xref/bind-9.11.3/README

	README revision e4c4cf5177d23e144897e0e26ae210cfdb9612eb
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob HalleyBIND 9
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews    BIND version 9 is a major rewrite of nearly all aspects of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    underlying BIND architecture.  Some of the important features of
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater    BIND 9 are:
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley        - DNS Security
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            DNSSEC (signed zones)
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews            TSIG (signed DNS requests)
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - IP version 6
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews            Answers DNS queries on IPv6 sockets
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews            IPv6 resource records (AAAA)
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews            Experimental IPv6 Resolver Library
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley        - DNS Protocol Enhancements
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User            IXFR, DDNS, Notify, EDNS0
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Improved standards conformance
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - Views
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            One server process can provide multiple "views" of
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews            the DNS namespace, e.g. an "inside" view to certain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            clients, and an "outside" view to others.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        - Multiprocessor Support
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - Improved Portability Architecture
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    BIND version 9 development has been underwritten by the following
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    organizations:
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Sun Microsystems, Inc.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Hewlett Packard
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User        Compaq Computer Corporation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        IBM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Process Software Corporation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Silicon Graphics, Inc.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Network Associates, Inc.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        U.S. Defense Information Systems Agency
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        USENIX Association
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Stichting NLnet - NLnet Foundation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Nominum, Inc.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    For a summary of functional enhancements in previous
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User    releases, see the HISTORY file.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User    For a detailed list of user-visible changes from
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews    previous releases, see the CHANGES file.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox UserBIND 9.9.0
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User    BIND 9.9.0 includes a number of changes from BIND 9.6 and earlier
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    releases.  New features include:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - NXDOMAIN redirection.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - Improved scalability from using multiple threads to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          listen for queries.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - New 'rndc flushtree' command clears all data under a given
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          name from the DNS cache.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - New 'rndc sync' command dumps pending changes in a dynamic zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          to disk without a freeze/thaw cycle.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - The 'also-notify' option now takes the same syntax as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          'masters', so it can used named masterlists and TSIG keys.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - 'auto-dnssec' zones can now have NSEC3 parameters set prior
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User          to signing.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - 'dnssec-signzone -D' writes an output file containing only DNSSEC
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          data, which can be included by the primary zone file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - 'dnssec-signzone -R' forces removal of signatures that are
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User          not expired but were created by a key which no longer exists.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        - 'dnssec-signzone -X' allows a separate expiration date to
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User          be specified for DNSKEY signatures from other signatures.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        - New '-L' option to dnssec-keygen, dnssec-settime, and
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User          dnssec-keyfromlabel sets the default TTL for the key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        - dnssec-dsfromkey now supports reading from standard input,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          to make it easier to convert DNSKEY to DS.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        - RFC 1918 reverse zones have been added to the empty-zones
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User          table per RFC 6303.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        - Dynamic updates can now optionally set the zone's SOA serial
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User          number to the current UNIX time.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinBIND 9.8.0
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    DNS64 support (AAAA synthesis only initially).
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox UserBIND 9.7.0
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    releases.  Most are intended to simplify DNSSEC configuration.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    New features include:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - Fully automatic signing of zones by "named".
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - Simplified configuration of DNSSEC Lookaside Validation (DLV).
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - Simplified configuration of Dynamic DNS, using the "ddns-confgen"
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      command line tool or the "local" update-policy option.  (As a side
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      effect, this also makes it easier to configure automatic zone
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      re-signing.)
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - New named option "attach-cache" that allows multiple views to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      share a single cache.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    - DNS rebinding attack prevention.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - New default values for dnssec-keygen parameters.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - Support for RFC 5011 automated trust anchor maintenance
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - Smart signing: simplified tools for zone signing and key
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      maintenance.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - The "statistics-channels" option is now available on Windows.
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User    - A new DNSSEC-aware libdns API for use by non-BIND9 applications
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User    - On some platforms, named and other binaries can now print out
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      a stack backtrace on assertion failure, to aid in debugging.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - A "tools only" installation mode on Windows, which only installs
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      dig, host, nslookup and nsupdate.
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User    - Improved PKCS#11 support, including Keyper support and explicit
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User      OpenSSL engine selection.
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User    Known issues in this release:
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User    - In rare cases, DNSSEC validation can leak memory.  When this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      happens, it will cause an assertion failure when named exits,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      but is otherwise harmless.  A fix exists, but was too late for
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      this release; it will be included in BIND 9.7.1.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews    Compatibility notes:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      you should ensure that all changes that are in progress have
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      completed prior to upgrading to BIND 9.7.  BIND 9.7 implements
24abfe433efd98bb2099b867fb14d049b2f1f531Tinderbox User      those features in a way which is not backwards compatible.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - Prior releases had a bug which caused HMAC-SHA* keys with long
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      secrets to be used incorrectly.  Fixing this bug means that older
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      versions of BIND 9 may fail to interoperate with this version
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      when using TSIG keys.  If this occurs, the new "isc-hmac-fixup"
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      tool will convert a key with a long secret into a form that works
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      correctly with all versions of BIND 9.  See the "isc-hmac-fixup"
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      man page for additional details.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    - Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User      It is possible for the new key ID to collide with that of a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      different key.  Newly generated keys will not have this problem,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      as "dnssec-keygen" looks for potential collisions before
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      generating keys, but exercise caution if using key revokation
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User      with keys that were generated by older versions of BIND 9.  See
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the Administrator's Reference Manual, section 4.10 ("Dynamic
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      Trust Anchor Management") for more details.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    - A bug was fixed in which a key's scheduled inactivity date was
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      stored incorectly.  Users who participated in the 9.7.0 BETA test
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      and had DNSSEC keys with scheduled inactivity dates will need to
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      reset those keys' dates using "dnssec-settime -I".
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox UserBuilding
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    BIND 9 currently requires a UNIX system with an ANSI C compiler,
395c95214142142854509945adf3293c0270e1c5Tinderbox User    basic POSIX support, and a 64 bit integer type.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    We've had successful builds and tests on the following systems:
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        COMPAQ Tru64 UNIX 5.1B
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Fedora Core 6
395c95214142142854509945adf3293c0270e1c5Tinderbox User        FreeBSD 4.10, 5.2.1, 6.2
395c95214142142854509945adf3293c0270e1c5Tinderbox User        HP-UX 11.11
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Mac OS X 10.5
395c95214142142854509945adf3293c0270e1c5Tinderbox User        NetBSD 3.x, 4.0-beta, 5.0-beta
395c95214142142854509945adf3293c0270e1c5Tinderbox User        OpenBSD 3.3 and up
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Solaris 8, 9, 9 (x86), 10
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Ubuntu 7.04, 7.10
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Windows XP/2003/2008
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        NOTE:  As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Windows, including Windows NT and Windows 2000, are no longer
395c95214142142854509945adf3293c0270e1c5Tinderbox User        supported.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    We have recent reports from the user community that a supported
395c95214142142854509945adf3293c0270e1c5Tinderbox User    version of BIND will build and run on the following systems:
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        AIX 4.3, 5L
395c95214142142854509945adf3293c0270e1c5Tinderbox User        CentOS 4, 4.5, 5
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Darwin 9.0.0d1/ARM
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Debian 4
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Fedora Core 5, 7
395c95214142142854509945adf3293c0270e1c5Tinderbox User        FreeBSD 6.1
395c95214142142854509945adf3293c0270e1c5Tinderbox User        HP-UX 11.23 PA
395c95214142142854509945adf3293c0270e1c5Tinderbox User        MacOS X 10.4, 10.5
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Red Hat Enterprise Linux 4, 5
395c95214142142854509945adf3293c0270e1c5Tinderbox User        SCO OpenServer 5.0.6
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Slackware 9, 10
395c95214142142854509945adf3293c0270e1c5Tinderbox User        SuSE 9, 10
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    To build, just
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        ./configure
395c95214142142854509945adf3293c0270e1c5Tinderbox User        make
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    Do not use a parallel "make".
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    Several environment variables that can be set before running
395c95214142142854509945adf3293c0270e1c5Tinderbox User    configure will affect compilation:
6d45011a65dfc43f476ca15c3fd9ee5227eb968fTinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        CC
395c95214142142854509945adf3293c0270e1c5Tinderbox User        The C compiler to use.  configure tries to figure
395c95214142142854509945adf3293c0270e1c5Tinderbox User        out the right one for supported systems.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        CFLAGS
395c95214142142854509945adf3293c0270e1c5Tinderbox User        C compiler flags.  Defaults to include -g and/or -O2
395c95214142142854509945adf3293c0270e1c5Tinderbox User        as supported by the compiler.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        STD_CINCLUDES
395c95214142142854509945adf3293c0270e1c5Tinderbox User        System header file directories.  Can be used to specify
395c95214142142854509945adf3293c0270e1c5Tinderbox User        where add-on thread or IPv6 support is, for example.
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Defaults to empty string.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        STD_CDEFINES
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Any additional preprocessor symbols you want defined.
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Defaults to empty string.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Possible settings:
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Change the default syslog facility of named/lwresd.
395c95214142142854509945adf3293c0270e1c5Tinderbox User          -DISC_FACILITY=LOG_LOCAL0
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Enable DNSSEC signature chasing support in dig.
395c95214142142854509945adf3293c0270e1c5Tinderbox User          -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
c0cbdeedb5e119c640f098da1851cb1b9adcc739Tinderbox User                    -DDIG_SIGCHASE_BU=1)
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Disable dropping queries from particular well known ports.
395c95214142142854509945adf3293c0270e1c5Tinderbox User          -DNS_CLIENT_DROPPORT=0
395c95214142142854509945adf3293c0270e1c5Tinderbox User            Sibling glue checking in named-checkzone is enabled by default.
395c95214142142854509945adf3293c0270e1c5Tinderbox User        To disable the default check set.  -DCHECK_SIBLING=0
395c95214142142854509945adf3293c0270e1c5Tinderbox User        named-checkzone checks out-of-zone addresses by default.
395c95214142142854509945adf3293c0270e1c5Tinderbox User        To disable this default set.  -DCHECK_LOCAL=0
395c95214142142854509945adf3293c0270e1c5Tinderbox User        To create the default pid files in ${localstatedir}/run rather
395c95214142142854509945adf3293c0270e1c5Tinderbox User        than ${localstatedir}/run/{named,lwresd}/ set.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User          -DNS_RUN_PID_DIR=0
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Enable workaround for Solaris kernel bug about /dev/poll
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          -DISC_SOCKET_USE_POLLWATCH=1
395c95214142142854509945adf3293c0270e1c5Tinderbox User          The watch timeout is also configurable, e.g.,
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User          -DISC_SOCKET_POLLWATCH_TIMEOUT=20
395c95214142142854509945adf3293c0270e1c5Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        LDFLAGS
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Linker flags. Defaults to empty string.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    The following need to be set when cross compiling.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        BUILD_CC
395c95214142142854509945adf3293c0270e1c5Tinderbox User        The native C compiler.
395c95214142142854509945adf3293c0270e1c5Tinderbox User        BUILD_CFLAGS (optional)
395c95214142142854509945adf3293c0270e1c5Tinderbox User        BUILD_CPPFLAGS (optional)
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Possible Settings:
395c95214142142854509945adf3293c0270e1c5Tinderbox User        -DNEED_OPTARG=1     (optarg is not declared in <unistd.h>)
395c95214142142854509945adf3293c0270e1c5Tinderbox User        BUILD_LDFLAGS (optional)
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User        BUILD_LIBS (optional)
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    To build shared libraries, specify "--with-libtool" on the
395c95214142142854509945adf3293c0270e1c5Tinderbox User    configure command line.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    For the server to support DNSSEC, you need to build it
395c95214142142854509945adf3293c0270e1c5Tinderbox User    with crypto support.  You must have OpenSSL 0.9.5a
395c95214142142854509945adf3293c0270e1c5Tinderbox User    or newer installed and specify "--with-openssl" on the
395c95214142142854509945adf3293c0270e1c5Tinderbox User    configure command line.  If OpenSSL is installed under
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    a nonstandard prefix, you can tell configure where to
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User    look for it using "--with-openssl=/prefix".
395c95214142142854509945adf3293c0270e1c5Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    On some platforms it is necessary to explictly request large
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User    file support to handle files bigger than 2GB.  This can be
395c95214142142854509945adf3293c0270e1c5Tinderbox User    done by "--enable-largefile" on the configure command line.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    On some platforms, BIND 9 can be built with multithreading
395c95214142142854509945adf3293c0270e1c5Tinderbox User    support, allowing it to take advantage of multiple CPUs.
395c95214142142854509945adf3293c0270e1c5Tinderbox User    You can specify whether to build a multithreaded BIND 9
395c95214142142854509945adf3293c0270e1c5Tinderbox User    by specifying "--enable-threads" or "--disable-threads"
395c95214142142854509945adf3293c0270e1c5Tinderbox User    on the configure command line.  The default is operating
395c95214142142854509945adf3293c0270e1c5Tinderbox User    system dependent.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Support for the "fixed" rrset-order option can be enabled
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        or disabled by specifying "--enable-fixed-rrset" or
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        "--disable-fixed-rrset" on the configure command line.
395c95214142142854509945adf3293c0270e1c5Tinderbox User        The default is "disabled", to reduce memory footprint.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    If your operating system has integrated support for IPv6, it
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    will be used automatically.  If you have installed KAME IPv6
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    separately, use "--with-kame[=PATH]" to specify its location.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    "make install" will install "named" and the various BIND 9 libraries.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    By default, installation is into /usr/local, but this can be changed
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    with the "--prefix" option when running "configure".
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    You may specify the option "--sysconfdir" to set the directory
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    where configuration files like "named.conf" go by default,
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    and "--localstatedir" to set the default parent directory
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    of "run/named.pid".   For backwards compatibility with BIND 8,
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    --sysconfdir defaults to "/etc" and --localstatedir defaults to
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    "/var" if no --prefix option is given.  If there is a --prefix
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    option, sysconfdir defaults to "$prefix/etc" and localstatedir
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    defaults to "$prefix/var".
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    To see additional configure options, run "configure --help".
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    Note that the help message does not reflect the BIND 8
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    compatibility defaults for sysconfdir and localstatedir.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    If you're planning on making changes to the BIND 9 source, you
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    should also "make depend".  If you're using Emacs, you might find
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    "make tags" helpful.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    If you need to re-run configure please run "make distclean" first.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    This will ensure that all the option changes take.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    Building with gcc is not supported, unless gcc is the vendor's usual
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    compiler (e.g. the various BSD systems, Linux).
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    Known compiler issues:
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
395c95214142142854509945adf3293c0270e1c5Tinderbox User    * gcc-3.3.5 powerpc generates incorrect code at -02.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    * Irix, MipsPRO 7.4.1m is known to cause problems.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    A limited test suite can be run with "make test".  Many of
395c95214142142854509945adf3293c0270e1c5Tinderbox User    the tests require you to configure a set of virtual IP addresses
395c95214142142854509945adf3293c0270e1c5Tinderbox User    on your system, and some require Perl; see bin/tests/system/README
395c95214142142854509945adf3293c0270e1c5Tinderbox User    for details.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    SunOS 4 requires "printf" to be installed to make the shared
395c95214142142854509945adf3293c0270e1c5Tinderbox User    libraries.  sh-utils-1.16 provides a "printf" which compiles
395c95214142142854509945adf3293c0270e1c5Tinderbox User    on SunOS 4.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox UserDocumentation
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    The BIND 9 Administrator Reference Manual is included with the
395c95214142142854509945adf3293c0270e1c5Tinderbox User    source distribution in DocBook XML and HTML format, in the
395c95214142142854509945adf3293c0270e1c5Tinderbox User    doc/arm directory.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    Some of the programs in the BIND 9 distribution have man pages
395c95214142142854509945adf3293c0270e1c5Tinderbox User    in their directories.  In particular, the command line
395c95214142142854509945adf3293c0270e1c5Tinderbox User    options of "named" are documented in /bin/named/named.8.
395c95214142142854509945adf3293c0270e1c5Tinderbox User    There is now also a set of man pages for the lwres library.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    If you are upgrading from BIND 8, please read the migration
395c95214142142854509945adf3293c0270e1c5Tinderbox User    notes in doc/misc/migration.  If you are upgrading from
395c95214142142854509945adf3293c0270e1c5Tinderbox User    BIND 4, read doc/misc/migration-4to9.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    Frequently asked questions and their answers can be found in
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    FAQ.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User        Additional information on various subjects can be found
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        in the other README files.
395c95214142142854509945adf3293c0270e1c5Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox UserBug Reports and Mailing Lists
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    Bugs reports should be sent to
395c95214142142854509945adf3293c0270e1c5Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        bind9-bugs@isc.org
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
395c95214142142854509945adf3293c0270e1c5Tinderbox User    To join the BIND Users mailing list, send mail to
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        bind-users-request@isc.org
61ab11c0ec845606f85452b2c9f2e223772aae00Tinderbox User
61ab11c0ec845606f85452b2c9f2e223772aae00Tinderbox User    archives of which can be found via
61ab11c0ec845606f85452b2c9f2e223772aae00Tinderbox User
61ab11c0ec845606f85452b2c9f2e223772aae00Tinderbox User        http://www.isc.org/ops/lists/
61ab11c0ec845606f85452b2c9f2e223772aae00Tinderbox User
f5c27ecceb6dcba6ad8b75172fe5f9823d7a6d42Tinderbox User    If you're planning on making changes to the BIND 9 source
f5c27ecceb6dcba6ad8b75172fe5f9823d7a6d42Tinderbox User    code, you might want to join the BIND Workers mailing list.
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User    Send mail to
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User        bind-workers-request@isc.org
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User
659d063f23a35d77ad5826e6556d3137672bb937Tinderbox User