"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/README" (4 Sep 2020, 16788 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "README": 9.16.6_vs_9.16.7.

    1 README
    2 
    3 BIND 9
    4 
    5 Contents
    6 
    7  1. Introduction
    8  2. Reporting bugs and getting help
    9  3. Contributing to BIND
   10  4. BIND 9.16 features
   11  5. Building BIND
   12  6. macOS
   13  7. Dependencies
   14  8. Compile-time options
   15  9. Automated testing
   16 10. Documentation
   17 11. Change log
   18 12. Acknowledgments
   19 
   20 Introduction
   21 
   22 BIND (Berkeley Internet Name Domain) is a complete, highly portable
   23 implementation of the DNS (Domain Name System) protocol.
   24 
   25 The BIND name server, named, is able to serve as an authoritative name
   26 server, recursive resolver, DNS forwarder, or all three simultaneously. It
   27 implements views for split-horizon DNS, automatic DNSSEC zone signing and
   28 key management, catalog zones to facilitate provisioning of zone data
   29 throughout a name server constellation, response policy zones (RPZ) to
   30 protect clients from malicious data, response rate limiting (RRL) and
   31 recursive query limits to reduce distributed denial of service attacks,
   32 and many other advanced DNS features. BIND also includes a suite of
   33 administrative tools, including the dig and delv DNS lookup tools,
   34 nsupdate for dynamic DNS zone updates, rndc for remote name server
   35 administration, and more.
   36 
   37 BIND 9 began as a complete re-write of the BIND architecture that was used
   38 in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a
   39 501(c)(3) public benefit corporation dedicated to providing software and
   40 services in support of the Internet infrastructure, developed BIND 9 and
   41 is responsible for its ongoing maintenance and improvement. BIND is open
   42 source software licensed under the terms of the Mozilla Public License,
   43 version 2.0.
   44 
   45 For a summary of features introduced in past major releases of BIND, see
   46 the file HISTORY.
   47 
   48 For a detailed list of changes made throughout the history of BIND 9, see
   49 the file CHANGES. See below for details on the CHANGES file format.
   50 
   51 For up-to-date versions and release notes, see https://www.isc.org/
   52 download/.
   53 
   54 For information about supported platforms, see PLATFORMS.
   55 
   56 Reporting bugs and getting help
   57 
   58 To report non-security-sensitive bugs or request new features, you may
   59 open an Issue in the BIND 9 project on the ISC GitLab server at https://
   60 gitlab.isc.org/isc-projects/bind9.
   61 
   62 Please note that, unless you explicitly mark the newly created Issue as
   63 "confidential", it will be publicly readable. Please do not include any
   64 information in bug reports that you consider to be confidential unless the
   65 issue has been marked as such. In particular, if submitting the contents
   66 of your configuration file in a non-confidential Issue, it is advisable to
   67 obscure key secrets: this can be done automatically by using
   68 named-checkconf -px.
   69 
   70 If the bug you are reporting is a potential security issue, such as an
   71 assertion failure or other crash in named, please do NOT use GitLab to
   72 report it. Instead, send mail to security-officer@isc.org using our
   73 OpenPGP key to secure your message. (Information about OpenPGP and links
   74 to our key can be found at https://www.isc.org/pgpkey.) Please do not
   75 discuss the bug on any public mailing list.
   76 
   77 For a general overview of ISC security policies, read the Knowledge Base
   78 article at https://kb.isc.org/docs/aa-00861.
   79 
   80 Professional support and training for BIND are available from ISC at
   81 https://www.isc.org/support.
   82 
   83 To join the BIND Users mailing list, or view the archives, visit https://
   84 lists.isc.org/mailman/listinfo/bind-users.
   85 
   86 If you're planning on making changes to the BIND 9 source code, you may
   87 also want to join the BIND Workers mailing list, at https://lists.isc.org/
   88 mailman/listinfo/bind-workers.
   89 
   90 Contributing to BIND
   91 
   92 ISC maintains a public git repository for BIND; details can be found at
   93 http://www.isc.org/git/.
   94 
   95 Information for BIND contributors can be found in the following files: -
   96 General information: CONTRIBUTING.md - Code of Conduct: CODE_OF_CONDUCT.md
   97 - BIND 9 code style: doc/dev/style.md - BIND architecture and developer
   98 guide: doc/dev/dev.md
   99 
  100 Patches for BIND may be submitted as merge requests in the ISC GitLab
  101 server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
  102 
  103 By default, external contributors don't have ability to fork BIND in the
  104 GitLab server, but if you wish to contribute code to BIND, you may request
  105 permission to do so. Thereafter, you can create git branches and directly
  106 submit requests that they be reviewed and merged.
  107 
  108 If you prefer, you may also submit code by opening a GitLab Issue and
  109 including your patch as an attachment, preferably generated by git
  110 format-patch.
  111 
  112 BIND 9.16 features
  113 
  114 BIND 9.16 is the current stable branch of BIND 9. It includes all changes
  115 from the 9.15 development branch, updating the previous stable branch,
  116 9.14. New features include:
  117 
  118   * New dnssec-policy statement to configure a key and signing policy for
  119     zones, enabling automatic key regeneration and rollover.
  120   * New network manager based on libuv.
  121   * Added support for the new GeoIP2 geolocation API, libmaxminddb.
  122   * Improved DNSSEC trust anchor configuration using the trust-anchors
  123     statement, permitting configuration of trust anchors in DS as well as
  124     DNSKEY format.
  125   * YAML output for dig, mdig, and delv.
  126 
  127 Building BIND
  128 
  129 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
  130 basic POSIX support, and a 64-bit integer type. BIND also requires the
  131 libuv asynchronous I/O library, and a cryptography provider library such
  132 as OpenSSL or a hardware service module supporting PKCS#11. On Linux, BIND
  133 requires the libcap library to set process privileges, though this
  134 requirement can be overridden by disabling capability support at compile
  135 time. See Compile-time options below for details on other libraries that
  136 may be required to support optional features.
  137 
  138 Successful builds have been observed on many versions of Linux and UNIX,
  139 including RHEL/CentOS, Fedora, Debian, Ubuntu, SLES, openSUSE, Slackware,
  140 Alpine, FreeBSD, NetBSD, OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE,
  141 HP-UX, and OpenWRT.
  142 
  143 BIND is also available for Windows Server 2012 R2 and higher. See
  144 win32utils/build.txt for details on building for Windows systems.
  145 
  146 To build on a UNIX or Linux system, use:
  147 
  148     $ ./configure
  149     $ make
  150 
  151 If you're planning on making changes to the BIND 9 source, you should run
  152 make depend. If you're using Emacs, you might find make tags helpful.
  153 
  154 Several environment variables that can be set before running configure
  155 will affect compilation. Significant ones are:
  156 
  157    Variable                            Description
  158 CC             The C compiler to use. configure tries to figure out the
  159                right one for supported systems.
  160                C compiler flags. Defaults to include -g and/or -O2 as
  161 CFLAGS         supported by the compiler. Please include '-g' if you need
  162                to set CFLAGS.
  163                System header file directories. Can be used to specify
  164 STD_CINCLUDES  where add-on thread or IPv6 support is, for example.
  165                Defaults to empty string.
  166                Any additional preprocessor symbols you want defined.
  167 STD_CDEFINES   Defaults to empty string. For a list of possible settings,
  168                see the file OPTIONS.
  169 LDFLAGS        Linker flags. Defaults to empty string.
  170 BUILD_CC       Needed when cross-compiling: the native C compiler to use
  171                when building for the target system.
  172 BUILD_CFLAGS   CFLAGS for the target system during cross-compiling.
  173 BUILD_CPPFLAGS CPPFLAGS for the target system during cross-compiling.
  174 BUILD_LDFLAGS  LDFLAGS for the target system during cross-compiling.
  175 BUILD_LIBS     LIBS for the target system during cross-compiling.
  176 
  177 Additional environment variables affecting the build are listed at the end
  178 of the configure help text, which can be obtained by running the command:
  179 
  180 $ ./configure --help
  181 
  182 macOS
  183 
  184 Building on macOS assumes that the "Command Tools for Xcode" is installed.
  185 This can be downloaded from https://developer.apple.com/download/more/ or,
  186 if you have Xcode already installed, you can run xcode-select --install.
  187 (Note that an Apple ID may be required to access the download page.)
  188 
  189 Dependencies
  190 
  191 Portions of BIND that are written in Python, including dnssec-keymgr,
  192 dnssec-coverage, dnssec-checkds, and some of the system tests, require the
  193 argparse, ply and distutils.core modules to be available. argparse is a
  194 standard module as of Python 2.7 and Python 3.2. ply is available from
  195 https://pypi.python.org/pypi/ply. distutils.core is required for
  196 installation.
  197 
  198 Compile-time options
  199 
  200 To see a full list of configuration options, run configure --help.
  201 
  202 To build shared libraries, specify --with-libtool on the configure command
  203 line.
  204 
  205 For the server to support DNSSEC, you need to build it with crypto
  206 support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
  207 installed. If the OpenSSL library is installed in a nonstandard location,
  208 specify the prefix using --with-openssl=<PREFIX> on the configure command
  209 line. To use a PKCS#11 hardware service module for cryptographic
  210 operations, specify the path to the PKCS#11 provider library using
  211 --with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
  212 
  213 To support the HTTP statistics channel, the server must be linked with at
  214 least one of the following libraries: libxml2 http://xmlsoft.org or json-c
  215 https://github.com/json-c/json-c. If these are installed at a nonstandard
  216 location, then:
  217 
  218   * for libxml2, specify the prefix using --with-libxml2=/prefix,
  219   * for json-c, adjust PKG_CONFIG_PATH.
  220 
  221 To support compression on the HTTP statistics channel, the server must be
  222 linked against libzlib. If this is installed in a nonstandard location,
  223 specify the prefix using --with-zlib=/prefix.
  224 
  225 To support storing configuration data for runtime-added zones in an LMDB
  226 database, the server must be linked with liblmdb. If this is installed in
  227 a nonstandard location, specify the prefix using with-lmdb=/prefix.
  228 
  229 To support MaxMind GeoIP2 location-based ACLs, the server must be linked
  230 with libmaxminddb. This is turned on by default if the library is found;
  231 if the library is installed in a nonstandard location, specify the prefix
  232 using --with-maxminddb=/prefix. GeoIP2 support can be switched off with
  233 --disable-geoip.
  234 
  235 For DNSTAP packet logging, you must have installed libfstrm https://
  236 github.com/farsightsec/fstrm and libprotobuf-c https://
  237 developers.google.com/protocol-buffers, and BIND must be configured with
  238 --enable-dnstap.
  239 
  240 Certain compiled-in constants and default settings can be decreased to
  241 values better suited to small machines, e.g. OpenWRT boxes, by specifying
  242 --with-tuning=small on the configure command line. This will decrease
  243 memory usage by using smaller structures, but will degrade performance.
  244 
  245 On Linux, process capabilities are managed in user space using the libcap
  246 library, which can be installed on most Linux systems via the libcap-dev
  247 or libcap-devel package. Process capability support can also be disabled
  248 by configuring with --disable-linux-caps.
  249 
  250 On some platforms it is necessary to explicitly request large file support
  251 to handle files bigger than 2GB. This can be done by using
  252 --enable-largefile on the configure command line.
  253 
  254 Support for the "fixed" rrset-order option can be enabled or disabled by
  255 specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
  256 command line. By default, fixed rrset-order is disabled to reduce memory
  257 footprint.
  258 
  259 The --enable-querytrace option causes named to log every step of
  260 processing every query. This should only be enabled when debugging,
  261 because it has a significant negative impact on query performance.
  262 
  263 make install will install named and the various BIND 9 libraries. By
  264 default, installation is into /usr/local, but this can be changed with the
  265 --prefix option when running configure.
  266 
  267 You may specify the option --sysconfdir to set the directory where
  268 configuration files like named.conf go by default, and --localstatedir to
  269 set the default parent directory of run/named.pid. --sysconfdir defaults
  270 to $prefix/etc and --localstatedir defaults to $prefix/var.
  271 
  272 Automated testing
  273 
  274 A system test suite can be run with make test. The system tests require
  275 you to configure a set of virtual IP addresses on your system (this allows
  276 multiple servers to run locally and communicate with one another). These
  277 IP addresses can be configured by running the command bin/tests/system/
  278 ifconfig.sh up as root.
  279 
  280 Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
  281 and will be skipped if these are not available. Some tests require Python
  282 and the dnspython module and will be skipped if these are not available.
  283 See bin/tests/system/README for further details.
  284 
  285 Unit tests are implemented using the CMocka unit testing framework. To
  286 build them, use configure --with-cmocka. Execution of tests is done by the
  287 Kyua test execution engine; if the kyua command is available, then unit
  288 tests can be run via make test or make unit.
  289 
  290 Documentation
  291 
  292 The BIND 9 Administrator Reference Manual is included with the source
  293 distribution, in DocBook XML, HTML, and PDF format, in the doc/arm
  294 directory.
  295 
  296 Some of the programs in the BIND 9 distribution have man pages in their
  297 directories. In particular, the command line options of named are
  298 documented in bin/named/named.8.
  299 
  300 Frequently (and not-so-frequently) asked questions and their answers can
  301 be found in the ISC Knowledge Base at https://kb.isc.org.
  302 
  303 Additional information on various subjects can be found in other README
  304 files throughout the source tree.
  305 
  306 Change log
  307 
  308 A detailed list of all changes that have been made throughout the
  309 development BIND 9 is included in the file CHANGES, with the most recent
  310 changes listed first. Change notes include tags indicating the category of
  311 the change that was made; these categories are:
  312 
  313    Category                            Description
  314 [func]         New feature
  315 [bug]          General bug fix
  316 [security]     Fix for a significant security flaw
  317 [experimental] Used for new features when the syntax or other aspects of
  318                the design are still in flux and may change
  319 [port]         Portability enhancement
  320 [maint]        Updates to built-in data such as root server addresses and
  321                keys
  322 [tuning]       Changes to built-in configuration defaults and constants to
  323                improve performance
  324 [performance]  Other changes to improve server performance
  325 [protocol]     Updates to the DNS protocol such as new RR types
  326 [test]         Changes to the automatic tests, not affecting server
  327                functionality
  328 [cleanup]      Minor corrections and refactoring
  329 [doc]          Documentation
  330 [contrib]      Changes to the contributed tools and libraries in the
  331                'contrib' subdirectory
  332                Used in the master development branch to reserve change
  333 [placeholder]  numbers for use in other branches, e.g. when fixing a bug
  334                that only exists in older releases
  335 
  336 In general, [func] and [experimental] tags will only appear in new-feature
  337 releases (i.e., those with version numbers ending in zero). Some new
  338 functionality may be backported to older releases on a case-by-case basis.
  339 All other change types may be applied to all currently-supported releases.
  340 
  341 Bug report identifiers
  342 
  343 Most notes in the CHANGES file include a reference to a bug report or
  344 issue number. Prior to 2018, these were usually of the form [RT #NNN] and
  345 referred to entries in the "bind9-bugs" RT database, which was not open to
  346 the public. More recent entries use the form [GL #NNN] or, less often, [GL
  347 !NNN], which, respectively, refer to issues or merge requests in the
  348 GitLab database. Most of these are publicly readable, unless they include
  349 information which is confidential or security sensitive.
  350 
  351 To look up a GitLab issue by its number, use the URL https://
  352 gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
  353 use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.
  354 
  355 In rare cases, an issue or merge request number may be followed with the
  356 letter "P". This indicates that the information is in the private ISC
  357 GitLab instance, which is not visible to the public.
  358 
  359 Acknowledgments
  360 
  361   * The original development of BIND 9 was underwritten by the following
  362     organizations:
  363 
  364       Sun Microsystems, Inc.
  365       Hewlett Packard
  366       Compaq Computer Corporation
  367       IBM
  368       Process Software Corporation
  369       Silicon Graphics, Inc.
  370       Network Associates, Inc.
  371       U.S. Defense Information Systems Agency
  372       USENIX Association
  373       Stichting NLnet - NLnet Foundation
  374       Nominum, Inc.
  375 
  376   * This product includes software developed by the OpenSSL Project for
  377     use in the OpenSSL Toolkit. http://www.OpenSSL.org/
  378   * This product includes cryptographic software written by Eric Young
  379     (eay@cryptsoft.com)
  380   * This product includes software written by Tim Hudson
  381     (tjh@cryptsoft.com)