BIND 9.2.0 Release Notes HP-UX 11i v1 Manufacturing Part Number: 5991-0422 February 2010 United States © Copyright 2010 Hewlett-Packard Development Company, L.P.
Legal Notices The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Printed in the US Confidential computer software. Valid license from HP required for possession, use or copying.
Contents 1. New and Changed Features Summary of BIND 9.1.3 Features Supported in BIND 9.2.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 New BIND 9.2.0 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 New Options in Options Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 New Option in “Server” Statement . . . . . . . . . . . . . . . . . . . . . . . .
Contents 4
1 New and Changed Features BIND 9.2.0 is available on HP-UX 11i v1 platform as a Web upgrade. Most of the features available in previous versions of BIND are supported in BIND 9.2.0 with additional functionality.
New and Changed Features Summary of BIND 9.1.3 Features Supported in BIND 9.2.0 Summary of BIND 9.1.3 Features Supported in BIND 9.2.0 This section lists the BIND 9.1.3 features that are supported in BIND 9.2.0.
New and Changed Features New BIND 9.2.0 Features New BIND 9.2.0 Features This section describes the new features in BIND 9.2.0. New Options in Options Statement The following lists the new options added in the Options statement: • dump-file This option is used to specify the pathname of the file to which the server dumps the database with the rndc dumpdb command. Default is named_dump.db. The syntax of dump-file option in the Options statement in the /etc/named.
New and Changed Features New BIND 9.2.0 Features This option is used to specify the maximum size of a core dump. Default is default. The syntax of coresize option in the “Options” statement in the /etc/named.conf file is as shown below: [ coresize size_spec ; ] • sortlist The sortlist statement takes an address_match_list and interprets it. Each top level statement in sortlist must be an explicit address_match_list with one or two elements.
New and Changed Features New BIND 9.2.0 Features [ bogus yes_or_no ; ] New Options in “Zone” Statement The following lists the new options added in “Zone” statement: • forwarders This option can be used to specify the IP addresses to be used for forwarding. The forwarding facility can be used to create a large site-wide cache on a few servers, reducing traffic over links to external nameservers.
New and Changed Features New BIND 9.2.0 Features “-b keysize” is used to specify the size of the authentication key in bits. The value must range between 1 and 512. Default is 128 bits. “-c keyfile” is used with the -a option to specify an alternate location for the rndc.key file. “-h” is used to print a short summary of the options and arguments to rndc-confgen utility. “-k keyname” is used to specify the key name of the rndc authentication key. This must be a valid domain name. Default is rndc-key.
New and Changed Features New BIND 9.2.0 Features Table 1-1 New Command Line Options (Continued) Binaries/Tools Chapter 1 Options Usage dig -k Sign the DNS queries sent by dig and their responses using transaction signatures (TSIG). dig -y Specify the TSIG key on the command line. dnssec-makekeyset & dnssec-signkey -a Verify all generated signatures. dnssec-signkey -c class Specify the DNS class of the key sets. Currently only IN class is supported.
New and Changed Features New BIND 9.2.0 Features Table 1-1 New Command Line Options (Continued) Binaries/Tools 12 Options Usage dnssec-signzone -i interval Specify the cycle interval as an offset from the current time (in seconds). If a SIG record expires after the cycle interval, it is retained. Else, it is considered to be expiring soon and will be replaced. The default cycle interval is one quarter of the difference between signature end and start times.
New and Changed Features New BIND 9.2.0 Features Table 1-1 New Command Line Options (Continued) Binaries/Tools Options Usage named-checkzone -v Print the version number of named-checkzone and exit. nsupdate key {name} [secret] Specify that all updates need to be TSIG signed using the keyname keysecret pair. The key command overrides any key specified on the command line via -y or -k. nsupdate local {address} [port] Send all dynamic update requests using the local address.
New and Changed Features New BIND 9.2.0 Features • reconfig • trace • trace level • notrace • flush • flush [view] • status rndc is run on the command line as: rndc [-c config] [-s server] [-p port] [-y key] command [comma nd...] Where -c config file is used to specify an alternate configuration file. The default configuration file is /etc/rndc.conf. -s server is used to specify the server whose operation needs to be controlled.
New and Changed Features New BIND 9.2.0 Features Table 1-2 rndc commands (Continued) Command NOTE Description dumpdb dump the current contents of the cache into the file specified by the dump-file option in named.conf. stop stop the server after saving any recent changes into the master files of the updated zones. halt stop the server immediately without saving any recent changes into the master files. reconfig reload configuration file and new zones only.
New and Changed Features Changed Features Changed Features This section describes the changed features in BIND 9.2.0. HP-specific Features The following lists the HP-specific features incorporated in BIND 9.2.0: • noforward This option cannot be specified in Options statement in BIND 9.2.0. Instead forwarding can be suppressed by including an empty forwarders sub-statement as shown in the following example: options { forwarders {192.249.249.1; }; } zone “hp.com” { type slave; masters { 192.249.249.
New and Changed Features Unsupported Features Unsupported Features The following BIND 8.1.2 options are not supported in BIND 9.2.0: • no-round-robin This option was used in BIND 8.1.2 to turn off the default round robin, which cycles returned IP addresses for multi-homed hosts. • named-xfer This option is obsolete because it is part of the named binary. • deallocate-on-exit This option is no longer in use as the server now always checks for memory leaks.
New and Changed Features Unsupported Features This option is now obsolete as BIND 9.2.0 always allocated query IDs from a pool. • fetch-glue This option was used in BIND 8.1.2 to cause the server to fetch glue resource records it does not have when constructing the additional data section of a response. • serial-queries This option was used in BIND 8.1.2 to set the maximum number of concurrent serial number queries allowed to be outstanding at any given time. BIND 9.2.
New and Changed Features Unsupported Features • pubkey This option was used in BIND 8.1.2 to specify a public zone key for verification of signatures in DNSSEC signed zones when they are loaded from disk. BIND 9.2.0 does not verify signatures on loading and ignores the option. • max-ixfr-log-size This option was used in BIND 8.1.2 to set limits on server’s resource consumption. This option is obsolete; it is accepted and ignored for BIND 8.1.2 compatibility.
New and Changed Features Unsupported Features 20 Chapter 1
2 Installation Information Read this chapter before installing BIND 9.2.0.
Installation Information System Requirements System Requirements The following lists the system requirements to install BIND 9.2.
Installation Information Migrating from Previous Versions of BIND Migrating from Previous Versions of BIND The following sections describe how to migrate from previous versions of BIND to BIND 9.2.0. From BIND 4.9.7 to BIND 9.2.0 A shell script, “named-bootconf.sh” is provided with BIND 9.2.0 in the /usr/bin directory to convert the BIND 4.9.7 configuration file to BIND 9.2.0-compliant configuration file. The following steps describe how to convert the existing /etc/named.boot file to the BIND 9.2.
Installation Information Migrating from Previous Versions of BIND From BIND 8.1.2 to BIND 9.2.0 BIND 9.2.0 expects the db files in a slightly different format compared to the previous versions. A shell script "change2v9db.sh" is provided with BIND 9.2.0 to convert the existing db files to BIND 9.2.0-compliant db files. The shell script is installed in the /usr/bin directory. The following steps describe how to convert the db files to BIND 9.2.0-compliant db files: 1.
Installation Information Compatibility with Previous Versions of BIND Compatibility with Previous Versions of BIND This section provides the BIND 9.2.0 compatibility information. BIND 4.9.7 Compatibility This section discusses the BIND 9.2.0-BIND 4.9.7 compatibility. • BIND 9.2.0 uses a system assigned port for the UDP queries it makes rather than port 53 that BIND 4.9.7 uses. This may conflict with some firewalls. To specify a port, edit the /etc/named.
Installation Information Compatibility with Previous Versions of BIND • Outgoing zone transfers now use the "many-answers" format by default.This format is not understood by certain old versions of BIND 4.9.7.This problem can be resolved by using the option "transfer-format one-answer;", but HP recommends upgrading the slave servers. BIND 8.1.2 Compatibility This section discusses the BIND 9.2.0-BIND 8.1.2 compatibility. • Configuration file compatibility — BIND 9.2.
Installation Information Installing BIND 9.2.0 Installing BIND 9.2.0 BIND 9.2.0 is available as a web release on HP-UX 11i v1 platform at HP’s software depot at http://www.software.hp.com. The latest version of BIND 9.2.0 is version B.11.11.01.015 released in February 2010. After downloading the software package, use the swinstall command to install the package on your system. Detailed information on how to use BIND 9.2.0 can be found in the respective man pages. Step1 If you have installed BIND 9.1.
Installation Information Installing BIND 9.2.
3 Documentation This chapter discusses the product documentation that is distributed with BIND 9.2.0.
Documentation Man Pages Man Pages BIND 9.2.0 documentation is available through its man pages. Table 3-1 lists and describes the man pages distributed with BIND 9.2.0. Table 3-1 Man Pages Man Page 30 Description named.1m Internet domain name server dnssec-keygen.1 Key generation tool for DNSSEC dnssec-makekeyset.1 Program used to produce a set of DNS keys. dnssec-signkey.1 DNSSEC keyset signing tool host.1 DNS lookup utility nslookup.1 Program used to query nameservers interactively.
Documentation Man Pages Table 3-1 Man Pages (Continued) Man Page named-conf.4 Description Configuration file for name daemon nslookup, dig, and host can be used to troubleshoot BIND 9.2.0. NOTE Chapter 3 Please refer to the respective man pages for detailed information and examples.
Documentation Man Pages 32 Chapter 3
4 Known Problems and Limitations This chapter discusses the known problems and limitations in BIND 9.2.0.
Known Problems and Limitations Known Problems Known Problems The following are the known problems in BIND 9.2.0: NOTE • In BIND 9.2.0, if duplicate data is available for a query, the duplicate data will not be dropped. • Use of wildcard address "*" in "query-source address * port 53;" may not work as expected. Instead of the wildcard address "*", you need to use an explicit source IP address.
Known Problems and Limitations Limitations Limitations The following lists the limitations in BIND 9.2.0: • Specific IPv6 addresses cannot be specified with the listen-on-v6 option. • The rndc dump.db command dumps only the cache information. You can run dig axfr command to obtain the db file information. • In IPv6 systems, the notify directive in the Options statement in named.conf will be successful only if there is an IPv4-mapped-IPv6 address in the masters clause of the slave zone.
Known Problems and Limitations Defects Closed in this Release Defects Closed in this Release Table 4-1 and Table 4-2 describe the defects closed in the previous releases and the current release of BIND 9.2, respectively. Table 4-1 Defects Closed in the Previous Releases Defect 36 Description JAGad95074 Porting of BIND9.2.0 on HPUX 11.11. JAGae38578 Problem with nslookup in BIND. JAGae37800 Openssl not working properly JAGae33084 A buffer-length based computational error exits in the nslookup.
Known Problems and Limitations Defects Closed in this Release Table 4-1 Defects Closed in the Previous Releases (Continued) Defect Description JAGae95793 The rndc dumpdb command does not dump the address database cache. JAGae93621 Certain openssl certificates do not work properly. JAGae72605 In an IPv6 system, if the listen-on-v6 ( none }; option is specified in the named.conf file named does not listen on an IPv4 interface. JAGae51696 Adding the edns option in the options statement in named.
Known Problems and Limitations Defects Closed in this Release Table 4-1 Defects Closed in the Previous Releases (Continued) Defect JAGae97983 Description In multithreaded environment, named aborts with an assertion failure. The error reported in the syslog file is as follows: critical: lib/dns/name.c:3200: REQUIRE((((name) != 0L) && (((const isc__magic_t *)(name))->magic == (((’D’) << 24 | (’N’) << 16 | (’S’) << 8 | (’n’)))))) failed Sep 11 15:54:09.
Known Problems and Limitations Defects Closed in this Release Table 4-1 Defects Closed in the Previous Releases (Continued) Defect Table 4-2 Chapter 4 Description JAGaf45348 named aborts with assertion failure INSIST in name.c.
Known Problems and Limitations Defects Closed in this Release Table 4-2 Defects Closed in this Release (Continued) Defect Description QXCR1000955329 The TCP accept() call fails to create the new connection socket and logs one of the following errors: internal accept: accept() failed: Too many open files internal_accept: fcntl() failed: Too many open files QXCR1000955712 The closure criteria for sockets lead to inconsistent states in the socket module.
Known Problems and Limitations Defects Closed in this Release Table 4-3 Backported Defects (Continued) New BIND Version BIND 9.2.
Known Problems and Limitations Defects Closed in this Release 42 Chapter 4
