3 BIND version 9 is a major rewrite of nearly all aspects of the
4 underlying BIND architecture. Some of the important features of
9 TSIG (signed DNS requests)
12 Answers DNS queries on IPv6 sockets
13 IPv6 resource records (AAAA)
14 Experimental IPv6 Resolver Library
16 - DNS Protocol Enhancements
17 IXFR, DDNS, Notify, EDNS0
18 Improved standards conformance
21 One server process can provide multiple "views" of
22 the DNS namespace, e.g. an "inside" view to certain
23 clients, and an "outside" view to others.
25 - Multiprocessor Support
27 - Improved Portability Architecture
30 BIND version 9 development has been underwritten by the following
33 Sun Microsystems, Inc.
35 Compaq Computer Corporation
37 Process Software Corporation
38 Silicon Graphics, Inc.
39 Network Associates, Inc.
40 U.S. Defense Information Systems Agency
42 Stichting NLnet - NLnet Foundation
48 BIND 9.3.1 is a maintenance release, containing fixes for
49 a number of bugs in 9.3.0.
51 libbind: corresponds to that from BIND 8.4.6-REL.
55 BIND 9.3.0 has a number of new features over 9.2,
58 DNSSEC is now DS based (RFC 3658).
59 See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
61 DNSSEC lookaside validation.
63 check-names is now implemented.
64 rrset-order in more complete.
66 IPv4/IPv6 transition support, dual-stack-servers.
68 IXFR deltas can now be generated when loading master files,
69 ixfr-from-differences.
71 It is now possible to specify the size of a journal, max-journal-size.
73 It is now possible to define a named set of master servers to be
74 used in masters clause, masters.
76 The advertised EDNS UDP size can now be set, edns-udp-size.
78 allow-v6-synthesis has been obsoleted.
81 * Zones containing MD and MF will now be rejected.
82 * dig, nslookup name. now report "Not Implemented" as
83 NOTIMP rather than NOTIMPL. This will have impact on scripts
84 that are looking for NOTIMPL.
86 libbind: corresponds to that from BIND 8.4.5.
90 BIND 9.2.0 has a number of new features over 9.1,
93 - The size of the cache can now be limited using the
94 "max-cache-size" option.
96 - The server can now automatically convert RFC1886-style
97 recursive lookup requests into RFC2874-style lookups,
98 when enabled using the new option "allow-v6-synthesis".
99 This allows stub resolvers that support AAAA records
100 but not A6 record chains or binary labels to perform
101 lookups in domains that make use of these IPv6 DNS
104 - Performance has been improved.
106 - The man pages now use the more portable "man" macros
107 rather than the "mandoc" macros, and are installed
110 - The named.conf parser has been completely rewritten.
111 It now supports "include" directives in more
112 places such as inside "view" statements, and it no
113 longer has any reserved words.
115 - The "rndc status" command is now implemented.
117 - rndc can now be configured automatically.
119 - A BIND 8 compatible stub resolver library is now
120 included in lib/bind.
122 - OpenSSL has been removed from the distribution. This
123 means that to use DNSSEC, OpenSSL must be installed and
124 the --with-openssl option must be supplied to configure.
125 This does not apply to the use of TSIG, which does not
128 - The source distribution now builds on Windows NT/2000.
129 See win32utils/readme1.txt and win32utils/win32-build.txt
132 This distribution also includes a new lightweight stub
133 resolver library and associated resolver daemon that fully
134 support forward and reverse lookups of both IPv4 and IPv6
135 addresses. This library is considered experimental and
136 is not a complete replacement for the BIND 8 resolver library.
137 Applications that use the BIND 8 res_* functions to perform
138 DNS lookups or dynamic updates still need to be linked against
139 the BIND 8 libraries. For DNS lookups, they can also use the
140 new "getrrsetbyname()" API.
142 BIND 9.2 is capable of acting as an authoritative server
143 for DNSSEC secured zones. This functionality is believed to
144 be stable and complete except for lacking support for
145 verifications involving wildcard records in secure zones.
147 When acting as a caching server, BIND 9.2 can be configured
148 to perform DNSSEC secure resolution on behalf of its clients.
149 This part of the DNSSEC implementation is still considered
150 experimental. For detailed information about the state of the
151 DNSSEC implementation, see the file doc/misc/dnssec.
153 There are a few known bugs:
155 On some systems, IPv6 and IPv4 sockets interact in
156 unexpected ways. For details, see doc/misc/ipv6.
157 To reduce the impact of these problems, the server
158 no longer listens for requests on IPv6 addresses
159 by default. If you need to accept DNS queries over
160 IPv6, you must specify "listen-on-v6 { any; };"
161 in the named.conf options statement.
163 FreeBSD prior to 4.2 (and 4.2 if running as non-root)
164 and OpenBSD prior to 2.8 log messages like
165 "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
166 This is due to a bug in "/dev/random" and impacts the
167 server's DNSSEC support.
169 OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
170 OS X 10.2 (Darwin 6.0) reports errors like
171 "fcntl(3, F_SETFL, 4): Operation not supported by device".
172 This is due to a bug in "/dev/random" and impacts the
173 server's DNSSEC support.
175 --with-libtool does not work on AIX.
177 A bug in the Windows 2000 DNS server can cause zone transfers
178 from a BIND 9 server to a W2K server to fail. For details,
179 see the "Zone Transfers" section in doc/misc/migration.
181 For a detailed list of user-visible changes from
182 previous releases, see the CHANGES file.
187 BIND 9 currently requires a UNIX system with an ANSI C compiler,
188 basic POSIX support, and a 64 bit integer type.
190 We've had successful builds and tests on the following systems:
192 COMPAQ Tru64 UNIX 5.1B
197 Solaris 8, 9, 9 (x86)
198 Windows NT/2000/XP/2003
200 Additionally, we have unverified reports of success building
201 previous versions of BIND 9 from users of the following systems:
205 Slackware Linux 7.x, 8.0
207 Debian GNU/Linux 2.2 and 3.0
209 OpenBSD 2.6, 2.8, 2.9
220 Do not use a parallel "make".
222 Several environment variables that can be set before running
223 configure will affect compilation:
226 The C compiler to use. configure tries to figure
227 out the right one for supported systems.
230 C compiler flags. Defaults to include -g and/or -O2
231 as supported by the compiler.
234 System header file directories. Can be used to specify
235 where add-on thread or IPv6 support is, for example.
236 Defaults to empty string.
239 Any additional preprocessor symbols you want defined.
240 Defaults to empty string.
243 Change the default syslog facility of named/lwresd.
244 -DISC_FACILITY=LOG_LOCAL0
245 Enable DNSSEC signature chasing support in dig.
246 -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
250 Linker flags. Defaults to empty string.
252 To build shared libraries, specify "--with-libtool" on the
253 configure command line.
255 For the server to support DNSSEC, you need to build it
256 with crypto support. You must have OpenSSL 0.9.5a
257 or newer installed and specify "--with-openssl" on the
258 configure command line. If OpenSSL is installed under
259 a nonstandard prefix, you can tell configure where to
260 look for it using "--with-openssl=/prefix".
262 To build libbind (the BIND 8 resolver library), specify
263 "--enable-libbind" on the configure command line.
265 On some platforms, BIND 9 can be built with multithreading
266 support, allowing it to take advantage of multiple CPUs.
267 You can specify whether to build a multithreaded BIND 9
268 by specifying "--enable-threads" or "--disable-threads"
269 on the configure command line. The default is operating
272 If your operating system has integrated support for IPv6, it
273 will be used automatically. If you have installed KAME IPv6
274 separately, use "--with-kame[=PATH]" to specify its location.
276 "make install" will install "named" and the various BIND 9 libraries.
277 By default, installation is into /usr/local, but this can be changed
278 with the "--prefix" option when running "configure".
280 You may specify the option "--sysconfdir" to set the directory
281 where configuration files like "named.conf" go by default,
282 and "--localstatedir" to set the default parent directory
283 of "run/named.pid". For backwards compatibility with BIND 8,
284 --sysconfdir defaults to "/etc" and --localstatedir defaults to
285 "/var" if no --prefix option is given. If there is a --prefix
286 option, sysconfdir defaults to "$prefix/etc" and localstatedir
287 defaults to "$prefix/var".
289 To see additional configure options, run "configure --help".
290 Note that the help message does not reflect the BIND 8
291 compatibility defaults for sysconfdir and localstatedir.
293 If you're planning on making changes to the BIND 9 source, you
294 should also "make depend". If you're using Emacs, you might find
297 If you need to re-run configure please run "make distclean" first.
298 This will ensure that all the option changes take.
300 Building with gcc is not supported, unless gcc is the vendor's usual
301 compiler (e.g. the various BSD systems, Linux).
303 * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
304 * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
305 * gcc-3.3.5 powerpc generates incorrect code at -02.
307 A limited test suite can be run with "make test". Many of
308 the tests require you to configure a set of virtual IP addresses
309 on your system, and some require Perl; see bin/tests/system/README
315 The BIND 9 Administrator Reference Manual is included with the
316 source distribution in DocBook XML and HTML format, in the
319 Some of the programs in the BIND 9 distribution have man pages
320 in their directories. In particular, the command line
321 options of "named" are documented in /bin/named/named.8.
322 There is now also a set of man pages for the lwres library.
324 If you are upgrading from BIND 8, please read the migration
325 notes in doc/misc/migration. If you are upgrading from
326 BIND 4, read doc/misc/migration-4to9.
328 Frequently asked questions and their answers can be found in
332 Bug Reports and Mailing Lists
334 Bugs reports should be sent to
338 To join the BIND Users mailing list, send mail to
340 bind-users-request@isc.org
342 archives of which can be found via
344 http://www.isc.org/ops/lists/
346 If you're planning on making changes to the BIND 9 source
347 code, you might want to join the BIND Workers mailing list.
350 bind-workers-request@isc.org