2928N/A BIND version 9 is a major rewrite of nearly all aspects of the
2928N/A underlying BIND architecture. Some of the important features of
2928N/A Answers DNS queries on IPv6 sockets
2928N/A IPv6 resource records (AAAA)
2928N/A Experimental IPv6 Resolver Library
2928N/A - DNS Protocol Enhancements
2928N/A Improved standards conformance
2928N/A One server process can provide multiple "views" of
2928N/A the DNS namespace,
e.g. an "inside" view to certain
2928N/A clients, and an "outside" view to others.
2928N/A - Improved Portability Architecture
2928N/A BIND version 9 development has been underwritten by the following
2928N/A Compaq Computer Corporation
2928N/A Process Software Corporation
2928N/A Stichting NLnet - NLnet Foundation
2928N/A BIND 9.3.0 has a number of new features over 9.2,
2928N/A DNSSEC lookaside validation.
2928N/A check-names is now implemented.
2928N/A rrset-order in more complete.
2928N/A IXFR deltas can now be generated when loading master files,
2928N/A It is now possible to specify the size of a journal, max-journal-size.
2928N/A It is now possible to define a named set of master servers to be
2928N/A used in masters clause, masters.
2928N/A The advertised EDNS UDP size can now be set, edns-udp-size.
2928N/A allow-v6-synthesis has been obsoleted.
2928N/A * Zones containing MD and MF will now be rejected.
2928N/A * dig, nslookup name. now report "Not Implemented" as
2928N/A NOTIMP rather than NOTIMPL. This will have impact on scripts
2928N/A that are looking for NOTIMPL.
2928N/A libbind: corresponds to that from BIND 8.4.5.
2928N/A BIND 9.2.0 has a number of new features over 9.1,
2928N/A - The size of the cache can now be limited using the
2928N/A - The server can now automatically convert RFC1886-style
2928N/A recursive lookup requests into RFC2874-style lookups,
2928N/A when enabled using the new option "allow-v6-synthesis".
2928N/A This allows stub resolvers that support AAAA records
2928N/A but not A6 record chains or binary labels to perform
2928N/A lookups in domains that make use of these IPv6 DNS
2928N/A - Performance has been improved.
2928N/A - The man pages now use the more portable "man" macros
2928N/A rather than the "mandoc" macros, and are installed
2928N/A It now supports "include" directives in more
2928N/A places such as inside "view" statements, and it no
3158N/A longer has any reserved words.
2928N/A - The "rndc status" command is now implemented.
2928N/A - rndc can now be configured automatically.
2928N/A - A BIND 8 compatible stub resolver library is now
2928N/A - OpenSSL has been removed from the distribution. This
2928N/A means that to use DNSSEC, OpenSSL must be installed and
2928N/A the --with-openssl option must be supplied to configure.
2928N/A This does not apply to the use of TSIG, which does not
2928N/A - The source distribution now builds on Windows NT/2000.
2928N/A This distribution also includes a new lightweight stub
2928N/A resolver library and associated resolver daemon that fully
2928N/A support forward and reverse lookups of both IPv4 and IPv6
2928N/A addresses. This library is considered experimental and
2928N/A is not a complete replacement for the BIND 8 resolver library.
2928N/A Applications that use the BIND 8 res_* functions to perform
2928N/A DNS lookups or dynamic updates still need to be linked against
2928N/A the BIND 8 libraries. For DNS lookups, they can also use the
3158N/A new "getrrsetbyname()" API.
3158N/A BIND 9.2 is capable of acting as an authoritative server
2928N/A for DNSSEC secured zones. This functionality is believed to
2928N/A be stable and complete except for lacking support for
2928N/A verifications involving wildcard records in secure zones.
2928N/A When acting as a caching server, BIND 9.2 can be configured
2928N/A to perform DNSSEC secure resolution on behalf of its clients.
2928N/A This part of the DNSSEC implementation is still considered
2928N/A experimental. For detailed information about the state of the
2928N/A There are a few known bugs:
2928N/A On some systems, IPv6 and IPv4 sockets interact in
2928N/A To reduce the impact of these problems, the server
2928N/A no longer listens for requests on IPv6 addresses
2928N/A by default. If you need to accept DNS queries over
2928N/A IPv6, you must specify "listen-on-v6 { any; };"
2928N/A FreeBSD prior to 4.2 (and 4.2 if running as non-root)
2928N/A and OpenBSD prior to 2.8 log messages like
2928N/A "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
2928N/A OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
2928N/A OS X 10.2 (Darwin 6.0) reports errors like
2928N/A "fcntl(3, F_SETFL, 4): Operation not supported by device".
2928N/A --with-libtool does not work on AIX.
2928N/A A bug in the Windows 2000 DNS server can cause zone transfers
2928N/A from a BIND 9 server to a W2K server to fail. For details,
2928N/A For a detailed list of user-visible changes from
2928N/A previous releases, see the CHANGES file.
2928N/A BIND 9 currently requires a UNIX system with an ANSI C compiler,
2928N/A basic POSIX support, and a 64 bit integer type.
2928N/A We've had successful builds and tests on the following systems:
2928N/A COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
2928N/A FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
2928N/A Red Hat Linux 6.0, 6.1, 6.2, 7.0
2928N/A Additionally, we have unverified reports of success building
2928N/A previous versions of BIND 9 from users of the following systems:
2928N/A Do not use a parallel "make".
2928N/A Several environment variables that can be set before running
2928N/A configure will affect compilation:
2928N/A The C compiler to use. configure tries to figure
2928N/A out the right one for supported systems.
2928N/A as supported by the compiler.
2928N/A System header file directories. Can be used to specify
2928N/A where add-on thread or IPv6 support is, for example.
2928N/A Any additional preprocessor symbols you want defined.
2928N/A To build shared libraries, specify "--with-libtool" on the
2928N/A For the server to support DNSSEC, you need to build it
2928N/A with crypto support. You must have OpenSSL 0.9.5a
2928N/A or newer installed and specify "--with-openssl" on the
2928N/A configure command line. If OpenSSL is installed under
2928N/A a nonstandard prefix, you can tell configure where to
2928N/A look for it using "--with-openssl=/prefix".
3158N/A To build libbind (the BIND 8 resolver library), specify
3158N/A "--enable-libbind" on the configure command line.
3158N/A On some platforms, BIND 9 can be built with multithreading
2928N/A support, allowing it to take advantage of multiple CPUs.
2928N/A You can specify whether to build a multithreaded BIND 9
2928N/A by specifying "--enable-threads" or "--disable-threads"
2928N/A on the configure command line. The default is operating
2928N/A If your operating system has integrated support for IPv6, it
2928N/A will be used automatically. If you have installed KAME IPv6
2928N/A separately, use "--with-kame[=PATH]" to specify its location.
2928N/A "make install" will install "named" and the various BIND 9 libraries.
2928N/A with the "--prefix" option when running "configure".
2928N/A You may specify the option "--sysconfdir" to set the directory
2928N/A and "--localstatedir" to set the default parent directory
2958N/A --sysconfdir defaults to "/etc" and --localstatedir defaults to
2928N/A "/var" if no --prefix option is given. If there is a --prefix
2928N/A To see additional configure options, run "configure --help".
2928N/A Note that the help message does not reflect the BIND 8
2928N/A compatibility defaults for sysconfdir and localstatedir.
2928N/A If you're planning on making changes to the BIND 9 source, you
2928N/A should also "make depend". If you're using Emacs, you might find
2928N/A If you need to re-run configure please run "make distclean" first.
2928N/A This will ensure that all the option changes take.
2958N/A Building with gcc is not supported, unless gcc is the vendor's usual
2928N/A compiler (
e.g. the various BSD systems, Linux).
2928N/A * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
2928N/A * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
2928N/A A limited test suite can be run with "make test". Many of
2928N/A the tests require you to configure a set of virtual IP addresses
2928N/A The BIND 9 Administrator Reference Manual is included with the
2928N/A source distribution in DocBook XML and HTML format, in the
2928N/A Some of the programs in the BIND 9 distribution have man pages
2928N/A in their directories. In particular, the command line
2928N/A There is now also a set of man pages for the lwres library.
2928N/A If you are upgrading from BIND 8, please read the migration
2928N/A Frequently asked questions and their answers can be found in
2958N/ABug Reports and Mailing Lists
2928N/A Bugs reports should be sent to
2928N/A To join the BIND 9 Users mailing list, send mail to
2928N/A bind9-users-request@isc.org
2928N/A archives of which can be found via
2928N/A If you're planning on making changes to the BIND 9 source
2928N/A code, you might want to join the BIND Workers mailing list.
2928N/A bind-workers-request@isc.org