BIND 8.1.2 Release Notes HP-UX 11.0 Edition 2 Manufacturing Part Number: B5971-4748 E0203 United States © Copyright 2003, Hewlett-Packard Company.
Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty.
This software is based in part on the Fourth Berkeley Software Distribution under license from the Regents of the University of California. ©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc. ©copyright 1985-86, 1988 Massachusetts Institute of Technology. ©copyright 1989-93 The Open Software Foundation, Inc. ©copyright 1986 Digital Equipment Corporation. ©copyright 1990 Motorola, Inc.
Contents 1. New and Changed Features New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Support for DNS Change Notification (RFC 1996) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Support for Dynamic DNS Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Improved Logging System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 6
1 New and Changed Features BIND 8.1.2 is available on the HP-UX 11.0 operating system as a web upgrade. The latest version of BIND 8.1.2 is Version 4.0 and supports most of the features available in previous versions of BIND.
New and Changed Features New Features New Features This section describes the new features in BIND 8.1.2. Support for DNS Change Notification (RFC 1996) The DNS NOTIFY operation provides a method for the master server to inform slave servers that a zone transfer is necessary. In the earlier versions, slave servers had to poll a master server at an interval of time as defined in the State of Authority (SOA) record, to check if the serial number has changed.
New and Changed Features New Features Support for Dynamic DNS Update Dynamic update is the ability to add, modify or delete resource records in the master zone files, under a specified zone. Dynamic update is based on the RFC 2136. You can enable dynamic update for a zone by including an allow-update clause in the zone statement of the /etc/named.conf file. You can use the nsupdate utility to submit Dynamic DNS update requests to a name server, as defined in RFC2136.
New and Changed Features New Features message. The many-answers format is more efficient when compared to the one-answer format, but many-answers supports only new slave servers such as BIND 9.2, BIND 8.x and patched versions of BIND 4.9.x. The default format is many-answers. A server statement overrides the transfer-format for a server. See “The server Statement” on page 25 for more information. New Configuration Syntax in /etc/named.conf The new BIND 8.1.2 configuration file /etc/named.
New and Changed Features New Features Allows any host on a network for which the system has an interface. An example acl statement is as follows: acl can_query{ 1.2.3; any;}; The acl statement, can_query, allows queries from any host in the network 1.2.3. The include Statement The include statement inserts a specified file at a particular location in the configuration file where the include statement is encountered. You can use the statement to break the configuration file into easily manageable groups.
New and Changed Features New Features An example key statement is: key sample_key{ algorithm hmac-md5; secret "secret here";}; You can use the key ID defined in the key statement to associate an authentication method with a particular name server. You must create a key ID in the key statement before using it in a server definition. The logging Statement The logging statement specifies what messages the server logs and where the log messages are sent.
New and Changed Features New Features • default_syslog This channel sends messages to the daemon facility at severity info and higher (info is a predefined severity level that allows messages of its severity level or higher to be logged to the channel). • default_debug This channel sends messages to the file named.run and tracks the daemon’s current dynamic debug level. • default_stderr This channel sends messages of severity info and higher to standard error.
New and Changed Features New Features Table 1-1 Message Categories (Continued) Message Category Description packet Dumps of packets received and sent notify The NOTIFY protocol security Approved/unapproved requests insist Internal consistency check failures db Database operations os Operating system problems maintenance Periodic maintenance events load Zone loading messages response-checks Messages arising from response checking default Unclassified messages and categories that do not
New and Changed Features New Features [ versions ( number | unlimited ) ] [ size size_spec ] |syslog(kern|user| mail | daemon | auth | syslog | lpr| news | uucp |cron | authpriv | ftp | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 ) | null ); [ severity ( critical | error | warning | notice | info | debug [ level ] | dynamic ); ] [ print-category yes_or_no; ] [ print-severity yes_or_no; ] [ print-time yes_or_no; ] }; ] [ category category_name { channel_name; [ channel_name; ...
New and Changed Features New Features The options Statement The options statement controls global server configuration options used in BIND 8.1.2. This statement can appear only once in a configuration file. If more than one occurrence is found, the first occurrence determines the actual options used, and a warning is generated. If there is no options statement, an options block with each option set to its default value is used.
New and Changed Features New Features [ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ] ; ] [ max-transfer-time-in number; ] [ transfer-format ( one-answer | many-answers ); ] [ transfers-in number; ] [ transfers-out number; ] [ transfers-per-ns number; ] [ coresize size_spec ; ] [ datasize size_spec ; ] [ files size_spec ; ] [ stacksize size_spec ; ] [ cleaning-interval number; ] [ interface-interval number; ] [ statistics-interval number; ] [ sortlist { ip_addr; ...
New and Changed Features New Features • Resource limits • Periodic task interval Each option is described in the following sections. Pathname Options • directory path_name; This option specifies the working directory of the server. Any non-absolute path name in the configuration file is considered relative to this directory. directory specifies the default location for all the server output files (e.g., named.run). If you do not specify a directory, the working directory defaults to ".
New and Changed Features New Features This option specifies the path name of the file to which the server appends statistics when it receives a SIGILL signal. If the path name of the file is not specified, the default file used is named.stats. Boolean Options • auth-nxdomain yes_or_no; If auth-nxdomain is set to yes, the AA bit is always set on NXDOMAIN responses even though the server is not authoritative. The default value is yes.
New and Changed Features New Features available because previous versions of BIND allowed multiple CNAME records, and these records have been used in the previous versions for load balancing. • notify yes_or_no; If notify is set to yes (the default), DNS NOTIFY messages are sent when a zone, for which the server is authoritative, changes. The NOTIFY message speeds the convergence between the master server and its slave servers.
New and Changed Features New Features the forwarders list. If this query is not successful, the server by itself searches for the answer. If the value is set as only, the server queries only the forwarder IP addresses. Name Checking Options The server checks domain names based on their expected client contexts. For example, you can check whether a domain name used as a hostname complies with the RFCs that define valid host names.
New and Changed Features New Features You can restrict access to the server based on the IP address of the requesting system. allow-query { address_match_list }; The allow_query option specifies the hosts that are allowed to ask ordinary questions. You can also specify the allow-query option in the zone statement, which overrides the options allow-query statement. By default, it allows queries from all hosts.
New and Changed Features New Features query-source address * port *; NOTE query-source applies only to UDP queries; TCP queries use a wildcard IP address and a random unprivileged port. Zone Transfer Options The zone transfer options are as follows: max-transfer-time-in number; Inbound zone transfers (named-xfer processes) that run longer than the specified number is terminated. The default is value is 120 minutes (2 hours).
New and Changed Features New Features The default value is 2. Increasing the value of transfers-per-ns not only speeds up the convergence of slave zones, but also increases the load on the remote nameserver. You can override the transfers-per-ns option on a per-server basis using the transfers phrase of the server statement. Resource Limits Options You can limit the server’s usage of the system resources. If a specific limit is not supported on a given operating system, a warning is issued.
New and Changed Features New Features Following are the periodic task intervals options: cleaning-interval number; The cleaning-interval option specifies the time interval after which the server removes the expired resource records from the cache. The default value is 60 minutes. If cleaning-interval is set to 0, periodic cleaning does not occur. interface-interval number; The interface-interval option specifies the time interval for which the server scans the network interface list.
New and Changed Features New Features transfer-format one-answer; Each resource record receives its own DNS message. This format is widely accepted but not efficient. transfer-format many-answers; Each DNS message contains many records. This format is efficient and compatible with BIND 8.1.2. You can specify any of the transfer-format options for a server, using the transfer-format option within the server statement.
New and Changed Features New Features The zone Statement The zone statement is used to define a zone as master, slave, stub or hint. NOTE Previous releases of BIND used the term primary for a master zone, secondary for a slave zone, and cache for a hint zone. The following are the zone types: master - This is the master copy of the data in a zone. slave - A slave zone is a replica of a master zone. The master list specifies one or more IP addresses that the slave contacts to update its copy of the zone.
New and Changed Features New Features zone domain_name [ { in | hs | hesiod | chaos ) ] { type master; file path_name; [ check-names ( warn | fail | ignore ); ] [ allow-update { address_match_list }; ] [ allow-query { address_match_list}; ] [ allow-transfer { address_match_list }; ] [ notify yes_or_no; ] [ also-notify { ip_addr; [ ip_addr; ...
New and Changed Features New Features [ check-names ( warn | fail | ignore ); ] }; zone statement examples for master, slave and hint are as follows: zone isc.org in type master; file master/isc.org; }; zone vix.com in { type slave; file slave/vix.com; masters { 10.0.0.53; }; }; zone.in { type hint; file named.cache; }; zone 0.0.127.in-addr.arpa in { type master; file master/127.0.
New and Changed Features Changed Features Changed Features The following lists the changed features in BIND 8.1.2: 30 • In the earlier versions, the BIND configuration file was /etc/named.boot whereas starting from BIND 8.1.2 the configuration file has been renamed as /etc/named.conf. • The old configuration file syntax consisted of single lines, each describing a zone or an option. The new syntax is flexible and allows you to easily specify different features.
New and Changed Features Unsupported Features Unsupported Features The following lists the unsupported options in BIND 8.1.2: • alias-ip This option is no longer supported in BIND 8.1.2. Use the listen-on option of the options statement to implement the alias-ip option. • no-round-robin The no-round-robin option used to disable the default round-robin cycling of returned IP addresses for multi-homed hosts is no longer supported in BIND 8.1.2.
New and Changed Features Unsupported Features 32 Chapter 1
2 Installation and Migration Information Read this chapter before installing BIND 8.1.2 on the HP-UX 11.0 operating system.
Installation and Migration Information System Requirements System Requirements The following lists the system requirements to install BIND 8.1.2: 34 • Hewlett-Packard 9000 System • HP-UX operating system version 11.
Installation and Migration Information Migrating from BIND 4.9.x to BIND 8.1.2 Migrating from BIND 4.9.x to BIND 8.1.2 To migrate from BIND 4.9.x to BIND 8.1.x, use a perl script named named-bootconf.pl. It is installed in the /usr/bin directory. To use this script, you must have perl installed on the system. Converting an Existing /etc/named.boot File If you wish to convert an existing /etc/named.boot file to work with BIND 8.1.2, execute the command /usr/bin/named-bootconf.
Installation and Migration Information Migrating from BIND 4.9.x to BIND 8.1.2 NOTE 36 To use the new features added in BIND 8.1.2, you must manually configure the new features in the /etc/named.conf configuration file. See “New Configuration Syntax in /etc/named.conf” on page 10 for more information.
Installation and Migration Information Installing BIND 8.1.2 Installing BIND 8.1.2 BIND 8.1.2 is available as a web upgrade on the HP-UX 11.0 operating system at HP’s software depot at http://www.software.com. The latest version of BIND 8.1.2 is Version 4.0 released in February 2003. After downloading the software package, use the swinstall command to install the package on your system. Detailed information on how to use BIND 8.1.2 can be found in the respective man pages.
Installation and Migration Information Installing BIND 8.1.2 BIND 8.1.2 by running the command /usr/bin/enable_inet -r bind in the command line to revert back to the base version delivered with HP-UX 11.0 (BIND 4.9.7) prior to patching.
3 Manpages This chapter discusses the manpages distributed with BIND 8.1.2.
Manpages Table 3-1 lists and describes the man pages distributed with BIND 8.1.2. Table 3-1 Man Pages Man Page NOTE 40 Description named.1m Internet domain name server named-xfer.1m Program used as an ancillary agent for inbound zone transfers. sig-named.1m Program used to send signals to the nameserver. nsupdate.1 Dynamic DNS update utility nslookup.1 Program used to query nameservers interactively. hosts_to_na.1m Program used to translate host table to name server file format.
4 Defect Fixes This chapter specifies a list of defects fixed in BIND 8.1.2.
Defect Fixes Table 4-1 and Table 4-2 list and describe the defects fixed in BIND 8.1.2 Version 4.0 and Version 3.0. Table 4-1 Defect fixes in Version 4.0 Defect # Description CR JAGae33084 Problem with DNS resolver in BIND. CR JAGae38578 Problem with nslookup in BIND. CR JAGae54341 named does not cache the SIG record properly. CR JAGae54338 named does not function properly. Table 4-2 Defect Fixes in Version 3.
Defect Fixes Table 4-2 Chapter 4 Defect Fixes in Version 3.0 (Continued) Defect # Description CR JAGad41638 Addition of the tool nsupdate to enable the user to dynamically update DNS records (Dynamic DNS). CR JAGad45649 named is not behaving properly. CR JAGad48072 named is not behaving properly. CR JAGac40451 named fails in certain cases. CR JAGaa27075 nslookup does not always work. CR JAGab69094 BIND 4.9.7 and 8.1.
Defect Fixes 44 Chapter 4
