From 3b1b34f762cf4a9a4e09d3ef03becc0d08acddb9 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 11 Dec 2013 20:07:25 -0800 Subject: [PATCH] README formatting --- README | 484 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 243 insertions(+), 241 deletions(-) diff --git a/README b/README index 9b88e2a672..b849995612 100644 --- a/README +++ b/README @@ -96,322 +96,324 @@ BIND 9.10.0 responding to queries. - New 'named-rrchecker' tool to verify the syntactic correctness of individual resource records. + - When re-signing a zone, the new "dnssec-signzone -Q" option + drops signatures from keys that are still published but are + no longer active. BIND 9.9.0 - BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier - releases. New features include: + BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier + releases. New features include: - - Inline signing, allowing automatic DNSSEC signing of - master zones without modification of the zonefile, or - "bump in the wire" signing in slaves. - - NXDOMAIN redirection. - - New 'rndc flushtree' command clears all data under a given - name from the DNS cache. - - New 'rndc sync' command dumps pending changes in a dynamic - zone to disk without a freeze/thaw cycle. - - New 'rndc signing' command displays or clears signing status - records in 'auto-dnssec' zones. - - NSEC3 parameters for 'auto-dnssec' zones can now be set prior - to signing, eliminating the need to initially sign with NSEC. - - Startup time improvements on large authoritative servers. - - Slave zones are now saved in raw format by default. - - Several improvements to response policy zones (RPZ). - - Improved hardware scalability by using multiple threads - to listen for queries and using finer-grained client locking - - The 'also-notify' option now takes the same syntax as - 'masters', so it can used named masterlists and TSIG keys. - - 'dnssec-signzone -D' writes an output file containing only DNSSEC - data, which can be included by the primary zone file. - - 'dnssec-signzone -R' forces removal of signatures that are - not expired but were created by a key which no longer exists. - - 'dnssec-signzone -X' allows a separate expiration date to - be specified for DNSKEY signatures from other signatures. - - New '-L' option to dnssec-keygen, dnssec-settime, and - dnssec-keyfromlabel sets the default TTL for the key. - - dnssec-dsfromkey now supports reading from standard input, - to make it easier to convert DNSKEY to DS. - - RFC 1918 reverse zones have been added to the empty-zones - table per RFC 6303. - - Dynamic updates can now optionally set the zone's SOA serial - number to the current UNIX time. - - DLZ modules can now retrieve the source IP address of - the querying client. - - 'request-ixfr' option can now be set at the per-zone level. - - 'dig +rrcomments' turns on comments about DNSKEY records, - indicating their key ID, algorithm and function - - Simplified nsupdate syntax and added readline support + - Inline signing, allowing automatic DNSSEC signing of + master zones without modification of the zonefile, or + "bump in the wire" signing in slaves. + - NXDOMAIN redirection. + - New 'rndc flushtree' command clears all data under a given + name from the DNS cache. + - New 'rndc sync' command dumps pending changes in a dynamic + zone to disk without a freeze/thaw cycle. + - New 'rndc signing' command displays or clears signing status + records in 'auto-dnssec' zones. + - NSEC3 parameters for 'auto-dnssec' zones can now be set prior + to signing, eliminating the need to initially sign with NSEC. + - Startup time improvements on large authoritative servers. + - Slave zones are now saved in raw format by default. + - Several improvements to response policy zones (RPZ). + - Improved hardware scalability by using multiple threads + to listen for queries and using finer-grained client locking + - The 'also-notify' option now takes the same syntax as + 'masters', so it can used named masterlists and TSIG keys. + - 'dnssec-signzone -D' writes an output file containing only DNSSEC + data, which can be included by the primary zone file. + - 'dnssec-signzone -R' forces removal of signatures that are + not expired but were created by a key which no longer exists. + - 'dnssec-signzone -X' allows a separate expiration date to + be specified for DNSKEY signatures from other signatures. + - New '-L' option to dnssec-keygen, dnssec-settime, and + dnssec-keyfromlabel sets the default TTL for the key. + - dnssec-dsfromkey now supports reading from standard input, + to make it easier to convert DNSKEY to DS. + - RFC 1918 reverse zones have been added to the empty-zones + table per RFC 6303. + - Dynamic updates can now optionally set the zone's SOA serial + number to the current UNIX time. + - DLZ modules can now retrieve the source IP address of + the querying client. + - 'request-ixfr' option can now be set at the per-zone level. + - 'dig +rrcomments' turns on comments about DNSKEY records, + indicating their key ID, algorithm and function + - Simplified nsupdate syntax and added readline support Building - BIND 9 currently requires a UNIX system with an ANSI C compiler, - basic POSIX support, and a 64 bit integer type. + BIND 9 currently requires a UNIX system with an ANSI C compiler, + basic POSIX support, and a 64 bit integer type. - We've had successful builds and tests on the following systems: + We've had successful builds and tests on the following systems: - COMPAQ Tru64 UNIX 5.1B - Fedora Core 6 - FreeBSD 4.10, 5.2.1, 6.2 - HP-UX 11.11 - Mac OS X 10.5 - NetBSD 3.x, 4.0-beta, 5.0-beta - OpenBSD 3.3 and up - Solaris 8, 9, 9 (x86), 10 - Ubuntu 7.04, 7.10 - Windows XP/2003/2008 + COMPAQ Tru64 UNIX 5.1B + Fedora Core 6 + FreeBSD 4.10, 5.2.1, 6.2 + HP-UX 11.11 + Mac OS X 10.5 + NetBSD 3.x, 4.0-beta, 5.0-beta + OpenBSD 3.3 and up + Solaris 8, 9, 9 (x86), 10 + Ubuntu 7.04, 7.10 + Windows XP/2003/2008 - NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of - Windows, including Windows NT and Windows 2000, are no longer - supported. + NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of + Windows, including Windows NT and Windows 2000, are no longer + supported. - We have recent reports from the user community that a supported - version of BIND will build and run on the following systems: + We have recent reports from the user community that a supported + version of BIND will build and run on the following systems: - AIX 4.3, 5L - CentOS 4, 4.5, 5 - Darwin 9.0.0d1/ARM - Debian 4, 5, 6 - Fedora Core 5, 7, 8 - FreeBSD 6, 7, 8 - HP-UX 11.23 PA - MacOS X 10.5, 10.6, 10.7 - Red Hat Enterprise Linux 4, 5, 6 - SCO OpenServer 5.0.6 - Slackware 9, 10 - SuSE 9, 10 + AIX 4.3, 5L + CentOS 4, 4.5, 5 + Darwin 9.0.0d1/ARM + Debian 4, 5, 6 + Fedora Core 5, 7, 8 + FreeBSD 6, 7, 8 + HP-UX 11.23 PA + MacOS X 10.5, 10.6, 10.7 + Red Hat Enterprise Linux 4, 5, 6 + SCO OpenServer 5.0.6 + Slackware 9, 10 + SuSE 9, 10 - To build, just + To build, just - ./configure - make + ./configure + make - Do not use a parallel "make". + Do not use a parallel "make". - Several environment variables that can be set before running - configure will affect compilation: + Several environment variables that can be set before running + configure will affect compilation: - CC - The C compiler to use. configure tries to figure - out the right one for supported systems. + CC + The C compiler to use. configure tries to figure + out the right one for supported systems. - CFLAGS - C compiler flags. Defaults to include -g and/or -O2 - as supported by the compiler. Please include '-g' - if you need to set CFLAGS. + CFLAGS + C compiler flags. Defaults to include -g and/or -O2 + as supported by the compiler. Please include '-g' + if you need to set CFLAGS. - STD_CINCLUDES - System header file directories. Can be used to specify - where add-on thread or IPv6 support is, for example. - Defaults to empty string. + STD_CINCLUDES + System header file directories. Can be used to specify + where add-on thread or IPv6 support is, for example. + Defaults to empty string. - STD_CDEFINES - Any additional preprocessor symbols you want defined. - Defaults to empty string. + STD_CDEFINES + Any additional preprocessor symbols you want defined. + Defaults to empty string. - Possible settings: - Change the default syslog facility of named/lwresd. - -DISC_FACILITY=LOG_LOCAL0 - Enable DNSSEC signature chasing support in dig. - -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and - -DDIG_SIGCHASE_BU=1) - Disable dropping queries from particular well known ports. - -DNS_CLIENT_DROPPORT=0 - Sibling glue checking in named-checkzone is enabled by default. - To disable the default check set. -DCHECK_SIBLING=0 - named-checkzone checks out-of-zone addresses by default. - To disable this default set. -DCHECK_LOCAL=0 - To create the default pid files in ${localstatedir}/run rather - than ${localstatedir}/run/{named,lwresd}/ set. - -DNS_RUN_PID_DIR=0 - Enable workaround for Solaris kernel bug about /dev/poll - -DISC_SOCKET_USE_POLLWATCH=1 - The watch timeout is also configurable, e.g., - -DISC_SOCKET_POLLWATCH_TIMEOUT=20 + Possible settings: + Change the default syslog facility of named/lwresd. + -DISC_FACILITY=LOG_LOCAL0 + Enable DNSSEC signature chasing support in dig. + -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and + -DDIG_SIGCHASE_BU=1) + Disable dropping queries from particular well known ports. + -DNS_CLIENT_DROPPORT=0 + Sibling glue checking in named-checkzone is enabled by default. + To disable the default check set. -DCHECK_SIBLING=0 + named-checkzone checks out-of-zone addresses by default. + To disable this default set. -DCHECK_LOCAL=0 + To create the default pid files in ${localstatedir}/run rather + than ${localstatedir}/run/{named,lwresd}/ set. + -DNS_RUN_PID_DIR=0 + Enable workaround for Solaris kernel bug about /dev/poll + -DISC_SOCKET_USE_POLLWATCH=1 + The watch timeout is also configurable, e.g., + -DISC_SOCKET_POLLWATCH_TIMEOUT=20 - LDFLAGS - Linker flags. Defaults to empty string. + LDFLAGS + Linker flags. Defaults to empty string. - The following need to be set when cross compiling. + The following need to be set when cross compiling. - BUILD_CC - The native C compiler. - BUILD_CFLAGS (optional) - BUILD_CPPFLAGS (optional) - Possible Settings: - -DNEED_OPTARG=1 (optarg is not declared in ) - BUILD_LDFLAGS (optional) - BUILD_LIBS (optional) + BUILD_CC + The native C compiler. + BUILD_CFLAGS (optional) + BUILD_CPPFLAGS (optional) + Possible Settings: + -DNEED_OPTARG=1 (optarg is not declared in ) + BUILD_LDFLAGS (optional) + BUILD_LIBS (optional) - On most platforms, BIND 9 is built with multithreading - support, allowing it to take advantage of multiple CPUs. - You can configure this by specifying "--enable-threads" or - "--disable-threads" on the configure command line. The default - is to enable threads, except on some older operating systems - on which threads are known to have had problems in the past. - (Note: Prior to BIND 9.10, the default was to disable threads on - Linux systems; this has been reversed. On Linux systems, the - threaded build is known to change BIND's behavior with respect - to file permissions; it may be necessary to specify a user with - the -u option when running named.) + On most platforms, BIND 9 is built with multithreading + support, allowing it to take advantage of multiple CPUs. + You can configure this by specifying "--enable-threads" or + "--disable-threads" on the configure command line. The default + is to enable threads, except on some older operating systems + on which threads are known to have had problems in the past. + (Note: Prior to BIND 9.10, the default was to disable threads on + Linux systems; this has been reversed. On Linux systems, the + threaded build is known to change BIND's behavior with respect + to file permissions; it may be necessary to specify a user with + the -u option when running named.) - To build shared libraries, specify "--with-libtool" on the - configure command line. + To build shared libraries, specify "--with-libtool" on the + configure command line. - For the server to support DNSSEC, you need to build it - with crypto support. You must have OpenSSL 0.9.5a - or newer installed and specify "--with-openssl" on the - configure command line. If OpenSSL is installed under - a nonstandard prefix, you can tell configure where to - look for it using "--with-openssl=/prefix". + For the server to support DNSSEC, you need to build it + with crypto support. You must have OpenSSL 0.9.5a + or newer installed and specify "--with-openssl" on the + configure command line. If OpenSSL is installed under + a nonstandard prefix, you can tell configure where to + look for it using "--with-openssl=/prefix". - To support the HTTP statistics channel, the server must - be linked with at least one of the following: libxml2 - (http://xmlsoft.org) or json-c (https://github.com/json-c). - If these are installed at a nonstandard prefix, use - "--with-libxml2=/prefix" or "--with-libjson=/prefix". + To support the HTTP statistics channel, the server must + be linked with at least one of the following: libxml2 + (http://xmlsoft.org) or json-c (https://github.com/json-c). + If these are installed at a nonstandard prefix, use + "--with-libxml2=/prefix" or "--with-libjson=/prefix". - On some platforms it is necessary to explictly request large - file support to handle files bigger than 2GB. This can be - done by "--enable-largefile" on the configure command line. + On some platforms it is necessary to explictly request large + file support to handle files bigger than 2GB. This can be + done by "--enable-largefile" on the configure command line. - Support for the "fixed" rrset-order option can be enabled - or disabled by specifying "--enable-fixed-rrset" or - "--disable-fixed-rrset" on the configure command line. - The default is "disabled", to reduce memory footprint. + Support for the "fixed" rrset-order option can be enabled + or disabled by specifying "--enable-fixed-rrset" or + "--disable-fixed-rrset" on the configure command line. + The default is "disabled", to reduce memory footprint. - If your operating system has integrated support for IPv6, it - will be used automatically. If you have installed KAME IPv6 - separately, use "--with-kame[=PATH]" to specify its location. + If your operating system has integrated support for IPv6, it + will be used automatically. If you have installed KAME IPv6 + separately, use "--with-kame[=PATH]" to specify its location. - "make install" will install "named" and the various BIND 9 libraries. - By default, installation is into /usr/local, but this can be changed - with the "--prefix" option when running "configure". + "make install" will install "named" and the various BIND 9 libraries. + By default, installation is into /usr/local, but this can be changed + with the "--prefix" option when running "configure". - You may specify the option "--sysconfdir" to set the directory - where configuration files like "named.conf" go by default, - and "--localstatedir" to set the default parent directory - of "run/named.pid". For backwards compatibility with BIND 8, - --sysconfdir defaults to "/etc" and --localstatedir defaults to - "/var" if no --prefix option is given. If there is a --prefix - option, sysconfdir defaults to "$prefix/etc" and localstatedir - defaults to "$prefix/var". + You may specify the option "--sysconfdir" to set the directory + where configuration files like "named.conf" go by default, + and "--localstatedir" to set the default parent directory + of "run/named.pid". For backwards compatibility with BIND 8, + --sysconfdir defaults to "/etc" and --localstatedir defaults to + "/var" if no --prefix option is given. If there is a --prefix + option, sysconfdir defaults to "$prefix/etc" and localstatedir + defaults to "$prefix/var". - To see additional configure options, run "configure --help". - Note that the help message does not reflect the BIND 8 - compatibility defaults for sysconfdir and localstatedir. + To see additional configure options, run "configure --help". + Note that the help message does not reflect the BIND 8 + compatibility defaults for sysconfdir and localstatedir. - If you're planning on making changes to the BIND 9 source, you - should also "make depend". If you're using Emacs, you might find - "make tags" helpful. + If you're planning on making changes to the BIND 9 source, you + should also "make depend". If you're using Emacs, you might find + "make tags" helpful. - If you need to re-run configure please run "make distclean" first. - This will ensure that all the option changes take. + If you need to re-run configure please run "make distclean" first. + This will ensure that all the option changes take. - Building with gcc is not supported, unless gcc is the vendor's usual - compiler (e.g. the various BSD systems, Linux). + Building with gcc is not supported, unless gcc is the vendor's usual + compiler (e.g. the various BSD systems, Linux). - Known compiler issues: - * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86. - * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02. - * gcc-3.3.5 powerpc generates incorrect code at -02. - * Irix, MipsPRO 7.4.1m is known to cause problems. + Known compiler issues: + * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86. + * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02. + * gcc-3.3.5 powerpc generates incorrect code at -02. + * Irix, MipsPRO 7.4.1m is known to cause problems. - A limited test suite can be run with "make test". Many of - the tests require you to configure a set of virtual IP addresses - on your system, and some require Perl; see bin/tests/system/README - for details. + A limited test suite can be run with "make test". Many of + the tests require you to configure a set of virtual IP addresses + on your system, and some require Perl; see bin/tests/system/README + for details. - SunOS 4 requires "printf" to be installed to make the shared - libraries. sh-utils-1.16 provides a "printf" which compiles - on SunOS 4. + SunOS 4 requires "printf" to be installed to make the shared + libraries. sh-utils-1.16 provides a "printf" which compiles + on SunOS 4. Known limitations - Linux requires kernel build 2.6.39 or later to get the - performance benefits from using multiple sockets. + Linux requires kernel build 2.6.39 or later to get the + performance benefits from using multiple sockets. Documentation - The BIND 9 Administrator Reference Manual is included with the - source distribution in DocBook XML and HTML format, in the - doc/arm directory. + The BIND 9 Administrator Reference Manual is included with the + source distribution in DocBook XML and HTML format, in the + doc/arm directory. - Some of the programs in the BIND 9 distribution have man pages - in their directories. In particular, the command line - options of "named" are documented in /bin/named/named.8. - There is now also a set of man pages for the lwres library. + Some of the programs in the BIND 9 distribution have man pages + in their directories. In particular, the command line + options of "named" are documented in /bin/named/named.8. + There is now also a set of man pages for the lwres library. - If you are upgrading from BIND 8, please read the migration - notes in doc/misc/migration. If you are upgrading from - BIND 4, read doc/misc/migration-4to9. + If you are upgrading from BIND 8, please read the migration + notes in doc/misc/migration. If you are upgrading from + BIND 4, read doc/misc/migration-4to9. - Frequently asked questions and their answers can be found in - FAQ. + Frequently asked questions and their answers can be found in + FAQ. - Additional information on various subjects can be found - in the other README files. + Additional information on various subjects can be found + in the other README files. Change Log - A detailed list of all changes to BIND 9 is included in the - file CHANGES, with the most recent changes listed first. - Change notes include tags indicating the category of the - change that was made; these categories are: + A detailed list of all changes to BIND 9 is included in the + file CHANGES, with the most recent changes listed first. + Change notes include tags indicating the category of the + change that was made; these categories are: - [func] New feature + [func] New feature - [bug] General bug fix + [bug] General bug fix - [security] Fix for a significant security flaw + [security] Fix for a significant security flaw - [experimental] Used for new features when the syntax - or other aspects of the design are still - in flux and may change + [experimental] Used for new features when the syntax + or other aspects of the design are still + in flux and may change - [port] Portability enhancement + [port] Portability enhancement - [maint] Updates to built-in data such as root - server addresses and keys + [maint] Updates to built-in data such as root + server addresses and keys - [tuning] Changes to built-in configuration defaults - and constants to improve performanceo + [tuning] Changes to built-in configuration defaults + and constants to improve performanceo - [protocol] Updates to the DNS protocol such as new - RR types + [protocol] Updates to the DNS protocol such as new + RR types - [test] Changes to the automatic tests, not - affecting server functionality + [test] Changes to the automatic tests, not + affecting server functionality - [cleanup] Minor corrections and refactoring + [cleanup] Minor corrections and refactoring - [doc] Documentation + [doc] Documentation - In general, [func] and [experimental] tags will only appear - in new-feature releases (i.e., those with version numbers - ending in zero). Some new functionality may be backported to - older releases on a case-by-case basis. All other change - types may be applied to all currently-supported releases. + In general, [func] and [experimental] tags will only appear + in new-feature releases (i.e., those with version numbers + ending in zero). Some new functionality may be backported to + older releases on a case-by-case basis. All other change + types may be applied to all currently-supported releases. Bug Reports and Mailing Lists - Bugs reports should be sent to + Bugs reports should be sent to - bind9-bugs@isc.org + bind9-bugs@isc.org - To join the BIND Users mailing list, send mail to + To join the BIND Users mailing list, send mail to - bind-users-request@isc.org + bind-users-request@isc.org - archives of which can be found via + archives of which can be found via - http://www.isc.org/ops/lists/ + http://www.isc.org/ops/lists/ - If you're planning on making changes to the BIND 9 source - code, you might want to join the BIND Workers mailing list. - Send mail to - - bind-workers-request@isc.org + If you're planning on making changes to the BIND 9 source + code, you might want to join the BIND Workers mailing list. + Send mail to + bind-workers-request@isc.org