2N/ACopyright (C) 2000, 2001 Internet Software Consortium.
2N/A BIND 8 to BIND 9 Migration Notes
2N/ABIND 9 is designed to be mostly upwards compatible with BIND 8, but
2N/Athere is still a number of caveats you should be aware of when
2N/Aupgrading an existing BIND 8 installation to use BIND 9.
2N/A1. Configuration File Compatibility
2N/A1.1. Unimplemented Options and Changed Defaults
2N/ABIND 9.1 supports most, but not all but not of the
named.conf options
2N/Aof BIND 8. For a complete list of implmented options, see
2N/AIf your
named.conf file uses an unimplemented option, named will log a
2N/Awarning message. A message is also logged about each option whose
2N/AIn particular, if you see a warning message about the default for the
2N/A"auth-nxdomain" option having changed, you can suppress it by adding
2N/A auth-nxdomain no; # conform to RFC1035
2N/A auth-nxdomain yes; # do what BIND 8 did by default
2N/A1.2. Handling of Configuration File Errors
2N/AIn BIND 9, named refuses to start if it detects an error in
2N/Aserver to run with a partial configuration. Errors detected during
2N/Asubsequent reloads do not cause the server to exit.
2N/AThe set of logging categories in BIND 9 is different from that
2N/Ain BIND 8. If you have customized your logging on a per-category
2N/Abasis, you need to modify your logging statement to use the
2N/AAnother difference is that the "logging" statement only takes effect
2N/Aafter the entire
named.conf file has been read. This means that when
2N/Athe server starts up, any messages about errors in the configuration
2N/Afile are always logged to the default destination (syslog) when the
2N/Aserver first starts up, regardless of the contents of the "logging"
2N/Astatement. In BIND 8, the new logging configuration took effect
2N/Aimmediately after the "logging" statement was read.
2N/A1.4. Case sensitivity
2N/AIn BIND 9, ACL names are case sensitive. In BIND 8 they were case
2N/A1.5. Notify messages and Refesh queries
2N/AThe source address and port for these is now controlled by
2N/A"notify-source" and "transfer-source", respectively, rather that
2N/Aquery-source as in BIND 8.
2N/A1.6. Multiple Classes.
2N/AMultiple classes have to be put into explicit views for each class.
2N/A2. Zone File Compatibility
2N/A2.1. Strict RFC1035 Interpretation of TTLs in Zone Files
2N/ABIND 8 allowed you to omit all TTLs from a zone file, and used the
2N/Avalue of the SOA MINTTL field as a default for missing TTL values.
2N/ABIND 9 enforces strict compliance with the RFC1035 and RFC2308 TTL
2N/Arules. The default TTL is the value specified with the $TTL
2N/Adirective, or the previous explicit TTL if there is no $TTL directive.
2N/AIf there is no $TTL directive and the first RR in the file does not
2N/Ahave an explicit TTL field, the error message "no TTL specified" is
2N/Alogged and loading the zone file fails.
2N/ATo avoid problems, use a $TTL directive in each zone file.
2N/A2.2. Periods in SOA Serial Numbers Deprecated
2N/ASome versions of BIND allow SOA serial numbers with an embedded
2N/Aperiod, like "3.002", and convert them into integers in a rather
2N/Aunintuitive way. This feature is not supported by BIND 9; serial
2N/Anumbers must be integers.
2N/A2.3. Handling of Unbalanced Quotes
2N/ATXT records with unbalanced quotes, like 'host TXT "foo', were not
2N/Atreated as errors in some versions of BIND. If your zone files
2N/Acontain such records, you will get potentially confusing error
2N/Amessages like "unexpected end of file" because BIND 9 will interpret
2N/Aeverything up to the next quote character as a literal string.
2N/A2.4. Handling of Line Breaks
2N/ASome versions of BIND accept RRs containing line breaks that are not
2N/Aproperly quoted with parentheses, like the following SOA:
2N/A ( 1 3600 1800 1814400 3600 )
2N/AThis is not legal master file syntax and will be treated as an error
2N/Aby BIND 9. The fix is to move the opening parenthesis to the first
2N/A2.5. Unimplemented BIND 8 Extensions
2N/A$GENERATE: The "$$" construct for getting a literal $ into a domain
2N/Aname is deprecated. Use \$ instead.
2N/A3. Interoperability Impact of New Protocol Features
2N/ABIND 9 uses EDNS0 (RFC2671) to advertise its receive buffer size. It
2N/Aalso sets an EDNS flag bit in queries to indicate that it wishes to
2N/Areceive DNSSEC responses; this flag bit usage is not yet standardized,
2N/Abut we hope it will be.
2N/AMost older servers that do not support EDNS0, including prior versions
2N/Aof BIND, will send a FORMERR or NOTIMP response to these queries.
2N/AWhen this happens, BIND 9 will automatically retry the query without
2N/AUnfortunately, there exists at least one non-BIND name server
2N/Aimplementation that silently ignores these queries instead of sending
2N/Aan error response. Resolving names in zones where all or most
2N/Aauthoritative servers use this server will be very slow or fail
2N/Acompletely. We have contacted the manufacturer of the name server in
2N/Acase, and they are working on a solution.
2N/A4. Unrestricted Character Set
2N/ABIND 9 does not restrict the character set of domain names - it is
2N/Afully 8-bit clean in accordance with RFC2181 section 11.
2N/AIt is strongly recommended that hostnames published in the DNS follow
2N/Athe RFC952 rules, but BIND 9 will not enforce this restriction.
2N/AHistorically, some applications have suffered from security flaws
2N/Awhere data originating from the network, such as names returned by
2N/Agethostbyaddr(), are used with insufficient checking and may cause a
2N/Abreach of security when containing unexpected characters; see
2N/Afor details. Some earlier versions of BIND attempt to protect these
2N/Aflawed applications from attack by discarding data containing
2N/Acharacters deemed inappropriate in host names or mail addresses, under
2N/Aif applications with these flaws are still being used, they should
2N/A5. Server Administration Tools
2N/AThe "ndc" program has been replaced by "rndc", which is capable of
2N/Aremote operation. Unlike ndc, rndc requires a configuration file;
2N/Adetails. Some of the ndc commands are still unimplemented in rndc.
2N/A$Id: migration,v 1.18 2001/01/09 21:50:28 bwelling Exp $