src/external/mpl/bind/dist/README.md - diff

Return to README.md CVS log

Up to [cvs.NetBSD.org] / src / external / mpl / bind / dist

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/external/mpl/bind/dist/README.md between version 1.1.1.2 and 1.1.1.3

version 1.1.1.2, 2019/01/09 16:48:14

version 1.1.1.3, 2019/02/24 18:56:37

Line 18

1. [BIND 9.13 features](#features)

1. [Building BIND](#build)

1. [macOS](#macos)

1. [Dependencies](#dependencies)

1. [Compile-time options](#opts)

1. [Automated testing](#testing)

1. [Documentation](#doc)

Line 138 include:

Line 139 include:

DNSSEC validation should not be performed.

* The default value of "dnssec-validation" is now "auto".

* IDNA2008 is now supported when linking with `libidn2`.

* "named -V" now outputs the default paths for files used by named

and other tools.

In addition, workarounds that were formerly in place to enable resolution

of domains whose authoritative servers did not respond to EDNS queries

Line 147 for more details.

Line 150 for more details.

Cryptographic support has been modernized. BIND now uses the

best available pseudo-random number generator for the platform on which

it's built. Very old versions of OpenSSL are no longer supported.

Cryptography is now mandatory: building BIND without DNSSEC is now

Cryptography is now mandatory: building BIND without DNSSEC is no

longer supported.

Special code to support certain legacy operating systems has also

Line 207 or if you have Xcode already installed y

Line 210 or if you have Xcode already installed y

This will add /usr/include to the system and install the compiler and other

tools so that they can be easily found.

### <a name="dependencies"/> Dependencies

Portions of BIND that are written in Python, including

`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the

system tests, require the 'argparse' and 'ply' modules to be available.

'argparse' is a standard module as of Python 2.7 and Python 3.2.

'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).

#### <a name="opts"/> Compile-time options

To see a full list of configuration options, run `configure --help`.

On most platforms, BIND 9 is built with multithreading support, allowing it

to take advantage of multiple CPUs. You can configure this by specifying

`--enable-threads` or `--disable-threads` on the `configure` command line.

The default is to enable threads, except on some older operating systems on

which threads are known to have had problems in the past. (Note: Prior to

BIND 9.10, the default was to disable threads on Linux systems; this has

now been reversed. On Linux systems, the threaded build is known to change

BIND's behavior with respect to file permissions; it may be necessary to

specify a user with the -u option when running `named`.)

To build shared libraries, specify `--with-libtool` on the `configure`

command line.

Certain compiled-in constants and default settings can be increased to

values better suited to large servers with abundant memory resources (e.g,

64-bit servers with 12G or more of memory) by specifying

`--with-tuning=large` on the `configure` command line. This can improve

performance on big servers, but will consume more memory and may degrade

performance on smaller systems.

For the server to support DNSSEC, you need to build it with crypto support.

To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the

OpenSSL library is installed in a nonstandard location, specify the prefix

Line 266 and libprotobuf-c

Line 259 and libprotobuf-c

[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),

and BIND must be configured with `--enable-dnstap`.

Certain compiled-in constants and default settings can be increased to

values better suited to large servers with abundant memory resources (e.g,

64-bit servers with 12G or more of memory) by specifying

`--with-tuning=large` on the `configure` command line. This can improve

performance on big servers, but will consume more memory and may degrade

performance on smaller systems.

On Linux, process capabilities are managed in user space using

the `libcap` library, which can be installed on most Linux systems via

the `libcap-dev` or `libcap-devel` module. Process capability support can

also be disabled by configuring with `--disable-linux-caps`.

Portions of BIND that are written in Python, including

`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the

system tests, require the 'argparse' and 'ply' modules to be available.

'argparse' is a standard module as of Python 2.7 and Python 3.2.

'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).

On some platforms it is necessary to explicitly request large file support

to handle files bigger than 2GB. This can be done by using

`--enable-largefile` on the `configure` command line.

Line 286 specifying `--enable-fixed-rrset` or `--

Line 280 specifying `--enable-fixed-rrset` or `--

configure command line. By default, fixed rrset-order is disabled to

reduce memory footprint.

The `--enable-querytrace` option causes `named` to log every step of

processing every query. This should only be enabled when debugging, because

it has a significant negative impact on query performance.

`make install` will install `named` and the various BIND 9 libraries. By

default, installation is into /usr/local, but this can be changed with the

`--prefix` option when running `configure`.

CVSweb <webmaster@jp.NetBSD.org>