README revision faca6b801dcace871c8a98c8ee1bba8d7e2994a5
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson BIND version 9 is a major rewrite of nearly all aspects of the
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson underlying BIND architecture. Some of the important features of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Security
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson DNSSEC (signed zones)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson TSIG (signed DNS requests)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - IP version 6
fd9b6f253eac9dae2e1ad19d49aaa922d5d4f274Mark Andrews Answers DNS queries on IPv6 sockets
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IPv6 resource records (A6, DNAME, etc.)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Bitstring Labels
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Experimental IPv6 Resolver Library
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Protocol Enhancements
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IXFR, DDNS, Notify, EDNS0
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Improved standards conformance
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson One server process can provide multiple "views" of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson the DNS namespace, e.g. an "inside" view to certain
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson clients, and an "outside" view to others.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Multiprocessor Support
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley - Improved Portability Architecture
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson organizations:
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Sun Microsystems, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Hewlett Packard
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Compaq Computer Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Process Software Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Silicon Graphics, Inc.
70680fa51b0147c726b939b72b2420249429756aBob Halley Network Associates, Inc.
70680fa51b0147c726b939b72b2420249429756aBob Halley U.S. Defense Information Systems Agency
276a77c22af98c78403883b16a82646a0d5b29abPaul Vixie USENIX Association
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley Stichting NLnet - NLnet Foundation
b497531c76ea5f9aeed0c1707b6156c104c633ddEvan Hunt BIND 9.2.0a2 is an alpha release of BIND 9.2.0.
62714accee7c8d96e02f40d58751422972e2ed41Evan Hunt It includes a number of new features over 9.1, including:
62714accee7c8d96e02f40d58751422972e2ed41Evan Hunt - The size of the cache can now be limited using the
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt "max-cache-size" option.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - The server can now automatically convert RFC1886-style
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt recursive lookup requests into RFC2874-style lookups,
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt when enabled using the new option "allow-v6-synthesis".
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt This allows stub resolvers that support AAAA records
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt but not A6 record chains or binary labels to perform
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt lookups in domains that make use of these IPv6 DNS
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - Performance has been improved.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - The man pages now use the more portable "man" macros
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt rather than the "mandoc" macros, and are installed
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt by "make install".
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt - The named.conf parser has been completely rewritten.
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt It now supports "include" directives in more
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt places such as inside "view" statememnts, and it no
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt longer has any reserved words.
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt - The "rndc status" command is now implemented.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - rndc can now be configured automatically.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - A BIND 8 compatible stub resolver library is now
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt - openssl has been removed from the distribution. This means
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt that to use DNSSEC, openssl must be installed and the
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt --with-openssl option must be supplied to configure. This
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt does not apply to TSIG, which does not require openssl.
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt This distribution also includes a new lightweight stub
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt resolver library and associated resolver daemon that fully
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt support forward and reverse lookups of both IPv4 and IPv6
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt addresses. This library is considered experimental and
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt is not a complete replacement for the BIND 8 resolver library.
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt Applications that use the BIND 8 res_* functions to perform
cb143a725f0c4aa805f8fc66494023448455c773Evan Hunt DNS lookups or dynamic updates still need to be linked against
96b1a311fc960d146193532bbbebcfcaa7ea7926Evan Hunt the BIND 8 libraries. For DNS lookups, they can also use the
923ba8158a9a065719bcf9a80bfc40e7569df8a4Evan Hunt new "getrrsetbyname()" API.
949eefdda49701c14579d1fd251bd09df0751c2fEvan Hunt BIND 9.2 is capable of acting as an authoritative server
e4c4cf5177d23e144897e0e26ae210cfdb9612ebEvan Hunt for DNSSEC secured zones. This functionality is believed to
73dbd4e9331f99e93beaaf285ef6f036735813caMark Andrews be stable and complete except for lacking support for wildcard
73dbd4e9331f99e93beaaf285ef6f036735813caMark Andrews records in secure zones.
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt When acting as a caching server, BIND 9.2 can be configured
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt to perform DNSSEC secure resolution on behalf of its clients.
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt This part of the DNSSEC implementation is still considered
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt experimental. For detailed information about the state of the
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt DNSSEC implementation, see the file doc/misc/dnssec.
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt There are a few known bugs:
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt On some systems, IPv6 and IPv4 sockets interact in
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt unexpected ways. For details, see doc/misc/ipv6.
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt To reduce the impact of these problems, the server
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt no longer listens for requests on IPv6 addresses
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt by default. If you need to accept DNS queries over
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt IPv6, you must specify "listen-on-v6 { any; };"
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt in the named.conf options statement.
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt FreeBSD prior to 4.2 (and 4.2 if running as non-root)
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt and OpenBSD prior to 2.8 log messages like
5f6b9acfe985004f70384f0cd72991396acf5103Evan Hunt "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
73dbd4e9331f99e93beaaf285ef6f036735813caMark Andrews This is due to a bug in "/dev/random" and impacts the
276a77c22af98c78403883b16a82646a0d5b29abPaul Vixie server's DNSSEC support.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley --with-libtool does not work on AIX.
76860484adfbadeecfeb3a7132ede916ee2102ffBrian Wellington A bug in the Windows 2000 DNS server can cause zone transfers
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley from a BIND 9 server to a W2K server to fail. For details,
501da430e2f16f496f8e8d1b57ab77f78428c682David Lawrence see the "Zone Transfers" section in doc/misc/migration.
3b71206de9478a75ba735391498959bc54d542a2Mark Andrews For a detailed list of user-visible changes from
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey previous releases, see the CHANGES file.
df6663c9006e68e70edcc2af5e324e7217e2434bJeremy Reed BIND 9 currently requires a UNIX system with an ANSI C compiler,
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey basic POSIX support, and a 64 bit integer type.
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey We've had successful builds and tests on the following systems:
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt COMPAQ Tru64 UNIX 4.0D
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
ce249202297281e4b5aad3c310008ed16f810096Evan Hunt FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Red Hat Linux 6.0, 6.1, 6.2, 7.0
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Solaris 2.6, 7, 8
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Additionally, we have unverified reports of success building
8496c276b0549519e82076383db08b3e5e0e9347Evan Hunt previous versions of BIND 9 from users of the following systems:
8496c276b0549519e82076383db08b3e5e0e9347Evan Hunt SuSE Linux 7.0
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey Slackware Linux 7.x
8496c276b0549519e82076383db08b3e5e0e9347Evan Hunt Red Hat Linux 7.1
8496c276b0549519e82076383db08b3e5e0e9347Evan Hunt OpenBSD 2.6, 2.8, -current
0bdc099a35e8446d0c5a9b54f3d6459d59455980Jonathan Casey UnixWare 7.1.1
a0cad57966364095e4367f568389a8bd84afb2afAndreas Gustafsson To build, just
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Do not use a parallel "make".
8eb5937a7e4cb8b5d7fcc1be17d34fdd014bbbb1Andreas Gustafsson Several environment variables that can be set before running
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson configure will affect compilation:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson The C compiler to use. configure tries to figure
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson out the right one for supported systems.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson C compiler flags. Defaults to include -g and/or -O2
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson as supported by the compiler.
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence STD_CINCLUDES
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson System header file directories. Can be used to specify
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson where add-on thread or IPv6 support is, for example.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Defaults to empty string.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Any additional preprocessor symbols you want defined.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Defaults to empty string.
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence To build shared libraries, specify "--with-libtool" on the
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews configure command line.
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews To build libbind (BIND 8 resolver library), specify
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews "--enable-libbind" on the configure command line.
1ae75c1024eb0475c2be352b8707772e16332ad0Mark Andrews On some platforms, BIND 9 can be built with multithreading
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews support, allowing it to take advantage of multiple CPUs.
05d32f6b0f6590ca22136b753309f070ce769000Mark Andrews You can specify whether to build a multithreaded BIND 9
831fb092e870ed921d0d6fd67b551d9d03857a55Mark Andrews by specifying "--enable-threads" or "--disable-threads"
831fb092e870ed921d0d6fd67b551d9d03857a55Mark Andrews on the configure command line. The default is operating
831fb092e870ed921d0d6fd67b551d9d03857a55Mark Andrews system dependent.
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews If your operating system has integrated support for IPv6, it
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews will be used automatically. If you have installed KAME IPv6
f6f1672b4e460571c418e43ae3bd0fae97e4c149Mark Andrews separately, use "--with-kame[=PATH]" to specify its location.
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉 "make install" will install "named" and the various BIND 9 libraries.
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉 By default, installation is into /usr/local, but this can be changed
f99fd90097c3260a14eca9ee5aa8c4c4d50ebca7Tatuya JINMEI 神明達哉 with the "--prefix" option when running "configure".
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews You may specify the option "--sysconfdir" to set the directory
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews where configuration files like "named.conf" go by default,
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews and "--localstatedir" to set the default parent directory
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews of "run/named.pid". For backwards compatibility with BIND 8,
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews --sysconfdir defaults to "/etc" and --localstatedir defaults to
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews "/var" if no --prefix option is given. If there is a --prefix
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews option, sysconfdir defaults to "$prefix/etc" and localstatedir
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews defaults to "$prefix/var".
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews To see additional configure options, run "configure --help".
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews Note that the help message does not reflect the BIND 8
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews compatibility defaults for sysconfdir and localstatedir.
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews If you're planning on making changes to the BIND 9 source, you
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson should also "make depend". If you're using Emacs, you might find
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson "make tags" helpful.
29c9e88c6ce6c88d9a3e3a9629dbb0df29168ebfAndreas Gustafsson Building with gcc is not supported, unless gcc is the vendor's usual
29c9e88c6ce6c88d9a3e3a9629dbb0df29168ebfAndreas Gustafsson compiler (e.g. the various BSD systems, Linux).
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson A limited test suite can be run with "make test". Many of
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson the tests require you to configure a set of virtual IP addresses
f72a461c766a4cedc705e1ed0d6d2bb999a393f1Andreas Gustafsson on your system, and some require Perl; see bin/tests/system/README
e2a24b6e79572bd578d67b976208e19caf62e0f7Mark AndrewsDocumentation
e2a24b6e79572bd578d67b976208e19caf62e0f7Mark Andrews The BIND 9 Administrator Reference Manual is included with the
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson source distribution in DocBook XML and HTML format, in the
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson Some of the programs in the BIND 9 distribution have man pages
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson in their directories. In particular, the command line
8c4f1fa179f8f2fc56a9fa9294682a080e8756eeAndreas Gustafsson options of "named" are documented in /bin/named/named.8.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson There is now also a set of man pages for the lwres library.
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt If you are upgrading from BIND 8, please read the migration
767c53c304b86460d72eeec7d3304172cdd904bdEvan Hunt notes in doc/misc/migration. If you are upgrading from
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas GustafssonBug Reports and Mailing Lists
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson Bugs reports should be sent to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley bind9-bugs@isc.org
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To join the BIND 9 Users mailing list, send mail to
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson bind9-users-request@isc.org
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson If you're planning on making changes to the BIND 9 source
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson code, you might want to join the BIND 9 Workers mailing list.
00b1381f1384a8a3df80e467b2ef7a7692d0d567Andreas Gustafsson bind9-workers-request@isc.org