README revision dc3ac7e79aee3821d1877a41adcd6d6eec5a4395
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND version 9 is a major rewrite of nearly all aspects of the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt underlying BIND architecture. Some of the important features of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - DNS Security
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt DNSSEC (signed zones)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt TSIG (signed DNS requests)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - IP version 6
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Answers DNS queries on IPv6 sockets
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt IPv6 resource records (AAAA)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Experimental IPv6 Resolver Library
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - DNS Protocol Enhancements
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt IXFR, DDNS, Notify, EDNS0
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Improved standards conformance
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt One server process can provide multiple "views" of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt the DNS namespace, e.g. an "inside" view to certain
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt clients, and an "outside" view to others.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Multiprocessor Support
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Improved Portability Architecture
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND version 9 development has been underwritten by the following
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt organizations:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Sun Microsystems, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Hewlett Packard
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Compaq Computer Corporation
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Process Software Corporation
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Silicon Graphics, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Network Associates, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt U.S. Defense Information Systems Agency
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt USENIX Association
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Stichting NLnet - NLnet Foundation
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Nominum, Inc.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt For a summary of functional enhancements in previous
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt releases, see the HISTORY file.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt For a detailed list of user-visible changes from
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt previous releases, see the CHANGES file.
62714accee7c8d96e02f40d58751422972e2ed41Evan Hunt For up-to-date release notes and errata, see
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt releases. New features include:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - DNS Response-rate limiting (DNS RRL) blunts the impact of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt reflection and amplification attacks.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - New zone file format "map" is an image of a zone database
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt that can be loaded directly into memory, allowing much faster
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt zone loading.
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt - Substantial improvement in response-policy zone (RPZ)
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt performance. Up to 32 response-policy zones can be
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt configured with minimal performance loss.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - ACLs can now be specified based on geographic location
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt using the MacMind GeoIP databases.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - New XML schema (version 3) for the statistics channel
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt includes many new statistics and uses a flattened XML tree
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt for faster parsing.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - A new stylesheet, based on the Google Charts API, displays
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt XML statistics in charts and graphs on javascript-enabled
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - The statistics channel can now provide data in JSON
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt format as well as XML.
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt - The internal and export versions of the BIND libraries
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt (libisc, libdns, etc) have been unified so that external
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt library clients can use the same libraries as BIND itself.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - New 'dnssec-coverage' tool to check DNSSEC key coverage
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt for a zone and report if a lapse in signing coverage has
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt been inadvertently scheduled.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Signing algorithm flexibility and other improvements
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt for the "rndc" control channel.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - 'named-checkzone' and 'named-compilezone' can now read
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt journal files, allowing them to process dynamic zones.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - Multiple DLZ databases can now be configured. Individual
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt zones can be configured to be served from a specific DLZ
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt database. DLZ databases now serve zones of type "master"
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt and "redirect".
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - "rndc zonestatus" reports information about a specified zone.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt - "named" now listens on IPv6 as well as IPv4 interfaces
dc3ac7e79aee3821d1877a41adcd6d6eec5a4395Evan Hunt - "named" now preserves the capitalization of names when
dc3ac7e79aee3821d1877a41adcd6d6eec5a4395Evan Hunt responding to queries.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt releases. New features include:
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - Inline signing, allowing automatic DNSSEC signing of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt master zones without modification of the zonefile, or
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt "bump in the wire" signing in slaves.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - NXDOMAIN redirection.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - New 'rndc flushtree' command clears all data under a given
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt name from the DNS cache.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - New 'rndc sync' command dumps pending changes in a dynamic
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt zone to disk without a freeze/thaw cycle.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - New 'rndc signing' command displays or clears signing status
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt records in 'auto-dnssec' zones.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - NSEC3 parameters for 'auto-dnssec' zones can now be set prior
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt to signing, eliminating the need to initially sign with NSEC.
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt - Startup time improvements on large authoritative servers.
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt - Slave zones are now saved in raw format by default.
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt - Several improvements to response policy zones (RPZ).
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt - Improved hardware scalability by using multiple threads
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt to listen for queries and using finer-grained client locking
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - The 'also-notify' option now takes the same syntax as
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt 'masters', so it can used named masterlists and TSIG keys.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - 'dnssec-signzone -D' writes an output file containing only DNSSEC
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt data, which can be included by the primary zone file.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - 'dnssec-signzone -R' forces removal of signatures that are
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt not expired but were created by a key which no longer exists.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - 'dnssec-signzone -X' allows a separate expiration date to
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt be specified for DNSKEY signatures from other signatures.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - New '-L' option to dnssec-keygen, dnssec-settime, and
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt dnssec-keyfromlabel sets the default TTL for the key.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - dnssec-dsfromkey now supports reading from standard input,
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt to make it easier to convert DNSKEY to DS.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - RFC 1918 reverse zones have been added to the empty-zones
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt table per RFC 6303.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - Dynamic updates can now optionally set the zone's SOA serial
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt number to the current UNIX time.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - DLZ modules can now retrieve the source IP address of
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt the querying client.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - 'request-ixfr' option can now be set at the per-zone level.
923ba8158a9a065719bcf9a80bfc40e7569df8a4Evan Hunt - 'dig +rrcomments' turns on comments about DNSKEY records,
923ba8158a9a065719bcf9a80bfc40e7569df8a4Evan Hunt indicating their key ID, algorithm and function
949eefdda49701c14579d1fd251bd09df0751c2fEvan Hunt - Simplified nsupdate syntax and added readline support
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BIND 9 currently requires a UNIX system with an ANSI C compiler,
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt basic POSIX support, and a 64 bit integer type.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt We've had successful builds and tests on the following systems:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt COMPAQ Tru64 UNIX 5.1B
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Fedora Core 6
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt FreeBSD 4.10, 5.2.1, 6.2
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Mac OS X 10.5
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt NetBSD 3.x, 4.0-beta, 5.0-beta
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt OpenBSD 3.3 and up
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Solaris 8, 9, 9 (x86), 10
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Ubuntu 7.04, 7.10
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Windows XP/2003/2008
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt Windows, including Windows NT and Windows 2000, are no longer
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt We have recent reports from the user community that a supported
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt version of BIND will build and run on the following systems:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt CentOS 4, 4.5, 5
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Darwin 9.0.0d1/ARM
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Debian 4, 5, 6
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Fedora Core 5, 7, 8
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt FreeBSD 6, 7, 8
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt HP-UX 11.23 PA
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt MacOS X 10.5, 10.6, 10.7
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Red Hat Enterprise Linux 4, 5, 6
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt SCO OpenServer 5.0.6
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Slackware 9, 10
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt To build, just
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Do not use a parallel "make".
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Several environment variables that can be set before running
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt configure will affect compilation:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt The C compiler to use. configure tries to figure
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt out the right one for supported systems.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt C compiler flags. Defaults to include -g and/or -O2
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt as supported by the compiler. Please include '-g'
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt if you need to set CFLAGS.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt STD_CINCLUDES
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt System header file directories. Can be used to specify
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt where add-on thread or IPv6 support is, for example.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Defaults to empty string.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt STD_CDEFINES
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Any additional preprocessor symbols you want defined.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Defaults to empty string.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Possible settings:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Change the default syslog facility of named/lwresd.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DISC_FACILITY=LOG_LOCAL0
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Enable DNSSEC signature chasing support in dig.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DDIG_SIGCHASE_BU=1)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Disable dropping queries from particular well known ports.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DNS_CLIENT_DROPPORT=0
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Sibling glue checking in named-checkzone is enabled by default.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt To disable the default check set. -DCHECK_SIBLING=0
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt named-checkzone checks out-of-zone addresses by default.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt To disable this default set. -DCHECK_LOCAL=0
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt To create the default pid files in ${localstatedir}/run rather
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt than ${localstatedir}/run/{named,lwresd}/ set.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DNS_RUN_PID_DIR=0
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Enable workaround for Solaris kernel bug about /dev/poll
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DISC_SOCKET_USE_POLLWATCH=1
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt The watch timeout is also configurable, e.g.,
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DISC_SOCKET_POLLWATCH_TIMEOUT=20
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Linker flags. Defaults to empty string.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt The following need to be set when cross compiling.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt The native C compiler.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BUILD_CFLAGS (optional)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BUILD_CPPFLAGS (optional)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Possible Settings:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BUILD_LDFLAGS (optional)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt BUILD_LIBS (optional)
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt On most platforms, BIND 9 is built with multithreading
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt support, allowing it to take advantage of multiple CPUs.
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt You can configure this by specifying "--enable-threads" or
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt "--disable-threads" on the configure command line. The default
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt is to enable threads, except on some older operating systems
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt on which threads are known to have had problems in the past.
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt (Note: Prior to BIND 9.10, the default was to disable threads on
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt Linux systems; this has been reversed. On Linux systems, the
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt threaded build is known to change BIND's behavior with respect
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt to file permissions; it may be necessary to specify a user with
0d18225b5e2d17e4bef0077212fd6927ca58dda6Evan Hunt the -u option when running named.)
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt To build shared libraries, specify "--with-libtool" on the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt configure command line.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt For the server to support DNSSEC, you need to build it
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt with crypto support. You must have OpenSSL 0.9.5a
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt or newer installed and specify "--with-openssl" on the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt configure command line. If OpenSSL is installed under
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt a nonstandard prefix, you can tell configure where to
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt look for it using "--with-openssl=/prefix".
feb067b25a8e33db62e2a7bf2e83bbb7f6eee845Evan Hunt To support the HTTP statistics channel, the server must
feb067b25a8e33db62e2a7bf2e83bbb7f6eee845Evan Hunt be linked with at least one of the following: libxml2
feb067b25a8e33db62e2a7bf2e83bbb7f6eee845Evan Hunt (http://xmlsoft.org) or json-c (https://github.com/json-c).
feb067b25a8e33db62e2a7bf2e83bbb7f6eee845Evan Hunt If these are installed at a nonstandard prefix, use
feb067b25a8e33db62e2a7bf2e83bbb7f6eee845Evan Hunt "--with-libxml2=/prefix" or "--with-libjson=/prefix".
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt On some platforms it is necessary to explictly request large
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt file support to handle files bigger than 2GB. This can be
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt done by "--enable-largefile" on the configure command line.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt Support for the "fixed" rrset-order option can be enabled
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt or disabled by specifying "--enable-fixed-rrset" or
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt "--disable-fixed-rrset" on the configure command line.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt The default is "disabled", to reduce memory footprint.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt If your operating system has integrated support for IPv6, it
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt will be used automatically. If you have installed KAME IPv6
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt separately, use "--with-kame[=PATH]" to specify its location.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt "make install" will install "named" and the various BIND 9 libraries.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt By default, installation is into /usr/local, but this can be changed
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt with the "--prefix" option when running "configure".
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt You may specify the option "--sysconfdir" to set the directory
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt where configuration files like "named.conf" go by default,
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt and "--localstatedir" to set the default parent directory
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt of "run/named.pid". For backwards compatibility with BIND 8,
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt --sysconfdir defaults to "/etc" and --localstatedir defaults to
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt "/var" if no --prefix option is given. If there is a --prefix
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt option, sysconfdir defaults to "$prefix/etc" and localstatedir
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt defaults to "$prefix/var".
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt To see additional configure options, run "configure --help".
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Note that the help message does not reflect the BIND 8
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt compatibility defaults for sysconfdir and localstatedir.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt If you're planning on making changes to the BIND 9 source, you
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt should also "make depend". If you're using Emacs, you might find
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt "make tags" helpful.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt If you need to re-run configure please run "make distclean" first.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt This will ensure that all the option changes take.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Building with gcc is not supported, unless gcc is the vendor's usual
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt compiler (e.g. the various BSD systems, Linux).
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Known compiler issues:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt * gcc-3.3.5 powerpc generates incorrect code at -02.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt * Irix, MipsPRO 7.4.1m is known to cause problems.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt A limited test suite can be run with "make test". Many of
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt the tests require you to configure a set of virtual IP addresses
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt on your system, and some require Perl; see bin/tests/system/README
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt for details.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt SunOS 4 requires "printf" to be installed to make the shared
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt libraries. sh-utils-1.16 provides a "printf" which compiles
c5e2e93f62e83ff6e3d85ea05ab5a9f468300a32Mark AndrewsKnown limitations
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Linux requires kernel build 2.6.39 or later to get the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt performance benefits from using multiple sockets.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt The BIND 9 Administrator Reference Manual is included with the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt source distribution in DocBook XML and HTML format, in the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Some of the programs in the BIND 9 distribution have man pages
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt in their directories. In particular, the command line
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt options of "named" are documented in /bin/named/named.8.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt There is now also a set of man pages for the lwres library.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt If you are upgrading from BIND 8, please read the migration
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt notes in doc/misc/migration. If you are upgrading from
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Frequently asked questions and their answers can be found in
306b36adb61f375b697419a9775e33398eb21563Evan Hunt Additional information on various subjects can be found
306b36adb61f375b697419a9775e33398eb21563Evan Hunt in the other README files.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt A detailed list of all changes to BIND 9 is included in the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt file CHANGES, with the most recent changes listed first.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Change notes include tags indicating the category of the
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt change that was made; these categories are:
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [func] New feature
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [bug] General bug fix
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [security] Fix for a significant security flaw
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [experimental] Used for new features when the syntax
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt or other aspects of the design are still
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt in flux and may change
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [port] Portability enhancement
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [maint] Updates to built-in data such as root
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt server addresses and keys
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [tuning] Changes to built-in configuration defaults
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt and constants to improve performanceo
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [protocol] Updates to the DNS protocol such as new
b375b22fb0342f549d6d3a428644292e7c812e3aEvan Hunt [test] Changes to the automatic tests, not
b375b22fb0342f549d6d3a428644292e7c812e3aEvan Hunt affecting server functionality
b375b22fb0342f549d6d3a428644292e7c812e3aEvan Hunt [cleanup] Minor corrections and refactoring
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt [doc] Documentation
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt In general, [func] and [experimental] tags will only appear
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt in new-feature releases (i.e., those with version numbers
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt ending in zero). Some new functionality may be backported to
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt older releases on a case-by-case basis. All other change
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt types may be applied to all currently-supported releases.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas GustafssonBug Reports and Mailing Lists
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Bugs reports should be sent to
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt bind9-bugs@isc.org
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt To join the BIND Users mailing list, send mail to
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt bind-users-request@isc.org
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt archives of which can be found via
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt If you're planning on making changes to the BIND 9 source
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt code, you might want to join the BIND Workers mailing list.
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt Send mail to
e08d5f3e3bdc29026224c9b730273a051db7dfeaEvan Hunt bind-workers-request@isc.org