"Fossies" - the Fresh Open Source Software Archive
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
See also the latest Fossies "Diffs"
side-by-side code changes report for "README": 9.16.6_vs_9.16.7
3 BIND 9
7 1. Introduction
8 2. Reporting bugs and getting help
9 3. Contributing to BIND
10 4. BIND 9.16 features
11 5. Building BIND
12 6. macOS
13 7. Dependencies
14 8. Compile-time options
15 9. Automated testing
16 10. Documentation
17 11. Change log
18 12. Acknowledgments
22 BIND (Berkeley Internet Name Domain) is a complete, highly portable
23 implementation of the DNS (Domain Name System) protocol.
25 The BIND name server, named, is able to serve as an authoritative name
26 server, recursive resolver, DNS forwarder, or all three simultaneously. It
27 implements views for split-horizon DNS, automatic DNSSEC zone signing and
28 key management, catalog zones to facilitate provisioning of zone data
29 throughout a name server constellation, response policy zones (RPZ) to
30 protect clients from malicious data, response rate limiting (RRL) and
31 recursive query limits to reduce distributed denial of service attacks,
32 and many other advanced DNS features. BIND also includes a suite of
33 administrative tools, including the dig and delv DNS lookup tools,
34 nsupdate for dynamic DNS zone updates, rndc for remote name server
35 administration, and more.
37 BIND 9 began as a complete re-write of the BIND architecture that was used
38 in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a
39 501(c)(3) public benefit corporation dedicated to providing software and
40 services in support of the Internet infrastructure, developed BIND 9 and
41 is responsible for its ongoing maintenance and improvement. BIND is open
42 source software licensed under the terms of the Mozilla Public License,
43 version 2.0.
45 For a summary of features introduced in past major releases of BIND, see
46 the file HISTORY.
48 For a detailed list of changes made throughout the history of BIND 9, see
49 the file CHANGES. See below for details on the CHANGES file format.
51 For up-to-date versions and release notes, see https://www.isc.org/
54 For information about supported platforms, see PLATFORMS.
56 Reporting bugs and getting help
58 To report non-security-sensitive bugs or request new features, you may
59 open an Issue in the BIND 9 project on the ISC GitLab server at https://
62 Please note that, unless you explicitly mark the newly created Issue as
63 "confidential", it will be publicly readable. Please do not include any
64 information in bug reports that you consider to be confidential unless the
65 issue has been marked as such. In particular, if submitting the contents
66 of your configuration file in a non-confidential Issue, it is advisable to
67 obscure key secrets: this can be done automatically by using
68 named-checkconf -px.
70 If the bug you are reporting is a potential security issue, such as an
71 assertion failure or other crash in named, please do NOT use GitLab to
72 report it. Instead, send mail to email@example.com using our
73 OpenPGP key to secure your message. (Information about OpenPGP and links
74 to our key can be found at https://www.isc.org/pgpkey.) Please do not
75 discuss the bug on any public mailing list.
77 For a general overview of ISC security policies, read the Knowledge Base
78 article at https://kb.isc.org/docs/aa-00861.
80 Professional support and training for BIND are available from ISC at
83 To join the BIND Users mailing list, or view the archives, visit https://
86 If you're planning on making changes to the BIND 9 source code, you may
87 also want to join the BIND Workers mailing list, at https://lists.isc.org/
90 Contributing to BIND
92 ISC maintains a public git repository for BIND; details can be found at
95 Information for BIND contributors can be found in the following files: -
96 General information: CONTRIBUTING.md - Code of Conduct: CODE_OF_CONDUCT.md
97 - BIND 9 code style: doc/dev/style.md - BIND architecture and developer
98 guide: doc/dev/dev.md
100 Patches for BIND may be submitted as merge requests in the ISC GitLab
101 server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
103 By default, external contributors don't have ability to fork BIND in the
104 GitLab server, but if you wish to contribute code to BIND, you may request
105 permission to do so. Thereafter, you can create git branches and directly
106 submit requests that they be reviewed and merged.
108 If you prefer, you may also submit code by opening a GitLab Issue and
109 including your patch as an attachment, preferably generated by git
112 BIND 9.16 features
114 BIND 9.16 is the current stable branch of BIND 9. It includes all changes
115 from the 9.15 development branch, updating the previous stable branch,
116 9.14. New features include:
118 * New dnssec-policy statement to configure a key and signing policy for
119 zones, enabling automatic key regeneration and rollover.
120 * New network manager based on libuv.
121 * Added support for the new GeoIP2 geolocation API, libmaxminddb.
122 * Improved DNSSEC trust anchor configuration using the trust-anchors
123 statement, permitting configuration of trust anchors in DS as well as
124 DNSKEY format.
125 * YAML output for dig, mdig, and delv.
127 Building BIND
129 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
130 basic POSIX support, and a 64-bit integer type. BIND also requires the
131 libuv asynchronous I/O library, and a cryptography provider library such
132 as OpenSSL or a hardware service module supporting PKCS#11. On Linux, BIND
133 requires the libcap library to set process privileges, though this
134 requirement can be overridden by disabling capability support at compile
135 time. See Compile-time options below for details on other libraries that
136 may be required to support optional features.
138 Successful builds have been observed on many versions of Linux and UNIX,
139 including RHEL/CentOS, Fedora, Debian, Ubuntu, SLES, openSUSE, Slackware,
140 Alpine, FreeBSD, NetBSD, OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE,
141 HP-UX, and OpenWRT.
143 BIND is also available for Windows Server 2012 R2 and higher. See
144 win32utils/build.txt for details on building for Windows systems.
146 To build on a UNIX or Linux system, use:
148 $ ./configure
149 $ make
151 If you're planning on making changes to the BIND 9 source, you should run
152 make depend. If you're using Emacs, you might find make tags helpful.
154 Several environment variables that can be set before running configure
155 will affect compilation. Significant ones are:
157 Variable Description
158 CC The C compiler to use. configure tries to figure out the
159 right one for supported systems.
160 C compiler flags. Defaults to include -g and/or -O2 as
161 CFLAGS supported by the compiler. Please include '-g' if you need
162 to set CFLAGS.
163 System header file directories. Can be used to specify
164 STD_CINCLUDES where add-on thread or IPv6 support is, for example.
165 Defaults to empty string.
166 Any additional preprocessor symbols you want defined.
167 STD_CDEFINES Defaults to empty string. For a list of possible settings,
168 see the file OPTIONS.
169 LDFLAGS Linker flags. Defaults to empty string.
170 BUILD_CC Needed when cross-compiling: the native C compiler to use
171 when building for the target system.
172 BUILD_CFLAGS CFLAGS for the target system during cross-compiling.
173 BUILD_CPPFLAGS CPPFLAGS for the target system during cross-compiling.
174 BUILD_LDFLAGS LDFLAGS for the target system during cross-compiling.
175 BUILD_LIBS LIBS for the target system during cross-compiling.
177 Additional environment variables affecting the build are listed at the end
178 of the configure help text, which can be obtained by running the command:
180 $ ./configure --help
184 Building on macOS assumes that the "Command Tools for Xcode" is installed.
185 This can be downloaded from https://developer.apple.com/download/more/ or,
186 if you have Xcode already installed, you can run xcode-select --install.
187 (Note that an Apple ID may be required to access the download page.)
191 Portions of BIND that are written in Python, including dnssec-keymgr,
192 dnssec-coverage, dnssec-checkds, and some of the system tests, require the
193 argparse, ply and distutils.core modules to be available. argparse is a
194 standard module as of Python 2.7 and Python 3.2. ply is available from
195 https://pypi.python.org/pypi/ply. distutils.core is required for
198 Compile-time options
200 To see a full list of configuration options, run configure --help.
202 To build shared libraries, specify --with-libtool on the configure command
205 For the server to support DNSSEC, you need to build it with crypto
206 support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
207 installed. If the OpenSSL library is installed in a nonstandard location,
208 specify the prefix using --with-openssl=<PREFIX> on the configure command
209 line. To use a PKCS#11 hardware service module for cryptographic
210 operations, specify the path to the PKCS#11 provider library using
211 --with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
213 To support the HTTP statistics channel, the server must be linked with at
214 least one of the following libraries: libxml2 http://xmlsoft.org or json-c
215 https://github.com/json-c/json-c. If these are installed at a nonstandard
216 location, then:
218 * for libxml2, specify the prefix using --with-libxml2=/prefix,
219 * for json-c, adjust PKG_CONFIG_PATH.
221 To support compression on the HTTP statistics channel, the server must be
222 linked against libzlib. If this is installed in a nonstandard location,
223 specify the prefix using --with-zlib=/prefix.
225 To support storing configuration data for runtime-added zones in an LMDB
226 database, the server must be linked with liblmdb. If this is installed in
227 a nonstandard location, specify the prefix using with-lmdb=/prefix.
229 To support MaxMind GeoIP2 location-based ACLs, the server must be linked
230 with libmaxminddb. This is turned on by default if the library is found;
231 if the library is installed in a nonstandard location, specify the prefix
232 using --with-maxminddb=/prefix. GeoIP2 support can be switched off with
235 For DNSTAP packet logging, you must have installed libfstrm https://
236 github.com/farsightsec/fstrm and libprotobuf-c https://
237 developers.google.com/protocol-buffers, and BIND must be configured with
240 Certain compiled-in constants and default settings can be decreased to
241 values better suited to small machines, e.g. OpenWRT boxes, by specifying
242 --with-tuning=small on the configure command line. This will decrease
243 memory usage by using smaller structures, but will degrade performance.
245 On Linux, process capabilities are managed in user space using the libcap
246 library, which can be installed on most Linux systems via the libcap-dev
247 or libcap-devel package. Process capability support can also be disabled
248 by configuring with --disable-linux-caps.
250 On some platforms it is necessary to explicitly request large file support
251 to handle files bigger than 2GB. This can be done by using
252 --enable-largefile on the configure command line.
254 Support for the "fixed" rrset-order option can be enabled or disabled by
255 specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
256 command line. By default, fixed rrset-order is disabled to reduce memory
259 The --enable-querytrace option causes named to log every step of
260 processing every query. This should only be enabled when debugging,
261 because it has a significant negative impact on query performance.
263 make install will install named and the various BIND 9 libraries. By
264 default, installation is into /usr/local, but this can be changed with the
265 --prefix option when running configure.
267 You may specify the option --sysconfdir to set the directory where
268 configuration files like named.conf go by default, and --localstatedir to
269 set the default parent directory of run/named.pid. --sysconfdir defaults
270 to $prefix/etc and --localstatedir defaults to $prefix/var.
272 Automated testing
274 A system test suite can be run with make test. The system tests require
275 you to configure a set of virtual IP addresses on your system (this allows
276 multiple servers to run locally and communicate with one another). These
277 IP addresses can be configured by running the command bin/tests/system/
278 ifconfig.sh up as root.
280 Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
281 and will be skipped if these are not available. Some tests require Python
282 and the dnspython module and will be skipped if these are not available.
283 See bin/tests/system/README for further details.
285 Unit tests are implemented using the CMocka unit testing framework. To
286 build them, use configure --with-cmocka. Execution of tests is done by the
287 Kyua test execution engine; if the kyua command is available, then unit
288 tests can be run via make test or make unit.
292 The BIND 9 Administrator Reference Manual is included with the source
293 distribution, in DocBook XML, HTML, and PDF format, in the doc/arm
296 Some of the programs in the BIND 9 distribution have man pages in their
297 directories. In particular, the command line options of named are
298 documented in bin/named/named.8.
300 Frequently (and not-so-frequently) asked questions and their answers can
301 be found in the ISC Knowledge Base at https://kb.isc.org.
303 Additional information on various subjects can be found in other README
304 files throughout the source tree.
306 Change log
308 A detailed list of all changes that have been made throughout the
309 development BIND 9 is included in the file CHANGES, with the most recent
310 changes listed first. Change notes include tags indicating the category of
311 the change that was made; these categories are:
313 Category Description
314 [func] New feature
315 [bug] General bug fix
316 [security] Fix for a significant security flaw
317 [experimental] Used for new features when the syntax or other aspects of
318 the design are still in flux and may change
319 [port] Portability enhancement
320 [maint] Updates to built-in data such as root server addresses and
322 [tuning] Changes to built-in configuration defaults and constants to
323 improve performance
324 [performance] Other changes to improve server performance
325 [protocol] Updates to the DNS protocol such as new RR types
326 [test] Changes to the automatic tests, not affecting server
328 [cleanup] Minor corrections and refactoring
329 [doc] Documentation
330 [contrib] Changes to the contributed tools and libraries in the
331 'contrib' subdirectory
332 Used in the master development branch to reserve change
333 [placeholder] numbers for use in other branches, e.g. when fixing a bug
334 that only exists in older releases
336 In general, [func] and [experimental] tags will only appear in new-feature
337 releases (i.e., those with version numbers ending in zero). Some new
338 functionality may be backported to older releases on a case-by-case basis.
339 All other change types may be applied to all currently-supported releases.
341 Bug report identifiers
343 Most notes in the CHANGES file include a reference to a bug report or
344 issue number. Prior to 2018, these were usually of the form [RT #NNN] and
345 referred to entries in the "bind9-bugs" RT database, which was not open to
346 the public. More recent entries use the form [GL #NNN] or, less often, [GL
347 !NNN], which, respectively, refer to issues or merge requests in the
348 GitLab database. Most of these are publicly readable, unless they include
349 information which is confidential or security sensitive.
351 To look up a GitLab issue by its number, use the URL https://
352 gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
353 use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.
355 In rare cases, an issue or merge request number may be followed with the
356 letter "P". This indicates that the information is in the private ISC
357 GitLab instance, which is not visible to the public.
361 * The original development of BIND 9 was underwritten by the following
364 Sun Microsystems, Inc.
365 Hewlett Packard
366 Compaq Computer Corporation
368 Process Software Corporation
369 Silicon Graphics, Inc.
370 Network Associates, Inc.
371 U.S. Defense Information Systems Agency
372 USENIX Association
373 Stichting NLnet - NLnet Foundation
374 Nominum, Inc.
376 * This product includes software developed by the OpenSSL Project for
377 use in the OpenSSL Toolkit. http://www.OpenSSL.org/
378 * This product includes cryptographic software written by Eric Young
380 * This product includes software written by Tim Hudson