Manualshelf

BIND 9.3.2 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
12345678910
For more information on the new DNSSEC options, see named.conf(1)
New DNSSEC statement in the options statement
BIND 9.3.2 contains trusted-keys, a new DNSSEC statement in the options
statement located in /etc/named.conf file. The trusted-keys statement
defines DNSSEC security roots. A security root is defined when the public key for
a non-authoritative zone cannot be securely obtained through DNS, either because
it is the DNS root zone or because its parent zone is unsigned. When a key is
configured as a trusted key, it is treated as if it is validated and is secure. The
resolver attempts DNSSEC validation on all DNS data in the subdomains of a
security root. The trusted-keys statement can contain multiple key entries,
each consisting of the key's domain name, flags, protocol, algorithm, and the
base-64 representation of the key data. For more information on the trusted-keys
statement, see named.conf(1)
Support for the ip6.arpa Domain
BIND 9.3.2 uses the ip6.arpa domain for IPv6 forward lookups, instead of the
ip6.int domain. However, BIND 9.3.2 continues to support the ip6.int domain
for backward compatibility. BIND 9.3.2 also uses the ip6.arpa domain for storing
IPv6 addresses in the DNS. The existing queries that perform additional section
processing to locate IPv4 addresses are redefined to perform additional section
processing on both IPv4 and IPv6 addresses.
The ip6.arpa domain is a special domain defined to look up a record given an IPv6
address. This domain provides a method to map an IPv6 address to a host name.
An IPv6 address is represented as a name in the ip6.arpa domain by a sequence of
nibbles separated by dots with the suffix .ip6.arpa. The sequence of nibbles is
encoded in reverse order wherein the low-order nibble is encoded first, followed by
the next low-order nibble and so on. Each nibble is represented by a hexadecimal digit.
For example, consider the following IPv6 address:
4321:0:1:2:3:4:567:89ab
Following is the reverse lookup domain name in the ip6.arpa domain:
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.
New Method of Listing Master Servers
Starting with BIND 9.3.2, the masters statement provides a list of master name servers
that can be included in the masters clause of the zone statement.
Following is the masters statement with the new masters_list option, which
specifies the acl name of the list of master name servers:
masters name [port ip_port] {(masters_list | ip_addr [port
ip_port] [key key]); [...]};
8 BIND 9.3.2 Release Notes