BIND 9.2.0 Release Notes
Table Of Contents
- 1 New Features
- BIND 8.1.2 Features Supported on HP-UX 11.0
- New BIND 9.2.0 Features
- Incremental Zone Transfer
- DNS Security
- Dynamic DNS Update
- TSIG-Based Security
- Lightweight Resolver Library and Daemon
- Improved Logging Mechanism
- Extended Configuration Syntax and Options
- New Options in options Statement
- New Option in “server” Statement
- New Options in “zone” Statement
- named-checkconf
- named-checkzone
- rndc
- Generating rndc.conf File
- New Command Line Options
- Changed Features
- Unsupported Features
- 2 Installation Information
- 3 Documentation
- 4 Known Problems, Limitation and Defect Fixes
New Features
New BIND 9.2.0 Features
Chapter 18
When acting as a slave, BIND 9.2.0 attempts to use IXFR unless it is
explicitly disabled.
Following are the options statements to enable or disable IXFR:
[provide-ixfr yes_or_no;]
[request-ixfr yes_or_no;]
You can manually set these options to yes or no in the /etc/named.conf
configuration file. You can also exclude these options from the
/etc/named.conf configuration file.
The provide-ixfr clause determines whether the local server, which is
acting as a master, responds with incremental zone transfer when the
remote slave server requests a zone transfer.
If the provide-ixfr claue is set to yes, incremental transfer is provided
whenever possible. If the provide-ixfr is set to no, all transfers to the
remote server are non-incremental. If you do not set the provide-ixfr
clause, the value of the provide-ixfr option in the global options block
is used as the default value.
The request-ixfr clause determines whether the local server, which is
acting as a slave, requests incremental zone transfers from the given
remote master server.
If the request-ixfr is set to yes, incremental transfer is requested from
the given remote master server. If you set to no, all transfers to the
remote server will be non-incremental. If you do not set the
request-ixfr clause, the value of the request-ixfr option in the global
options block is used as the default value.
DNS Security
Authentication of DNS information in a zone is possible by using the
DNS Security (DNSSEC) extensions defined in RFC 2535. BIND 9.2.0
includes the tools required to set up a DNSSEC secure zone.
The administrators of the parent and child zone must communicate with
each other to transmit keys and signatures. To trust its data, the parent
zone for a DNSSEC-capable resolver must indicate a zone’s security
status. For other servers to trust data in this zone, they must either be
statically configured with this zone’s zone key or with the zone key of
another zone above this on in the DNS tree.