Commit 1430f0bc authored by Internet Software Consortium, Inc's avatar Internet Software Consortium, Inc Committed by Lamont Jones

9.1.0b1

parent 59cfa714

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

This diff is collapsed.
......@@ -4,11 +4,11 @@ Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Frequently Asked Questions about BIND 9
Q: Why doesn't -u work on Linux 2.2.x?
A: Linux threads do not fully implement the Posix threads (pthreads) standard.
In particular, setuid() operates only on the current thread, not the full
process. Because of this limitation, BIND 9 cannot use setuid() on Linux as it
can on all other supported platforms. setuid() cannot be called before
creating threads, since the server does not start listening on reserved ports
until after threads have started.
In the 2.3.99-pre3 and newer kernels, the ability to preserve capabilities
across a setuid() call is present. This allows BIND 9 to call setuid() early,
while retaining the ability to bind reserved ports. This is a Linux-specific
hack.
On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
of a security risk than a root process that has not dropped privileges.
If Linux threads ever work correctly, this restriction will go away.
Configuring BIND9 with the --disable-threads option causes a non-threaded
version to be built, which will allow -u to be used.
Q: Why does named log the error message "no TTL specified" and refuse
to load my zone file?
A: Your zone file must either have a line like
$TTL 86400
at the beginning, or the first record in it must have a TTL field,
like the "84600" in this example:
example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
BIND 8 incorrectly accepted files that had neither.
Q: Why do I see 5 (or more) copies of named on Linux?
A: Linux threads each show up as a process under ps. The approximate
number of threads running is n+4, where n is the number of CPUs.
Q: Why does BIND 9 log "permission denied" errors accessing its
configuration files on my Linux sysetm even though it is running as
root?
A: On Linux, BIND 9 drops most of its root privileges on startup.
This including the privilege to open files owned by other users.
Therefore, if the server is running as root, the configuration files
should also be owned by root.
# Copyright (C) 1998-2000 Internet Software Consortium.
#
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
# $Id: Makefile.in,v 1.21.2.6 2000/07/27 01:48:49 gson Exp $
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
# INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.34 2000/12/01 02:12:26 gson Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -21,17 +21,8 @@ top_srcdir = @top_srcdir@
@BIND9_VERSION@
SUBDIRS = make lib bin
SUBDIRS = make lib bin doc
TARGETS =
DISTFILES = CHANGES COPYRIGHT Makefile.in README \
acconfig.h aclocal.m4 config.guess config.h.in config.h.win32 \
config.status.win32 config.sub configure configure.in \
isc-config.sh.in install-sh libtool.m4 ltconfig ltmain.sh \
lib make contrib \
version
DOCDISTFILES = arm draft misc rfc
DOCMANDISTFILES = bin dnssec
BINDISTFILES = Makefile.in dig dnssec named nsupdate rndc tests
@BIND9_MAKE_RULES@
......@@ -40,30 +31,17 @@ distclean::
rm -f libtool isc-config.sh
rm -f util/conf.sh
cleandir: distclean
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
install:: isc-config.sh
install:: isc-config.sh installdirs
${INSTALL_PROGRAM} isc-config.sh ${DESTDIR}${bindir}
kit: kitclean
mkdir bind-${VERSION}
@(cd bind-${VERSION}; for i in ${DISTFILES}; do ln -s ../$$i $$i; done)
mkdir bind-${VERSION}/doc
@(cd bind-${VERSION}/doc; for i in ${DOCDISTFILES}; do \
ln -s ../../doc/$$i $$i; done)
mkdir bind-${VERSION}/doc/man
@(cd bind-${VERSION}/doc/man; for i in ${DOCMANDISTFILES}; do \
ln -s ../../../doc/man/$$i $$i; done)
mkdir bind-${VERSION}/bin
@(cd bind-${VERSION}/bin; for i in ${BINDISTFILES}; do \
ln -s ../../bin/$$i $$i; done)
gtar -c -v -z -h --exclude '*CVS*' -f bind-${VERSION}.tar.gz \
bind-${VERSION}
rm -rf bind-${VERSION}
kitclean: distclean
rm -rf bind-${VERSION}
tags:
rm -f TAGS
find lib bin -name "*.[ch]" -print | @ETAGS@ -
check: test
test:
(cd bin/tests && ${MAKE} ${MAKEDEFS} test)
......@@ -44,29 +44,61 @@ BIND 9
Stichting NLnet - NLnet Foundation
BIND 9.0.1
BIND 9.0.1 is a maintenance release, containing fixes for a
number of bugs in BIND 9.0.0 but no new features (with the
exception of a few minor features added to dig, host, and
nslookup).
BIND 9.1.0b1
Like BIND 9.0.0, BIND 9.0.1 is primarily a name server software
distribution. In addition to the name server, it also includes
a new lightweight stub resolver library and associated resolver
BIND 9.1.0b1 is the first beta release of BIND 9.1.0.
It includes a number of new features:
- Many BIND 8 features previously unimplemented in BIND 9,
including domain-specific forwarding, the $GENERATE
master file directive, and the "blackhole", "dialup",
and "sortlist" options
- Forwarding of dynamic update requests; this is enabled
by the "allow-update-forwarding" option
- A new, simplified database interface and a number of
sample drivers based on it; see doc/dev/sdb for details
- Support for building single-threaded servers for
environments that do not supply POSIX threads
- New configuration options: "min-refresh-time",
"max-refresh-time", "min-retry-time", "max-retry-time",
"additional-from-auth", "additional-from-cache",
"notify explicit"
- Faster lookups, particularly in large zones.
BIND 9.1.0 also includes experimental implementations of a
number of DNS protocols extensions still under development
in the IETF. These include transparent processing of
unknown RR types and use of the EDNS "DNSSEC OK" bit to
explicitly enable DNSSEC processing in responses.
Cryptographic operations are now based on the OpenSSL
library instead of DNSsafe.
Numerous bugs have been fixed.
BIND 9.1.0 is primarily a name server software distribution.
In addition to the name server, it also includes a new
lightweight stub resolver library and associated resolver
daemon that fully support forward and reverse lookups of both
IPv4 and IPv6 addresses. This library is still considered
experimental and is not a complete replacement for the BIND 8
resolver library. In particular, applications that use the
BIND 8 res_* functions to perform DNS queries or dynamic
updates still need to be linked against the BIND 8 libraries.
resolver library. Applications that use the BIND 8 res_*
functions to perform DNS lookups or dynamic updates still need
to be linked against the BIND 8 libraries. For DNS lookups,
they can also use the new "getrrsetbyname()" API.
BIND 9.0.1 is capable of acting as an authoritative server
BIND 9.1.0 is capable of acting as an authoritative server
for DNSSEC secured zones. This functionality is believed to
be stable and complete except for lacking support for wildcard
records in secure zones.
When acting as a caching server, BIND 9.0.1 can be configured
When acting as a caching server, BIND 9.1.0 can be configured
to perform DNSSEC secure resolution on behalf of its clients.
This part of the DNSSEC implementation is still considered
experimental. For detailed information about the state of the
......@@ -74,10 +106,6 @@ BIND 9.0.1
There are a few known bugs:
The option "query-source * port 53;" will not work as
expected. Instead of the wildcard address "*", you need
to use an explicit source IP address.
On some systems, IPv6 and IPv4 sockets interact in
unexpected ways. For details, see doc/misc/ipv6.
To reduce the impact of these problems, the server
......@@ -89,10 +117,6 @@ BIND 9.0.1
There are known problems with thread signal handling
under Solaris 2.6.
The "isc_timer_reset" test sometimes fails on HP-UX 11
for unknown reasons, but the server itself seems to
run fine.
On FreeBSD systems, the server logs error messages
like "fcntl(8, F_SETFL, 4): Inappropriate ioctl for
device". This is due to a bug in the FreeBSD
......@@ -100,12 +124,12 @@ BIND 9.0.1
to the FreeBSD maintainers. Versions of OpenBSD
prior to 2.8 have a similar problem.
The configure option --disable-ipv6 is not functional.
--with-libtool does not work on AIX.
Due to bugs in the dnssafe library, RSA keys longer
than 2000 bits are not supported.
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
Building
......@@ -117,18 +141,21 @@ Building
AIX 4.3
COMPAQ Tru64 UNIX 4.0D
COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
FreeBSD 3.4-STABLE
FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
HP-UX 11
IRIX64 6.5
NetBSD-current (with unproven-pthreads-0.17)
Red Hat Linux 6.0, 6.1, 6.2
Solaris 2.6, 7, 8
Additionally, we have unverified reports of success from users
of the following systems:
Additionally, we have unverified reports of success building
previous versions of BIND 9 from users of the following systems:
Slackware Linux 7.0 with 2.4.0-test6 kernel and glibc 2.1.3