+BIND 9
+
+Contents
+
+ 1. Introduction
+ 2. Reporting bugs and getting help
+ 3. Contributing to BIND
+ 4. BIND 9.12 features
+ 5. Building BIND
+ 6. Compile-time options
+ 7. Automated testing
+ 8. Documentation
+ 9. Change log
+10. Acknowledgments
+
+Introduction
+
+BIND (Berkeley Internet Name Domain) is a complete, highly portable
+implementation of the DNS (Domain Name System) protocol.
+
+The BIND name server, named, is able to serve as an authoritative name
+server, recursive resolver, DNS forwarder, or all three simultaneously. It
+implements views for split-horizon DNS, automatic DNSSEC zone signing and
+key management, catalog zones to facilitate provisioning of zone data
+throughout a name server constellation, response policy zones (RPZ) to
+protect clients from malicious data, response rate limiting (RRL) and
+recursive query limits to reduce distributed denial of service attacks,
+and many other advanced DNS features. BIND also includes a suite of
+administrative tools, including the dig and delv DNS lookup tools,
+nsupdate for dynamic DNS zone updates, rndc for remote name server
+administration, and more.
+
+BIND 9 is a complete re-write of the BIND architecture that was used in
+versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a 501
+(c)(3) public benefit corporation dedicated to providing software and
+services in support of the Internet infrastructure, developed BIND 9 and
+is responsible for its ongoing maintenance and improvement. BIND is open
+source software licenced under the terms of the Mozilla Public License,
+version 2.0.
+
+For a summary of features introduced in past major releases of BIND, see
+the file HISTORY.
+
+For a detailed list of changes made throughout the history of BIND 9, see
+the file CHANGES. See below for details on the CHANGES file format.
+
+For up-to-date release notes and errata, see http://www.isc.org/software/
+bind9/releasenotes
+
+Reporting bugs and getting help
+
+Please report assertion failure errors and suspected security issues to
+security-officer@isc.org.
+
+General bug reports can be sent to bind9-bugs@isc.org.
+
+Feature requests can be sent to bind-suggest@isc.org.
+
+Please note that, while ISC's ticketing system is not currently publicly
+readable, this may change in the future. Please do not include information
+in bug reports that you consider to be confidential. For example, when
+sending the contents of your configuration file, it is advisable to
+obscure key secrets; this can be done automatically by using
+named-checkconf -px.
+
+Professional support and training for BIND are available from ISC at
+https://www.isc.org/support.
+
+To join the BIND Users mailing list, or view the archives, visit https://
+lists.isc.org/mailman/listinfo/bind-users.
+
+If you're planning on making changes to the BIND 9 source code, you may
+also want to join the BIND Workers mailing list, at https://lists.isc.org/
+mailman/listinfo/bind-workers.
+
+Contributing to BIND
+
+A public git repository for BIND is maintained at http://www.isc.org/git/,
+and also on Github at https://github.com/isc-projects.
+
+Information for BIND contributors can be found in the following files: -
+General information: doc/dev/contrib.md - BIND 9 code style: doc/dev/
+style.md - BIND architecture and developer guide: doc/dev/dev.md
+
+Patches for BIND may be submitted either as Github pull requests or via
+email. When submitting a patch via email, please prepend the subject
+header with "[PATCH]" so it will be easier for us to find. If your patch
+introduces a new feature in BIND, please submit it to bind-suggest@isc.org
+; if it fixes a bug, please submit it to bind9-bugs@isc.org.
+
+BIND 9.12 features
+
+BIND 9.12.0 is the newest development branch of BIND 9. It includes a
+number of changes from BIND 9.11 and earlier releases. New features
+include:
+
+ * dnstap-read -x prints a hex dump of the wire format of each logged DNS
+ message.
+ * The query handling code has been substantially refactored for improved
+ readability, maintainability and testability .
+ * dnstap output files can now be configured to roll automatically when
+ reaching a given size.
+ * Log file timestamps can now also be formatted in ISO 8601 (local) or
+ ISO 8601 (UTC) formats.
+ * Logging channels and dnstap output files can now be configured to use
+ a timestamp as the suffix when rolling to a new file.
+ * named-checkconf -l lists zones found in named.conf.
+ * Added support for the EDNS Padding and Keepalive options.
+
+Building BIND
+
+BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
+support, and a 64-bit integer type. Successful builds have been observed
+on many versions of Linux and UNIX, including RedHat, Fedora, Debian,
+Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris,
+HP-UX, AIX, SCO OpenServer, and OpenWRT.
+
+BIND is also available for Windows XP, 2003, 2008, and higher. See
+win32utils/readme1st.txt for details on building for Windows systems.
+
+To build on a UNIX or Linux system, use:
+
+ $ ./configure
+ $ make
+
+If you're planning on making changes to the BIND 9 source, you should run
+make depend. If you're using Emacs, you might find make tags helpful.
+
+Several environment variables that can be set before running configure
+will affect compilation:
+
+Variable Description
+CC The C compiler to use. configure tries to figure out the
+ right one for supported systems.
+ C compiler flags. Defaults to include -g and/or -O2 as
+CFLAGS supported by the compiler. Please include '-g' if you need
+ to set CFLAGS.
+ System header file directories. Can be used to specify
+STD_CINCLUDES where add-on thread or IPv6 support is, for example.
+ Defaults to empty string.
+ Any additional preprocessor symbols you want defined.
+STD_CDEFINES Defaults to empty string. For a list of possible settings,
+ see the file OPTIONS.
+LDFLAGS Linker flags. Defaults to empty string.
+BUILD_CC Needed when cross-compiling: the native C compiler to use
+ when building for the target system.
+BUILD_CFLAGS Optional, used for cross-compiling
+BUILD_CPPFLAGS
+BUILD_LDFLAGS
+BUILD_LIBS
+
+Compile-time options
+
+To see a full list of configuration options, run configure --help.
+
+On most platforms, BIND 9 is built with multithreading support, allowing
+it to take advantage of multiple CPUs. You can configure this by
+specifying --enable-threads or --disable-threads on the configure command
+line. The default is to enable threads, except on some older operating
+systems on which threads are known to have had problems in the past.
+(Note: Prior to BIND 9.10, the default was to disable threads on Linux
+systems; this has now been reversed. On Linux systems, the threaded build
+is known to change BIND's behavior with respect to file permissions; it
+may be necessary to specify a user with the -u option when running named.)
+
+To build shared libraries, specify --with-libtool on the configure command
+line.
+
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying --with-tuning=
+large on the configure command line. This can improve performance on big
+servers, but will consume more memory and may degrade performance on
+smaller systems.
+
+For the server to support DNSSEC, you need to build it with crypto
+support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
+installed. If the OpenSSL library is installed in a nonstandard location,
+specify the prefix using "--with-openssl=/prefix" on the configure command
+line. To use a PKCS#11 hardware service module for cryptographic
+operations, specify the path to the PKCS#11 provider library using
+"--with-pkcs11=/prefix", and configure BIND with "--enable-native-pkcs11".
+
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2 http://xmlsoft.org or json-c https://
+github.com/json-c. If these are installed at a nonstandard location,
+specify the prefix using --with-libxml2=/prefix or --with-libjson=/prefix.
+
+To support compression on the HTTP statistics channel, the server must be
+linked against libzlib. If this is installed in a nonstandard location,
+specify the prefix using --with-zlib=/prefix.
+
+To support storing configuration data for runtime-added zones in an LMDB
+database, the server must be linked with liblmdb. If this is installed in
+a nonstandard location, specify the prefix using "with-lmdb=/prefix".
+
+To support GeoIP location-based ACLs, the server must be linked with
+libGeoIP. This is not turned on by default; BIND must be configured with
+"--with-geoip". If the library is installed in a nonstandard location, use
+specify the prefix using "--with-geoip=/prefix".
+
+For DNSTAP packet logging, you must have libfstrm https://github.com/
+farsightsec/fstrm and libprotobuf-c https://developers.google.com/
+protocol-buffers, and BIND must be configured with "--enable-dnstap".
+
+Python requires the 'argparse' and 'ply' modules to be available.
+'argparse' is a standard module as of Python 2.7 and Python 3.2. 'ply' is
+available from https://pypi.python.org/pypi/ply.
+
+On some platforms it is necessary to explicitly request large file support
+to handle files bigger than 2GB. This can be done by using
+--enable-largefile on the configure command line.
+
+Support for the "fixed" rrset-order option can be enabled or disabled by
+specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
+command line. By default, fixed rrset-order is disabled to reduce memory
+footprint.
+
+If your operating system has integrated support for IPv6, it will be used
+automatically. If you have installed KAME IPv6 separately, use --with-kame
+[=PATH] to specify its location.
+
+make install will install named and the various BIND 9 libraries. By
+default, installation is into /usr/local, but this can be changed with the
+--prefix option when running configure.
+
+You may specify the option --sysconfdir to set the directory where
+configuration files like named.conf go by default, and --localstatedir to
+set the default parent directory of run/named.pid. For backwards
+compatibility with BIND 8, --sysconfdir defaults to /etc and
+--localstatedir defaults to /var if no --prefix option is given. If there
+is a --prefix option, sysconfdir defaults to $prefix/etc and localstatedir
+defaults to $prefix/var.
+
+Automated testing
+
+A system test suite can be run with make test. The system tests require
+you to configure a set of virtual IP addresses on your system (this allows
+multiple servers to run locally and communicate with one another). These
+IP addresses can be configured by by running the script bin/tests/system/
+ifconfig.sh up as root.
+
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
+and will be skipped if these are not available. Some tests require Python
+and the 'dnspython' module and will be skipped if these are not available.
+See bin/tests/system/README for further details.
+
+Unit tests are implemented using Automated Testing Framework (ATF). To run
+them, use configure --with-atf, then run make test or make unit.
+
+Documentation
+
+The BIND 9 Administrator Reference Manual is included with the source
+distribution, in DocBook XML, HTML and PDF format, in the doc/arm
+directory.
+
+Some of the programs in the BIND 9 distribution have man pages in their
+directories. In particular, the command line options of named are
+documented in bin/named/named.8.
+
+Frequently (and not-so-frequently) asked questions and their answers can
+be found in the ISC Knowledge Base at https://kb.isc.org.
+
+Additional information on various subjects can be found in other README
+files throughout the source tree.
+
+Change log
+
+A detailed list of all changes that have been made throughout the
+development BIND 9 is included in the file CHANGES, with the most recent
+changes listed first. Change notes include tags indicating the category of
+the change that was made; these categories are:
+
+Category Description
+[func] New feature
+[bug] General bug fix
+[security] Fix for a significant security flaw
+[experimental] Used for new features when the syntax or other aspects of
+ the design are still in flux and may change
+[port] Portability enhancement
+[maint] Updates to built-in data such as root server addresses and
+ keys
+[tuning] Changes to built-in configuration defaults and constants to
+ improve performance
+[performance] Other changes to improve server performance
+[protocol] Updates to the DNS protocol such as new RR types
+[test] Changes to the automatic tests, not affecting server
+ functionality
+[cleanup] Minor corrections and refactoring
+[doc] Documentation
+[contrib] Changes to the contributed tools and libraries in the
+ 'contrib' subdirectory
+ Used in the master development branch to reserve change
+[placeholder] numbers for use in other branches, e.g. when fixing a bug
+ that only exists in older releases
+
+In general, [func] and [experimental] tags will only appear in new-feature
+releases (i.e., those with version numbers ending in zero). Some new
+functionality may be backported to older releases on a case-by-case basis.
+All other change types may be applied to all currently-supported releases.
+
+Acknowledgments
+
+ * The original development of BIND 9 was underwritten by the following
+ organizations:
+
+ Sun Microsystems, Inc.
+ Hewlett Packard
+ Compaq Computer Corporation
+ IBM
+ Process Software Corporation
+ Silicon Graphics, Inc.
+ Network Associates, Inc.
+ U.S. Defense Information Systems Agency
+ USENIX Association
+ Stichting NLnet - NLnet Foundation
+ Nominum, Inc.
+
+ * This product includes software developed by the OpenSSL Project for
+ use in the OpenSSL Toolkit. http://www.OpenSSL.org/
+ * This product includes cryptographic software written by Eric Young
+ (eay@cryptsoft.com)
+ * This product includes software written by Tim Hudson
+ (tjh@cryptsoft.com)
+
projects / thirdparty / bind9.git / commitdiff
