-Copyright (C) 2004, 2005, 2007-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004, 2005, 2007-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2001, 2003 Internet Software Consortium.
-See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
+See COPYRIGHT in the main source directory for license terms.
-$Id$
+NOTES ON BIND 9.10 FOR WINDOWS:
- Release of BIND 9.10 for Windows and later.
-
-This is a release of BIND 9.10 for Windows XP and later.
+BIND 9.10 is known to run on Windows XP, Vista, Windows 7,
+and Windows Server 2003 and higher.
- Important Kit Installation Information
-
-As of release 9.3.0, BINDInstall requires that you install it under
-a account with restricted privileges. The installer will prompt
-you for an account name, the default is "named", and a password for
-that account. It will also check for the existence of that account.
-If it does not exist is will create it with only the privileges
-required to run BIND. If the account does exist it will check that
-it has only the one privilege required: "Log on as a service". If
-it has too many privileges it will prompt you if you want to continue.
-
-With BIND running under an account name it is necessary for all
+KIT INSTALLATION:
+
+Unpack the kit into any convenient directory and run the BINDInstall
+program. This will install the named and associated programs into
+the correct directories and set up the required registry keys.
+
+BINDInstall requires that you install it under an account with
+restricted privileges. The installer will prompt you for an account
+name (the default is "named") and a password for that account. It
+will also check for the existence of that account. If it does not
+exist is will create it with only the privileges required to run
+BIND. If the account does exist it will check that it has only the
+one privilege required: "Log on as a service". If it has too many
+privileges it will prompt you if you want to continue.
+
+With BIND running under an account name, it is necessary for all
files and directories that BIND uses to have permissions set up for
the named account if the files are on an NTFS disk. BIND requires
that the account have read and write access to the directory for
also need read access to the named.conf and any other file that it
needs to read.
-"NT AUTHORITY\LocalService" is also an acceptable account. This
-account is built into Windows and no password is required. Appropriate
-file permissions will also need to be set for "NT AUTHORITY\LocalService"
-similar to those that would have been required for the "named" account.
+"NT AUTHORITY\LocalService" is also an acceptable account.
+This account is built into Windows and no password is required.
+Appropriate file permissions will also need to be set for "NT
+AUTHORITY\LocalService" similar to those that would have been
+required for the "named" account.
It is important that on Windows the directory directive is used in
the options section to tell BIND where to find the files used in
-named.conf (default %WINDOWS%\system32\dns\etc\named.conf).
+named.conf (default %WINDOWS%\system32\dns\etc\named.conf). For
+example:
-e.g.
options {
directory "C:\WINDOWS\system32\dns\etc";
};
-If you have previously installed BIND 8 or BIND 4 on the system
-that you wish to install this kit, you MUST use the BIND 8 or BIND
-4 installer to uninstall the previous kit. For BIND 8.2.x, you can
-use the BINDInstall that comes with the BIND 8 kit to uninstall it.
-The BIND 9 installer will NOT uninstall the BIND 8 binaries. That
-will be fixed in a future release.
-
-Unpack the kit into any convenient directory and run the BINDInstall
-program. This will install the named and associated programs into
-the correct directories and set up the required registry keys.
-
Messages are logged to the Application log in the EventViewer.
- Controlling BIND
+CONTROLLING BIND:
Windows uses the same rndc program as is used on Unix systems. The
rndc.conf file must be configured for your system in order to work.
You will need to generate a key for this. To do this use the
rndc-confgen program. The program will be installed in the same
-directory as named: dns/bin/. From the DOS prompt, use the command
+directory as named: dns\bin. From the DOS prompt, use the command
this way:
rndc-confgen -a
-which will create a rndc.key file in the dns/etc directory. This will
+which will create a rndc.key file in the dns\etc directory. This will
allow you to run rndc without an explicit rndc.conf file or key and
control entry in named.conf file. See section 3.4.1.2 of the ARM for
details of this. An rndc.conf can also be generated by running:
rndc-confgen > rndc.conf
which will create the rndc.conf file in the current directory, but
-not copy it to the dns/etc directory where it needs to reside. If
+not copy it to the dns\etc directory where it needs to reside. If
you create rndc.conf this way you will need to copy the same key
statement into named.conf.
in both named.conf and rndc.conf. Again see section 3.4.1.2 of the
ARM for details.
-In order to you rndc from a different system it is important to
+In order to run rndc from a different system it is important to
ensure that the clocks are synchronized. The clocks must be kept
within 5 minutes of each other or the rndc commands will fail
authentication. Use NTP or other time synchronization software to
relative files in named.conf you will need to specify a working
directory using the directory directive options.
- Documentation
+DOCUMENTATION:
This kit includes Documentation in HTML format. The documentation
is not copied during the installation process so you should move
which provides detailed information on BIND 9. In addition, there
are HTML pages for each of the BIND 9 applications.
- DNS Tools
+INCLUDED TOOLS:
-The following tools have been built for Windows: dig, nslookup, host,
-nsupdate, rndc, rndc-confgen, named-checkconf, named-checkzone,
-ddns-confgen, dnssec-importkey, dnssec-keygen, dnssec-signzone,
-dnssec-dsfromkey, dnssec-keyfromlabel, dnssec-revoke, dnssec-settime
-and dnssec-verify.
-The latter tools are for use with DNSSEC. All tools are installed
-in the dns/bin directory.
+The following tools have been built for Windows: dig, nslookup,
+host, nsupdate, ddns-confgen, rndc, rndc-confgen, named-checkconf,
+named-checkzone, named-compilezone, named-journalprint,
+dnssec-importkey, dnssec-keygen, dnssec-signzone, dnssec-dsfromkey,
+dnssec-keyfromlabel, dnssec-revoke, dnssec-settime and
+dnssec-verify. The latter tools are for use with DNSSEC. All tools
+are installed in the dns\bin directory.
IMPORTANT NOTE ON USING THE TOOLS:
It is no longer necessary to create a resolv.conf file on Windows
-as the tools will look in the registry for the required nameserver
-information. However if you wish to create a resolv.conf file as
-follows it will use it in preference to the registry nameserver
+as the tools will look in the registry for the required name server
+information. However, if you do create a resolv.conf file as follows,
+the tools will use it in preference to the registry name server
entries.
-To create a resolv.conf you need to place it in the System32\Drivers\etc
-directory and it needs to contain a list of nameserver addresses
-to use to find the nameserver authoritative for the zone. The format
-of this file is:
+Place resolv.conf the System32\Drivers\etc directory. It must
+contain a list of recursive server addresses. The format of this
+file is:
nameserver 1.2.3.4
nameserver 5.6.7.8
-Replace the IP addresses with your real addresses. 127.0.0.1 is a
-valid address if you are running a nameserver on the localhost.
-
- Problems
-
-Please report all problems to bind9-bugs@isc.org and not to me. All
-other questions should go to the bind-users@isc.org mailing list
-or the comp.protocol.dns.bind news group.
+Replace the above IP addresses with the real name server addresses.
+127.0.0.1 is a valid address if you are running a recursive name
+server on the localhost.
- Danny Mayer
- mayer@ntp.isc.org
+PROBLEMS:
+Please report bugs to bind9-bugs@isc.org. Other questions can go
+to the bind-users@isc.org mailing list.
projects / thirdparty / bind9.git / commitdiff
