bind9/README

BIND 9

	XXX  Introduction XXX


BIND 9.0.0b1

	BIND 9.0.0b1 is the first public release of BIND 9 code.  It will
	be most useful to advanced users working with IPv6 or DNSSEC.

	BIND 9.0.0b1 is not functionally complete, and is not a release
	candidate for BIND 9.0.0.  The ISC anticipates a number of additional
	beta releases between now and May, when BIND 9.0.0 is scheduled to
	be released.

	The ISC does not recommend using BIND 9.0.0b1 for "production"
	services.

	Much of the core technology planned for BIND 9.0.0 is in this beta
	release.

	Some of the highlights are:

		IPv6
			Support for bitstring labels, DNAME, and A6 records.

			IPv6-aware resolver (follows A6 chains, can use IPv6 to
			talk to other nameservers).

			The nameserver listens on an IPv6 socket.

		DNSSEC
			All new RR types supported.

			The server generates DNSSEC responses for secure zones.

		EDNS0
			DNS messages using UDP have been limited to 512
			bytes.  This is too small for DNSSEC replies, whose
			signature and key records can be large.  EDNS0 allows
			larger UDP messages to be sent.
		
			EDNS0 is understood by the server, and used by the
			resolver.

	Some of the more significant items that will be implemented or
	enhanced in a future beta are

		DNSSEC validation

			The server does not currently validate DNSSEC
			signatures.

		Notify

		Configuration File

			Some config file items are not yet implemented.
			See doc/misc/options for a summary of the current
			status.

		Selective Forwarding

		Documentation


Building

	BIND 9 currently requires a UNIX system with an ANSI C compiler,
	basic POSIX support, and a good pthreads implementation.

	We've had successful builds and tests on the following systems

		AIX 4.3
		COMPAQ Tru64 UNIX 4.0D
		HP-UX 11
		IRIX64 6.5
		NetBSD 1.4.1
		Red Hat Linux 6.0, 6.1
		Solaris 2.6, 7, 8 (beta)

	To build, just

		./configure
		make

	"make install" will install "named" and the various BIND 9 libraries.
	By default, installation is into /usr/local, but this can be changed
	with the "--prefix" option when running "configure".

	Shared libraries will be built if "--with-libtool" is added to the
	"configure" command.

	Building with gcc is not supported, unless gcc is the vendor's usual
	compiler (e.g. the various BSD systems, Linux).


Bug Reports and Mailing Lists

	Bugs reports should be sent to

		bind9-bugs@isc.org

	To join the BIND 9 Users mailing list, send mail to

		bind9-users-request@isc.org

	If you're planning on making changes to the BIND 9 source
	code, you might want to join the BIND 9 Workers mailing list.
	Send mail to

		bind9-workers-request@isc.org


"named" command line options

	-c <config_file>

	-d <debug_level>

	-f				Run in the foreground.

	-N <number_of_cpus>		

	-t <directory>			Chroot to <directory> before running.

	-u <username>			Run as user <username> after binding
					to privileged ports.

	Use of the "-t" option while still running as "root" doesn't
	enhance security on most systems.  The way chroot() is defined
	allows a process with root privileges to escape the chroot jail.

	The "-u" option is not currently useful on Linux.  Linux threads
	are actually processes sharing a common address space.  An unfortunate
	side effect of this is that some system calls, e.g. setuid() that
	in a typical pthreads environment would affect all threads only affect
	the calling thread/process on Linux.  The good news is that BIND 9
	uses the Linux kernel's capability mechanism to drop all root
	powers except the ability to bind() to a privileged port.

	On systems with more than one CPU, the "-N" option should be used
	to indicate how many CPUs there are.


Note to Programmers

	The APIs for the libraries in BIND 9 are not yet frozen.
	We expect the existing library interfaces in the release to be
	quite stable, however, and unless we've specifically indicated that
	an interface is temporary, we don't anticipate major changes in
	future releases.