version 1.1.1.2, 2019/01/09 16:48:14 |
version 1.1.1.3, 2019/02/24 18:56:37 |
|
|
1. [BIND 9.13 features](#features) |
1. [BIND 9.13 features](#features) |
1. [Building BIND](#build) |
1. [Building BIND](#build) |
1. [macOS](#macos) |
1. [macOS](#macos) |
|
1. [Dependencies](#dependencies) |
1. [Compile-time options](#opts) |
1. [Compile-time options](#opts) |
1. [Automated testing](#testing) |
1. [Automated testing](#testing) |
1. [Documentation](#doc) |
1. [Documentation](#doc) |
|
|
DNSSEC validation should not be performed. |
DNSSEC validation should not be performed. |
* The default value of "dnssec-validation" is now "auto". |
* The default value of "dnssec-validation" is now "auto". |
* IDNA2008 is now supported when linking with `libidn2`. |
* IDNA2008 is now supported when linking with `libidn2`. |
|
* "named -V" now outputs the default paths for files used by named |
|
and other tools. |
|
|
In addition, workarounds that were formerly in place to enable resolution |
In addition, workarounds that were formerly in place to enable resolution |
of domains whose authoritative servers did not respond to EDNS queries |
of domains whose authoritative servers did not respond to EDNS queries |
Line 147 for more details. |
|
Line 150 for more details. |
|
Cryptographic support has been modernized. BIND now uses the |
Cryptographic support has been modernized. BIND now uses the |
best available pseudo-random number generator for the platform on which |
best available pseudo-random number generator for the platform on which |
it's built. Very old versions of OpenSSL are no longer supported. |
it's built. Very old versions of OpenSSL are no longer supported. |
Cryptography is now mandatory: building BIND without DNSSEC is now |
Cryptography is now mandatory: building BIND without DNSSEC is no |
longer supported. |
longer supported. |
|
|
Special code to support certain legacy operating systems has also |
Special code to support certain legacy operating systems has also |
Line 207 or if you have Xcode already installed y |
|
Line 210 or if you have Xcode already installed y |
|
This will add /usr/include to the system and install the compiler and other |
This will add /usr/include to the system and install the compiler and other |
tools so that they can be easily found. |
tools so that they can be easily found. |
|
|
|
### <a name="dependencies"/> Dependencies |
|
|
|
Portions of BIND that are written in Python, including |
|
`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the |
|
system tests, require the 'argparse' and 'ply' modules to be available. |
|
'argparse' is a standard module as of Python 2.7 and Python 3.2. |
|
'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply). |
|
|
#### <a name="opts"/> Compile-time options |
#### <a name="opts"/> Compile-time options |
|
|
To see a full list of configuration options, run `configure --help`. |
To see a full list of configuration options, run `configure --help`. |
|
|
On most platforms, BIND 9 is built with multithreading support, allowing it |
|
to take advantage of multiple CPUs. You can configure this by specifying |
|
`--enable-threads` or `--disable-threads` on the `configure` command line. |
|
The default is to enable threads, except on some older operating systems on |
|
which threads are known to have had problems in the past. (Note: Prior to |
|
BIND 9.10, the default was to disable threads on Linux systems; this has |
|
now been reversed. On Linux systems, the threaded build is known to change |
|
BIND's behavior with respect to file permissions; it may be necessary to |
|
specify a user with the -u option when running `named`.) |
|
|
|
To build shared libraries, specify `--with-libtool` on the `configure` |
To build shared libraries, specify `--with-libtool` on the `configure` |
command line. |
command line. |
|
|
Certain compiled-in constants and default settings can be increased to |
|
values better suited to large servers with abundant memory resources (e.g, |
|
64-bit servers with 12G or more of memory) by specifying |
|
`--with-tuning=large` on the `configure` command line. This can improve |
|
performance on big servers, but will consume more memory and may degrade |
|
performance on smaller systems. |
|
|
|
For the server to support DNSSEC, you need to build it with crypto support. |
For the server to support DNSSEC, you need to build it with crypto support. |
To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the |
To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the |
OpenSSL library is installed in a nonstandard location, specify the prefix |
OpenSSL library is installed in a nonstandard location, specify the prefix |
Line 266 and libprotobuf-c |
|
Line 259 and libprotobuf-c |
|
[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers), |
[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers), |
and BIND must be configured with `--enable-dnstap`. |
and BIND must be configured with `--enable-dnstap`. |
|
|
|
Certain compiled-in constants and default settings can be increased to |
|
values better suited to large servers with abundant memory resources (e.g, |
|
64-bit servers with 12G or more of memory) by specifying |
|
`--with-tuning=large` on the `configure` command line. This can improve |
|
performance on big servers, but will consume more memory and may degrade |
|
performance on smaller systems. |
|
|
On Linux, process capabilities are managed in user space using |
On Linux, process capabilities are managed in user space using |
the `libcap` library, which can be installed on most Linux systems via |
the `libcap` library, which can be installed on most Linux systems via |
the `libcap-dev` or `libcap-devel` module. Process capability support can |
the `libcap-dev` or `libcap-devel` module. Process capability support can |
also be disabled by configuring with `--disable-linux-caps`. |
also be disabled by configuring with `--disable-linux-caps`. |
|
|
Portions of BIND that are written in Python, including |
|
`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the |
|
system tests, require the 'argparse' and 'ply' modules to be available. |
|
'argparse' is a standard module as of Python 2.7 and Python 3.2. |
|
'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply). |
|
|
|
On some platforms it is necessary to explicitly request large file support |
On some platforms it is necessary to explicitly request large file support |
to handle files bigger than 2GB. This can be done by using |
to handle files bigger than 2GB. This can be done by using |
`--enable-largefile` on the `configure` command line. |
`--enable-largefile` on the `configure` command line. |
Line 286 specifying `--enable-fixed-rrset` or `-- |
|
Line 280 specifying `--enable-fixed-rrset` or `-- |
|
configure command line. By default, fixed rrset-order is disabled to |
configure command line. By default, fixed rrset-order is disabled to |
reduce memory footprint. |
reduce memory footprint. |
|
|
|
The `--enable-querytrace` option causes `named` to log every step of |
|
processing every query. This should only be enabled when debugging, because |
|
it has a significant negative impact on query performance. |
|
|
`make install` will install `named` and the various BIND 9 libraries. By |
`make install` will install `named` and the various BIND 9 libraries. By |
default, installation is into /usr/local, but this can be changed with the |
default, installation is into /usr/local, but this can be changed with the |
`--prefix` option when running `configure`. |
`--prefix` option when running `configure`. |