Commit 4dd5eede authored by Internet Software Consortium, Inc's avatar Internet Software Consortium, Inc Committed by Lamont Jones

9.2.0a1

parent e71238b6

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

This diff is collapsed.
......@@ -13,10 +13,10 @@ can on all other supported platforms. setuid() cannot be called before
creating threads, since the server does not start listening on reserved ports
until after threads have started.
In the 2.3.99-pre3 and newer kernels, the ability to preserve capabilities
across a setuid() call is present. This allows BIND 9 to call setuid() early,
while retaining the ability to bind reserved ports. This is a Linux-specific
hack.
In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
capabilities across a setuid() call is present. This allows BIND 9 to call
setuid() early, while retaining the ability to bind reserved ports. This is
a Linux-specific hack.
On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
of a security risk than a root process that has not dropped privileges.
......@@ -27,10 +27,11 @@ of a security risk than a root process that has not dropped privileges.
version to be built, which will allow -u to be used.
Q: Why does named log the error message "no TTL specified" and refuse
to load my zone file?
Q: Why does named log the warning message "no TTL specified - using SOA
MINTTL instead"?
A: Your zone file must either have a line like
A: Your zone file is illegal according to RFC1035. It must either
have a line like
$TTL 86400
......@@ -39,9 +40,6 @@ like the "84600" in this example:
example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
BIND 8 incorrectly accepted files that had neither.
Q: Why do I see 5 (or more) copies of named on Linux?
A: Linux threads each show up as a process under ps. The approximate
......@@ -67,7 +65,8 @@ A: This is often caused by TXT records with missing close quotes. Check that
all TXT records containing quoted strings have both open and close quotes.
Q: How do I produce a usable core file on Linux?
Q: How do I produce a usable core file from a multithreaded named
on Linux?
A: Apply the kernel patch found in bind9/linux/coredump-patch and rebuild
the kernel. This patch causes multithreaded programs to dump the correct
......@@ -116,18 +115,6 @@ A: BIND 9 is installed under /usr/local by default. BIND 8 is often
installed under /usr. Check that the correct named is running.
Q: I'm trying to install on AIX and compilation is failing with
errors like
"confparser.c", line 8244.1: 1506-343 (S) Redeclaration of
token_to_keyword differs from previous declaration on line 348 of
"confparser.c".
A: You probably have a buggy version of GNU bison installed on your
system. Remove bison it from your path, remove the config.cache file,
and rerun configure so that it picks up the AIX yacc instead.
Q: I'm trying to use TSIG to authenticate dynamic updates or zone
transfers. I'm sure I have the keys set up correctly, but the server
is rejecting the TSIG. Why?
......
......@@ -13,7 +13,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.36.2.1 2001/01/09 22:31:05 bwelling Exp $
# $Id: Makefile.in,v 1.38 2001/03/27 19:36:55 halley Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -31,6 +31,11 @@ distclean::
rm -f libtool isc-config.sh
rm -f util/conf.sh
# XXX we should clean libtool stuff too. Only do this after we add rules
# to make it.
maintainer-clean::
rm -f configure
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
......
......@@ -45,60 +45,57 @@ BIND 9
BIND 9.1.3
BIND 9.2
BIND 9.1.3 is a maintenance release, containing fixes for
a number of bugs in 9.1.2 but no new features.
BIND 9.2.0a1 is the first alpha release of BIND 9.2.0.
It includes a number of new features over 9.1, including:
Features introduced in 9.1.0 included:
- The size of the cache can now be limited using the
"max-cache-size" option.
- Many BIND 8 features previously unimplemented in BIND 9,
including domain-specific forwarding, the $GENERATE
master file directive, and the "blackhole", "dialup",
and "sortlist" options
- The server can now automatically convert RFC1886-style
recursive lookup requests into RFC2874-style lookups,
when enabled using the new option "allow-v6-synthesis".
This allows stub resolvers that support AAAA records
but not A6 record chains or binary labels to perform
lookups in domains that make use of these IPv6 DNS
features.
- Forwarding of dynamic update requests; this is enabled
by the "allow-update-forwarding" option
- Performance has been improved.
- A new, simplified database interface and a number of
sample drivers based on it; see doc/misc/sdb for details
- The man pages now use the more portable "man" macros
rather than the "mandoc" macros, and are installed
by "make install".
- Support for building single-threaded servers for
environments that do not supply POSIX threads
- The named.conf parser has been completely rewritten.
It now supports "include" directives in more
places such as inside "view" statememnts, and it no
longer has any reserved words.
- New configuration options: "min-refresh-time",
"max-refresh-time", "min-retry-time", "max-retry-time",
"additional-from-auth", "additional-from-cache",
"notify explicit"
- The "rndc status" command is now implemented.
- Faster lookups, particularly in large zones.
- rndc can now be configured automatically.
BIND 9.1 also includes experimental implementations of a
number of DNS protocols extensions still under development
in the IETF. These include transparent processing of
unknown RR types and use of the EDNS "DNSSEC OK" bit to
explicitly enable DNSSEC processing in responses.
- A BIND 8 compatible stub resolver library is now included
in lib/bind. It is not built by default, and may not build
on all supported platforms yet.
Cryptographic operations are now based on the OpenSSL
library instead of DNSsafe.
This distribution already includes a new lightweight stub
resolver library and associated resolver daemon that fully
support forward and reverse lookups of both IPv4 and IPv6
addresses. This library is still considered experimental and
is not a complete replacement for the BIND 8 resolver library.
Applications that use the BIND 8 res_* functions to perform
DNS lookups or dynamic updates still need to be linked against
the BIND 8 libraries. For DNS lookups, they can also use the
new "getrrsetbyname()" API.
BIND 9.1 is primarily a name server software distribution.
In addition to the name server, it also includes a new
lightweight stub resolver library and associated resolver
daemon that fully support forward and reverse lookups of both
IPv4 and IPv6 addresses. This library is still considered
experimental and is not a complete replacement for the BIND 8
resolver library. Applications that use the BIND 8 res_*
functions to perform DNS lookups or dynamic updates still need
to be linked against the BIND 8 libraries. For DNS lookups,
they can also use the new "getrrsetbyname()" API.
BIND 9.1 is capable of acting as an authoritative server
BIND 9.2 is capable of acting as an authoritative server
for DNSSEC secured zones. This functionality is believed to
be stable and complete except for lacking support for wildcard
records in secure zones.
When acting as a caching server, BIND 9.1 can be configured
When acting as a caching server, BIND 9.2 can be configured
to perform DNSSEC secure resolution on behalf of its clients.
This part of the DNSSEC implementation is still considered
experimental. For detailed information about the state of the
......@@ -114,11 +111,6 @@ BIND 9.1.3
IPv6, you must specify "listen-on-v6 { any; };"
in the named.conf options statement.
There are known problems with thread signal handling
under Solaris 2.6 and BSD/OS. We recommend disabling
threads with "configure --disable-threads" on these
platforms.
FreeBSD prior to 4.2 (and 4.2 if running as non-root)
and OpenBSD prior to 2.8 log messages like
"fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
......@@ -130,11 +122,10 @@ BIND 9.1.3
A bug in the Windows 2000 DNS server can cause zone transfers
from a BIND 9 server to a W2K server to fail. For details,
see the "Zone Transfers" section in doc/misc/migration.
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
Building
BIND 9 currently requires a UNIX system with an ANSI C compiler,
......@@ -148,15 +139,14 @@ Building
FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
HP-UX 11
IRIX64 6.5
NetBSD 1.5 (with unproven-pthreads-0.17)
NetBSD 1.5
Red Hat Linux 6.0, 6.1, 6.2, 7.0
Solaris 2.6, 7, 8
Additionally, we have unverified reports of success building
previous versions of BIND 9 from users of the following systems:
Slackware Linux 7.0 with 2.4.0-test6 kernel and glibc 2.1.3
Slackware Linux 7.0.1 with glibc 2.1.3
Slackware Linux 7.x
OpenBSD 2.6, 2.8, -current
UnixWare 7.1.1
HP-UX 10.20
......@@ -191,8 +181,12 @@ Building
To build shared libraries, specify "--with-libtool" on the
configure command line.
To build without multithreading, specify "--disable-threads"
on the configure command line.
On some platforms, BIND 9 can be built with multithreading
support, allowing it to take advantage of multiple CPUs.
You can specify whether to build a multithreaded BIND 9
by specifying "--enable-threads" or "--disable-threads"
on the configure command line. The default is operating
system dependent.
If your operating system has integrated support for IPv6, it
will be used automatically. If you have installed KAME IPv6
......@@ -227,11 +221,6 @@ Building
on your system, and some require Perl; see bin/tests/system/README
for details.
Linux systems do not provide useful core dumps for multithreaded
programs unless the kernel patch in contrib/linux/coredump-patch
has been applied. We recommend all Linux users to install this
patch so that any server crashes can be properly diagnosed.
Documentation
The BIND 9 Administrator Reference Manual is included with the
......@@ -239,13 +228,10 @@ Documentation
doc/arm directory.
Some of the programs in the BIND 9 distribution have man pages
under the doc/man directory. In particular, the command line
options of "named" are documented in doc/man/bind/named.8.
in their directories. In particular, the command line
options of "named" are documented in /bin/named/named.8.
There is now also a set of man pages for the lwres library.
The man pages are currently not installed automatically by
"make install".
If you are upgrading from BIND 8, please read the migration
notes in doc/misc/migration. If you are upgrading from
BIND 4, read doc/misc/migration-4to9.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: acconfig.h,v 1.31.2.2 2001/02/07 19:26:16 gson Exp $ */
/* $Id: acconfig.h,v 1.33 2001/01/18 22:21:22 bwelling Exp $ */
/***
*** This file is not to be included by any public header files, because
......
......@@ -13,7 +13,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.21.2.1 2001/01/09 22:31:11 bwelling Exp $
# $Id: Makefile.in,v 1.22 2001/01/09 21:39:05 bwelling Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......
......@@ -13,7 +13,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.5.2.1 2001/01/09 22:31:13 bwelling Exp $
# $Id: Makefile.in,v 1.12.2.1 2001/06/01 00:46:22 bwelling Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -21,15 +21,17 @@ top_srcdir = @top_srcdir@
@BIND9_INCLUDES@