BIND 9.2.0 Release Notes
Table Of Contents
- 1 New Features
- BIND 8.1.2 Features Supported on HP-UX 11.0
- New BIND 9.2.0 Features
- Incremental Zone Transfer
- DNS Security
- Dynamic DNS Update
- TSIG-Based Security
- Lightweight Resolver Library and Daemon
- Improved Logging Mechanism
- Extended Configuration Syntax and Options
- New Options in options Statement
- New Option in “server” Statement
- New Options in “zone” Statement
- named-checkconf
- named-checkzone
- rndc
- Generating rndc.conf File
- New Command Line Options
- Changed Features
- Unsupported Features
- 2 Installation Information
- 3 Documentation
- 4 Known Problems, Limitation and Defect Fixes
New Features
New BIND 9.2.0 Features
Chapter 1 9
Validation for wild card records in secure zones is not fully supported. In
particular, a name does not exist response validates successfully even
if it does not contain the NXT records to prove the existence of a
matching wild card.
Generating a Key
The /usr/bin/dnssec-keygen program is used to generate keys.
Following is a sample directive to invoke the dnssec-keygen program to
generate a 768-bit DSA key for the domain example.com:
# /usr/bin/dnssec-keygen -a DSA -b 768 -n ZONE example.com
This command generates the key identification string
Kexample.com.+003+26160 indicating a DSA key with identifier 26160.
The -a option is used to specify the encryption algorithm. The -b option
is used to specify the key size and the -n option is used to specify the
name type which can be a ZONE, HOST, ENTITY, or USER.
For a detailed description of all supported functions, type man 1
dnssec-keygen at the HP-UX prompt.
Creating a Keyset
The /usr/bin/dnssec-makekeyset program is used to create a keyset
from one or more keys.
Following is a sample directive to invoke the dnssec-makekeyset for the
Kexample.com.+003+26160 key (generated by the dnssec-keygen
program):
# /usr/bin/dnssec-makekeyset -t 86400 -s 20007011200000 -e
+2592000
Kexample.com+003+26160
The output of this command is a file named example.com.keyset
containing a SIG and KEY record for the ZONE example.com. The
option -t is used to specify the TTL value that will be assigned to the
assembled KEY and SIG records in the output file. The options -s and -e
are used to indicate the start time and end time or expiry date for the
SIG records, respectively.
For a detailed description of all supported options, type man 1
dnssec-makekeyset at the HP-UX prompt.