mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity

[master] README and relnote fixes

Browse Source
This commit is contained in:
Evan Hunt 2017-10-17 13:47:33 -07:00
parent 2361003a88
commit 30419509dd
5 changed files with 107 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
README
View File

@ -56,12 +56,12 @@ General bug reports can be sent to bind9-bugs@isc.org.
Feature requests can be sent to bind-suggest@isc.org.
Please note that, while ISC's ticketing system is not currently publicly
readable, this may change in the future. Please do not include information
in bug reports that you consider to be confidential. For example, when
sending the contents of your configuration file, it is advisable to
obscure key secrets; this can be done automatically by using
named-checkconf -px.
Please note that, while tickets submitted to ISC's ticketing system are
not initially publicly readable by default, they can be made publicly
acessible afterward. Please do not include information in bug reports that
you consider to be confidential. In particular, when sending the contents
of your configuration file, it is advisable to obscure key secrets: this
can be done automatically by using named-checkconf -px.
Professional support and training for BIND are available from ISC at
https://www.isc.org/support.
@ -75,8 +75,9 @@ mailman/listinfo/bind-workers.
Contributing to BIND
A public git repository for BIND is maintained at http://www.isc.org/git/,
and also on Github at https://github.com/isc-projects.
ISC maintains a public git repository for BIND; details can be found at
http://www.isc.org/git/, and also on Github at https://github.com/
isc-projects.
Information for BIND contributors can be found in the following files: -
General information: doc/dev/contrib.md - BIND 9 code style: doc/dev/
@ -103,10 +104,8 @@ include:
* Cached, validated NSEC and other records can now be used to synthesize
NXDOMAIN responses.
* The DNS Response Policy Service API (DNSRPS) is now supported.
* Setting max-journal-size default now limits the size of journal files
to twice the size of the zone.
* The query handling code has been substantially refactored for improved
readability, maintainability and testability .
* Setting 'max-journal-size default' now limits the size of journal
files to twice the size of the zone.
* dnstap-read -x prints a hex dump of the wire format of each logged DNS
message.
* dnstap output files can now be configured to roll automatically when
@ -115,7 +114,7 @@ include:
ISO 8601 (UTC) formats.
* Logging channels and dnstap output files can now be configured to use
a timestamp as the suffix when rolling to a new file.
* named-checkconf -l lists zones found in named.conf.
* 'named-checkconf -l' lists zones found in named.conf.
* Added support for the EDNS Padding and Keepalive options.
* 'new-zones-directory' option sets the location where the configuration
data for zones added by rndc addzone is stored
@ -189,10 +188,11 @@ smaller systems.
For the server to support DNSSEC, you need to build it with crypto
support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
installed. If the OpenSSL library is installed in a nonstandard location,
specify the prefix using "--with-openssl=/prefix" on the configure command
line. To use a PKCS#11 hardware service module for cryptographic
specify the prefix using "--with-openssl=<PREFIX>" on the configure
command line. To use a PKCS#11 hardware service module for cryptographic
operations, specify the path to the PKCS#11 provider library using
"--with-pkcs11=/prefix", and configure BIND with "--enable-native-pkcs11".
"--with-pkcs11=<PREFIX>", and configure BIND with
"--enable-native-pkcs11".
To support the HTTP statistics channel, the server must be linked with at
least one of the following: libxml2 http://xmlsoft.org or json-c https://
@ -212,13 +212,16 @@ libGeoIP. This is not turned on by default; BIND must be configured with
"--with-geoip". If the library is installed in a nonstandard location, use
specify the prefix using "--with-geoip=/prefix".
For DNSTAP packet logging, you must have libfstrm https://github.com/
farsightsec/fstrm and libprotobuf-c https://developers.google.com/
protocol-buffers, and BIND must be configured with "--enable-dnstap".
For DNSTAP packet logging, you must have installed libfstrm https://
github.com/farsightsec/fstrm and libprotobuf-c https://
developers.google.com/protocol-buffers, and BIND must be configured with
"--enable-dnstap".
Python requires the 'argparse' and 'ply' modules to be available.
'argparse' is a standard module as of Python 2.7 and Python 3.2. 'ply' is
available from https://pypi.python.org/pypi/ply.
Portions of BIND that are written in Python, including dnssec-keymgr,
dnssec-coverage, dnssec-checkds, and some of the system tests, require the
'argparse' and 'ply' modules to be available. 'argparse' is a standard
module as of Python 2.7 and Python 3.2. 'ply' is available from https://
pypi.python.org/pypi/ply.
On some platforms it is necessary to explicitly request large file support
to handle files bigger than 2GB. This can be done by using
@ -250,7 +253,7 @@ Automated testing
A system test suite can be run with make test. The system tests require
you to configure a set of virtual IP addresses on your system (this allows
multiple servers to run locally and communicate with one another). These
IP addresses can be configured by by running the script bin/tests/system/
IP addresses can be configured by running the command bin/tests/system/
ifconfig.sh up as root.
Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,

34
README.md
View File

@ -66,12 +66,12 @@ General bug reports can be sent to
Feature requests can be sent to
[bind-suggest@isc.org](mailto:bind-suggest@isc.org).
Please note that, while ISC's ticketing system is not currently publicly
readable, this may change in the future. Please do not include information
in bug reports that you consider to be confidential. For example, when
sending the contents of your configuration file, it is advisable to obscure
key secrets; this can be done automatically by using `named-checkconf
-px`.
Please note that, while tickets submitted to ISC's ticketing system
are not initially publicly readable by default, they can be made publicly
acessible afterward. Please do not include information in bug reports that
you consider to be confidential. In particular, when sending the contents of
your configuration file, it is advisable to obscure key secrets: this can
be done automatically by using `named-checkconf -px`.
Professional support and training for BIND are available from
ISC at [https://www.isc.org/support](https://www.isc.org/support).
@ -85,8 +85,8 @@ may also want to join the __BIND Workers__ mailing list, at
### <a name="contrib"/> Contributing to BIND
A public git repository for BIND is maintained at
[http://www.isc.org/git/](http://www.isc.org/git/), and also on Github
ISC maintains a public git repository for BIND; details can be found
at [http://www.isc.org/git/](http://www.isc.org/git/), and also on Github
at [https://github.com/isc-projects](https://github.com/isc-projects).
Information for BIND contributors can be found in the following files:
@ -116,10 +116,8 @@ include:
* Cached, validated NSEC and other records can now be used to synthesize
NXDOMAIN responses.
* The DNS Response Policy Service API (DNSRPS) is now supported.
* Setting `max-journal-size default` now limits the size of journal files
* Setting `'max-journal-size default'` now limits the size of journal files
to twice the size of the zone.
* The query handling code has been substantially refactored for improved
readability, maintainability and testability .
* `dnstap-read -x` prints a hex dump of the wire format of each logged
DNS message.
* `dnstap` output files can now be configured to roll automatically when
@ -128,7 +126,7 @@ include:
8601 (UTC) formats.
* Logging channels and `dnstap` output files can now be configured to use a
timestamp as the suffix when rolling to a new file.
* `named-checkconf -l` lists zones found in `named.conf`.
* `'named-checkconf -l'` lists zones found in `named.conf`.
* Added support for the EDNS Padding and Keepalive options.
* 'new-zones-directory' option sets the location where the configuration
data for zones added by rndc addzone is stored
@ -195,9 +193,9 @@ performance on smaller systems.
For the server to support DNSSEC, you need to build it with crypto support.
To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the
OpenSSL library is installed in a nonstandard location, specify the prefix
using "--with-openssl=/prefix" on the configure command line. To use a
using "--with-openssl=&lt;PREFIX&gt;" on the configure command line. To use a
PKCS#11 hardware service module for cryptographic operations, specify the
path to the PKCS#11 provider library using "--with-pkcs11=/prefix", and
path to the PKCS#11 provider library using "--with-pkcs11=&lt;PREFIX&gt;", and
configure BIND with "--enable-native-pkcs11".
To support the HTTP statistics channel, the server must be linked with at
@ -220,13 +218,15 @@ libGeoIP. This is not turned on by default; BIND must be configured with
"--with-geoip". If the library is installed in a nonstandard location, use
specify the prefix using "--with-geoip=/prefix".
For DNSTAP packet logging, you must have libfstrm
For DNSTAP packet logging, you must have installed libfstrm
[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
and libprotobuf-c
[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
and BIND must be configured with "--enable-dnstap".
Python requires the 'argparse' and 'ply' modules to be available.
Portions of BIND that are written in Python, including
`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
system tests, require the 'argparse' and 'ply' modules to be available.
'argparse' is a standard module as of Python 2.7 and Python 3.2.
'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
@ -260,7 +260,7 @@ localstatedir defaults to `$prefix/var`.
A system test suite can be run with `make test`. The system tests require
you to configure a set of virtual IP addresses on your system (this allows
multiple servers to run locally and communicate with one another). These
IP addresses can be configured by by running the script
IP addresses can be configured by running the command
`bin/tests/system/ifconfig.sh up` as root.
Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,

20
bin/dnssec/dnssec-signzone.docbook
View File

@ -646,6 +646,26 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<listitem>
<para>
If key's sync publication date is set and in the past,
synchronization records (type CDS and/or CDNSKEY) are
created.
</para>
</listitem>
</varlistentry>
<varlistentry>
<listitem>
<para>
If key's sync deletion date is set and in the past,
synchronization records (type CDS and/or CDNSKEY) are
removed.
</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>

43
doc/arm/Bv9ARM-book.xml
View File

@ -3815,17 +3815,17 @@ notrace</command>. All debugging messages in the server have a debug
<command>print-time</command> can be set to
<userinput>yes</userinput>, <userinput>no</userinput>,
or a time format specifier, which may be one of
<option>local</option>, <option>iso8601</option> or
<option>iso8601-utc</option>. If set to
<userinput>local</userinput>, <userinput>iso8601</userinput> or
<userinput>iso8601-utc</userinput>. If set to
<userinput>no</userinput>, then the date and time will
not be logged. If set to <userinput>yes</userinput>
or <option>local</option>, the date and time are logged
or <userinput>local</userinput>, the date and time are logged
in a human readable format, using the local time zone.
If set to <option>iso8601</option> the local time is
If set to <userinput>iso8601</userinput> the local time is
logged in ISO8601 format. If set to
<option>iso8601-utc</option>, then the date and time
<userinput>iso8601-utc</userinput>, then the date and time
are logged in ISO8601 format, with time zone set to
UTC. The default is <option>local</option>.
UTC. The default is <userinput>local</userinput>.
</para>
<para>
<command>print-time</command> may
@ -4987,7 +4987,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<para>
Specifies the directory in which to store the configuration
parameters for zones added via <command>rndc addzone</command>.
By default, this is the working directory.
By default, this is the working directory. If set to a relative
path, it will be relative to the working directory.
</para>
</listitem>
</varlistentry>
@ -5710,12 +5711,14 @@ options {
<listitem>
<para>
Specifies the TTL to be returned on stale answers.
The default is 1 second. The minimal allowed is
The default is 1 second. The minimum allowed is
also 1 second; a value of 0 will be updated silently
to 1 second. For stale answers to be returned
to 1 second. For stale answers to be returned,
they must be enabled (either in the configuration file
using <command>stale-answer-enable</command> or via
<command>rndc</command>), and
<option>max-stale-ttl</option> must be set to a
non zero value and they must not have been disabled
by <command>rndc</command>.
nonzero value.
</para>
</listitem>
</varlistentry>
@ -6448,17 +6451,21 @@ options {
</varlistentry>
<varlistentry>
<term><command>serve-stale-enable</command></term>
<term><command>stale-answer-enable</command></term>
<listitem>
<para>
Enable the returning of stale answers when the
nameservers for the zone are not answering. This
is off by default but can be enabled/disabled via
<command>rndc server-stale on</command> and
<command>rndc server-stale off</command> which
override the named.conf setting. <command>rndc
server-stale reset</command> will restore control
via named.conf.
is off by default, but can be enabled/disabled via
<command>rndc serve-stale on</command> and
<command>rndc serve-stale off</command>, which
override the <filename>named.conf</filename>
setting. <command>rndc serve-stale reset</command>
restores the setting to the one specified in
<filename>named.conf</filename>. Note that
reloading or reconfiguring <command>named</command>
will not re-enable serving of stale records if they
have been disabled via <command>rndc</command>.
</para>
</listitem>
</varlistentry>

40
doc/arm/notes.xml
View File

@ -50,10 +50,11 @@
anything other than the changes you made to our software.
</para>
<para>
This requirement will not affect anyone who is using BIND
without redistributing it, nor anyone redistributing it without
changes, therefore this change will be without consequence
for most individuals and organizations who are using BIND.
This requirement will not affect anyone who is using BIND, with
or without modifications, without redistributing it, nor anyone
redistributing it without changes. Therefore, this change will be
without consequence for most individuals and organizations who are
using BIND.
</para>
<para>
Those unsure whether or not the license change affects their
@ -65,10 +66,10 @@
</para>
</section>
<section xml:id="win_support"><info><title>Windows XP No Longer Supported</title></info>
<section xml:id="win_support"><info><title>Legacy Windows No Longer Supported</title></info>
<para>
As of BIND 9.11.2, Windows XP is no longer a supported platform for
BIND, and Windows XP binaries are no longer available for download
As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
platforms for BIND; "XP" binaries are no longer available for download
from ISC.
</para>
</section>
@ -294,13 +295,14 @@
zone's validated CDS or CDNSKEY records. It can produce a
<filename>dsset</filename> file suitable for input to
<command>dnssec-signzone</command>, or a series of
<command>nsupdate</command> to update the parent zone via dynamic
DNS. Thanks to Tony Finch for the contribution. [RT #46090]
<command>nsupdate</command> commands to update the parent zone
via dynamic DNS. Thanks to Tony Finch for the contribution.
[RT #46090]
</para>
</listitem>
<listitem>
<para>
<command>nsupdate</command> and <command>rndc</command> now accepts
<command>nsupdate</command> and <command>rndc</command> now accept
command line options <command>-4</command> and <command>-6</command>
which force using only IPv4 or only IPv6, respectively. [RT #45632]
</para>
@ -481,13 +483,18 @@
these algorithms must be supported in OpenSSL;
currently they are only available in the development branch
of OpenSSL at
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://github.com/openssl/openssl">https://github.com/openssl/openssl</link>.
<link xmlns:xlink="http://www.w3.org/1999/xlink"
xlink:href="https://github.com/openssl/openssl">
https://github.com/openssl/openssl</link>.
[RT #44696]
</para>
</listitem>
<listitem>
<para>
EDNS KEY TAG options are verified and printed.
When parsing DNS messages, EDNS KEY TAG options are checked
for correctness. When printing messages (for example, in
<command>dig</command>), EDNS KEY TAG options are printed
in readable format.
</para>
</listitem>
</itemizedlist>
@ -624,15 +631,6 @@
are now fully rolled back in the event of failure. [RT #45841]
</para>
</listitem>
<listitem>
<para>
Fixed a bug that was introduced in an earlier development
release which caused multi-packet AXFR and IXFR messages to fail
validation if not all packets contained TSIG records; this
caused interoperability problems with some other DNS
implementations. [RT #45509]
</para>
</listitem>
<listitem>
<para>
Multiple <command>cookie-secret</command> clauses are now