README revision 76786c2904942b708d8a7a4659df74da5dc9446e
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync BIND version 9 is a major rewrite of nearly all aspects of the
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync underlying BIND architecture. Some of the important features of
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync BIND 9 are:
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync - DNS Security
e64031e20c39650a7bc902a3e1aba613b9415deevboxsync DNSSEC (signed zones)
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync TSIG (signed DNS requests)
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync - IP version 6
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Answers DNS queries on IPv6 sockets
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync IPv6 resource records (AAAA)
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Experimental IPv6 Resolver Library
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync - DNS Protocol Enhancements
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync IXFR, DDNS, Notify, EDNS0
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Improved standards conformance
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync One server process can provide multiple "views" of
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync the DNS namespace, e.g. an "inside" view to certain
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync clients, and an "outside" view to others.
9040f019271f91b98e1320c0a8c38a42636e3979vboxsync - Multiprocessor Support
9040f019271f91b98e1320c0a8c38a42636e3979vboxsync - Improved Portability Architecture
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync BIND version 9 development has been underwritten by the following
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync organizations:
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Sun Microsystems, Inc.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Hewlett Packard
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Compaq Computer Corporation
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Process Software Corporation
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Silicon Graphics, Inc.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Network Associates, Inc.
9040f019271f91b98e1320c0a8c38a42636e3979vboxsync U.S. Defense Information Systems Agency
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync USENIX Association
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Stichting NLnet - NLnet Foundation
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Nominum, Inc.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync releases, including:
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Support for RFC 5011, automated trust anchor maintenance.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Simplified configuration of DNSSEC Lookaside Validation (DLV).
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Simplified configuration of Dynamic DNS using the "ddns-confgen"
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync command line tool or the "ddns-autoconf" zone option.
9040f019271f91b98e1320c0a8c38a42636e3979vboxsync New named option "attach-cache" that allows multiple views to
9040f019271f91b98e1320c0a8c38a42636e3979vboxsync share a single cache.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync New logging category "query-errors" to provide detailed
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync internal information about query failures, especially about
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync server failures.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync DNS rebinding attack prevention.
cc5db764b0331d17575b3f384d29e1c74970e62fvboxsync BIND 9.6.0 includes a number of changes from BIND 9.5 and earlier
99be02f9e15a3ca61b6a7c207cc7eb68dbd04817vboxsync releases, including:
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Full NSEC3 support
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Automatic zone re-signing
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync New update-policy methods tcp-self and 6to4-self
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync The BIND 8 resolver library, libbind, has been removed from the
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync BIND 9 distribution and is now available as a separate download.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Change the default pid file location from /var/run to
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync /var/run/{named,lwresd} for improved chroot/setuid support.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync BIND 9.5.0 has a number of new features over 9.4,
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync GSS-TSIG support (RFC 3645).
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync DHCID support.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Experimental http server and statistics support for named via xml.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync More detailed statistics counters including those supported in BIND 8.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Faster ACL processing.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Use Doxygen to generate internal documentation.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Efficient LRU cache-cleaning mechanism.
6c90795355c6e59ba82e8e5a58e10d686a6d6e65vboxsync NSID support.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync BIND 9.4.0 has a number of new features over 9.3,
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Implemented "additional section caching (or acache)", an
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync internal cache framework for additional section content to
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync improve response performance. Several configuration options
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync were provided to control the behavior.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync New notify type 'master-only'. Enable notify for master
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync zones only.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Accept 'notify-source' style syntax for query-source.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync rndc now allows addresses to be set in the server clauses.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync New option "allow-query-cache". This lets "allow-query"
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync be used to specify the default zone access level rather
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync than having to have every zone override the global value.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync "allow-query-cache" can be set at both the options and view
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync levels. If "allow-query-cache" is not set then "allow-recursion"
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync is used if set, otherwise "allow-query" is used if set
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync unless "recursion no;" is set in which case "none;" is used,
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync otherwise the default (localhost; localnets;) is used.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync rndc: the source address can now be specified.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync ixfr-from-differences now takes master and slave in addition
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync to yes and no at the options and view levels.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Allow the journal's name to be changed via named.conf.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync 'rndc notify zone [class [view]]' resend the NOTIFY messages
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync for the specified zone.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync 'dig +trace' now randomly selects the next servers to try.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Report if there is a bad delegation.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Improve check-names error messages.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Make public the function to read a key file, dst_key_read_public().
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync dig now returns the byte count for axfr/ixfr.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync allow-update is now settable at the options / view level.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync named-checkconf now checks the logging configuration.
a0a9f39e8864357c2e1e61106958411240f5bf6bvboxsync host now can turn on memory debugging flags with '-m'.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Don't send notify messages to self.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Perform sanity checks on NS records which refer to 'in zone' names.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync New zone option "notify-delay". Specify a minimum delay
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync between sets of NOTIFY messages.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Extend adjusting TTL warning messages.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Named and named-checkzone can now both check for non-terminal
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync wildcard records.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync named-checkconf now check acls to verify that they only
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync refer to existing acls.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync The server syntax has been extended to support a range of
71e61358090b8d7bad611a6d38786ebd63ed04e1vboxsync Report differences between hints and real NS rrset and
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync associated address records.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Preserve the case of domain names in rdata during zone
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Restructured the data locking framework using architecture
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync dependent atomic operations (when available), improving
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync response performance on multi-processor machines significantly.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync x86, x86_64, alpha, powerpc, and mips are currently supported.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync UNIX domain controls are now supported.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Add support for additional zone file formats for improving
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync loading performance. The masterfile-format option in
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync named.conf can be used to specify a non-default format. A
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync separate command named-compilezone was provided to generate
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync zone files in the new format. Additionally, the -I and -O
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync options for dnssec-signzone specify the input and output
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync dnssec-signzone can now randomize signature end times
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync (dnssec-signzone -j jitter).
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Add support for CH A record.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Add additional zone data constancy checks. named-checkzone
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync has extended checking of NS, MX and SRV record and the hosts
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync they reference. named has extended post zone load checks.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync New zone options: check-mx and integrity-check.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync edns-udp-size can now be overridden on a per server basis.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync dig can now specify the EDNS version when making a query.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Added framework for handling multiple EDNS versions.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Additional memory debugging support to track size and mctx
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync Detect duplicates of UDP queries we are recursing on and
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync drop them. New stats category "duplicates".
01ea175f55740168d1dd0af3277d3b86a30b4f91vboxsync "USE INTERNAL MALLOC" is now runtime selectable.
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync The lame cache is now done on a <qname,qclass,qtype> basis
19a258565a4d24e5a0af62f626943ac9b898d957vboxsync as some servers only appear to be lame for certain query
Automatic empty zone creation for D.F.IP6.ARPA and friends.
host/nslookup now continue (default)/fail on SERVFAIL.
was set in the query. host/nslookup skip servers that fail
See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
IPv4/IPv6 transition support, dual-stack-servers.
- The named.conf parser has been completely rewritten.
included in lib/bind.
DNSSEC implementation, see the file doc/misc/dnssec.
unexpected ways. For details, see doc/misc/ipv6.
in the named.conf options statement.
This is due to a bug in "/dev/random" and impacts the
This is due to a bug in "/dev/random" and impacts the
see the "Zone Transfers" section in doc/misc/migration.
NetBSD 3.x, 4.0-beta, 5.0-beta
C compiler flags. Defaults to include -g and/or -O2
Change the default syslog facility of named/lwresd.
Enable workaround for Solaris kernel bug about /dev/poll
The watch timeout is also configurable, e.g.,
-DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
By default, installation is into /usr/local, but this can be changed
where configuration files like "named.conf" go by default,
of "run/named.pid". For backwards compatibility with BIND 8,
option, sysconfdir defaults to "$prefix/etc" and localstatedir
defaults to "$prefix/var".
compiler (e.g. the various BSD systems, Linux).
on your system, and some require Perl; see bin/tests/system/README
doc/arm directory.
options of "named" are documented in /bin/named/named.8.
notes in doc/misc/migration. If you are upgrading from
BIND 4, read doc/misc/migration-4to9.