command line.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico If your operating system has integrated support for IPv6, it
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico will be used automatically. If you have installed KAME IPv6
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico separately, use "--with-kame[=PATH]" to specify its location.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico To see additional configure options, run "configure --help".
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico "make install" will install "named" and the various BIND 9 libraries.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico By default, installation is into /usr/local, but this can be changed
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico with the "--prefix" option when running "configure".
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico If you're planning on making changes to the BIND 9 source, you
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico should also "make depend". If you're using Emacs, you might find
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico "make tags" helpful.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Building with gcc is not supported, unless gcc is the vendor's usual
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico compiler (e.g. the various BSD systems, Linux).
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Parts of the library can be tested by running "make test" from the
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico bin/tests subdirectory. Running "make all_tests" will build many
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico small test applications that can also exercise a lot of functionality
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico of the library in an isolated way; however, these test programs
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico are not well documented nor directly supported, so they're mostly
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico there for people who really want to get their hands dirty with BIND9.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNicoBug Reports and Mailing Lists
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Bugs reports should be sent to
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico bind9-bugs@isc.org
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico To join the BIND 9 Users mailing list, send mail to
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico bind9-users-request@isc.org
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico If you're planning on making changes to the BIND 9 source
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico code, you might want to join the BIND 9 Workers mailing list.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico Send mail to
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico bind9-workers-request@isc.org
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico"named" command line options
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico -c <config_file>
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico -d <debug_level>
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico -f Run in the foreground.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico -g Run in the foreground and log
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico to stderr, ignoring any "logging"
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico statement in in the config file.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico -n <number_of_cpus>
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico -t <directory> Chroot to <directory> before running.
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico -u <username> Run as user <username> after binding
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico to privileged ports.
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico Use of the "-t" option while still running as "root" doesn't
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico enhance security on most systems. The way chroot() is defined
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico allows a process with root privileges to escape the chroot jail.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico The "-u" option is not currently useful on Linux kernels older
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico than 2.3.99-pre3. Linux threads are actually processes sharing a
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico common address space. An unfortunate side effect of this is that
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico some system calls, e.g. setuid() that in a typical pthreads
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico environment would affect all threads only affect the calling
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico thread/process on Linux. The good news is that BIND 9 uses the
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico Linux kernel's capability mechanism to drop all root powers except
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico the ability to bind() to a privileged port. 2.3.99-pre3 and later
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico kernels allow a process to say that its capabilities should be
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico retained after setuid(). If BIND 9 is compiled with 2.3.99-pre3 or
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico later kernel .h files, the "-u" option will cause the server to
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico run with the specified user id, but it will retain the capability
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico to bind() to privileged ports.
09d8c881485db7f6fa367e8f60da0f0a12f83ff8JazzyNico On systems with more than one CPU, the "-n" option should be used
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico to indicate how many CPUs there are.
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNicoNote to Programmers
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico The APIs for the libraries in BIND 9 are not yet frozen.
88395eed42de4d59f54795b60c8c0a7ab881e153JazzyNico We expect the existing library interfaces in the release to be
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico quite stable, however, and unless we've specifically indicated that
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico an interface is temporary, we don't anticipate major changes in
f23f02a3a2f44d28cde32ff3742d6ead6e563693JazzyNico future releases.