[master] clean up win32utils/readme1st.txt
This commit is contained in:
Evan Hunt
@@ -1,25 +1,28 @@
|
||||
Copyright (C) 2004, 2005, 2007-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright (C) 2004, 2005, 2007-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright (C) 2001, 2003 Internet Software Consortium.
|
||||
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
|
||||
See COPYRIGHT in the main source directory for license terms.
|
||||
|
||||
$Id$
|
||||
NOTES ON BIND 9.10 FOR WINDOWS:
|
||||
|
||||
Release of BIND 9.10 for Windows and later.
|
||||
|
||||
This is a release of BIND 9.10 for Windows XP and later.
|
||||
BIND 9.10 is known to run on Windows XP, Vista, Windows 7,
|
||||
and Windows Server 2003 and higher.
|
||||
|
||||
Important Kit Installation Information
|
||||
KIT INSTALLATION:
|
||||
|
||||
As of release 9.3.0, BINDInstall requires that you install it under
|
||||
a account with restricted privileges. The installer will prompt
|
||||
you for an account name, the default is "named", and a password for
|
||||
that account. It will also check for the existence of that account.
|
||||
If it does not exist is will create it with only the privileges
|
||||
required to run BIND. If the account does exist it will check that
|
||||
it has only the one privilege required: "Log on as a service". If
|
||||
it has too many privileges it will prompt you if you want to continue.
|
||||
Unpack the kit into any convenient directory and run the BINDInstall
|
||||
program. This will install the named and associated programs into
|
||||
the correct directories and set up the required registry keys.
|
||||
|
||||
With BIND running under an account name it is necessary for all
|
||||
BINDInstall requires that you install it under an account with
|
||||
restricted privileges. The installer will prompt you for an account
|
||||
name (the default is "named") and a password for that account. It
|
||||
will also check for the existence of that account. If it does not
|
||||
exist is will create it with only the privileges required to run
|
||||
BIND. If the account does exist it will check that it has only the
|
||||
one privilege required: "Log on as a service". If it has too many
|
||||
privileges it will prompt you if you want to continue.
|
||||
|
||||
With BIND running under an account name, it is necessary for all
|
||||
files and directories that BIND uses to have permissions set up for
|
||||
the named account if the files are on an NTFS disk. BIND requires
|
||||
that the account have read and write access to the directory for
|
||||
@@ -28,45 +31,35 @@ or for master zones supporting dynamic updates. The account will
|
||||
also need read access to the named.conf and any other file that it
|
||||
needs to read.
|
||||
|
||||
"NT AUTHORITY\LocalService" is also an acceptable account. This
|
||||
account is built into Windows and no password is required. Appropriate
|
||||
file permissions will also need to be set for "NT AUTHORITY\LocalService"
|
||||
similar to those that would have been required for the "named" account.
|
||||
"NT AUTHORITY\LocalService" is also an acceptable account.
|
||||
This account is built into Windows and no password is required.
|
||||
Appropriate file permissions will also need to be set for "NT
|
||||
AUTHORITY\LocalService" similar to those that would have been
|
||||
required for the "named" account.
|
||||
|
||||
It is important that on Windows the directory directive is used in
|
||||
the options section to tell BIND where to find the files used in
|
||||
named.conf (default %WINDOWS%\system32\dns\etc\named.conf).
|
||||
named.conf (default %WINDOWS%\system32\dns\etc\named.conf). For
|
||||
example:
|
||||
|
||||
e.g.
|
||||
options {
|
||||
directory "C:\WINDOWS\system32\dns\etc";
|
||||
};
|
||||
|
||||
If you have previously installed BIND 8 or BIND 4 on the system
|
||||
that you wish to install this kit, you MUST use the BIND 8 or BIND
|
||||
4 installer to uninstall the previous kit. For BIND 8.2.x, you can
|
||||
use the BINDInstall that comes with the BIND 8 kit to uninstall it.
|
||||
The BIND 9 installer will NOT uninstall the BIND 8 binaries. That
|
||||
will be fixed in a future release.
|
||||
|
||||
Unpack the kit into any convenient directory and run the BINDInstall
|
||||
program. This will install the named and associated programs into
|
||||
the correct directories and set up the required registry keys.
|
||||
|
||||
Messages are logged to the Application log in the EventViewer.
|
||||
|
||||
Controlling BIND
|
||||
CONTROLLING BIND:
|
||||
|
||||
Windows uses the same rndc program as is used on Unix systems. The
|
||||
rndc.conf file must be configured for your system in order to work.
|
||||
You will need to generate a key for this. To do this use the
|
||||
rndc-confgen program. The program will be installed in the same
|
||||
directory as named: dns/bin/. From the DOS prompt, use the command
|
||||
directory as named: dns\bin. From the DOS prompt, use the command
|
||||
this way:
|
||||
|
||||
rndc-confgen -a
|
||||
|
||||
which will create a rndc.key file in the dns/etc directory. This will
|
||||
which will create a rndc.key file in the dns\etc directory. This will
|
||||
allow you to run rndc without an explicit rndc.conf file or key and
|
||||
control entry in named.conf file. See section 3.4.1.2 of the ARM for
|
||||
details of this. An rndc.conf can also be generated by running:
|
||||
@@ -74,7 +67,7 @@ details of this. An rndc.conf can also be generated by running:
|
||||
rndc-confgen > rndc.conf
|
||||
|
||||
which will create the rndc.conf file in the current directory, but
|
||||
not copy it to the dns/etc directory where it needs to reside. If
|
||||
not copy it to the dns\etc directory where it needs to reside. If
|
||||
you create rndc.conf this way you will need to copy the same key
|
||||
statement into named.conf.
|
||||
|
||||
@@ -96,7 +89,7 @@ servers you wish to control, specifically the IP address and key
|
||||
in both named.conf and rndc.conf. Again see section 3.4.1.2 of the
|
||||
ARM for details.
|
||||
|
||||
In order to you rndc from a different system it is important to
|
||||
In order to run rndc from a different system it is important to
|
||||
ensure that the clocks are synchronized. The clocks must be kept
|
||||
within 5 minutes of each other or the rndc commands will fail
|
||||
authentication. Use NTP or other time synchronization software to
|
||||
@@ -112,7 +105,7 @@ working directory when started as a service. If you wish to use
|
||||
relative files in named.conf you will need to specify a working
|
||||
directory using the directory directive options.
|
||||
|
||||
Documentation
|
||||
DOCUMENTATION:
|
||||
|
||||
This kit includes Documentation in HTML format. The documentation
|
||||
is not copied during the installation process so you should move
|
||||
@@ -121,41 +114,36 @@ importance is the BIND 9 Administrator's Reference Manual (Bv9ARM*.html)
|
||||
which provides detailed information on BIND 9. In addition, there
|
||||
are HTML pages for each of the BIND 9 applications.
|
||||
|
||||
DNS Tools
|
||||
INCLUDED TOOLS:
|
||||
|
||||
The following tools have been built for Windows: dig, nslookup, host,
|
||||
nsupdate, rndc, rndc-confgen, named-checkconf, named-checkzone,
|
||||
ddns-confgen, dnssec-importkey, dnssec-keygen, dnssec-signzone,
|
||||
dnssec-dsfromkey, dnssec-keyfromlabel, dnssec-revoke, dnssec-settime
|
||||
and dnssec-verify.
|
||||
The latter tools are for use with DNSSEC. All tools are installed
|
||||
in the dns/bin directory.
|
||||
The following tools have been built for Windows: dig, nslookup,
|
||||
host, nsupdate, ddns-confgen, rndc, rndc-confgen, named-checkconf,
|
||||
named-checkzone, named-compilezone, named-journalprint,
|
||||
dnssec-importkey, dnssec-keygen, dnssec-signzone, dnssec-dsfromkey,
|
||||
dnssec-keyfromlabel, dnssec-revoke, dnssec-settime and
|
||||
dnssec-verify. The latter tools are for use with DNSSEC. All tools
|
||||
are installed in the dns\bin directory.
|
||||
|
||||
IMPORTANT NOTE ON USING THE TOOLS:
|
||||
|
||||
It is no longer necessary to create a resolv.conf file on Windows
|
||||
as the tools will look in the registry for the required nameserver
|
||||
information. However if you wish to create a resolv.conf file as
|
||||
follows it will use it in preference to the registry nameserver
|
||||
as the tools will look in the registry for the required name server
|
||||
information. However, if you do create a resolv.conf file as follows,
|
||||
the tools will use it in preference to the registry name server
|
||||
entries.
|
||||
|
||||
To create a resolv.conf you need to place it in the System32\Drivers\etc
|
||||
directory and it needs to contain a list of nameserver addresses
|
||||
to use to find the nameserver authoritative for the zone. The format
|
||||
of this file is:
|
||||
Place resolv.conf the System32\Drivers\etc directory. It must
|
||||
contain a list of recursive server addresses. The format of this
|
||||
file is:
|
||||
|
||||
nameserver 1.2.3.4
|
||||
nameserver 5.6.7.8
|
||||
|
||||
Replace the IP addresses with your real addresses. 127.0.0.1 is a
|
||||
valid address if you are running a nameserver on the localhost.
|
||||
Replace the above IP addresses with the real name server addresses.
|
||||
127.0.0.1 is a valid address if you are running a recursive name
|
||||
server on the localhost.
|
||||
|
||||
Problems
|
||||
|
||||
Please report all problems to bind9-bugs@isc.org and not to me. All
|
||||
other questions should go to the bind-users@isc.org mailing list
|
||||
or the comp.protocol.dns.bind news group.
|
||||
|
||||
Danny Mayer
|
||||
mayer@ntp.isc.org
|
||||
PROBLEMS:
|
||||
|
||||
Please report bugs to bind9-bugs@isc.org. Other questions can go
|
||||
to the bind-users@isc.org mailing list.
|
||||
|
||||
Reference in New Issue
Block a user