3 BIND version 9 is a major rewrite of nearly all aspects of the
4 underlying BIND architecture. Some of the important features of
9 TSIG (signed DNS requests)
12 Answers DNS queries on IPv6 sockets
13 IPv6 resource records (AAAA)
14 Experimental IPv6 Resolver Library
16 - DNS Protocol Enhancements
17 IXFR, DDNS, Notify, EDNS0
18 Improved standards conformance
21 One server process can provide multiple "views" of
22 the DNS namespace, e.g. an "inside" view to certain
23 clients, and an "outside" view to others.
25 - Multiprocessor Support
27 - Improved Portability Architecture
30 BIND version 9 development has been underwritten by the following
33 Sun Microsystems, Inc.
35 Compaq Computer Corporation
37 Process Software Corporation
38 Silicon Graphics, Inc.
39 Network Associates, Inc.
40 U.S. Defense Information Systems Agency
42 Stichting NLnet - NLnet Foundation
48 BIND 9.3.2 is a maintenance release, containing fixes for
49 a number of bugs in 9.3.1.
51 libbind: corresponds to that from BIND 8.4.7-REL.
55 The following INSIST can be triggered with DNSSEC enabled.
57 resolver.c:762: INSIST(result != 0 || dns_rdataset_isassociated(event->rdataset) || fctx->type == ((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rdatatype_t)dns_rdatatype_rrsig)) failed
59 We are still trying to isolate the cause. If you have core
60 dump please send a bug report to bind9-bugs@isc.org with
61 the location of the core, named executable and OS details.
63 Note: contrib/nanny contains a perl script to restart named
64 in the event of a INSIST/REQUIRE/ENSURE failure.
68 BIND 9.3.1 is a maintenance release, containing fixes for
69 a number of bugs in 9.3.0.
71 libbind: corresponds to that from BIND 8.4.6-REL.
75 BIND 9.3.0 has a number of new features over 9.2,
78 DNSSEC is now DS based (RFC 3658).
79 See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
81 DNSSEC lookaside validation.
83 check-names is now implemented.
84 rrset-order in more complete.
86 IPv4/IPv6 transition support, dual-stack-servers.
88 IXFR deltas can now be generated when loading master files,
89 ixfr-from-differences.
91 It is now possible to specify the size of a journal, max-journal-size.
93 It is now possible to define a named set of master servers to be
94 used in masters clause, masters.
96 The advertised EDNS UDP size can now be set, edns-udp-size.
98 allow-v6-synthesis has been obsoleted.
101 * Zones containing MD and MF will now be rejected.
102 * dig, nslookup name. now report "Not Implemented" as
103 NOTIMP rather than NOTIMPL. This will have impact on scripts
104 that are looking for NOTIMPL.
106 libbind: corresponds to that from BIND 8.4.5.
110 BIND 9.2.0 has a number of new features over 9.1,
113 - The size of the cache can now be limited using the
114 "max-cache-size" option.
116 - The server can now automatically convert RFC1886-style
117 recursive lookup requests into RFC2874-style lookups,
118 when enabled using the new option "allow-v6-synthesis".
119 This allows stub resolvers that support AAAA records
120 but not A6 record chains or binary labels to perform
121 lookups in domains that make use of these IPv6 DNS
124 - Performance has been improved.
126 - The man pages now use the more portable "man" macros
127 rather than the "mandoc" macros, and are installed
130 - The named.conf parser has been completely rewritten.
131 It now supports "include" directives in more
132 places such as inside "view" statements, and it no
133 longer has any reserved words.
135 - The "rndc status" command is now implemented.
137 - rndc can now be configured automatically.
139 - A BIND 8 compatible stub resolver library is now
140 included in lib/bind.
142 - OpenSSL has been removed from the distribution. This
143 means that to use DNSSEC, OpenSSL must be installed and
144 the --with-openssl option must be supplied to configure.
145 This does not apply to the use of TSIG, which does not
148 - The source distribution now builds on Windows NT/2000.
149 See win32utils/readme1.txt and win32utils/win32-build.txt
152 This distribution also includes a new lightweight stub
153 resolver library and associated resolver daemon that fully
154 support forward and reverse lookups of both IPv4 and IPv6
155 addresses. This library is considered experimental and
156 is not a complete replacement for the BIND 8 resolver library.
157 Applications that use the BIND 8 res_* functions to perform
158 DNS lookups or dynamic updates still need to be linked against
159 the BIND 8 libraries. For DNS lookups, they can also use the
160 new "getrrsetbyname()" API.
162 BIND 9.2 is capable of acting as an authoritative server
163 for DNSSEC secured zones. This functionality is believed to
164 be stable and complete except for lacking support for
165 verifications involving wildcard records in secure zones.
167 When acting as a caching server, BIND 9.2 can be configured
168 to perform DNSSEC secure resolution on behalf of its clients.
169 This part of the DNSSEC implementation is still considered
170 experimental. For detailed information about the state of the
171 DNSSEC implementation, see the file doc/misc/dnssec.
173 There are a few known bugs:
175 On some systems, IPv6 and IPv4 sockets interact in
176 unexpected ways. For details, see doc/misc/ipv6.
177 To reduce the impact of these problems, the server
178 no longer listens for requests on IPv6 addresses
179 by default. If you need to accept DNS queries over
180 IPv6, you must specify "listen-on-v6 { any; };"
181 in the named.conf options statement.
183 FreeBSD prior to 4.2 (and 4.2 if running as non-root)
184 and OpenBSD prior to 2.8 log messages like
185 "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
186 This is due to a bug in "/dev/random" and impacts the
187 server's DNSSEC support.
189 OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
190 OS X 10.2 (Darwin 6.0) reports errors like
191 "fcntl(3, F_SETFL, 4): Operation not supported by device".
192 This is due to a bug in "/dev/random" and impacts the
193 server's DNSSEC support.
195 --with-libtool does not work on AIX.
197 A bug in the Windows 2000 DNS server can cause zone transfers
198 from a BIND 9 server to a W2K server to fail. For details,
199 see the "Zone Transfers" section in doc/misc/migration.
201 For a detailed list of user-visible changes from
202 previous releases, see the CHANGES file.
207 BIND 9 currently requires a UNIX system with an ANSI C compiler,
208 basic POSIX support, and a 64 bit integer type.
210 We've had successful builds and tests on the following systems:
212 COMPAQ Tru64 UNIX 5.1B
217 Solaris 8, 9, 9 (x86)
218 Windows NT/2000/XP/2003
220 Additionally, we have unverified reports of success building
221 previous versions of BIND 9 from users of the following systems:
225 Slackware Linux 7.x, 8.0
227 Debian GNU/Linux 2.2 and 3.0
229 OpenBSD 2.6, 2.8, 2.9
233 Mac OS X 10.1, 10.3.8
240 Do not use a parallel "make".
242 Several environment variables that can be set before running
243 configure will affect compilation:
246 The C compiler to use. configure tries to figure
247 out the right one for supported systems.
250 C compiler flags. Defaults to include -g and/or -O2
251 as supported by the compiler.
254 System header file directories. Can be used to specify
255 where add-on thread or IPv6 support is, for example.
256 Defaults to empty string.
259 Any additional preprocessor symbols you want defined.
260 Defaults to empty string.
263 Change the default syslog facility of named/lwresd.
264 -DISC_FACILITY=LOG_LOCAL0
265 Enable DNSSEC signature chasing support in dig.
266 -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
270 Linker flags. Defaults to empty string.
272 To build shared libraries, specify "--with-libtool" on the
273 configure command line.
275 For the server to support DNSSEC, you need to build it
276 with crypto support. You must have OpenSSL 0.9.5a
277 or newer installed and specify "--with-openssl" on the
278 configure command line. If OpenSSL is installed under
279 a nonstandard prefix, you can tell configure where to
280 look for it using "--with-openssl=/prefix".
282 To build libbind (the BIND 8 resolver library), specify
283 "--enable-libbind" on the configure command line.
285 On some platforms, BIND 9 can be built with multithreading
286 support, allowing it to take advantage of multiple CPUs.
287 You can specify whether to build a multithreaded BIND 9
288 by specifying "--enable-threads" or "--disable-threads"
289 on the configure command line. The default is operating
292 If your operating system has integrated support for IPv6, it
293 will be used automatically. If you have installed KAME IPv6
294 separately, use "--with-kame[=PATH]" to specify its location.
296 "make install" will install "named" and the various BIND 9 libraries.
297 By default, installation is into /usr/local, but this can be changed
298 with the "--prefix" option when running "configure".
300 You may specify the option "--sysconfdir" to set the directory
301 where configuration files like "named.conf" go by default,
302 and "--localstatedir" to set the default parent directory
303 of "run/named.pid". For backwards compatibility with BIND 8,
304 --sysconfdir defaults to "/etc" and --localstatedir defaults to
305 "/var" if no --prefix option is given. If there is a --prefix
306 option, sysconfdir defaults to "$prefix/etc" and localstatedir
307 defaults to "$prefix/var".
309 To see additional configure options, run "configure --help".
310 Note that the help message does not reflect the BIND 8
311 compatibility defaults for sysconfdir and localstatedir.
313 If you're planning on making changes to the BIND 9 source, you
314 should also "make depend". If you're using Emacs, you might find
317 If you need to re-run configure please run "make distclean" first.
318 This will ensure that all the option changes take.
320 Building with gcc is not supported, unless gcc is the vendor's usual
321 compiler (e.g. the various BSD systems, Linux).
323 Known compiler issues:
324 * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
325 * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
326 * gcc-3.3.5 powerpc generates incorrect code at -02.
327 * Irix, MipsPRO 7.4.1m is known to cause problems.
329 A limited test suite can be run with "make test". Many of
330 the tests require you to configure a set of virtual IP addresses
331 on your system, and some require Perl; see bin/tests/system/README
337 The BIND 9 Administrator Reference Manual is included with the
338 source distribution in DocBook XML and HTML format, in the
341 Some of the programs in the BIND 9 distribution have man pages
342 in their directories. In particular, the command line
343 options of "named" are documented in /bin/named/named.8.
344 There is now also a set of man pages for the lwres library.
346 If you are upgrading from BIND 8, please read the migration
347 notes in doc/misc/migration. If you are upgrading from
348 BIND 4, read doc/misc/migration-4to9.
350 Frequently asked questions and their answers can be found in
354 Bug Reports and Mailing Lists
356 Bugs reports should be sent to
360 To join the BIND Users mailing list, send mail to
362 bind-users-request@isc.org
364 archives of which can be found via
366 http://www.isc.org/ops/lists/
368 If you're planning on making changes to the BIND 9 source
369 code, you might want to join the BIND Workers mailing list.
372 bind-workers-request@isc.org