migration-4to9 revision dafcb997e390efa4423883dafd100c975c4095d6
5f5870385cff47efd2f58e7892f251cf13761528Timo SirainenCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenCopyright (C) 2001 Internet Software Consortium.
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
4da8c6cdefabd31262318c32da3c13de1d9ea953Timo Sirainen
eed03830015b7138b9d4522e72bef650aa24b45fTimo Sirainen$Id: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp $
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen BIND 4 to BIND 9 Migration Notes
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenTo transition from BIND 4 to BIND 9 you first need to convert your
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenconfiguration file to the new format. There is a conversion tool in
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainencontrib/named-bootconf that allows you to do this.
05c32766dbb5f79372a732acf87f1f02d6c45a7fTimo Sirainen
05c32766dbb5f79372a732acf87f1f02d6c45a7fTimo Sirainen named-bootconf.sh < /etc/named.boot > /etc/named.conf
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenBIND 9 uses a system assigned port for the UDP queries it makes rather
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenthan port 53 that BIND 4 uses. This may conflict with some firewalls.
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenThe following directives in /etc/named.conf allows you to specify
4da8c6cdefabd31262318c32da3c13de1d9ea953Timo Sirainena port to use.
34e9dfbce01a2807df8e2050b1cd7ae2cf014cd5Timo Sirainen
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen query-source address * port 53;
774ac5ac95d4a9e969095f3d9352bd2abe555629Timo Sirainen transfer-source * port 53;
79f416d4000aa4192683207aea58a7b12ce66411Timo Sirainen notify-source * port 53;
c2ebc8f28b5504f280cd5d4adfe57ed70f9a7d83Timo Sirainen
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenBIND 9 no longer uses the minimum field to specify the TTL of records
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenwithout a explicit TTL. Use the $TTL directive to specify a default TTL
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenbefore the first record without a explicit TTL.
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen $TTL 3600
425706feaa1e1f10a61bb126438bea5261d1880eTimo Sirainen @ IN SOA ns1.example.com. hostmaster.example.com. (
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen 2001021100
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen 7200
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen 1200
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen 3600000
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen 7200 )
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo SirainenBIND 9 does not support multiple CNAMEs with the same owner name.
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen Illegal:
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen www.example.com. CNAME host1.example.com.
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen www.example.com. CNAME host2.example.com.
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo SirainenBIND 9 does not support "CNAMEs with other data" with the same owner name,
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainenignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support.
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen Illegal:
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen www.example.com. CNAME host1.example.com.
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen www.example.com. MX 10 host2.example.com.
30fc0b14f0d99a86c04aacff311e4cf2ddd5ff12Timo Sirainen
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenBIND 9 is less tolerant of errors in master files, so check your logs and
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenfix any errors reported. The named-checkzone program can also be to check
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenmaster files.
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen
461c2a454b269acd138b3130a86f085edda085fdTimo SirainenOutgoing zone transfers now use the "many-answers" format by default.
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenThis format is not understood by certain old versions of BIND 4.
315ce5be539bfe8bc7777ab0654499c49583cea2Timo SirainenYou can work around this problem using the option "transfer-format
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenone-answer;", but since these old versions all have known security
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainenproblems, the correct fix is to upgrade the slave servers.
315ce5be539bfe8bc7777ab0654499c49583cea2Timo Sirainen