BIND 9.3.2 Release Notes (5900-1575, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

Table 5 New Command-Line Options (continued)

DescriptionOptionsBinaries/Tools

Specifies if name server (NS) records must be checked to verify

whether they are addresses. The values for this option are fail,

warn, and ignore. The default value is warn.

-n modenamed-checkzone

Writes the zone output to the directory-o filenamenamed-checkzone

Specifies the directory under which the named-checkzone

command is chrooted. The $INCLUDE directives in the configuration

file are also processed as if they are run by a similarly chrooted

named.

-t directorynamed-checkzone

Specifies named to change to directory so that relative filenames

in the master file $INCLUDE directives are functional. This option is

similar to the directory clause in the /etc/named.conf file.

-w directorynamed-checkzone

Specifies the dump zone file in canonical format-Dnamed-checkzone

Specifies named to use only the IPv4 transport even if the host system

is capable of handling IPv6 addresses

-4named

Specifies named to use only the IPv6 transport even if the host system

is capable of handling IPv4 addresses

-6named

Sets the maximum timeout value for an update request before it can

abort. The default value is 300 seconds. To disable the timeout, set

this option to 0.

-tnsupdate

Sets the UDP retry interval. The default value is 3 seconds. If this

option is set to 0, the interval is computed from the timeout interval

and the number of UDP retries.

-unsupdate

Sets the number of UDP retries. The default value is 3. If this option

is set to 0, only one update request is made.

-rnsupdate

Supports RFC 4193 (Unique local IPv6 unicast addresses)

BIND 9.3.2 (C.9.3.2.5.0) for the HP-UX 11i v3 operating system conforms to RFC 4193 (Unique

Local IPv6 Unicast Addresses). RFC 4193 defines a format for the unique local IPv6 unicast address

that is globally unique and not intended for external networks. When named receives an unique

local IPv6 unicast address for resolution, it does not send this address to the global DNS server

for resolution. Instead, it returns the NXDOMAIN response message by default. As a result, the

unique local IPv6 unicast addresses are never exposed to the outside network and are not accessible

by external systems.

Changed features

Following are the changed features in BIND 9.3.2:

• In BIND 9.3.2, named(1M) selects the best forwarder from the list of forwarders specified in

the /etc/named.conf file and sends the query to the forwader with the lowest roundtrip

time. In BIND 9.2.0, named(1M) does not select a forwarder from the /etc/named.conf

file but sequentially sends queries to all the forwarders in the /etc/named.conf file until

the query is answered.

• The following DNSSEC features are modified in BIND 9.3.2:

In BIND 9.2.0, when the dnssec-keygen command is executed twice with the

HMAC-MD5 algorithm, two different key-file pairs are generated. In BIND 9.3.2, the key

files are overwritten, resulting in one key-file pair only.

◦

◦ In the previous version of BIND, the dnssec-keygen command used the RSAMD5, DH,

DSA, RSA, or HMAC-MD5 algorithm. In BIND 9.3.2, the dnssec-keygen command

Changed features 11