BIND 9.2.0 Release Notes
Table Of Contents
- 1 New Features
- BIND 8.1.2 Features Supported on HP-UX 11.0
- New BIND 9.2.0 Features
- Incremental Zone Transfer
- DNS Security
- Dynamic DNS Update
- TSIG-Based Security
- Lightweight Resolver Library and Daemon
- Improved Logging Mechanism
- Extended Configuration Syntax and Options
- New Options in options Statement
- New Option in “server” Statement
- New Options in “zone” Statement
- named-checkconf
- named-checkzone
- rndc
- Generating rndc.conf File
- New Command Line Options
- Changed Features
- Unsupported Features
- 2 Installation Information
- 3 Documentation
- 4 Known Problems, Limitation and Defect Fixes
New Features
New BIND 9.2.0 Features
Chapter 110
Signing the Child’s Keyset
The /usr/bin/dnssec-signkey program is used to sign a keyset for a
child zone.
# /usr/bin/dnssec-signkey example.com.keyset Kcom.+003+51944
The output of the above command is a file named
example.com.signedkey, which has the keys for example.com signed by
the com zone’s zone key.
Signing the Zone
The /usr/bin/dnssec-signzone program is used to sign a zone.
Following is a sample directive to invoke the dnssec-signzone to sign
the zone, example.com:
# /usr/bin/dnssec-signzone example.com
Kexample.com.+003+26160
dnssec-signzone creates a file named example.com.signed, which is
the signed version of the example.com zone. This file can then be
referenced in a zone statement in the /etc/named.conf file so that it
can be loaded by the nameserver.
Kexample.com.+003+26160 is the key identifier generated by the
dnssec-keygen program.
Configuring Servers
Unlike BIND 8.1.2, data is not verified on load in BIND 9.2.0. Therefore,
you need not specify zone keys for authoritative zones in the
configuration file. The public key for any security root must exist in the
trusted-keys statement in the configuration file.
Dynamic DNS Update
Dynamic update is the ability to add, modify or delete records or RR sets
in the master zone files under a specified zone. Dynamic update is based
on RFC 2136 (Dynamic Updates in the Domain Name System (DNS
UPDATE)). Dynamic update is enabled on a zone-by-zone basis by
including an allow-update or update-policy clause in the zone
statement of the /etc/named.conf file.