3 BIND version 9 is a major rewrite of nearly all aspects of the
4 underlying BIND architecture. Some of the important features of
9 TSIG (signed DNS requests)
12 Answers DNS queries on IPv6 sockets
13 IPv6 resource records (AAAA)
14 Experimental IPv6 Resolver Library
16 - DNS Protocol Enhancements
17 IXFR, DDNS, Notify, EDNS0
18 Improved standards conformance
21 One server process can provide multiple "views" of
22 the DNS namespace, e.g. an "inside" view to certain
23 clients, and an "outside" view to others.
25 - Multiprocessor Support
27 - Improved Portability Architecture
30 BIND version 9 development has been underwritten by the following
33 Sun Microsystems, Inc.
35 Compaq Computer Corporation
37 Process Software Corporation
38 Silicon Graphics, Inc.
39 Network Associates, Inc.
40 U.S. Defense Information Systems Agency
42 Stichting NLnet - NLnet Foundation
48 BIND 9.2.4 is a maintenance release, containing fixes for
49 a number of bugs in 9.2.3.
51 libbind: corresponds to that from BIND 8.4.5.
55 BIND 9.2.3 is a maintenance release, containing fixes for
56 a number of bugs in 9.2.2.
58 A new zone type delegation-only is now supported.
59 A new view option root-delegation-only is now supported.
61 libbind: corresponds to that from BIND 8.4.0.
65 BIND 9.2.2 is a maintenance release, containing fixes for
66 a number of bugs in 9.2.1 but no new features. RFC 2535
67 style DNSSEC is disabled as it is incompatible with the
68 forthcoming DS style DNSSEC.
70 libbind: from BIND 8.3.3. [CERT CA-2002-19]
71 Minimum OpenSSL version now 0.9.6e. [CERT CA-2002-23]
75 BIND 9.2.1 is a maintenance release, containing fixes for
76 a number of bugs in 9.2.0 but no new features.
78 NOTE: dig, nslookup name. now report "Not Implemented" as
79 NOTIMP rather than NOTIMPL. This will have impact on scripts
80 that are looking for NOTIMPL.
84 BIND 9.2.0 introduces a number of new features over 9.1,
87 - The size of the cache can now be limited using the
88 "max-cache-size" option.
90 - The server can now automatically convert RFC1886-style
91 recursive lookup requests into RFC2874-style lookups,
92 when enabled using the new option "allow-v6-synthesis".
93 This allows stub resolvers that support AAAA records
94 but not A6 record chains or binary labels to perform
95 lookups in domains that make use of these IPv6 DNS
98 - Performance has been improved.
100 - The man pages now use the more portable "man" macros
101 rather than the "mandoc" macros, and are installed
104 - The named.conf parser has been completely rewritten.
105 It now supports "include" directives in more
106 places such as inside "view" statements, and it no
107 longer has any reserved words.
109 - The "rndc status" command is now implemented.
111 - rndc can now be configured automatically.
113 - A BIND 8 compatible stub resolver library is now
114 included in lib/bind.
116 - OpenSSL has been removed from the distribution. This
117 means that to use DNSSEC, OpenSSL must be installed and
118 the --with-openssl option must be supplied to configure.
119 This does not apply to the use of TSIG, which does not
122 - The source distribution now builds on Windows NT/2000.
123 See win32utils/readme1.txt and win32utils/win32-build.txt
126 This distribution also includes a new lightweight stub
127 resolver library and associated resolver daemon that fully
128 support forward and reverse lookups of both IPv4 and IPv6
129 addresses. This library is considered experimental and
130 is not a complete replacement for the BIND 8 resolver library.
131 Applications that use the BIND 8 res_* functions to perform
132 DNS lookups or dynamic updates still need to be linked against
133 the BIND 8 libraries. For DNS lookups, they can also use the
134 new "getrrsetbyname()" API.
136 BIND 9.2 is capable of acting as an authoritative server
137 for DNSSEC secured zones. This functionality is believed to
138 be stable and complete except for lacking support for wildcard
139 records in secure zones.
141 When acting as a caching server, BIND 9.2 can be configured
142 to perform DNSSEC secure resolution on behalf of its clients.
143 This part of the DNSSEC implementation is still considered
144 experimental. For detailed information about the state of the
145 DNSSEC implementation, see the file doc/misc/dnssec.
147 There are a few known bugs:
149 On some systems, IPv6 and IPv4 sockets interact in
150 unexpected ways. For details, see doc/misc/ipv6.
151 To reduce the impact of these problems, the server
152 no longer listens for requests on IPv6 addresses
153 by default. If you need to accept DNS queries over
154 IPv6, you must specify "listen-on-v6 { any; };"
155 in the named.conf options statement.
157 FreeBSD prior to 4.2 (and 4.2 if running as non-root)
158 and OpenBSD prior to 2.8 log messages like
159 "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
160 This is due to a bug in "/dev/random" and impacts the
161 server's DNSSEC support.
163 OS X 10.1.4 (Darwin 5.4) reports errors like
164 "fcntl(3, F_SETFL, 4): Operation not supported by device".
165 This is due to a bug in "/dev/random" and impacts the
166 server's DNSSEC support.
168 --with-libtool does not work on AIX.
170 A bug in the Windows 2000 DNS server can cause zone transfers
171 from a BIND 9 server to a W2K server to fail. For details,
172 see the "Zone Transfers" section in doc/misc/migration.
174 For a detailed list of user-visible changes from
175 previous releases, see the CHANGES file.
180 BIND 9 currently requires a UNIX system with an ANSI C compiler,
181 basic POSIX support, and a 64 bit integer type.
183 We've had successful builds and tests on the following systems:
186 COMPAQ Tru64 UNIX 4.0D
187 COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
188 FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
192 Red Hat Linux 6.0, 6.1, 6.2, 7.0
196 Additionally, we have unverified reports of success building
197 previous versions of BIND 9 from users of the following systems:
201 Slackware Linux 7.x, 8.0
203 Debian GNU/Linux 2.2 and 3.0
204 OpenBSD 2.6, 2.8, 2.9
216 Do not use a parallel "make".
218 Several environment variables that can be set before running
219 configure will affect compilation:
222 The C compiler to use. configure tries to figure
223 out the right one for supported systems.
226 C compiler flags. Defaults to include -g and/or -O2
227 as supported by the compiler.
230 System header file directories. Can be used to specify
231 where add-on thread or IPv6 support is, for example.
232 Defaults to empty string.
235 Any additional preprocessor symbols you want defined.
236 Defaults to empty string.
240 Enable support RFC 2535 style DNSSEC. This
241 is incompatable with the upcoming DS support
242 and SHOULD NOT be set unless you are currently
246 Linker flags. Defaults to empty string.
248 To build shared libraries, specify "--with-libtool" on the
249 configure command line.
251 For the server to support DNSSEC, you need to build it
252 with crypto support. You must have OpenSSL 0.9.5a
253 or newer installed and specify "--with-openssl" on the
254 configure command line. If OpenSSL is installed under
255 a nonstandard prefix, you can tell configure where to
256 look for it using "--with-openssl=/prefix".
258 To build libbind (the BIND 8 resolver library), specify
259 "--enable-libbind" on the configure command line.
261 On some platforms, BIND 9 can be built with multithreading
262 support, allowing it to take advantage of multiple CPUs.
263 You can specify whether to build a multithreaded BIND 9
264 by specifying "--enable-threads" or "--disable-threads"
265 on the configure command line. The default is operating
268 If your operating system has integrated support for IPv6, it
269 will be used automatically. If you have installed KAME IPv6
270 separately, use "--with-kame[=PATH]" to specify its location.
272 "make install" will install "named" and the various BIND 9 libraries.
273 By default, installation is into /usr/local, but this can be changed
274 with the "--prefix" option when running "configure".
276 You may specify the option "--sysconfdir" to set the directory
277 where configuration files like "named.conf" go by default,
278 and "--localstatedir" to set the default parent directory
279 of "run/named.pid". For backwards compatibility with BIND 8,
280 --sysconfdir defaults to "/etc" and --localstatedir defaults to
281 "/var" if no --prefix option is given. If there is a --prefix
282 option, sysconfdir defaults to "$prefix/etc" and localstatedir
283 defaults to "$prefix/var".
285 To see additional configure options, run "configure --help".
286 Note that the help message does not reflect the BIND 8
287 compatibility defaults for sysconfdir and localstatedir.
289 If you're planning on making changes to the BIND 9 source, you
290 should also "make depend". If you're using Emacs, you might find
293 If you need to re-run configure please run "make distclean" first.
294 This will ensure that all the option changes take.
296 Building with gcc is not supported, unless gcc is the vendor's usual
297 compiler (e.g. the various BSD systems, Linux).
299 * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86
300 if the optimiser is enabled. Use -O0 to disable the optimiser.
301 * gcc ultrasparc generates incorrect code at -02.
303 A limited test suite can be run with "make test". Many of
304 the tests require you to configure a set of virtual IP addresses
305 on your system, and some require Perl; see bin/tests/system/README
310 The BIND 9 Administrator Reference Manual is included with the
311 source distribution in DocBook XML and HTML format, in the
314 Some of the programs in the BIND 9 distribution have man pages
315 in their directories. In particular, the command line
316 options of "named" are documented in /bin/named/named.8.
317 There is now also a set of man pages for the lwres library.
319 If you are upgrading from BIND 8, please read the migration
320 notes in doc/misc/migration. If you are upgrading from
321 BIND 4, read doc/misc/migration-4to9.
323 Frequently asked questions and their answers can be found in
327 Bug Reports and Mailing Lists
329 Bugs reports should be sent to
333 Configuration questions should be sent to the BIND 9 Users
334 mailing list. Compilation questions should be sent to the
335 BIND 9 Users mailing list.
337 To join the BIND Users mailing list, send mail to
339 bind-users-request@isc.org
341 archives of which can be found via
343 http://www.isc.org/ml-archives/
345 If you're planning on making changes to the BIND 9 source
346 code, you might want to join the BIND Workers mailing list.
349 bind-workers-request@isc.org