Bv9ARM.ch09.html revision c60ee6edf129596fa04db86c6865d75b5a412598
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>Appendix�A.�Appendices</title>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="Bv9ARM.ch10.html" title="Manual pages">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navheader">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation header">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">Appendix�A.�Appendices</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<th width="60%" align="center">�</th>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="appendix" lang="en">
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<div class="titlepage"><div><div><h2 class="title">
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<a name="Bv9ARM.ch09"></a>Appendix�A.�Appendices</h2></div></div></div>
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews<div class="toc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><b>Table of Contents</b></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2580014">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2607733">Acknowledgments</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2607905">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dd><dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2611116">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dd><dl>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613664">Prerequisite</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613673">Compilation</a></span></dt>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613698">Installation</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613729">Known Defects/Restrictions</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613805">The dns.conf File</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613832">Sample Applications</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2615010">Library References</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User</dl>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect1" lang="en">
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<a name="id2580014"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect2" lang="en">
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<div class="titlepage"><div><div><h3 class="title">
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This document summarizes changes since the last production release
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of BIND on the corresponding major release branch.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect2" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_download"></a>Download</h3></div></div></div>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<p>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User The latest versions of BIND 9 software can always be found at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein There you will find additional information about each release,
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User source code, and pre-compiled versions for Microsoft Windows
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User operating systems.
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User </p>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User</div>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<div class="sect2" lang="en">
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<div class="itemizedlist"><ul type="disc">
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A flaw in delegation handling could be exploited to put
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User <span><strong class="command">named</strong></span> into an infinite loop, in which
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User each lookup of a name server triggered additional lookups
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User of more name servers. This has been addressed by placing
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater limits on the number of levels of recursion
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater <span><strong class="command">named</strong></span> will allow (default 7), and
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater on the number of queries that it will send before
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User terminating a recursive query (default 50).
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User </p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User The recursion depth limit is configured via the
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User <code class="option">max-recursion-depth</code> option, and the query limit
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User via the <code class="option">max-recursion-queries</code> option.
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User </p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User The flaw was discovered by Florian Maury of ANSSI, and is
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User disclosed in CVE-2014-8500. [RT #37580]
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User </p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User</li>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<li>
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater<p>
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater Two separate problems were identified in BIND's GeoIP code that
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater could lead to an assertion failure. One was triggered by use of
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User both IPv4 and IPv6 address families, the other by referencing
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User a GeoIP database in <code class="filename">named.conf</code> which was
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User not installed. Both are covered by CVE-2014-8680. [RT #37672]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User [RT #37679]
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User </p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User A less serious security flaw was also found in GeoIP: changes
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User to the <span><strong class="command">geoip-directory</strong></span> option in
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User <code class="filename">named.conf</code> were ignored when running
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User <span><strong class="command">rndc reconfig</strong></span>. In theory, this could allow
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User <span><strong class="command">named</strong></span> to allow access to unintended clients.
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User </p>
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater</li>
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User</ul></div>
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater</div>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<div class="sect2" lang="en">
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<div class="titlepage"><div><div><h3 class="title">
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User<a name="relnotes_features"></a>New Features</h3></div></div></div>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<div class="itemizedlist"><ul type="disc">
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User<li><p>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User The serial number of a dynamically updatable zone can
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User now be set using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is particularly useful with <code class="option">inline-signing</code>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews zones that have been reset. Setting the serial number to a value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein larger than that on the slaves will trigger an AXFR-style
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User transfer.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews When answering recursive queries, SERVFAIL responses can now be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cached by the server for a limited time; subsequent queries for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the same query name and type will return another SERVFAIL until
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the cache times out. This reduces the frequency of retries
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein when a query is persistently failing, which can be a burden
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User on recursive serviers. The SERVFAIL cache timeout is controlled
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by <code class="option">servfail-ttl</code>, which defaults to 10 seconds
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and has an upper limit of 30.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The new <span><strong class="command">rndc nta</strong></span> command can now be used to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein set a "negative trust anchor" (NTA), disabling DNSSEC validation for
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User a specific domain; this can be used when responses from a domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein are known to be failing validation due to administrative error
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein rather than because of a spoofing attack. NTAs are strictly
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User temporary; by default they expire after one hour, but can be
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User configured to last up to one week. The default NTA lifetime
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can be changed by setting the <code class="option">nta-lifetime</code> in
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User <code class="filename">named.conf</code>.
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User </p></li>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<li><p>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User The EDNS Client Subnet (ECS) option is now supported for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein authoritative servers; if a query contains an ECS option then
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User elements can match against the the address encoded in the option.
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User This can be used to select a view for a query, so that different
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User answers can be provided depending on the client network.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The EDNS EXPIRE option has been implemented on the client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein side, allowing a slave server to set the expiration timer
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein correctly when transferring zone data from another slave
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater<li><p>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User A new <code class="option">masterfile-style</code> zone option controls
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater the formatting of text zone files: When set to
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater <code class="literal">full</code>, the zone file will dumped in
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User single-line-per-record format.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater </p></li>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<li><p>
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater <span><strong class="command">dig +ednsopt</strong></span> can now be used to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein arbitrary EDNS options in DNS requests.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +ednsflags</strong></span> can now be used to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein yet-to-be-defined EDNS flags in DNS requests.
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User <span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein disable EDNS version negotiation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +header-only</strong></span> can now be used to send
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User queries without a question section.
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User </p></li>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<li><p>
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews <span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to print TTL values with time-unit suffixes: w, d, h, m, s for
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater weeks, days, hours, minutes, and seconds.
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <span><strong class="command">dig +zflag</strong></span> can be used to set the last
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein unassigned DNS header flag bit. This bit in normally zero.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User can now be used to set the DSCP code point in outgoing query
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User packets.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">serial-update-method</code> can now be set to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="literal">date</code>. On update, the serial number will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be set to the current date in YYYYMMDDNN format.
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User </p></li>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<li><p>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User <span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User number to YYYYMMDDNN.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User causes named to send log messages to the specified file by
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews default instead of to the system log.
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The rate limiter configured by the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">serial-query-rate</code> option no longer covers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein NOTIFY messages; those are now separately controlled by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">notify-rate</code> and
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User <code class="option">startup-notify-rate</code> (the latter of which
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater controls the rate of NOTIFY messages sent when the server
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater is first started up or reconfigured).
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater </p></li>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<li><p>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User The default number of tasks and client objects available
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User for serving lightweight resolver queries have been increased,
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User and are now configurable via the new <code class="option">lwres-tasks</code>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User and <code class="option">lwres-clients</code> options in
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User <code class="filename">named.conf</code>. [RT #35857]
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Log output to files can now be buffered by specifying
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span><strong class="command">buffered yes;</strong></span> when creating a channel.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p></li>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<li><p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <span><strong class="command">delv +tcp</strong></span> will exclusively use TCP when
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews sending queries.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p></li>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews</ul></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect2" lang="en">
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<div class="titlepage"><div><div><h3 class="title">
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
6d382c9fcec316a84a237779fb64bb471b6f9d43Tinderbox User<div class="itemizedlist"><ul type="disc">
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User<li><p>
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User not correctly matched unless the full organization name was
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User specified in the ACL (as in
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User <span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User They can now match against the AS number alone (as in
922312472e2e05ebc64993d465999c5351b83036Automatic Updater <span><strong class="command">geoip asnum "AS1234";</strong></span>).
922312472e2e05ebc64993d465999c5351b83036Automatic Updater </p></li>
922312472e2e05ebc64993d465999c5351b83036Automatic Updater<li><p>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater When using native PKCS#11 cryptography (i.e.,
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater <span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater of up to 256 characters can now be used.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews </p></li>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<li><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews NXDOMAIN responses to queries of type DS are now cached separately
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater from those for other types. This helps when using "grafted" zones
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater of type forward, for which the parent zone does not contain a
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater delegation, such as local top-level domains. Previously a query
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater of type DS for such a zone could cause the zone apex to be cached
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater as NXDOMAIN, blocking all subsequent queries. (Note: This
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater change is only helpful when DNSSEC validation is not enabled.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews "Grafted" zones without a delegation in the parent are not a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews recommended configuration.)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p></li>
c3dc968140ab7f04795acc7835e4e89ccb0c0a27Tinderbox User<li><p>
c3dc968140ab7f04795acc7835e4e89ccb0c0a27Tinderbox User Update forwarding performance has been improved by allowing
c3dc968140ab7f04795acc7835e4e89ccb0c0a27Tinderbox User a single TCP connection to be shared between multiple updates.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews </p></li>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<li><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews By default, <span><strong class="command">nsupdate</strong></span> will now check
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews the correctness of hostnames when adding records of type
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews disabled with <span><strong class="command">check-names no</strong></span>.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews </p></li>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<li><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Added support for OPENPGPKEY type.
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater </p></li>
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater<li><p>
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater The names of the files used to store managed keys and added
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater zones for each view are no longer based on the SHA256 hash
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater of the view name, except when this is necessary because the
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater view name contains characters that would be incompatible with use
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews as a file name. For views whose names do not contain forward
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews slashes ('/'), backslashes ('\'), or capital letters - which
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews could potentially cause namespace collision problems on
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews case-insensitive filesystems - files will now be named
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews after the view (for example, <code class="filename">internal.mkeys</code>
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater or <code class="filename">external.nzf</code>). However, to ensure
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater consistent behavior when upgrading, if a file using the old
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater name format is found to exist, it will continue to be used.
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater </p></li>
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater<li><p>
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater "rndc" can now return text output of arbitrary size to
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater the caller. (Prior to this, certain commands such as
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater "rndc tsig-list" and "rndc zonestatus" could return
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater truncated output.)
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater </p></li>
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater<li><p>
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater Errors reported when running <span><strong class="command">rndc addzone</strong></span>
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater (e.g., when a zone file cannot be loaded) have been clarified
fdd80e9a55c70b36a3bf3e409b86897301c44ff8Automatic Updater to make it easier to diagnose problems.
fdd80e9a55c70b36a3bf3e409b86897301c44ff8Automatic Updater </p></li>
fdd80e9a55c70b36a3bf3e409b86897301c44ff8Automatic Updater<li><p>
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater When encountering an authoritative name server whose name is
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater an alias pointing to another name, the resolver treats
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews this as an error and skips to the next server. Previously
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein this happened silently; now the error will be logged to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the newly-created "cname" log category.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If named is not configured to validate the answer then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow fallback to plain DNS on timeout even when we know
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the server supports EDNS. This will allow the server to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein potentially resolve signed queries when TCP is being
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein blocked.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p></li>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</ul></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect2" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="itemizedlist"><ul type="disc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<li><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">nslookup</strong></span> aborted when encountering
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a name which, after appending search list elements,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein exceeded 255 bytes. Such names are now skipped, but
processing of other names will continue. [RT #36892]
</p></li>
<li><p>
The error message generated when
<span><strong class="command">named-checkzone</strong></span> or
<span><strong class="command">named-checkconf -z</strong></span> encounters a
<code class="option">$TTL</code> directive without a value has
been clarified. [RT #37138]
</p></li>
<li><p>
Semicolon characters (;) included in TXT records were
incorrectly escaped with a backslash when the record was
displayed as text. This is actually only necessary when there
are no quotation marks. [RT #37159]
</p></li>
<li><p>
When files opened for writing by <span><strong class="command">named</strong></span>,
such as zone journal files, were referenced more than once
in <code class="filename">named.conf</code>, it could lead to file
corruption as multiple threads wrote to the same file. This
is now detected when loading <code class="filename">named.conf</code>
and reported as an error. [RT #37172]
</p></li>
<li><p>
When checking for updates to trust anchors listed in
<code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>
now revalidates keys based on the current set of
active trust anchors, without relying on any cached
record of previous validation. [RT #37506]
</p></li>
<li><p>
Large-system tuning
(<span><strong class="command">configure --with-tuning=large</strong></span>) caused
problems on some platforms by setting a socket receive
buffer size that was too large. This is now detected and
corrected at run time. [RT #37187]
</p></li>
<li><p>
When NXDOMAIN redirection is in use, queries for a name
that is present in the redirection zone but a type that
is not present will now return NOERROR instead of NXDOMAIN.
</p></li>
<li><p>
Due to an inadvertent removal of code in the previous
release, when <span><strong class="command">named</strong></span> encountered an
authoritative name server which dropped all EDNS queries,
it did not always try plain DNS. This has been corrected.
[RT #37965]
</p></li>
<li><p>
A regression caused nsupdate to use the default recursive servers
rather than the SOA MNAME server when sending the UPDATE.
</p></li>
<li><p>
Adjusted max-recursion-queries to accommodate the smaller
initial packet sizes used in BIND 9.10 and higher when
contacting authoritative servers for the first time.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.11 is yet to be determined but
will not be before BIND 9.13.0 has been released for 6 months.
<a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2607733"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p>
Although the "official" beginning of the Domain Name
System occurred in 1984 with the publication of RFC 920, the
core of the new system was described in 1983 in RFCs 882 and
883. From 1984 to 1987, the ARPAnet (the precursor to today's
Internet) became a testbed of experimentation for developing the
new naming/addressing scheme in a rapidly expanding,
operational network environment. New RFCs were written and
published in 1987 that modified the original documents to
incorporate improvements based on the working model. RFC 1034,
"Domain Names-Concepts and Facilities", and RFC 1035, "Domain
Names-Implementation and Specification" were published and
became the standards upon which all <acronym class="acronym">DNS</acronym> implementations are
built.
</p>
<p>
The first working domain name server, called "Jeeves", was
written in 1983-84 by Paul Mockapetris for operation on DEC
Tops-20
machines located at the University of Southern California's
Information
Sciences Institute (USC-ISI) and SRI International's Network
Information
Center (SRI-NIC). A <acronym class="acronym">DNS</acronym> server for
Unix machines, the Berkeley Internet
Name Domain (<acronym class="acronym">BIND</acronym>) package, was
written soon after by a group of
graduate students at the University of California at Berkeley
under
a grant from the US Defense Advanced Research Projects
Administration
(DARPA).
</p>
<p>
Versions of <acronym class="acronym">BIND</acronym> through
4.8.3 were maintained by the Computer
Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
Painter, David Riggle and Songnian Zhou made up the initial <acronym class="acronym">BIND</acronym>
project team. After that, additional work on the software package
was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
Corporation
employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym> for 2 years, from 1985
to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development
during that time: Doug Kingston, Craig Partridge, Smoot
Carl-Mitchell,
Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently
handled by Mike Karels and �ivind Kure.
</p>
<p>
<acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were
released by Digital Equipment
Corporation (now Compaq Computer Corporation). Paul Vixie, then
a DEC employee, became <acronym class="acronym">BIND</acronym>'s
primary caretaker. He was assisted
by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
Beecher, Andrew
Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
Wolfhugel, and others.
</p>
<p>
In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by
Vixie Enterprises. Paul
Vixie became <acronym class="acronym">BIND</acronym>'s principal
architect/programmer.
</p>
<p>
<acronym class="acronym">BIND</acronym> versions from 4.9.3 onward
have been developed and maintained
by the Internet Systems Consortium and its predecessor,
the Internet Software Consortium, with support being provided
by ISC's sponsors.
</p>
<p>
As co-architects/programmers, Bob Halley and
Paul Vixie released the first production-ready version of
<acronym class="acronym">BIND</acronym> version 8 in May 1997.
</p>
<p>
BIND version 9 was released in September 2000 and is a
major rewrite of nearly all aspects of the underlying
BIND architecture.
</p>
<p>
BIND versions 4 and 8 are officially deprecated.
No additional development is done
on BIND version 4 or BIND version 8.
</p>
<p>
<acronym class="acronym">BIND</acronym> development work is made
possible today by the sponsorship
of several corporations, and by the tireless work efforts of
numerous individuals.
</p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2607905"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
<p>
IPv6 addresses are 128-bit identifiers for interfaces and
sets of interfaces which were introduced in the <acronym class="acronym">DNS</acronym> to facilitate
scalable Internet routing. There are three types of addresses: <span class="emphasis"><em>Unicast</em></span>,
an identifier for a single interface;
<span class="emphasis"><em>Anycast</em></span>,
an identifier for a set of interfaces; and <span class="emphasis"><em>Multicast</em></span>,
an identifier for a set of interfaces. Here we describe the global
Unicast address scheme. For more information, see RFC 3587,
"Global Unicast Address Format."
</p>
<p>
IPv6 unicast addresses consist of a
<span class="emphasis"><em>global routing prefix</em></span>, a
<span class="emphasis"><em>subnet identifier</em></span>, and an
<span class="emphasis"><em>interface identifier</em></span>.
</p>
<p>
The global routing prefix is provided by the
upstream provider or ISP, and (roughly) corresponds to the
IPv4 <span class="emphasis"><em>network</em></span> section
of the address range.
The subnet identifier is for local subnetting, much the
same as subnetting an
IPv4 /16 network into /24 subnets.
The interface identifier is the address of an individual
interface on a given network; in IPv6, addresses belong to
interfaces rather than to machines.
</p>
<p>
The subnetting capability of IPv6 is much more flexible than
that of IPv4: subnetting can be carried out on bit boundaries,
in much the same way as Classless InterDomain Routing
(CIDR), and the DNS PTR representation ("nibble" format)
makes setting up reverse zones easier.
</p>
<p>
The Interface Identifier must be unique on the local link,
and is usually generated automatically by the IPv6
implementation, although it is usually possible to
override the default setting if necessary. A typical IPv6
address might look like:
<span><strong class="command">2001:db8:201:9:a00:20ff:fe81:2b32</strong></span>
</p>
<p>
IPv6 address specifications often contain long strings
of zeros, so the architects have included a shorthand for
specifying
them. The double colon (`::') indicates the longest possible
string
of zeros that can fit, and can be used only once in an address.
</p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bibliography"></a>Bibliography (and Suggested Reading)</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="rfcs"></a>Request for Comments (RFCs)</h3></div></div></div>
<p>
Specification documents for the Internet protocol suite, including
the <acronym class="acronym">DNS</acronym>, are published as part of
the Request for Comments (RFCs)
series of technical notes. The standards themselves are defined
by the Internet Engineering Task Force (IETF) and the Internet
Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
</p>
<p>
<a href="ftp://www.isi.edu/in-notes/" target="_top">
ftp://www.isi.edu/in-notes/RFC<em class="replaceable"><code>xxxx</code></em>.txt
</a>
</p>
<p>
(where <em class="replaceable"><code>xxxx</code></em> is
the number of the RFC). RFCs are also available via the Web at:
</p>
<p>
<a href="http://www.ietf.org/rfc/" target="_top">http://www.ietf.org/rfc/</a>.
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608092"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2608103"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2608126"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2608218"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2608254"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2608281"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2608307"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2608331"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2608355"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2608410"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2608437"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2608464"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2608525"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2608555"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2608585"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2608612"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2608694"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2608721"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2608757"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2608822"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2608887"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
<a name="id2608961"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2608986"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2609054"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2609090"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2609136"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2609193"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2609230"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2609266"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2609320"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2609427"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2609452"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2609478"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2609505"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2609531"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2609571"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2609601"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2609630"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2609673"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2609706"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2609733"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2609756"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2609814"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2609846"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2609872"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2609894"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2609917"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2609963"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2609987"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2610044"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2610068"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2610094"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2610121"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2610157"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2610203"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2610235"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2610281"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2610316"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Other <acronym class="acronym">DNS</acronym>-related RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
Note: the following list of RFCs, although
<acronym class="acronym">DNS</acronym>-related, are not
concerned with implementing software.
</p>
</div>
<div class="biblioentry">
<a name="id2610361"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2610384"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2610409"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2610435"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2610458"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2610504"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2610528"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2610554"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2610580"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2610624"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2610681"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2610708"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsoleted DNS Security RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
Most of these have been consolidated into RFC4033,
RFC4034 and RFC4035 which collectively describe DNSSECbis.
</p>
</div>
<div class="biblioentry">
<a name="id2610756"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2610795"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2610822"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2610852"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2610877"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2610904"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2610940"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2610977"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2611003"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2611030"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2611075"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="internet_drafts"></a>Internet Drafts</h3></div></div></div>
<p>
Internet Drafts (IDs) are rough-draft working documents of
the Internet Engineering Task Force. They are, in essence, RFCs
in the preliminary stages of development. Implementors are
cautioned not
to regard IDs as archival, and they should not be quoted or cited
in any formal documents unless accompanied by the disclaimer that
they are "works in progress." IDs have a lifespan of six months
after which they are deleted unless updated by their authors.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2611116"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2611126"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2611128"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright � 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bind9.library"></a>BIND 9 DNS Library Support</h2></div></div></div>
<p>This version of BIND 9 "exports" its internal libraries so
that they can be used by third-party applications more easily (we
call them "export" libraries in this document). In addition to
all major DNS-related APIs BIND 9 is currently using, the export
libraries provide the following features:</p>
<div class="itemizedlist"><ul type="disc">
<li><p>The newly created "DNS client" module. This is a higher
level API that provides an interface to name resolution,
single DNS transaction with a particular server, and dynamic
update. Regarding name resolution, it supports advanced
features such as DNSSEC validation and caching. This module
supports both synchronous and asynchronous mode.</p></li>
<li><p>The new "IRS" (Information Retrieval System) library.
It provides an interface to parse the traditional resolv.conf
file and more advanced, DNS-specific configuration file for
the rest of this package (see the description for the
dns.conf file below).</p></li>
<li><p>As part of the IRS library, newly implemented standard
address-name mapping functions, getaddrinfo() and
getnameinfo(), are provided. They use the DNSSEC-aware
validating resolver backend, and could use other advanced
features of the BIND 9 libraries such as caching. The
getaddrinfo() function resolves both A and AAAA RRs
concurrently (when the address family is unspecified).</p></li>
<li><p>An experimental framework to support other event
libraries than BIND 9's internal event task system.</p></li>
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613664"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
in some platforms you may need to invoke a different command name
than "make" (e.g. "gmake") to indicate it's GNU make.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613673"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
This will create (in addition to usual BIND 9 programs) and a
separate set of libraries under the lib/export directory. For
example, <code class="filename">lib/export/dns/libdns.a</code> is the archive file of the
export version of the BIND 9 DNS library. Sample application
programs using the libraries will also be built under the
lib/export/samples directory (see below).</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613698"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
</pre>
<p>
This will install library object files under the directory
specified by the --with-export-libdir configure option (default:
EPREFIX/lib/bind9), and header files under the directory
specified by the --with-export-includedir configure option
(default: PREFIX/include/bind9).
Root privilege is normally required.
"<span><strong class="command">make install</strong></span>" at the top directory will do the
same.
</p>
<p>
To see how to build your own
application after the installation, see
<code class="filename">lib/export/samples/Makefile-postinstall.in</code>.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613729"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
before).</p></li>
<li>
<p>The "fixed" RRset order is not (currently) supported in
the export library. If you want to use "fixed" RRset order
for, e.g. <span><strong class="command">named</strong></span> while still building the
export library even without the fixed order support, build
them separately:
</p>
<pre class="screen">
$ <strong class="userinput"><code>/configure --enable-fixed-rrset <em class="replaceable"><code>[other flags, but not --enable-exportlib]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags, but not --enable-fixed-rrset]</code></em></code></strong>
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
</p>
</li>
<li><p>The client module and the IRS library currently do not
support DNSSEC validation using DLV (the underlying modules
can handle it, but there is no tunable interface to enable
the feature).</p></li>
<li><p>RFC 5011 is not supported in the validating stub
resolver of the export library. In fact, it is not clear
whether it should: trust anchors would be a system-wide
configuration which would be managed by an administrator,
while the stub resolver will be used by ordinary applications
run by a normal user.</p></li>
<li><p>Not all common <code class="filename">/etc/resolv.conf</code>
options are supported
in the IRS library. The only available options in this
version are "debug" and "ndots".</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613805"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
<code class="filename">resolv.conf</code> file.
Specifically, it is intended to provide DNSSEC related
configuration parameters. By default the path to this
configuration file is <code class="filename">/etc/dns.conf</code>.
This module is very
experimental and the configuration syntax or library interfaces
may change in future versions. Currently, only the
<span><strong class="command">trusted-keys</strong></span>
statement is supported, whose syntax is the same as the same name
of statement for <code class="filename">named.conf</code>. (See
<a href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called &#8220;<span><strong class="command">trusted-keys</strong></span> Statement Grammar&#8221;</a> for details.)</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613832"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613841"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
RRs. It can also act as a validating stub resolver if a trust
anchor is given via a set of command line options.</p>
<p>
Usage: sample [options] server_address hostname
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl>
<dt><span class="term">
-t RRtype
</span></dt>
<dd><p>
specify the RR type of the query. The default is the A RR.
</p></dd>
<dt><span class="term">
[-a algorithm] [-e] -k keyname -K keystring
</span></dt>
<dd>
<p>
specify a command-line DNS key to validate the answer. For
example, to specify the following DNSKEY of example.com:
</p>
<div class="literallayout"><p><br>
����������������example.com.�3600�IN�DNSKEY�257�3�5�xxx<br>
</p></div>
<p>
specify the options as follows:
</p>
<pre class="screen">
<strong class="userinput"><code>
-e -k example.com -K "xxx"
</code></strong>
</pre>
<p>
-e means that this key is a zone's "key signing key" (as known
as "secure Entry point").
When -a is omitted rsasha1 will be used by default.
</p>
</dd>
<dt><span class="term">
-s domain:alt_server_address
</span></dt>
<dd><p>
specify a separate recursive server address for the specific
"domain". Example: -s example.com:2001:db8::1234
</p></dd>
<dt><span class="term">server_address</span></dt>
<dd><p>
an IP(v4/v6) address of the recursive server to which queries
are sent.
</p></dd>
<dt><span class="term">hostname</span></dt>
<dd><p>
the domain name for the query
</p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614204"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
asynchronously.</p>
<p>
Usage: sample-async [-s server_address] [-t RR_type] input_file</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl>
<dt><span class="term">
-s server_address
</span></dt>
<dd>
an IPv4 address of the recursive server to which queries are sent.
(IPv6 addresses are not supported in this implementation)
</dd>
<dt><span class="term">
-t RR_type
</span></dt>
<dd>
specify the RR type of the queries. The default is the A
RR.
</dd>
<dt><span class="term">
input_file
</span></dt>
<dd>
a list of domain names to be resolved. each line
consists of a single domain name. Example:
<div class="literallayout"><p><br>
��www.example.com<br>
��mx.example.net<br>
��ns.xxx.example<br>
</p></div>
</dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614258"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
"stub resolver": it stops the processing once it gets any
response from the server, whether it's a referral or an alias
(CNAME or DNAME) that would require further queries to get the
ultimate answer. In other words, this utility acts as a very
simplified <span><strong class="command">dig</strong></span>.
</p>
<p>
Usage: sample-request [-t RRtype] server_address hostname
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl>
<dt><span class="term">
-t RRtype
</span></dt>
<dd><p>
specify the RR type of
the queries. The default is the A RR.
</p></dd>
<dt><span class="term">
server_address
</span></dt>
<dd><p>
an IP(v4/v6)
address of the recursive server to which the query is sent.
</p></dd>
<dt><span class="term">
hostname
</span></dt>
<dd><p>
the domain name for the query
</p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614322"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
host name as an argument, calls getaddrinfo() with the given host
name, and calls getnameinfo() with the resulting IP addresses
returned by getaddrinfo(). If the dns.conf file exists and
defines a trust anchor, the underlying resolver will act as a
validating resolver, and getaddrinfo()/getnameinfo() will fail
with an EAI_INSECUREDATA error when DNSSEC validation fails.
</p>
<p>
Usage: sample-gai hostname
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614337"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
authoritative server, and shows the response from the server. In
other words, this is a simplified <span><strong class="command">nsupdate</strong></span>.
</p>
<p>
Usage: sample-update [options] (add|delete) "update data"
</p>
<p>
Options and Arguments:
</p>
<div class="variablelist"><dl>
<dt><span class="term">
-a auth_server
</span></dt>
<dd><p>
An IP address of the authoritative server that has authority
for the zone containing the update name. This should normally
be the primary authoritative server that accepts dynamic
updates. It can also be a secondary server that is configured
to forward update requests to the primary server.
</p></dd>
<dt><span class="term">
-k keyfile
</span></dt>
<dd><p>
A TSIG key file to secure the update transaction. The keyfile
format is the same as that for the nsupdate utility.
</p></dd>
<dt><span class="term">
-p prerequisite
</span></dt>
<dd><p>
A prerequisite for the update (only one prerequisite can be
specified). The prerequisite format is the same as that is
accepted by the nsupdate utility.
</p></dd>
<dt><span class="term">
-r recursive_server
</span></dt>
<dd><p>
An IP address of a recursive server that this utility will
use. A recursive server may be necessary to identify the
authoritative server address to which the update request is
sent.
</p></dd>
<dt><span class="term">
-z zonename
</span></dt>
<dd><p>
The domain name of the zone that contains
</p></dd>
<dt><span class="term">
(add|delete)
</span></dt>
<dd><p>
Specify the type of update operation. Either "add" or "delete"
must be specified.
</p></dd>
<dt><span class="term">
"update data"
</span></dt>
<dd><p>
Specify the data to be updated. A typical example of the data
would look like "name TTL RRtype RDATA".
</p></dd>
</dl></div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>In practice, either -a or -r must be specified. Others can
be optional; the underlying library routine tries to identify the
appropriate server and the zone name for the update.</div>
<p>
Examples: assuming the primary authoritative server of the
dynamic.example.com zone has an IPv6 address 2001:db8::1234,
</p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</code></strong></pre>
<p>
adds an A RR for foo.dynamic.example.com using the given key.
</p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</code></strong></pre>
<p>
removes all A RRs for foo.dynamic.example.com using the given key.
</p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre>
<p>
removes all RRs for foo.dynamic.example.com using the given key.
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614877"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
correctly in terms of RFC 4074. This is included in the set of
sample programs to show how the export library can be used in a
DNS-related application.
</p>
<p>
Usage: nsprobe [-d] [-v [-v...]] [-c cache_address] [input_file]
</p>
<p>
Options
</p>
<div class="variablelist"><dl>
<dt><span class="term">
-d
</span></dt>
<dd><p>
run in the "debug" mode. with this option nsprobe will dump
every RRs it receives.
</p></dd>
<dt><span class="term">
-v
</span></dt>
<dd><p>
increase verbosity of other normal log messages. This can be
specified multiple times
</p></dd>
<dt><span class="term">
-c cache_address
</span></dt>
<dd><p>
specify an IP address of a recursive (caching) name server.
nsprobe uses this server to get the NS RRset of each domain and
the A and/or AAAA RRsets for the name servers. The default
value is 127.0.0.1.
</p></dd>
<dt><span class="term">
input_file
</span></dt>
<dd><p>
a file name containing a list of domain (zone) names to be
probed. when omitted the standard input will be used. Each
line of the input file specifies a single domain name such as
"example.com". In general this domain name must be the apex
name of some DNS zone (unlike normal "host names" such as
"www.example.com"). nsprobe first identifies the NS RRsets for
the given domain name, and sends A and AAAA queries to these
servers for some "widely used" names under the zone;
specifically, adding "www" and "ftp" to the zone name.
</p></dd>
</dl></div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2615010"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
programs.</p>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
<td width="20%" align="center">�</td>
<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�Manual pages</td>
</tr>
</table>
</div>
<p style="text-align: center;">BIND 9.11.0pre-alpha</p>
</body>
</html>