NameDateSize

..16-Mar-201612 KiB

acconfig.h29-Dec-20124.2 KiB

aclocal.m429-Dec-2012233.1 KiB

bin/29-Dec-20124 KiB

CHANGES29-Dec-2012246.8 KiB

config.guess29-Dec-201243.5 KiB

config.h.in29-Dec-20129.3 KiB

config.h.win3229-Dec-20126.4 KiB

config.sub29-Dec-201232 KiB

config.threads.in29-Dec-20124.3 KiB

configure29-Dec-2012981.6 KiB

configure.in29-Dec-201272.6 KiB

contrib/29-Dec-20124 KiB

COPYRIGHT29-Dec-20121.6 KiB

debian/29-Dec-20124 KiB

doc/29-Dec-20124 KiB

docutil/29-Dec-20124 KiB

FAQ29-Dec-201228.9 KiB

FAQ.xml29-Dec-201239.5 KiB

install-sh29-Dec-20125.4 KiB

isc-config.sh.in29-Dec-20122.9 KiB

KNOWN-DEFECTS29-Dec-20129.7 KiB

lib/29-Dec-20124 KiB

libtool.m429-Dec-2012207.7 KiB

ltmain.sh29-Dec-2012195.3 KiB

make/29-Dec-20124 KiB

Makefile.in29-Dec-20122 KiB

mkinstalldirs29-Dec-2012727

README29-Dec-201217.5 KiB

README.idnkit29-Dec-20123.7 KiB

version29-Dec-2012209

win32utils/29-Dec-20124 KiB

README

1BIND 9
2
3	BIND version 9 is a major rewrite of nearly all aspects of the
4	underlying BIND architecture.  Some of the important features of
5	BIND 9 are:
6
7		- DNS Security
8			DNSSEC (signed zones)
9			TSIG (signed DNS requests)
10
11		- IP version 6
12			Answers DNS queries on IPv6 sockets
13			IPv6 resource records (AAAA)
14			Experimental IPv6 Resolver Library
15
16		- DNS Protocol Enhancements
17			IXFR, DDNS, Notify, EDNS0
18			Improved standards conformance
19
20		- Views
21			One server process can provide multiple "views" of
22			the DNS namespace, e.g. an "inside" view to certain
23			clients, and an "outside" view to others.
24
25		- Multiprocessor Support
26
27		- Improved Portability Architecture
28
29
30	BIND version 9 development has been underwritten by the following
31	organizations:
32
33		Sun Microsystems, Inc.
34		Hewlett Packard
35		Compaq Computer Corporation
36		IBM
37		Process Software Corporation
38		Silicon Graphics, Inc.
39		Network Associates, Inc.
40		U.S. Defense Information Systems Agency
41		USENIX Association
42		Stichting NLnet - NLnet Foundation
43		Nominum, Inc.
44
45
46BIND 9.5.0
47
48	BIND 9.5.0 has a number of new features over 9.4,
49	including:
50
51	- GSS-TSIG support (RFC 3645).
52	- DHCID support.
53	- Experimental http server and statistics support for named via xml.
54	- More detailed statistics counters including those supported in
55	  BIND 8.
56	- Faster ACL processing.
57	- Internal documentation generated by Doxygen.
58        - Efficient LRU cache-cleaning mechanism.
59        - NSID support (RFC 5001).
60
61	Please see the file KNOWN-DEFECTS for information about known
62	problems in the 9.5.0 release.
63
64BIND 9.4.0
65
66	BIND 9.4.0 has a number of new features over 9.3,
67	including:
68
69	Implemented "additional section caching (or acache)", an
70	internal cache framework for additional section content to
71	improve response performance.  Several configuration options
72	were provided to control the behavior.
73
74	New notify type 'master-only'.  Enable notify for master
75	zones only.
76
77	Accept 'notify-source' style syntax for query-source.
78
79	rndc now allows addresses to be set in the server clauses.
80
81	New option "allow-query-cache".  This lets allow-query be
82	used to specify the default zone access level rather than
83	having to have every zone override the global value.
84	allow-query-cache can be set at both the options and view
85	levels. If allow-query-cache is not set then allow-recursion
86	is used if set, otherwise allow-query is used if set, otherwise
87	the default (localhost; localnets;) is used.
88
89	rndc: the source address can now be specified.
90
91	ixfr-from-differences now takes master and slave in addition
92	to yes and no at the options and view levels.
93
94	Allow the journal's name to be changed via named.conf.
95
96	'rndc notify zone [class [view]]' resend the NOTIFY messages
97	for the specified zone.
98
99	'dig +trace' now randomly selects the next servers to try.
100	Report if there is a bad delegation.
101
102	Improve check-names error messages.
103
104	Make public the function to read a key file, dst_key_read_public().
105
106	dig now returns the byte count for axfr/ixfr.
107			
108	allow-update is now settable at the options / view level.
109
110	named-checkconf now checks the logging configuration.
111
112	host now can turn on memory debugging flags with '-m'.
113
114	Don't send notify messages to self.
115
116	Perform sanity checks on NS records which refer to 'in zone' names.
117
118	New zone option "notify-delay".  Specify a minimum delay
119	between sets of NOTIFY messages.
120
121	Extend adjusting TTL warning messages.
122
123	Named and named-checkzone can now both check for non-terminal
124	wildcard records.
125
126	"rndc freeze/thaw" now freezes/thaws all zones.
127
128	named-checkconf now check acls to verify that they only
129	refer to existing acls.
130
131	The server syntax has been extended to support a range of
132	servers.
133
134	Report differences between hints and real NS rrset and
135	associated address records.
136
137	Preserve the case of domain names in rdata during zone
138	transfers.
139
140	Restructured the data locking framework using architecture
141	dependent atomic operations (when available), improving
142	response performance on multi-processor machines significantly.
143	x86, x86_64, alpha, powerpc, and mips are currently supported.
144
145	UNIX domain controls are now supported.
146
147	Add support for additional zone file formats for improving
148	loading performance.  The masterfile-format option in
149	named.conf can be used to specify a non-default format.  A
150	separate command named-compilezone was provided to generate
151	zone files in the new format.  Additionally, the -I and -O
152	options for dnssec-signzone specify the input and output
153	formats.
154
155	dnssec-signzone can now randomize signature end times
156	(dnssec-signzone -j jitter).
157
158	Add support for CH A record.
159
160	Add additional zone data constancy checks.  named-checkzone
161	has extended checking of NS, MX and SRV record and the hosts
162	they reference.  named has extended post zone load checks.
163	New zone options: check-mx and integrity-check.
164
165
166	edns-udp-size can now be overridden on a per server basis.
167
168	dig can now specify the EDNS version when making a query.
169
170	Added framework for handling multiple EDNS versions.
171
172	Additional memory debugging support to track size and mctx
173	arguments.
174
175	Detect duplicates of UDP queries we are recursing on and
176	drop them.  New stats category "duplicates".
177
178	"USE INTERNAL MALLOC" is now runtime selectable.
179
180	The lame cache is now done on a <qname,qclass,qtype> basis
181	as some servers only appear to be lame for certain query
182	types.
183
184	Limit the number of recursive clients that can be waiting
185	for a single query (<qname,qtype,qclass>) to resolve.  New
186	options clients-per-query and max-clients-per-query.
187
188	dig: report the number of extra bytes still left in the
189	packet after processing all the records.
190
191	Support for IPSECKEY rdata type.
192
193	Raise the UDP recieve buffer size to 32k if it is less than 32k.
194
195	x86 and x86_64 now have seperate atomic locking implementations.
196
197	named-checkconf now validates update-policy entries.
198
199	Attempt to make the amount of work performed in a iteration
200	self tuning.  The covers nodes clean from the cache per
201	iteration, nodes written to disk when rewriting a master
202	file and nodes destroyed per iteration when destroying a
203	zone or a cache.
204
205	ISC string copy API.
206
207	Automatic empty zone creation for D.F.IP6.ARPA and friends.
208	Note: RFC 1918 zones are not yet covered by this but are
209	likely to be in a future release.
210
211	New options: empty-server, empty-contact, empty-zones-enable
212	and disable-empty-zone.
213
214	dig now has a '-q queryname' and '+showsearch' options.
215
216	host/nslookup now continue (default)/fail on SERVFAIL.
217
218	dig now warns if 'RA' is not set in the answer when 'RD'
219	was set in the query.  host/nslookup skip servers that fail
220	to set 'RA' when 'RD' is set unless a server is explicitly
221	set.
222
223	Integrate contibuted DLZ code into named.
224
225	Integrate contibuted IDN code from JPNIC.
226
227	libbind: corresponds to that from BIND 8.4.7.
228
229BIND 9.3.0
230
231	BIND 9.3.0 has a number of new features over 9.2,
232	including:
233
234	DNSSEC is now DS based (RFC 3658).
235	See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
236
237	DNSSEC lookaside validation.
238
239	check-names is now implemented.
240	rrset-order in more complete.
241
242	IPv4/IPv6 transition support, dual-stack-servers.
243
244	IXFR deltas can now be generated when loading master files,
245	ixfr-from-differences.
246
247	It is now possible to specify the size of a journal, max-journal-size.
248
249	It is now possible to define a named set of master servers to be
250	used in masters clause, masters.
251
252	The advertised EDNS UDP size can now be set, edns-udp-size.
253
254	allow-v6-synthesis has been obsoleted.
255
256	NOTE:
257	* Zones containing MD and MF will now be rejected.
258	* dig, nslookup name. now report "Not Implemented" as
259	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
260	  that are looking for NOTIMPL.
261
262	libbind: corresponds to that from BIND 8.4.5.
263
264BIND 9.2.0
265
266	BIND 9.2.0 has a number of new features over 9.1,
267	including:
268
269	  - The size of the cache can now be limited using the
270            "max-cache-size" option.
271
272	  - The server can now automatically convert RFC1886-style
273	    recursive lookup requests into RFC2874-style lookups, 
274	    when enabled using the new option "allow-v6-synthesis".
275            This allows stub resolvers that support AAAA records
276            but not A6 record chains or binary labels to perform
277            lookups in domains that make use of these IPv6 DNS
278            features.
279
280	  - Performance has been improved.
281
282	  - The man pages now use the more portable "man" macros
283	    rather than the "mandoc" macros, and are installed
284            by "make install".
285
286          - The named.conf parser has been completely rewritten.
287            It now supports "include" directives in more
288            places such as inside "view" statements, and it no
289            longer has any reserved words.
290
291          - The "rndc status" command is now implemented.
292
293	  - rndc can now be configured automatically.
294
295	  - A BIND 8 compatible stub resolver library is now
296	    included in lib/bind.
297
298	  - OpenSSL has been removed from the distribution.  This
299	    means that to use DNSSEC, OpenSSL must be installed and
300	    the --with-openssl option must be supplied to configure.
301	    This does not apply to the use of TSIG, which does not
302	    require OpenSSL.
303
304	  - The source distribution now builds on Windows NT/2000.
305	    See win32utils/readme1.txt and win32utils/win32-build.txt
306	    for details.
307
308	This distribution also includes a new lightweight stub
309	resolver library and associated resolver daemon that fully
310	support forward and reverse lookups of both IPv4 and IPv6
311	addresses.  This library is considered experimental and
312	is not a complete replacement for the BIND 8 resolver library.
313	Applications that use the BIND 8 res_* functions to perform
314	DNS lookups or dynamic updates still need to be linked against
315	the BIND 8 libraries.  For DNS lookups, they can also use the
316	new "getrrsetbyname()" API.
317
318	BIND 9.2 is capable of acting as an authoritative server
319	for DNSSEC secured zones.  This functionality is believed to
320	be stable and complete except for lacking support for
321	verifications involving wildcard records in secure zones.
322
323	When acting as a caching server, BIND 9.2 can be configured
324	to perform DNSSEC secure resolution on behalf of its clients.
325	This part of the DNSSEC implementation is still considered
326	experimental.  For detailed information about the state of the
327	DNSSEC implementation, see the file doc/misc/dnssec.
328
329	There are a few known bugs:
330
331		On some systems, IPv6 and IPv4 sockets interact in
332		unexpected ways.  For details, see doc/misc/ipv6.
333		To reduce the impact of these problems, the server
334		no longer listens for requests on IPv6 addresses
335		by default.  If you need to accept DNS queries over
336		IPv6, you must specify "listen-on-v6 { any; };"
337		in the named.conf options statement.
338
339		FreeBSD prior to 4.2 (and 4.2 if running as non-root)
340		and OpenBSD prior to 2.8 log messages like
341		"fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
342		This is due to a bug in "/dev/random" and impacts the
343		server's DNSSEC support.
344
345		OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
346		OS X 10.2 (Darwin 6.0) reports errors like
347		"fcntl(3, F_SETFL, 4): Operation not supported by device".
348		This is due to a bug in "/dev/random" and impacts the
349		server's DNSSEC support.
350
351		--with-libtool does not work on AIX.
352
353		--with-libtool does not work on SunOS 4.  configure
354		requires "printf" which is not available.
355
356	A bug in the Windows 2000 DNS server can cause zone transfers
357	from a BIND 9 server to a W2K server to fail.  For details,
358	see the "Zone Transfers" section in doc/misc/migration.
359
360	For a detailed list of user-visible changes from
361	previous releases, see the CHANGES file.
362
363
364Building
365
366	BIND 9 currently requires a UNIX system with an ANSI C compiler,
367	basic POSIX support, and a 64 bit integer type.
368
369	We've had successful builds and tests on the following systems:
370
371		COMPAQ Tru64 UNIX 5.1B
372		Fedora Core 6
373		FreeBSD 4.10, 5.2.1, 6.2
374		HP-UX 11.11
375		Mac OS X 10.5
376		NetBSD 3.x and 4.0-beta
377		OpenBSD 3.3 and up
378		Solaris 8, 9, 9 (x86), 10
379		Ubuntu 7.04, 7.10
380		Windows NT/2000/XP/2003
381
382	We have recent reports from the user community that a supported
383	version of BIND will build and run on the following systems:
384
385		AIX 4.3, 5L
386		CentOS 4, 4.5, 5
387		Darwin 9.0.0d1/ARM
388		Debian 4
389		Fedora Core 5, 7
390		FreeBSD 6.1
391		HP-UX 11.23 PA
392		MacOS X 10.4, 10.5
393		Red Hat Enterprise Linux 4, 5
394		SCO OpenServer 5.0.6
395		Slackware 9, 10
396		SuSE 9, 10
397
398	To build, just
399
400		./configure
401		make
402
403	Do not use a parallel "make".
404
405	Several environment variables that can be set before running
406	configure will affect compilation:
407
408	    CC
409		The C compiler to use.	configure tries to figure
410		out the right one for supported systems.
411
412	    CFLAGS
413		C compiler flags.  Defaults to include -g and/or -O2
414		as supported by the compiler.  
415
416	    STD_CINCLUDES
417		System header file directories.	 Can be used to specify
418		where add-on thread or IPv6 support is, for example.
419		Defaults to empty string.
420
421	    STD_CDEFINES
422		Any additional preprocessor symbols you want defined.
423		Defaults to empty string.
424
425		Possible settings:
426		Change the default syslog facility of named/lwresd.
427		  -DISC_FACILITY=LOG_LOCAL0	
428		Enable DNSSEC signature chasing support in dig.
429		  -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
430				    -DDIG_SIGCHASE_BU=1)
431		Disable dropping queries from particular well known ports.
432		  -DNS_CLIENT_DROPPORT=0
433
434	    LDFLAGS
435		Linker flags. Defaults to empty string.
436
437	The following need to be set when cross compiling.
438
439	    BUILD_CC
440		The native C compiler.
441	    BUILD_CFLAGS (optional)
442	    BUILD_CPPFLAGS (optional)
443		Possible Settings:
444		-DNEED_OPTARG=1		(optarg is not declared in <unistd.h>)
445	    BUILD_LDFLAGS (optional)
446	    BUILD_LIBS (optional)
447
448	To build shared libraries, specify "--with-libtool" on the
449	configure command line.
450
451	For the server to support DNSSEC, you need to build it
452	with crypto support.  You must have OpenSSL 0.9.5a
453	or newer installed and specify "--with-openssl" on the
454	configure command line.  If OpenSSL is installed under
455	a nonstandard prefix, you can tell configure where to
456	look for it using "--with-openssl=/prefix".
457
458	To build libbind (the BIND 8 resolver library), specify
459	"--enable-libbind" on the configure command line.
460
461	On some platforms, BIND 9 can be built with multithreading
462	support, allowing it to take advantage of multiple CPUs.
463	You can specify whether to build a multithreaded BIND 9 
464	by specifying "--enable-threads" or "--disable-threads"
465	on the configure command line.  The default is operating
466	system dependent.
467
468        Support for the "fixed" rrset-order option can be enabled
469        or disabled by specifying "--enable-fixed-rrset" or
470        "--disable-fixed-rrset" on the configure command line.
471        The default is "disabled", to reduce memory footprint.
472
473	If your operating system has integrated support for IPv6, it
474	will be used automatically.  If you have installed KAME IPv6
475	separately, use "--with-kame[=PATH]" to specify its location.
476
477	"make install" will install "named" and the various BIND 9 libraries.
478	By default, installation is into /usr/local, but this can be changed
479	with the "--prefix" option when running "configure".
480
481	You may specify the option "--sysconfdir" to set the directory 
482	where configuration files like "named.conf" go by default,
483	and "--localstatedir" to set the default parent directory
484	of "run/named.pid".   For backwards compatibility with BIND 8,
485	--sysconfdir defaults to "/etc" and --localstatedir defaults to
486	"/var" if no --prefix option is given.  If there is a --prefix
487	option, sysconfdir defaults to "$prefix/etc" and localstatedir
488	defaults to "$prefix/var".
489
490	To see additional configure options, run "configure --help".
491	Note that the help message does not reflect the BIND 8 
492	compatibility defaults for sysconfdir and localstatedir.
493
494	If you're planning on making changes to the BIND 9 source, you
495	should also "make depend".  If you're using Emacs, you might find
496	"make tags" helpful.
497
498	If you need to re-run configure please run "make distclean" first.
499	This will ensure that all the option changes take.
500
501	Building with gcc is not supported, unless gcc is the vendor's usual
502	compiler (e.g. the various BSD systems, Linux).
503	
504	Known compiler issues:
505	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
506	* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
507	* gcc-3.3.5 powerpc generates incorrect code at -02.
508	* Irix, MipsPRO 7.4.1m is known to cause problems.
509
510	A limited test suite can be run with "make test".  Many of
511	the tests require you to configure a set of virtual IP addresses
512	on your system, and some require Perl; see bin/tests/system/README
513	for details.
514
515	SunOS 4 requires "printf" to be installed to make the shared
516	libraries.  sh-utils-1.16 provides a "printf" which compiles
517	on SunOS 4.
518
519Documentation
520
521	The BIND 9 Administrator Reference Manual is included with the
522	source distribution in DocBook XML and HTML format, in the
523	doc/arm directory.
524
525	Some of the programs in the BIND 9 distribution have man pages
526	in their directories.  In particular, the command line
527	options of "named" are documented in /bin/named/named.8.
528	There is now also a set of man pages for the lwres library.
529
530	If you are upgrading from BIND 8, please read the migration
531	notes in doc/misc/migration.  If you are upgrading from
532	BIND 4, read doc/misc/migration-4to9.
533
534	Frequently asked questions and their answers can be found in
535	FAQ.
536
537
538Bug Reports and Mailing Lists
539
540	Bugs reports should be sent to
541
542		bind9-bugs@isc.org
543
544	To join the BIND Users mailing list, send mail to
545
546		bind-users-request@isc.org
547
548	archives of which can be found via
549
550		http://www.isc.org/ops/lists/
551
552	If you're planning on making changes to the BIND 9 source
553	code, you might want to join the BIND Workers mailing list.
554	Send mail to
555
556		bind-workers-request@isc.org
557
558
559

README.idnkit

1
2			BIND-9 IDN patch
3
4	       Japan Network Information Center (JPNIC)
5
6
7* What is this patch for?
8
9This patch adds internationalized domain name (IDN) support to BIND-9.
10You'll get internationalized version of dig/host/nslookup commands.
11
12    + internationalized dig/host/nslookup
13	dig/host/nslookup accepts non-ASCII domain names in the local
14	codeset (such as Shift JIS, Big5 or ISO8859-1) determined by
15	the locale information.  The domain names are normalized and
16	converted to the encoding on the DNS protocol, and sent to DNS
17	servers.  The replies are converted back to the local codeset
18	and displayed.
19
20
21* Compilation & installation
22
230. Prerequisite
24
25You have to build and install idnkit before building this patched version
26of bind-9.
27
281. Running configure script
29
30Run `configure' in the top directory.  See `README' for the
31configuration options.
32
33This patch adds the following 4 options to `configure'.  You should
34at least specify `--with-idn' option to enable IDN support.
35
36    --with-idn[=IDN_PREFIX]
37	To enable IDN support, you have to specify `--with-idn' option.
38	The argument IDN_PREFIX is the install prefix of idnkit.  If
39	IDN_PREFIX is omitted, PREFIX (derived from `--prefix=PREFIX')
40	is assumed.
41
42    --with-libiconv[=LIBICONV_PREFIX]
43	Specify this option if idnkit you have installed links GNU
44	libiconv.  The argument LIBICONV_PREFIX is install prefix of
45	GNU libiconv.  If the argument is omitted, PREFIX (derived
46	from `--prefix=PREFIX') is assumed.
47
48	`--with-libiconv' is shorthand option for GNU libiconv.
49
50	    --with-libiconv=/usr/local
51
52	This is equivalent to:
53
54	    --with-iconv='-L/usr/local/lib -R/usr/local/lib -liconv'
55
56	`--with-libiconv' assumes that your C compiler has `-R'
57	option, and that the option adds the specified run-time path
58	to an exacutable binary.  If `-R' option of your compiler has
59	different meaning, or your compiler lacks the option, you
60	should use `--with-iconv' option instead.  Binary command
61	without run-time path information might be unexecutable.
62	In that case, you would see an error message like:
63
64	    error in loading shared libraries: libiconv.so.2: cannot
65	    open shared object file
66
67	If both `--with-libiconv' and `--with-iconv' options are
68	specified, `--with-iconv' is prior to `--with-libiconv'.
69
70    --with-iconv=ICONV_LIBSPEC
71	If your libc doens't provide iconv(), you need to specify the
72	library containing iconv() with this option.  `ICONV_LIBSPEC'
73	is the argument(s) to `cc' or `ld' to link the library, for
74	example, `--with-iconv="-L/usr/local/lib -liconv"'.
75	You don't need to specify the header file directory for "iconv.h"
76	to the compiler, as it isn't included directly by bind-9 with
77	this patch.
78
79    --with-idnlib=IDN_LIBSPEC
80	With this option, you can explicitly specify the argument(s)
81	to `cc' or `ld' to link the idnkit's library, `libidnkit'.  If
82	this option is not specified, `-L${PREFIX}/lib -lidnkit' is
83	assumed, where ${PREFIX} is the installation prefix specified
84	with `--with-idn' option above.  You may need to use this
85	option to specify extra argments, for example,
86	`--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'.
87
88Please consult `README' for other configuration options.
89
90Note that if you want to specify some extra header file directories,
91you should use the environment variable STD_CINCLUDES instead of
92CFLAGS, as described in README.
93
942. Compilation and installation
95
96After running "configure", just do
97
98	make
99	make install
100
101for compiling and installing.
102
103
104* Contact information
105
106Please see http//www.nic.ad.jp/en/idn/ for the latest news
107about idnkit and this patch.
108
109Bug reports and comments on this kit should be sent to
110mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
111
112; $Id: README.idnkit,v 1.2 2005/09/09 06:13:57 marka Exp $
113