README revision ff69418be422164cad3be4a14a7ca56e668251ed
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley BIND version 9 is a major rewrite of nearly all aspects of the
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley underlying BIND architecture. Some of the important features of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Security
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson DNSSEC (signed zones)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson TSIG (signed DNS requests)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - IP version 6
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Answers DNS queries on IPv6 sockets
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IPv6 resource records (A6, DNAME, etc.)
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Bitstring Labels
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Experimental IPv6 Resolver Library
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - DNS Protocol Enhancements
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson IXFR, DDNS, Notify, EDNS0
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Improved standards conformance
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson One server process can provide multiple "views" of
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson the DNS namespace, e.g. an "inside" view to certain
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson clients, and an "outside" view to others.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Multiprocessor Support
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson - Improved Portability Architecture
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley BIND version 9 development has been underwritten by the following
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley organizations:
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley Sun Microsystems, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Hewlett Packard
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Compaq Computer Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Process Software Corporation
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Silicon Graphics, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson Network Associates, Inc.
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson U.S. Defense Information Systems Agency
16803617e47c83272013e45ba8eb83a3b11983edAndreas Gustafsson USENIX Association
70680fa51b0147c726b939b72b2420249429756aBob Halley Stichting NLnet - NLnet Foundation
70680fa51b0147c726b939b72b2420249429756aBob Halley Nominum, Inc.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson BIND 9.3.0 has a number of new features over 9.2,
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson * Zones containing MD and MF will now be rejected.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson * dig, nslookup name. now report "Not Implemented" as
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson NOTIMP rather than NOTIMPL. This will have impact on scripts
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson that are looking for NOTIMPL.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson BIND 9.2.0 has a number of new features over 9.1,
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The size of the cache can now be limited using the
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson "max-cache-size" option.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The server can now automatically convert RFC1886-style
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson recursive lookup requests into RFC2874-style lookups,
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson when enabled using the new option "allow-v6-synthesis".
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson This allows stub resolvers that support AAAA records
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson but not A6 record chains or binary labels to perform
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson lookups in domains that make use of these IPv6 DNS
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - Performance has been improved.
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson - The man pages now use the more portable "man" macros
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson rather than the "mandoc" macros, and are installed
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson by "make install".
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - The named.conf parser has been completely rewritten.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson It now supports "include" directives in more
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson places such as inside "view" statements, and it no
4d5f44e7933f4cb691e8f4cf3b4b5f61c27e2b1cAndreas Gustafsson longer has any reserved words.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - The "rndc status" command is now implemented.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - rndc can now be configured automatically.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - A BIND 8 compatible stub resolver library is now
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - OpenSSL has been removed from the distribution. This
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson means that to use DNSSEC, OpenSSL must be installed and
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson the --with-openssl option must be supplied to configure.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson This does not apply to the use of TSIG, which does not
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson require OpenSSL.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson - The source distribution now builds on Windows NT/2000.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson See win32utils/readme1.txt and win32utils/win32-build.txt
2fdaa940ccd0c671a3675d4674c0bd9b8a3f3fb4Andreas Gustafsson This distribution also includes a new lightweight stub
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson resolver library and associated resolver daemon that fully
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington support forward and reverse lookups of both IPv4 and IPv6
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington addresses. This library is considered experimental and
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington is not a complete replacement for the BIND 8 resolver library.
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington Applications that use the BIND 8 res_* functions to perform
73edea95c744a2a9052852d0a63b449599062b30Brian Wellington DNS lookups or dynamic updates still need to be linked against
7c956aeeeb8da3fd3912b1fb8024ff274e3b07ebAndreas Gustafsson the BIND 8 libraries. For DNS lookups, they can also use the
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson new "getrrsetbyname()" API.
e5256e34b4a26a26088b2dc5ca621b42c0750256Andreas Gustafsson BIND 9.2 is capable of acting as an authoritative server
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence for DNSSEC secured zones. This functionality is believed to
b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halley be stable and complete except for lacking support for
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley verifications involving wildcard records in secure zones.
40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halley When acting as a caching server, BIND 9.2 can be configured
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley to perform DNSSEC secure resolution on behalf of its clients.
76860484adfbadeecfeb3a7132ede916ee2102ffBrian Wellington This part of the DNSSEC implementation is still considered
8db66dc4eb654a2e295eaeab3aaf96e24c9ae7b7Bob Halley experimental. For detailed information about the state of the
501da430e2f16f496f8e8d1b57ab77f78428c682David Lawrence DNSSEC implementation, see the file doc/misc/dnssec.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley There are a few known bugs:
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson On some systems, IPv6 and IPv4 sockets interact in
2ecf7f63a01ca8a96d76f7d2d4de0fa37f3e3fabOlafur Gudmundsson unexpected ways. For details, see doc/misc/ipv6.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To reduce the impact of these problems, the server
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley no longer listens for requests on IPv6 addresses
557ab3bef6dbb33623f6ff26e9bbb0566b27d9bfAndreas Gustafsson by default. If you need to accept DNS queries over
b3d8bec59201fd0edbe38f909bda5014d7776b89Brian Wellington IPv6, you must specify "listen-on-v6 { any; };"
997e3113b7c91ec94e6274d31735f122e6e8209cAndreas Gustafsson in the named.conf options statement.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson FreeBSD prior to 4.2 (and 4.2 if running as non-root)
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson and OpenBSD prior to 2.8 log messages like
a0cad57966364095e4367f568389a8bd84afb2afAndreas Gustafsson "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
145faf872da76642be0456cb8e6305b186833667Brian Wellington This is due to a bug in "/dev/random" and impacts the
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson server's DNSSEC support.
6905fe248b89a0fd5b892ab8569e50cffe763ed0Andreas Gustafsson OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
a0cad57966364095e4367f568389a8bd84afb2afAndreas Gustafsson OS X 10.2 (Darwin 6.0) reports errors like
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "fcntl(3, F_SETFL, 4): Operation not supported by device".
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley This is due to a bug in "/dev/random" and impacts the
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley server's DNSSEC support.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley --with-libtool does not work on AIX.
8eb5937a7e4cb8b5d7fcc1be17d34fdd014bbbb1Andreas Gustafsson A bug in the Windows 2000 DNS server can cause zone transfers
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson from a BIND 9 server to a W2K server to fail. For details,
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson see the "Zone Transfers" section in doc/misc/migration.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson For a detailed list of user-visible changes from
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson previous releases, see the CHANGES file.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson BIND 9 currently requires a UNIX system with an ANSI C compiler,
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence basic POSIX support, and a 64 bit integer type.
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson We've had successful builds and tests on the following systems:
b70fc17acec2c036bb35a937ba00fbcf10848859David Lawrence COMPAQ Tru64 UNIX 4.0D
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson Red Hat Linux 6.0, 6.1, 6.2, 7.0
69930116e30137705d3b87d05cbfbc5712386fdeAndreas Gustafsson Solaris 2.6, 7, 8
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Additionally, we have unverified reports of success building
e21262ae8af5d12f64a2242e26338f36901ba4ccAndreas Gustafsson previous versions of BIND 9 from users of the following systems:
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence SuSE Linux 7.0
3b8932de20e12b07f9d874d5538d30e1fac9a9f4Andreas Gustafsson Slackware Linux 7.x, 8.0
9e87fd676ee62e6e11d29611731b80839fc305b3David Lawrence Red Hat Linux 7.1
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Debian GNU/Linux 2.2 and 3.0
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Mandrake 8.1
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley OpenBSD 2.6, 2.8, 2.9
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley UnixWare 7.1.1
5f5bb44065a3e7f506e4afd4d81c89da2931bf1bBob Halley Mac OS X 10.1
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To build, just
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson Do not use a parallel "make".
9b19b39170eaf78ae1baf39acca0be462c2faa4cAndreas Gustafsson Several environment variables that can be set before running
3637ad3b4e59fc92d3c68b5eabc479bb0ebd570eAndreas Gustafsson configure will affect compilation:
3637ad3b4e59fc92d3c68b5eabc479bb0ebd570eAndreas Gustafsson The C compiler to use. configure tries to figure
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley out the right one for supported systems.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson C compiler flags. Defaults to include -g and/or -O2
4efe2e812cf8462ed781bfd79b644eaf17d6d2b7Andreas Gustafsson as supported by the compiler.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson System header file directories. Can be used to specify
ff1e17749c7bf976f7127467c1816abeb3f4b998Brian Wellington where add-on thread or IPv6 support is, for example.
ff1e17749c7bf976f7127467c1816abeb3f4b998Brian Wellington Defaults to empty string.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson Any additional preprocessor symbols you want defined.
672a41b5fef7722803645c1f0ca132972f0f940aAndreas Gustafsson Defaults to empty string.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley Possible settings:
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson Change the default syslog facility of named/lwresd.
413d5565ba2af24f12dc54d6e6807af7f1a39867Andreas Gustafsson e.g. -DISC_FACILITY=LOG_LOCAL0
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To build shared libraries, specify "--with-libtool" on the
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley configure command line.
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley For the server to support DNSSEC, you need to build it
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley with crypto support. You must have OpenSSL 0.9.5a
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley or newer installed and specify "--with-openssl" on the
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley configure command line. If OpenSSL is installed under
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley a nonstandard prefix, you can tell configure where to
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley look for it using "--with-openssl=/prefix".
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley To build libbind (the BIND 8 resolver library), specify
36983956d7c3d9e294903eeda29548f67ac17daeBob Halley "--enable-libbind" on the configure command line.
a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halley On some platforms, BIND 9 can be built with multithreading
By default, installation is into /usr/local, but this can be changed
where configuration files like "named.conf" go by default,
of "run/named.pid". For backwards compatibility with BIND 8,
option, sysconfdir defaults to "$prefix/etc" and localstatedir
defaults to "$prefix/var".
compiler (e.g. the various BSD systems, Linux).
on your system, and some require Perl; see bin/tests/system/README
doc/arm directory.
options of "named" are documented in /bin/named/named.8.
notes in doc/misc/migration. If you are upgrading from
BIND 4, read doc/misc/migration-4to9.