Manualshelf

BIND 9.3.2 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
11121314151617181920
Table 1-5 New Command-Line Options (continued)
DescriptionOptionsBinaries/Tools
Specifies named to use only the IPv6 transport even if the
host system is capable of handling IPv4 addresses
-6named
Sets the maximum timeout value for an update request
before it can abort. The default value is 300 seconds. To
disable the timeout, set this option to 0.
-tnsupdate
Sets the UDP retry interval. The default value is 3 seconds.
If this option is set to 0, the interval is computed from the
timeout interval and the number of UDP retries.
-unsupdate
Sets the number of UDP retries. The default value is 3. If
this option is set to 0, only one update request is made.
-rnsupdate
Supports RFC 4193 (Unique Local IPv6 Unicast Addresses)
BIND 9.3.2 (C.9.3.2.5.0) for the HP-UX 11i v3 operating system conforms to RFC 4193
(Unique Local IPv6 Unicast Addresses). RFC 4193 defines a format for the unique local
IPv6 unicast address that is globally unique and not intended for external networks.
When named receives an unique local IPv6 unicast address for resolution, it does not
send this address to the global DNS server for resolution. Instead, it returns the
NXDOMAIN response message by default. As a result, the unique local IPv6 unicast
addresses are never exposed to the outside network and are not accessible by external
systems.
Changed Features
Following are the changed features in BIND 9.3.2:
In BIND 9.3.2, named(1M) selects the best forwarder from the list of forwarders
specified in the /etc/named.conf file and sends the query to the forwader with
the lowest roundtrip time. In BIND 9.2.0, named(1M) does not select a forwarder
from the /etc/named.conf file but sequentially sends queries to all the
forwarders in the /etc/named.conf file until the query is answered.
The following DNSSEC features are modified in BIND 9.3.2:
In BIND 9.2.0, when the dnssec-keygen command is executed twice with
the HMAC-MD5 algorithm, two different key-file pairs are generated. In BIND
9.3.2, the key files are overwritten, resulting in one key-file pair only.
In the previous version of BIND, the dnssec-keygen command used the
RSAMD5, DH, DSA, RSA, or HMAC-MD5 algorithm. In BIND 9.3.2, the
dnssec-keygen command supports only RSASHA1 and DSA algorithms for
DNSSEC. HMAC-MD5 and DH are also supported, in which case a KEY record
is generated instead of a DNSKEY record. The -k option must be used to generate
a KEY record.
Changed Features 15