xref/bind-9.11.3/README

	README revision e4c4cf5177d23e144897e0e26ae210cfdb9612eb
0029bf606761c2adb611571c00cad699ae37c36aStephan BoschBIND 9
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch    BIND version 9 is a major rewrite of nearly all aspects of the
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    underlying BIND architecture.  Some of the important features of
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    BIND 9 are:
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch        - DNS Security
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch            DNSSEC (signed zones)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch            TSIG (signed DNS requests)
cbd1d1a197f57d894c22863058b0ea3f2d2f68ffStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        - IP version 6
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch            Answers DNS queries on IPv6 sockets
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch            IPv6 resource records (AAAA)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch            Experimental IPv6 Resolver Library
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch        - DNS Protocol Enhancements
e3d554ca3408b7ea692f6f0b9ef5e6579e345627Stephan Bosch            IXFR, DDNS, Notify, EDNS0
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch            Improved standards conformance
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        - Views
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch            One server process can provide multiple "views" of
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch            the DNS namespace, e.g. an "inside" view to certain
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch            clients, and an "outside" view to others.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch        - Multiprocessor Support
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch        - Improved Portability Architecture
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch    BIND version 9 development has been underwritten by the following
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch    organizations:
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        Sun Microsystems, Inc.
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        Hewlett Packard
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        Compaq Computer Corporation
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        IBM
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        Process Software Corporation
95b2dd305586ff4ce1927a3b5f92515a16fce60bStephan Bosch        Silicon Graphics, Inc.
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch        Network Associates, Inc.
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch        U.S. Defense Information Systems Agency
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch        USENIX Association
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch        Stichting NLnet - NLnet Foundation
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch        Nominum, Inc.
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch    For a summary of functional enhancements in previous
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch    releases, see the HISTORY file.
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch    For a detailed list of user-visible changes from
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch    previous releases, see the CHANGES file.
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan BoschBIND 9.9.0
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
447ae13a88887d9503c05be61a4368cfae44d96dStephan Bosch    BIND 9.9.0 includes a number of changes from BIND 9.6 and earlier
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    releases.  New features include:
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch        - NXDOMAIN redirection.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch        - Improved scalability from using multiple threads to
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch          listen for queries.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch        - New 'rndc flushtree' command clears all data under a given
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch          name from the DNS cache.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch        - New 'rndc sync' command dumps pending changes in a dynamic zone
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch          to disk without a freeze/thaw cycle.
e3d554ca3408b7ea692f6f0b9ef5e6579e345627Stephan Bosch        - The 'also-notify' option now takes the same syntax as
e3d554ca3408b7ea692f6f0b9ef5e6579e345627Stephan Bosch          'masters', so it can used named masterlists and TSIG keys.
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch        - 'auto-dnssec' zones can now have NSEC3 parameters set prior
447ae13a88887d9503c05be61a4368cfae44d96dStephan Bosch          to signing.
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch        - 'dnssec-signzone -D' writes an output file containing only DNSSEC
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch          data, which can be included by the primary zone file.
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch        - 'dnssec-signzone -R' forces removal of signatures that are
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch          not expired but were created by a key which no longer exists.
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch        - 'dnssec-signzone -X' allows a separate expiration date to
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch          be specified for DNSKEY signatures from other signatures.
420dc25a312689198499a7d1a917f54da24e506fStephan Bosch        - New '-L' option to dnssec-keygen, dnssec-settime, and
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch          dnssec-keyfromlabel sets the default TTL for the key.
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        - dnssec-dsfromkey now supports reading from standard input,
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch          to make it easier to convert DNSKEY to DS.
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        - RFC 1918 reverse zones have been added to the empty-zones
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch          table per RFC 6303.
fd3bad18722b9910d3cc3f4fa18653f0d320dfa7Stephan Bosch        - Dynamic updates can now optionally set the zone's SOA serial
447ae13a88887d9503c05be61a4368cfae44d96dStephan Bosch          number to the current UNIX time.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan BoschBIND 9.8.0
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    DNS64 support (AAAA synthesis only initially).
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan BoschBIND 9.7.0
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    releases.  Most are intended to simplify DNSSEC configuration.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    New features include:
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Fully automatic signing of zones by "named".
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Simplified configuration of DNSSEC Lookaside Validation (DLV).
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Simplified configuration of Dynamic DNS, using the "ddns-confgen"
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      command line tool or the "local" update-policy option.  (As a side
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      effect, this also makes it easier to configure automatic zone
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      re-signing.)
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - New named option "attach-cache" that allows multiple views to
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      share a single cache.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - DNS rebinding attack prevention.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - New default values for dnssec-keygen parameters.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Support for RFC 5011 automated trust anchor maintenance
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Smart signing: simplified tools for zone signing and key
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      maintenance.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - The "statistics-channels" option is now available on Windows.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - A new DNSSEC-aware libdns API for use by non-BIND9 applications
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - On some platforms, named and other binaries can now print out
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      a stack backtrace on assertion failure, to aid in debugging.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - A "tools only" installation mode on Windows, which only installs
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      dig, host, nslookup and nsupdate.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Improved PKCS#11 support, including Keyper support and explicit
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      OpenSSL engine selection.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    Known issues in this release:
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - In rare cases, DNSSEC validation can leak memory.  When this
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      happens, it will cause an assertion failure when named exits,
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      but is otherwise harmless.  A fix exists, but was too late for
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      this release; it will be included in BIND 9.7.1.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    Compatibility notes:
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      you should ensure that all changes that are in progress have
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      completed prior to upgrading to BIND 9.7.  BIND 9.7 implements
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      those features in a way which is not backwards compatible.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Prior releases had a bug which caused HMAC-SHA* keys with long
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      secrets to be used incorrectly.  Fixing this bug means that older
447ae13a88887d9503c05be61a4368cfae44d96dStephan Bosch      versions of BIND 9 may fail to interoperate with this version
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      when using TSIG keys.  If this occurs, the new "isc-hmac-fixup"
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      tool will convert a key with a long secret into a form that works
0029bf606761c2adb611571c00cad699ae37c36aStephan Bosch      correctly with all versions of BIND 9.  See the "isc-hmac-fixup"
fd3bad18722b9910d3cc3f4fa18653f0d320dfa7Stephan Bosch      man page for additional details.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      It is possible for the new key ID to collide with that of a
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      different key.  Newly generated keys will not have this problem,
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      as "dnssec-keygen" looks for potential collisions before
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      generating keys, but exercise caution if using key revokation
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      with keys that were generated by older versions of BIND 9.  See
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      the Administrator's Reference Manual, section 4.10 ("Dynamic
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch      Trust Anchor Management") for more details.
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch
1d2e367e199368932c02a306ddedbc7566553a15Stephan Bosch    - A bug was fixed in which a key's scheduled inactivity date was
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch      stored incorectly.  Users who participated in the 9.7.0 BETA test
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch      and had DNSSEC keys with scheduled inactivity dates will need to
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch      reset those keys' dates using "dnssec-settime -I".
447ae13a88887d9503c05be61a4368cfae44d96dStephan Bosch
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan BoschBuilding
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch    BIND 9 currently requires a UNIX system with an ANSI C compiler,
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch    basic POSIX support, and a 64 bit integer type.
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch    We've had successful builds and tests on the following systems:
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        COMPAQ Tru64 UNIX 5.1B
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        Fedora Core 6
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        FreeBSD 4.10, 5.2.1, 6.2
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        HP-UX 11.11
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        Mac OS X 10.5
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        NetBSD 3.x, 4.0-beta, 5.0-beta
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        OpenBSD 3.3 and up
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        Solaris 8, 9, 9 (x86), 10
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        Ubuntu 7.04, 7.10
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        Windows XP/2003/2008
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        NOTE:  As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        Windows, including Windows NT and Windows 2000, are no longer
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        supported.
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch    We have recent reports from the user community that a supported
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch    version of BIND will build and run on the following systems:
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        AIX 4.3, 5L
a3259cc32f0d62c6e495b959393b2c2f4184167bStephan Bosch        CentOS 4, 4.5, 5
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Darwin 9.0.0d1/ARM
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        Debian 4
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        Fedora Core 5, 7
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        FreeBSD 6.1
1c1396ed2f41328c88c1cfd73cb0168389507123Stephan Bosch        HP-UX 11.23 PA
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch        MacOS X 10.4, 10.5
e5f4eb14718eb210243592bc68e0a0fd61a7174fStephan Bosch        Red Hat Enterprise Linux 4, 5
e5f4eb14718eb210243592bc68e0a0fd61a7174fStephan Bosch        SCO OpenServer 5.0.6
e5f4eb14718eb210243592bc68e0a0fd61a7174fStephan Bosch        Slackware 9, 10
e5f4eb14718eb210243592bc68e0a0fd61a7174fStephan Bosch        SuSE 9, 10
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    To build, just
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        ./configure
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        make
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    Do not use a parallel "make".
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    Several environment variables that can be set before running
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    configure will affect compilation:
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        CC
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        The C compiler to use.  configure tries to figure
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        out the right one for supported systems.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        CFLAGS
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        C compiler flags.  Defaults to include -g and/or -O2
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        as supported by the compiler.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        STD_CINCLUDES
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        System header file directories.  Can be used to specify
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        where add-on thread or IPv6 support is, for example.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Defaults to empty string.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        STD_CDEFINES
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Any additional preprocessor symbols you want defined.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Defaults to empty string.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Possible settings:
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Change the default syslog facility of named/lwresd.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch          -DISC_FACILITY=LOG_LOCAL0
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Enable DNSSEC signature chasing support in dig.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch          -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch                    -DDIG_SIGCHASE_BU=1)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Disable dropping queries from particular well known ports.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch          -DNS_CLIENT_DROPPORT=0
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch            Sibling glue checking in named-checkzone is enabled by default.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        To disable the default check set.  -DCHECK_SIBLING=0
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        named-checkzone checks out-of-zone addresses by default.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        To disable this default set.  -DCHECK_LOCAL=0
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        To create the default pid files in ${localstatedir}/run rather
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        than ${localstatedir}/run/{named,lwresd}/ set.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch          -DNS_RUN_PID_DIR=0
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Enable workaround for Solaris kernel bug about /dev/poll
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch          -DISC_SOCKET_USE_POLLWATCH=1
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch          The watch timeout is also configurable, e.g.,
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch          -DISC_SOCKET_POLLWATCH_TIMEOUT=20
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        LDFLAGS
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Linker flags. Defaults to empty string.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    The following need to be set when cross compiling.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        BUILD_CC
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        The native C compiler.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        BUILD_CFLAGS (optional)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        BUILD_CPPFLAGS (optional)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Possible Settings:
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        -DNEED_OPTARG=1     (optarg is not declared in <unistd.h>)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        BUILD_LDFLAGS (optional)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        BUILD_LIBS (optional)
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    To build shared libraries, specify "--with-libtool" on the
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    configure command line.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    For the server to support DNSSEC, you need to build it
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    with crypto support.  You must have OpenSSL 0.9.5a
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    or newer installed and specify "--with-openssl" on the
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    configure command line.  If OpenSSL is installed under
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    a nonstandard prefix, you can tell configure where to
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    look for it using "--with-openssl=/prefix".
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    On some platforms it is necessary to explictly request large
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    file support to handle files bigger than 2GB.  This can be
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    done by "--enable-largefile" on the configure command line.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    On some platforms, BIND 9 can be built with multithreading
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    support, allowing it to take advantage of multiple CPUs.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    You can specify whether to build a multithreaded BIND 9
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    by specifying "--enable-threads" or "--disable-threads"
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    on the configure command line.  The default is operating
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    system dependent.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Support for the "fixed" rrset-order option can be enabled
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        or disabled by specifying "--enable-fixed-rrset" or
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        "--disable-fixed-rrset" on the configure command line.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        The default is "disabled", to reduce memory footprint.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    If your operating system has integrated support for IPv6, it
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    will be used automatically.  If you have installed KAME IPv6
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    separately, use "--with-kame[=PATH]" to specify its location.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    "make install" will install "named" and the various BIND 9 libraries.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    By default, installation is into /usr/local, but this can be changed
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    with the "--prefix" option when running "configure".
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    You may specify the option "--sysconfdir" to set the directory
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    where configuration files like "named.conf" go by default,
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    and "--localstatedir" to set the default parent directory
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    of "run/named.pid".   For backwards compatibility with BIND 8,
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    --sysconfdir defaults to "/etc" and --localstatedir defaults to
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    "/var" if no --prefix option is given.  If there is a --prefix
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    option, sysconfdir defaults to "$prefix/etc" and localstatedir
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    defaults to "$prefix/var".
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    To see additional configure options, run "configure --help".
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    Note that the help message does not reflect the BIND 8
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    compatibility defaults for sysconfdir and localstatedir.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    If you're planning on making changes to the BIND 9 source, you
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    should also "make depend".  If you're using Emacs, you might find
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    "make tags" helpful.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    If you need to re-run configure please run "make distclean" first.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    This will ensure that all the option changes take.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    Building with gcc is not supported, unless gcc is the vendor's usual
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    compiler (e.g. the various BSD systems, Linux).
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    Known compiler issues:
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    * gcc-3.3.5 powerpc generates incorrect code at -02.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    * Irix, MipsPRO 7.4.1m is known to cause problems.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    A limited test suite can be run with "make test".  Many of
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    the tests require you to configure a set of virtual IP addresses
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    on your system, and some require Perl; see bin/tests/system/README
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    for details.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    SunOS 4 requires "printf" to be installed to make the shared
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    libraries.  sh-utils-1.16 provides a "printf" which compiles
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    on SunOS 4.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan BoschDocumentation
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    The BIND 9 Administrator Reference Manual is included with the
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    source distribution in DocBook XML and HTML format, in the
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    doc/arm directory.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    Some of the programs in the BIND 9 distribution have man pages
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    in their directories.  In particular, the command line
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    options of "named" are documented in /bin/named/named.8.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    There is now also a set of man pages for the lwres library.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    If you are upgrading from BIND 8, please read the migration
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    notes in doc/misc/migration.  If you are upgrading from
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    BIND 4, read doc/misc/migration-4to9.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    Frequently asked questions and their answers can be found in
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch    FAQ.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        Additional information on various subjects can be found
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch        in the other README files.
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan BoschBug Reports and Mailing Lists
4c10d203d1581b9e850a0e4552567fe7fec9598bStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch    Bugs reports should be sent to
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch        bind9-bugs@isc.org
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch    To join the BIND Users mailing list, send mail to
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
cbd1d1a197f57d894c22863058b0ea3f2d2f68ffStephan Bosch        bind-users-request@isc.org
cbd1d1a197f57d894c22863058b0ea3f2d2f68ffStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch    archives of which can be found via
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch        http://www.isc.org/ops/lists/
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
447ae13a88887d9503c05be61a4368cfae44d96dStephan Bosch    If you're planning on making changes to the BIND 9 source
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch    code, you might want to join the BIND Workers mailing list.
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch    Send mail to
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch        bind-workers-request@isc.org
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
fb2e20a30de93e83bbfe407f8231181f69ae684fStephan Bosch
e5f4eb14718eb210243592bc68e0a0fd61a7174fStephan Bosch