mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

README formatting

Browse Source
This commit is contained in:
Evan Hunt
2013-12-11 20:07:25 -08:00
parent 1bdc17e54e
commit 3b1b34f762
1 changed files with 243 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

484
README
View File

@@ -96,322 +96,324 @@ BIND 9.10.0
responding to queries. responding to queries.
- New 'named-rrchecker' tool to verify the syntactic - New 'named-rrchecker' tool to verify the syntactic
correctness of individual resource records. correctness of individual resource records.
- When re-signing a zone, the new "dnssec-signzone -Q" option
drops signatures from keys that are still published but are
no longer active.
BIND 9.9.0 BIND 9.9.0
BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
releases. New features include: releases. New features include:
- Inline signing, allowing automatic DNSSEC signing of - Inline signing, allowing automatic DNSSEC signing of
master zones without modification of the zonefile, or master zones without modification of the zonefile, or
"bump in the wire" signing in slaves. "bump in the wire" signing in slaves.
- NXDOMAIN redirection. - NXDOMAIN redirection.
- New 'rndc flushtree' command clears all data under a given - New 'rndc flushtree' command clears all data under a given
name from the DNS cache. name from the DNS cache.
- New 'rndc sync' command dumps pending changes in a dynamic - New 'rndc sync' command dumps pending changes in a dynamic
zone to disk without a freeze/thaw cycle. zone to disk without a freeze/thaw cycle.
- New 'rndc signing' command displays or clears signing status - New 'rndc signing' command displays or clears signing status
records in 'auto-dnssec' zones. records in 'auto-dnssec' zones.
- NSEC3 parameters for 'auto-dnssec' zones can now be set prior - NSEC3 parameters for 'auto-dnssec' zones can now be set prior
to signing, eliminating the need to initially sign with NSEC. to signing, eliminating the need to initially sign with NSEC.
- Startup time improvements on large authoritative servers. - Startup time improvements on large authoritative servers.
- Slave zones are now saved in raw format by default. - Slave zones are now saved in raw format by default.
- Several improvements to response policy zones (RPZ). - Several improvements to response policy zones (RPZ).
- Improved hardware scalability by using multiple threads - Improved hardware scalability by using multiple threads
to listen for queries and using finer-grained client locking to listen for queries and using finer-grained client locking
- The 'also-notify' option now takes the same syntax as - The 'also-notify' option now takes the same syntax as
'masters', so it can used named masterlists and TSIG keys. 'masters', so it can used named masterlists and TSIG keys.
- 'dnssec-signzone -D' writes an output file containing only DNSSEC - 'dnssec-signzone -D' writes an output file containing only DNSSEC
data, which can be included by the primary zone file. data, which can be included by the primary zone file.
- 'dnssec-signzone -R' forces removal of signatures that are - 'dnssec-signzone -R' forces removal of signatures that are
not expired but were created by a key which no longer exists. not expired but were created by a key which no longer exists.
- 'dnssec-signzone -X' allows a separate expiration date to - 'dnssec-signzone -X' allows a separate expiration date to
be specified for DNSKEY signatures from other signatures. be specified for DNSKEY signatures from other signatures.
- New '-L' option to dnssec-keygen, dnssec-settime, and - New '-L' option to dnssec-keygen, dnssec-settime, and
dnssec-keyfromlabel sets the default TTL for the key. dnssec-keyfromlabel sets the default TTL for the key.
- dnssec-dsfromkey now supports reading from standard input, - dnssec-dsfromkey now supports reading from standard input,
to make it easier to convert DNSKEY to DS. to make it easier to convert DNSKEY to DS.
- RFC 1918 reverse zones have been added to the empty-zones - RFC 1918 reverse zones have been added to the empty-zones
table per RFC 6303. table per RFC 6303.
- Dynamic updates can now optionally set the zone's SOA serial - Dynamic updates can now optionally set the zone's SOA serial
number to the current UNIX time. number to the current UNIX time.
- DLZ modules can now retrieve the source IP address of - DLZ modules can now retrieve the source IP address of
the querying client. the querying client.
- 'request-ixfr' option can now be set at the per-zone level. - 'request-ixfr' option can now be set at the per-zone level.
- 'dig +rrcomments' turns on comments about DNSKEY records, - 'dig +rrcomments' turns on comments about DNSKEY records,
indicating their key ID, algorithm and function indicating their key ID, algorithm and function
- Simplified nsupdate syntax and added readline support - Simplified nsupdate syntax and added readline support
Building Building
BIND 9 currently requires a UNIX system with an ANSI C compiler, BIND 9 currently requires a UNIX system with an ANSI C compiler,
basic POSIX support, and a 64 bit integer type. basic POSIX support, and a 64 bit integer type.
We've had successful builds and tests on the following systems: We've had successful builds and tests on the following systems:
COMPAQ Tru64 UNIX 5.1B COMPAQ Tru64 UNIX 5.1B
Fedora Core 6 Fedora Core 6
FreeBSD 4.10, 5.2.1, 6.2 FreeBSD 4.10, 5.2.1, 6.2
HP-UX 11.11 HP-UX 11.11
Mac OS X 10.5 Mac OS X 10.5
NetBSD 3.x, 4.0-beta, 5.0-beta NetBSD 3.x, 4.0-beta, 5.0-beta
OpenBSD 3.3 and up OpenBSD 3.3 and up
Solaris 8, 9, 9 (x86), 10 Solaris 8, 9, 9 (x86), 10
Ubuntu 7.04, 7.10 Ubuntu 7.04, 7.10
Windows XP/2003/2008 Windows XP/2003/2008
NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
Windows, including Windows NT and Windows 2000, are no longer Windows, including Windows NT and Windows 2000, are no longer
supported. supported.
We have recent reports from the user community that a supported We have recent reports from the user community that a supported
version of BIND will build and run on the following systems: version of BIND will build and run on the following systems:
AIX 4.3, 5L AIX 4.3, 5L
CentOS 4, 4.5, 5 CentOS 4, 4.5, 5
Darwin 9.0.0d1/ARM Darwin 9.0.0d1/ARM
Debian 4, 5, 6 Debian 4, 5, 6
Fedora Core 5, 7, 8 Fedora Core 5, 7, 8
FreeBSD 6, 7, 8 FreeBSD 6, 7, 8
HP-UX 11.23 PA HP-UX 11.23 PA
MacOS X 10.5, 10.6, 10.7 MacOS X 10.5, 10.6, 10.7
Red Hat Enterprise Linux 4, 5, 6 Red Hat Enterprise Linux 4, 5, 6
SCO OpenServer 5.0.6 SCO OpenServer 5.0.6
Slackware 9, 10 Slackware 9, 10
SuSE 9, 10 SuSE 9, 10
To build, just To build, just
./configure ./configure
make make
Do not use a parallel "make". Do not use a parallel "make".
Several environment variables that can be set before running Several environment variables that can be set before running
configure will affect compilation: configure will affect compilation:
CC CC
The C compiler to use. configure tries to figure The C compiler to use. configure tries to figure
out the right one for supported systems. out the right one for supported systems.
CFLAGS CFLAGS
C compiler flags. Defaults to include -g and/or -O2 C compiler flags. Defaults to include -g and/or -O2
as supported by the compiler. Please include '-g' as supported by the compiler. Please include '-g'
if you need to set CFLAGS. if you need to set CFLAGS.
STD_CINCLUDES STD_CINCLUDES
System header file directories. Can be used to specify System header file directories. Can be used to specify
where add-on thread or IPv6 support is, for example. where add-on thread or IPv6 support is, for example.
Defaults to empty string. Defaults to empty string.
STD_CDEFINES STD_CDEFINES
Any additional preprocessor symbols you want defined. Any additional preprocessor symbols you want defined.
Defaults to empty string. Defaults to empty string.
Possible settings: Possible settings:
Change the default syslog facility of named/lwresd. Change the default syslog facility of named/lwresd.
-DISC_FACILITY=LOG_LOCAL0 -DISC_FACILITY=LOG_LOCAL0
Enable DNSSEC signature chasing support in dig. Enable DNSSEC signature chasing support in dig.
-DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
-DDIG_SIGCHASE_BU=1) -DDIG_SIGCHASE_BU=1)
Disable dropping queries from particular well known ports. Disable dropping queries from particular well known ports.
-DNS_CLIENT_DROPPORT=0 -DNS_CLIENT_DROPPORT=0
Sibling glue checking in named-checkzone is enabled by default. Sibling glue checking in named-checkzone is enabled by default.
To disable the default check set. -DCHECK_SIBLING=0 To disable the default check set. -DCHECK_SIBLING=0
named-checkzone checks out-of-zone addresses by default. named-checkzone checks out-of-zone addresses by default.
To disable this default set. -DCHECK_LOCAL=0 To disable this default set. -DCHECK_LOCAL=0
To create the default pid files in ${localstatedir}/run rather To create the default pid files in ${localstatedir}/run rather
than ${localstatedir}/run/{named,lwresd}/ set. than ${localstatedir}/run/{named,lwresd}/ set.
-DNS_RUN_PID_DIR=0 -DNS_RUN_PID_DIR=0
Enable workaround for Solaris kernel bug about /dev/poll Enable workaround for Solaris kernel bug about /dev/poll
-DISC_SOCKET_USE_POLLWATCH=1 -DISC_SOCKET_USE_POLLWATCH=1
The watch timeout is also configurable, e.g., The watch timeout is also configurable, e.g.,
-DISC_SOCKET_POLLWATCH_TIMEOUT=20 -DISC_SOCKET_POLLWATCH_TIMEOUT=20
LDFLAGS LDFLAGS
Linker flags. Defaults to empty string. Linker flags. Defaults to empty string.
The following need to be set when cross compiling. The following need to be set when cross compiling.
BUILD_CC BUILD_CC
The native C compiler. The native C compiler.
BUILD_CFLAGS (optional) BUILD_CFLAGS (optional)
BUILD_CPPFLAGS (optional) BUILD_CPPFLAGS (optional)
Possible Settings: Possible Settings:
-DNEED_OPTARG=1 (optarg is not declared in <unistd.h>) -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
BUILD_LDFLAGS (optional) BUILD_LDFLAGS (optional)
BUILD_LIBS (optional) BUILD_LIBS (optional)
On most platforms, BIND 9 is built with multithreading On most platforms, BIND 9 is built with multithreading
support, allowing it to take advantage of multiple CPUs. support, allowing it to take advantage of multiple CPUs.
You can configure this by specifying "--enable-threads" or You can configure this by specifying "--enable-threads" or
"--disable-threads" on the configure command line. The default "--disable-threads" on the configure command line. The default
is to enable threads, except on some older operating systems is to enable threads, except on some older operating systems
on which threads are known to have had problems in the past. on which threads are known to have had problems in the past.
(Note: Prior to BIND 9.10, the default was to disable threads on (Note: Prior to BIND 9.10, the default was to disable threads on
Linux systems; this has been reversed. On Linux systems, the Linux systems; this has been reversed. On Linux systems, the
threaded build is known to change BIND's behavior with respect threaded build is known to change BIND's behavior with respect
to file permissions; it may be necessary to specify a user with to file permissions; it may be necessary to specify a user with
the -u option when running named.) the -u option when running named.)
To build shared libraries, specify "--with-libtool" on the To build shared libraries, specify "--with-libtool" on the
configure command line. configure command line.
For the server to support DNSSEC, you need to build it For the server to support DNSSEC, you need to build it
with crypto support. You must have OpenSSL 0.9.5a with crypto support. You must have OpenSSL 0.9.5a
or newer installed and specify "--with-openssl" on the or newer installed and specify "--with-openssl" on the
configure command line. If OpenSSL is installed under configure command line. If OpenSSL is installed under
a nonstandard prefix, you can tell configure where to a nonstandard prefix, you can tell configure where to
look for it using "--with-openssl=/prefix". look for it using "--with-openssl=/prefix".
To support the HTTP statistics channel, the server must To support the HTTP statistics channel, the server must
be linked with at least one of the following: libxml2 be linked with at least one of the following: libxml2
(http://xmlsoft.org) or json-c (https://github.com/json-c). (http://xmlsoft.org) or json-c (https://github.com/json-c).
If these are installed at a nonstandard prefix, use If these are installed at a nonstandard prefix, use
"--with-libxml2=/prefix" or "--with-libjson=/prefix". "--with-libxml2=/prefix" or "--with-libjson=/prefix".
On some platforms it is necessary to explictly request large On some platforms it is necessary to explictly request large
file support to handle files bigger than 2GB. This can be file support to handle files bigger than 2GB. This can be
done by "--enable-largefile" on the configure command line. done by "--enable-largefile" on the configure command line.
Support for the "fixed" rrset-order option can be enabled Support for the "fixed" rrset-order option can be enabled
or disabled by specifying "--enable-fixed-rrset" or or disabled by specifying "--enable-fixed-rrset" or
"--disable-fixed-rrset" on the configure command line. "--disable-fixed-rrset" on the configure command line.
The default is "disabled", to reduce memory footprint. The default is "disabled", to reduce memory footprint.
If your operating system has integrated support for IPv6, it If your operating system has integrated support for IPv6, it
will be used automatically. If you have installed KAME IPv6 will be used automatically. If you have installed KAME IPv6
separately, use "--with-kame[=PATH]" to specify its location. separately, use "--with-kame[=PATH]" to specify its location.
"make install" will install "named" and the various BIND 9 libraries. "make install" will install "named" and the various BIND 9 libraries.
By default, installation is into /usr/local, but this can be changed By default, installation is into /usr/local, but this can be changed
with the "--prefix" option when running "configure". with the "--prefix" option when running "configure".
You may specify the option "--sysconfdir" to set the directory You may specify the option "--sysconfdir" to set the directory
where configuration files like "named.conf" go by default, where configuration files like "named.conf" go by default,
and "--localstatedir" to set the default parent directory and "--localstatedir" to set the default parent directory
of "run/named.pid". For backwards compatibility with BIND 8, of "run/named.pid". For backwards compatibility with BIND 8,
--sysconfdir defaults to "/etc" and --localstatedir defaults to --sysconfdir defaults to "/etc" and --localstatedir defaults to
"/var" if no --prefix option is given. If there is a --prefix "/var" if no --prefix option is given. If there is a --prefix
option, sysconfdir defaults to "$prefix/etc" and localstatedir option, sysconfdir defaults to "$prefix/etc" and localstatedir
defaults to "$prefix/var". defaults to "$prefix/var".
To see additional configure options, run "configure --help". To see additional configure options, run "configure --help".
Note that the help message does not reflect the BIND 8 Note that the help message does not reflect the BIND 8
compatibility defaults for sysconfdir and localstatedir. compatibility defaults for sysconfdir and localstatedir.
If you're planning on making changes to the BIND 9 source, you If you're planning on making changes to the BIND 9 source, you
should also "make depend". If you're using Emacs, you might find should also "make depend". If you're using Emacs, you might find
"make tags" helpful. "make tags" helpful.
If you need to re-run configure please run "make distclean" first. If you need to re-run configure please run "make distclean" first.
This will ensure that all the option changes take. This will ensure that all the option changes take.
Building with gcc is not supported, unless gcc is the vendor's usual Building with gcc is not supported, unless gcc is the vendor's usual
compiler (e.g. the various BSD systems, Linux). compiler (e.g. the various BSD systems, Linux).
Known compiler issues: Known compiler issues:
* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86. * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02. * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
* gcc-3.3.5 powerpc generates incorrect code at -02. * gcc-3.3.5 powerpc generates incorrect code at -02.
* Irix, MipsPRO 7.4.1m is known to cause problems. * Irix, MipsPRO 7.4.1m is known to cause problems.
A limited test suite can be run with "make test". Many of A limited test suite can be run with "make test". Many of
the tests require you to configure a set of virtual IP addresses the tests require you to configure a set of virtual IP addresses
on your system, and some require Perl; see bin/tests/system/README on your system, and some require Perl; see bin/tests/system/README
for details. for details.
SunOS 4 requires "printf" to be installed to make the shared SunOS 4 requires "printf" to be installed to make the shared
libraries. sh-utils-1.16 provides a "printf" which compiles libraries. sh-utils-1.16 provides a "printf" which compiles
on SunOS 4. on SunOS 4.
Known limitations Known limitations
Linux requires kernel build 2.6.39 or later to get the Linux requires kernel build 2.6.39 or later to get the
performance benefits from using multiple sockets. performance benefits from using multiple sockets.
Documentation Documentation
The BIND 9 Administrator Reference Manual is included with the The BIND 9 Administrator Reference Manual is included with the
source distribution in DocBook XML and HTML format, in the source distribution in DocBook XML and HTML format, in the
doc/arm directory. doc/arm directory.
Some of the programs in the BIND 9 distribution have man pages Some of the programs in the BIND 9 distribution have man pages
in their directories. In particular, the command line in their directories. In particular, the command line
options of "named" are documented in /bin/named/named.8. options of "named" are documented in /bin/named/named.8.
There is now also a set of man pages for the lwres library. There is now also a set of man pages for the lwres library.
If you are upgrading from BIND 8, please read the migration If you are upgrading from BIND 8, please read the migration
notes in doc/misc/migration. If you are upgrading from notes in doc/misc/migration. If you are upgrading from
BIND 4, read doc/misc/migration-4to9. BIND 4, read doc/misc/migration-4to9.
Frequently asked questions and their answers can be found in Frequently asked questions and their answers can be found in
FAQ. FAQ.
Additional information on various subjects can be found Additional information on various subjects can be found
in the other README files. in the other README files.
Change Log Change Log
A detailed list of all changes to BIND 9 is included in the A detailed list of all changes to BIND 9 is included in the
file CHANGES, with the most recent changes listed first. file CHANGES, with the most recent changes listed first.
Change notes include tags indicating the category of the Change notes include tags indicating the category of the
change that was made; these categories are: change that was made; these categories are:
[func] New feature [func] New feature
[bug] General bug fix [bug] General bug fix
[security] Fix for a significant security flaw [security] Fix for a significant security flaw
[experimental] Used for new features when the syntax [experimental] Used for new features when the syntax
or other aspects of the design are still or other aspects of the design are still
in flux and may change in flux and may change
[port] Portability enhancement [port] Portability enhancement
[maint] Updates to built-in data such as root [maint] Updates to built-in data such as root
server addresses and keys server addresses and keys
[tuning] Changes to built-in configuration defaults [tuning] Changes to built-in configuration defaults
and constants to improve performanceo and constants to improve performanceo
[protocol] Updates to the DNS protocol such as new [protocol] Updates to the DNS protocol such as new
RR types RR types
[test] Changes to the automatic tests, not [test] Changes to the automatic tests, not
affecting server functionality affecting server functionality
[cleanup] Minor corrections and refactoring [cleanup] Minor corrections and refactoring
[doc] Documentation [doc] Documentation
In general, [func] and [experimental] tags will only appear In general, [func] and [experimental] tags will only appear
in new-feature releases (i.e., those with version numbers in new-feature releases (i.e., those with version numbers
ending in zero). Some new functionality may be backported to ending in zero). Some new functionality may be backported to
older releases on a case-by-case basis. All other change older releases on a case-by-case basis. All other change
types may be applied to all currently-supported releases. types may be applied to all currently-supported releases.
Bug Reports and Mailing Lists Bug Reports and Mailing Lists
Bugs reports should be sent to Bugs reports should be sent to
bind9-bugs@isc.org bind9-bugs@isc.org
To join the BIND Users mailing list, send mail to To join the BIND Users mailing list, send mail to
bind-users-request@isc.org bind-users-request@isc.org
archives of which can be found via archives of which can be found via
http://www.isc.org/ops/lists/ http://www.isc.org/ops/lists/
If you're planning on making changes to the BIND 9 source If you're planning on making changes to the BIND 9 source
code, you might want to join the BIND Workers mailing list. code, you might want to join the BIND Workers mailing list.
Send mail to Send mail to
bind-workers-request@isc.org
bind-workers-request@isc.org