README 10.1 KB
Newer Older
Bob Halley's avatar
Bob Halley committed
1
BIND 9
Bob Halley's avatar
update    
Bob Halley committed
2

Bob Halley's avatar
Bob Halley committed
3
	BIND version 9 is a major rewrite of nearly all aspects of the
4
5
6
7
8
9
10
11
12
	underlying BIND architecture.  Some of the important features of
	BIND 9 are:

		- DNS Security
			DNSSEC (signed zones)
			TSIG (signed DNS requests)

		- IP version 6
			Answers DNS queries on IPv6 sockets
13
			IPv6 resource records (AAAA)
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
			Experimental IPv6 Resolver Library

		- DNS Protocol Enhancements
			IXFR, DDNS, Notify, EDNS0
			Improved standards conformance

		- Views
			One server process can provide multiple "views" of
			the DNS namespace, e.g. an "inside" view to certain
			clients, and an "outside" view to others.

		- Multiprocessor Support

		- Improved Portability Architecture

Bob Halley's avatar
Bob Halley committed
29
30
31
32

	BIND version 9 development has been underwritten by the following
	organizations:

33
34
35
36
37
38
39
40
		Sun Microsystems, Inc.
		Hewlett Packard
		Compaq Computer Corporation
		IBM
		Process Software Corporation
		Silicon Graphics, Inc.
		Network Associates, Inc.
		U.S. Defense Information Systems Agency
Bob Halley's avatar
Bob Halley committed
41
42
		USENIX Association
		Stichting NLnet - NLnet Foundation
43
		Nominum, Inc.
Bob Halley's avatar
update    
Bob Halley committed
44

45

46
47
48
49
50
BIND 9.3.0

	BIND 9.3.0 has a number of new features over 9.2,
	including:

Mark Andrews's avatar
Mark Andrews committed
51
52
53
54
55
56
	NOTE:
	* Zones containing MD and MF will now be rejected.
	* dig, nslookup name. now report "Not Implemented" as
	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
	  that are looking for NOTIMPL.

57
58

BIND 9.2.0
Andreas Gustafsson's avatar
Andreas Gustafsson committed
59

Andreas Gustafsson's avatar
Andreas Gustafsson committed
60
61
	BIND 9.2.0 has a number of new features over 9.1,
	including:
Andreas Gustafsson's avatar
Andreas Gustafsson committed
62

63
64
65
66
	  - The size of the cache can now be limited using the
            "max-cache-size" option.

	  - The server can now automatically convert RFC1886-style
Andreas Gustafsson's avatar
Andreas Gustafsson committed
67
	    recursive lookup requests into RFC2874-style lookups, 
68
	    when enabled using the new option "allow-v6-synthesis".
Andreas Gustafsson's avatar
Andreas Gustafsson committed
69
70
71
72
73
            This allows stub resolvers that support AAAA records
            but not A6 record chains or binary labels to perform
            lookups in domains that make use of these IPv6 DNS
            features.

74
75
76
77
78
	  - Performance has been improved.

	  - The man pages now use the more portable "man" macros
	    rather than the "mandoc" macros, and are installed
            by "make install".
79

Andreas Gustafsson's avatar
Andreas Gustafsson committed
80
81
          - The named.conf parser has been completely rewritten.
            It now supports "include" directives in more
Mark Andrews's avatar
Mark Andrews committed
82
            places such as inside "view" statements, and it no
Andreas Gustafsson's avatar
Andreas Gustafsson committed
83
84
            longer has any reserved words.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
85
86
          - The "rndc status" command is now implemented.

Brian Wellington's avatar
updates    
Brian Wellington committed
87
88
	  - rndc can now be configured automatically.

89
90
	  - A BIND 8 compatible stub resolver library is now
	    included in lib/bind.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
91

Andreas Gustafsson's avatar
Andreas Gustafsson committed
92
93
94
95
96
	  - OpenSSL has been removed from the distribution.  This
	    means that to use DNSSEC, OpenSSL must be installed and
	    the --with-openssl option must be supplied to configure.
	    This does not apply to the use of TSIG, which does not
	    require OpenSSL.
97

Andreas Gustafsson's avatar
Andreas Gustafsson committed
98
	  - The source distribution now builds on Windows NT/2000.
99
100
	    See win32utils/readme1.txt and win32utils/win32-build.txt
	    for details.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
101

Andreas Gustafsson's avatar
Andreas Gustafsson committed
102
	This distribution also includes a new lightweight stub
Andreas Gustafsson's avatar
Andreas Gustafsson committed
103
104
	resolver library and associated resolver daemon that fully
	support forward and reverse lookups of both IPv4 and IPv6
Andreas Gustafsson's avatar
Andreas Gustafsson committed
105
	addresses.  This library is considered experimental and
Andreas Gustafsson's avatar
Andreas Gustafsson committed
106
107
108
109
110
111
112
	is not a complete replacement for the BIND 8 resolver library.
	Applications that use the BIND 8 res_* functions to perform
	DNS lookups or dynamic updates still need to be linked against
	the BIND 8 libraries.  For DNS lookups, they can also use the
	new "getrrsetbyname()" API.

	BIND 9.2 is capable of acting as an authoritative server
Andreas Gustafsson's avatar
Andreas Gustafsson committed
113
	for DNSSEC secured zones.  This functionality is believed to
114
115
	be stable and complete except for lacking support for
	verifications involving wildcard records in secure zones.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
116

Andreas Gustafsson's avatar
Andreas Gustafsson committed
117
	When acting as a caching server, BIND 9.2 can be configured
Andreas Gustafsson's avatar
Andreas Gustafsson committed
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
	to perform DNSSEC secure resolution on behalf of its clients.
	This part of the DNSSEC implementation is still considered
	experimental.  For detailed information about the state of the
	DNSSEC implementation, see the file doc/misc/dnssec.

	There are a few known bugs:

		On some systems, IPv6 and IPv4 sockets interact in
		unexpected ways.  For details, see doc/misc/ipv6.
		To reduce the impact of these problems, the server
		no longer listens for requests on IPv6 addresses
		by default.  If you need to accept DNS queries over
		IPv6, you must specify "listen-on-v6 { any; };"
		in the named.conf options statement.

133
134
135
136
137
		FreeBSD prior to 4.2 (and 4.2 if running as non-root)
		and OpenBSD prior to 2.8 log messages like
		"fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
		This is due to a bug in "/dev/random" and impacts the
		server's DNSSEC support.
Andreas Gustafsson's avatar
grammar    
Andreas Gustafsson committed
138

Mark Andrews's avatar
Mark Andrews committed
139
140
		OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
		OS X 10.2 (Darwin 6.0) reports errors like
141
142
143
144
		"fcntl(3, F_SETFL, 4): Operation not supported by device".
		This is due to a bug in "/dev/random" and impacts the
		server's DNSSEC support.

Andreas Gustafsson's avatar
Andreas Gustafsson committed
145
		--with-libtool does not work on AIX.
Bob Halley's avatar
update    
Bob Halley committed
146

147
148
149
150
	A bug in the Windows 2000 DNS server can cause zone transfers
	from a BIND 9 server to a W2K server to fail.  For details,
	see the "Zone Transfers" section in doc/misc/migration.

151
	For a detailed list of user-visible changes from
152
	previous releases, see the CHANGES file.
Bob Halley's avatar
Bob Halley committed
153

154

Bob Halley's avatar
update    
Bob Halley committed
155
156
Building

Bob Halley's avatar
Bob Halley committed
157
	BIND 9 currently requires a UNIX system with an ANSI C compiler,
158
	basic POSIX support, and a 64 bit integer type.
Bob Halley's avatar
Bob Halley committed
159

160
	We've had successful builds and tests on the following systems:
Bob Halley's avatar
Bob Halley committed
161
162
163

		AIX 4.3
		COMPAQ Tru64 UNIX 4.0D
Andreas Gustafsson's avatar
Andreas Gustafsson committed
164
		COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
165
		FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
Bob Halley's avatar
Bob Halley committed
166
167
		HP-UX 11
		IRIX64 6.5
168
		NetBSD 1.5
169
		Red Hat Linux 6.0, 6.1, 6.2, 7.0
170
		Solaris 2.6, 7, 8
171
		Windows NT/W2K
172

Andreas Gustafsson's avatar
Andreas Gustafsson committed
173
174
	Additionally, we have unverified reports of success building
	previous versions of BIND 9 from users of the following systems:
175

176
		AIX 5L
177
		SuSE Linux 7.0
Andreas Gustafsson's avatar
Andreas Gustafsson committed
178
		Slackware Linux 7.x, 8.0
179
	        Red Hat Linux 7.1
180
		Debian GNU/Linux 2.2 and 3.0
Mark Andrews's avatar
Mark Andrews committed
181
		Mandrake 8.1
182
		OpenBSD 2.6, 2.8, 2.9
183
		UnixWare 7.1.1
184
		HP-UX 10.20
185
		BSD/OS 4.2
Mark Andrews's avatar
Mark Andrews committed
186
		Mac OS X 10.1
187

Bob Halley's avatar
Bob Halley committed
188
189
190
191
192
	To build, just

		./configure
		make

193
194
	Do not use a parallel "make".

Andreas Gustafsson's avatar
Andreas Gustafsson committed
195
196
	Several environment variables that can be set before running
	configure will affect compilation:
197

Andreas Gustafsson's avatar
Andreas Gustafsson committed
198
199
200
	    CC
		The C compiler to use.	configure tries to figure
		out the right one for supported systems.
201

Andreas Gustafsson's avatar
Andreas Gustafsson committed
202
203
	    CFLAGS
		C compiler flags.  Defaults to include -g and/or -O2
Mark Andrews's avatar
Mark Andrews committed
204
		as supported by the compiler.  
205

Andreas Gustafsson's avatar
Andreas Gustafsson committed
206
207
208
209
	    STD_CINCLUDES
		System header file directories.	 Can be used to specify
		where add-on thread or IPv6 support is, for example.
		Defaults to empty string.
210

Andreas Gustafsson's avatar
Andreas Gustafsson committed
211
212
213
	    STD_CDEFINES
		Any additional preprocessor symbols you want defined.
		Defaults to empty string.
214

215
216
217
218
		Possible settings:
		Change the default syslog facility of named/lwresd.
		e.g. -DISC_FACILITY=LOG_LOCAL0	

Andreas Gustafsson's avatar
Andreas Gustafsson committed
219
	To build shared libraries, specify "--with-libtool" on the
220
221
	configure command line.

222
223
	For the server to support DNSSEC, you need to build it
	with crypto support.  You must have OpenSSL 0.9.5a
224
225
226
227
228
229
	or newer installed and specify "--with-openssl" on the
	configure command line.  If OpenSSL is installed under
	a nonstandard prefix, you can tell configure where to
	look for it using "--with-openssl=/prefix".

	To build libbind (the BIND 8 resolver library), specify
Mark Andrews's avatar
Mark Andrews committed
230
231
	"--enable-libbind" on the configure command line.

232
233
234
235
236
237
	On some platforms, BIND 9 can be built with multithreading
	support, allowing it to take advantage of multiple CPUs.
	You can specify whether to build a multithreaded BIND 9 
	by specifying "--enable-threads" or "--disable-threads"
	on the configure command line.  The default is operating
	system dependent.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
238

239
240
241
	If your operating system has integrated support for IPv6, it
	will be used automatically.  If you have installed KAME IPv6
	separately, use "--with-kame[=PATH]" to specify its location.
242

Bob Halley's avatar
Bob Halley committed
243
244
245
246
	"make install" will install "named" and the various BIND 9 libraries.
	By default, installation is into /usr/local, but this can be changed
	with the "--prefix" option when running "configure".

247
248
249
250
251
252
253
254
255
256
257
258
259
	You may specify the option "--sysconfdir" to set the directory 
	where configuration files like "named.conf" go by default,
	and "--localstatedir" to set the default parent directory
	of "run/named.pid".   For backwards compatibility with BIND 8,
	--sysconfdir defaults to "/etc" and --localstatedir defaults to
	"/var" if no --prefix option is given.  If there is a --prefix
	option, sysconfdir defaults to "$prefix/etc" and localstatedir
	defaults to "$prefix/var".

	To see additional configure options, run "configure --help".
	Note that the help message does not reflect the BIND 8 
	compatibility defaults for sysconfdir and localstatedir.

260
261
262
263
	If you're planning on making changes to the BIND 9 source, you
	should also "make depend".  If you're using Emacs, you might find
	"make tags" helpful.

264
265
266
	If you need to re-run configure please run "make distclean" first.
	This will ensure that all the option changes take.

Bob Halley's avatar
Bob Halley committed
267
268
	Building with gcc is not supported, unless gcc is the vendor's usual
	compiler (e.g. the various BSD systems, Linux).
Mark Andrews's avatar
Mark Andrews committed
269
270
	
	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
Mark Andrews's avatar
Mark Andrews committed
271
	* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
Bob Halley's avatar
Bob Halley committed
272

273
274
275
276
	A limited test suite can be run with "make test".  Many of
	the tests require you to configure a set of virtual IP addresses
	on your system, and some require Perl; see bin/tests/system/README
	for details.
277

278

279
280
281
Documentation

	The BIND 9 Administrator Reference Manual is included with the
282
283
	source distribution in DocBook XML and HTML format, in the
	doc/arm directory.
284
285

	Some of the programs in the BIND 9 distribution have man pages
286
287
	in their directories.  In particular, the command line
	options of "named" are documented in /bin/named/named.8.
288
	There is now also a set of man pages for the lwres library.
289
290

	If you are upgrading from BIND 8, please read the migration
291
292
	notes in doc/misc/migration.  If you are upgrading from
	BIND 4, read doc/misc/migration-4to9.
Bob Halley's avatar
Bob Halley committed
293

Andreas Gustafsson's avatar
English    
Andreas Gustafsson committed
294
	Frequently asked questions and their answers can be found in
Mark Andrews's avatar
Mark Andrews committed
295
296
	FAQ.

297
298

Bug Reports and Mailing Lists
299

Bob Halley's avatar
Bob Halley committed
300
301
302
303
304
305
306
307
	Bugs reports should be sent to

		bind9-bugs@isc.org

	To join the BIND 9 Users mailing list, send mail to

		bind9-users-request@isc.org

308
309
	archives of which can be found via

Mark Andrews's avatar
Mark Andrews committed
310
		http://www.isc.org/ops/lists/
311

Bob Halley's avatar
Bob Halley committed
312
	If you're planning on making changes to the BIND 9 source
Mark Andrews's avatar
Mark Andrews committed
313
	code, you might want to join the BIND Workers mailing list.
Bob Halley's avatar
Bob Halley committed
314
315
	Send mail to

Mark Andrews's avatar
Mark Andrews committed
316
		bind-workers-request@isc.org
Bob Halley's avatar
Bob Halley committed
317

Bob Halley's avatar
add  
Bob Halley committed
318