BIND 9.2.0 Release Notes
Table Of Contents
- 1 New Features
- BIND 8.1.2 Features Supported on HP-UX 11.0
- New BIND 9.2.0 Features
- Incremental Zone Transfer
- DNS Security
- Dynamic DNS Update
- TSIG-Based Security
- Lightweight Resolver Library and Daemon
- Improved Logging Mechanism
- Extended Configuration Syntax and Options
- New Options in options Statement
- New Option in “server” Statement
- New Options in “zone” Statement
- named-checkconf
- named-checkzone
- rndc
- Generating rndc.conf File
- New Command Line Options
- Changed Features
- Unsupported Features
- 2 Installation Information
- 3 Documentation
- 4 Known Problems, Limitation and Defect Fixes
New Features
New BIND 9.2.0 Features
Chapter 1 11
NOTE You must not manually edit zone files of dynamic zones because the
changes can cause conflict with dynamic updates. Use the nsupdate
utility to submit dynamic DNS update requests to a name server.
TSIG-Based Security
To secure a server-to-server communication, BIND 9.2.0 primarily uses
TSIG. This includes zone transfer, notify, and recursive query messages.
TSIG is most useful for dynamic updates. To secure dynamic updates to a
primary server of a dynamic zone, key-based access control is more
effective than IP-based access control. The nsupdate program with -k
and -y options is used to provide the shared secret required to generate
the TSIG record for authenticating dynamic DNS update request.
For more information, type man 1 nsupdate at the HP-UX prompt.
Lightweight Resolver Library and Daemon
The applications that require address-to-name lookups have been linked
with a stub resolver library that sends recursive DNS queries to a local
caching name server.
BIND 9.2.0 provides resolution services to local clients using a
combination of a lightweight resolver library and a resolver daemon
process running on the local host. These communicate using a simple
UDP-based protocol "lightweight resolver protocol" that is distinct from
and simpler than the DNS protocol.
To use the lightweight resolver interface, the system must run the
resolver daemon lwresd. The daemon currently looks only in the DNS,
but in the future it may use other sources, such as /etc/hosts, NIS.
For more information, type man 1m lwresd at the HP-UX prompt.
Improved Logging Mechanism
The logging mechanism in BIND 9.2.0 is established only when the
entire configuration file has been parsed. In BIND 8.1.2, it was
established as soon as the logging statement was parsed. When the
server starts up, messages regarding syntax errors in the configuration