Peter Wemm e5167894d1 Import Paul Vixie/ISC's bind-4.9.5-patch1 onto the vendor branch.
This has some (all?) of the DNSSEC key management/distribution mechanism
in place.  (The SIG and KEY RR's)

Obtained from: Paul Vixie / ISC / ftp.isc.org
1996-12-31 19:51:17 +00:00

481 lines
21 KiB
Plaintext

The official place to get BIND is <URL:ftp://ftp.vix.com/pub/bind/release>.
The official mailing lists are: bind-users@vix.com - users/admins
(use *-request@* for admin mail) bind-workers@vix.com - developers
The official Usenet newsgroups are: comp.protocols.tcp-ip.domains
BIND is currently sponsored by: The Internet Software Consortium
(send to <info@isc.org> for details.)
----- 4.9.3 BETA33 - December, 1995 - paul@vix.com
Take a look around in doc/misc/ and contrib/. Reread INSTALL. Have fun.
----- 4.9.3 BETA11, BETA12 release - December, 1994 - paul@vix.com
If you maintain a BSD or are otherwise running a 4.4BSD-based system and want
to integrate BIND into it, check out BSD/README.
Read the top of CHANGES for interesting stuff.
Don't forget to purge all your secondary zone files before upgrading to this
BIND if your existing one came from a vendor.
The NOTIFY feature is turned off by default, but it's really cool and you
should consider turning it on if you are willing to risk having it not work
after the RFC process is complete (if the protocol has to change at all.)
It already does not conform to the draft protocol so you should consider it
"experimental" even if it happens to work fine.
----- 4.9.3 BETA10 release - August, 1994 - paul@vix.com
I recommend reading this ENTIRE FILE before you attempt to build or use BIND.
However, you can get started quickly by scanning down this file for "QUICK" in
the right margin and just reading those sections. You can also look at the
INSTALL file. You should look at doc/info/* if you have trouble building.
There are at least two known bugs in this BIND:
1. if you have two authoritative zones (primary or secondary) where
one is a subzone of the other, e.g.,
primary pa.dec.com z/pa.dec.com
primary dec.com z/dec.com
and you remove or comment out the subzone (pa.dec.com in our example)
and SIGHUP named, the delegation and other RR's at "pa.dec.com" will
be missing from your cache. to avoid this, you should "named.restart"
rather than SIGHUP ("named.reload") when making changes of this kind.
2. the /HS qualifier doesn't work on "cache" directives. you will have
to put your hesiod root information into your main "root.cache" file.
Also, you may find that your utilities will not link with this -lresolv
unless you also install lib44bsd.a and link with -lresolv -l44bsd. This
is because older systems do not include inet_aton() and other functions.
----- 4.9.3 BETA6 release - June, 1994 - paul@vix.com
Several private beta test releases have come and gone, and we've fixed a
number of things. See CHANGES for details.
There is a new Sun Shared Library update mechanism in place, and it works
quite well. See shres/*.
Versions of NSLOOKUP up through BIND 4.8.3's used IQUERY to ask the local
server for information about the server's own name. I assume that this was
done in a "what the heck, nothing uses these, how can we contrive a need?"
sort of spirit. I removed this code as of BIND 4.9's NSLOOKUP and had it
use the standard gethostbyaddr() mechanisms (which depend on normal queries
of PTR data). Disabling INVQ and putting "options fake-iquery" in the boot
file will cause IQUERY to be answered bogusly but in a way that old nslookup
programs won't trip on. INVQ is disabled by default in conf/options.h.
----- 4.9.3 BETA2 release - June, 1994 - paul@vix.com
News flash! BIND development is now funded by the Internet Software Consortium.
Look at CHANGES to see what's new. Check out doc/misc to see some interesting
papers from Purdue (and Bell Labs, if we're lucky) on DNS security that
motivated many of the security-related changes present in this release.
Check out shres/Makefile for SunOS4 shared library support.
INVQ now defaults to "undef". See OPTIONS and conf/options.h.
ALLOW_UPDATES is no longer available, and will be removed next release.
You should look hard at the SENSIBLE_DOTS option and convert your serial
numbers either to "sensible" ones or ones without dots (YYYYMMDD## preferred).
SENSIBLE_DOTS will be the default in the next release.
NCACHE and VALIDATE are _working_ now.
Read the BOG! It's been updated since the previous release.
If you are a vendor and are including some or all of this code in your product,
please drop me a line to let me know. I field a lot of questions about BIND
and it is helpful for me to know which vendor releases contain which versions
of BIND. It's also helpful for me to have contacts within the engineering
groups of the various vendors, since when I find a heinous bug I can let you
know.
----- 4.9.2 FINAL (940221) release - February, 1994 - paul@vix.com
If you look at the last entry in TODO, you'll see that there are a lot
of things in the queue waiting to go in. However, I'm holding the line
so that 4.9.2-FINAL can be the same as what goes out with 4.4BSD-Lite.
I expect to open 4.9.3-ALPHA fairly soon, with patches comprising new
work; 4.9.2-FINAL will have patches released for it only to correct bugs.
The official way to get BIND 4.9.2 is: ftp gatekeeper.dec.com OUT OF DATE!!!
cd pub/misc/vixie OUT OF DATE!!!
binary OUT OF DATE!!!
get bind-940221.tar.gz OUT OF DATE!!!
or: get bind-940221.tar.Z OUT OF DATE!!!
The official mailing lists are: bind-users@vix.com - users/admins
(use *-request for admin mail) bind-workers@vix.com - developers
The official Usenet newsgroups are: comp.protocols.tcp-ip.domains
My official e-mail address is: paul@vix.com
----- 4.9.2 BETA5 (931205) release - December, 1993 - paul@vix.com
no comments; see CHANGES file.
----- 4.9.2 BETA4 (931104) release - November, 1993 - paul@vix.com
All reported portability problems have been fixed. All core dumps have
had changes made for them and we are ready to have them tested again. As
usual, I am running this in production on my own zones and I am rather
confident in it. Note, again, that this is a BETA release and you should
not put it up for anon-ftp or otherwise republish it in any way.
----- 4.9.2 ALPHA2 (930908) release - September, 1993 - paul@vix.com
4.9.2 has fixes for most of the bugs that smb@bellcore's white paper talked
about, and CERT is going to be knocking on vendor's doors to get it shipped
with as many operating systems as possible.
----- 4.9.2 ALPHA1 (930506) release - July, 1993 - Paul Vixie <paul@vix.com>
I don't work for DEC any more, so note the new e-mail address. The old
<bind-4.9@pa.dec.com> list has been moved to <bind-workers@vix.com>; if
you intend to help hack BIND and you want to be advised of alpha-testing
releases, send mail to <bind-workers-request@vix.com> and ask to be added
to the list.
Note that 4.9.1 was an interrim, nonpublished release intended to catch
the porting changes needed for 4.4BSD. It never really existed separately.
----- 4.9 release - April, 1993 - Paul Vixie <vixie@pa.dec.com>
For information on what's new in 4.9, see OPTIONS and CHANGES. Also note
that the man page for named(8) in man/named.8, and the entire Bind Operations
Guide in doc/BOG/*, has been updated for 4.9. Both make excellent reading.
Those of you who are thinking of adding features should first read TODO to
see if someone else has already indicated an intention to work on the same
thing. If your feature is significant you should ask <bind-workers@vix.com>
before you hack, if for no other reason than to tell other maintainers to
expect a patch soon.
Note that the resolver has a number of routines that may already be present
on your system. Efforts have been made to avoid generating code for them on
systems where they aren't needed; don't worry about them if they're
generated unneccessarily since the linker will sort things out.
This software is protected under the U C Regents' copyright. Changes made
by or released through Digital Equipment Corporation are subject to a
subsidiary copyright. The entire copyright is as follows:
++Copyright++ 1989
-
Copyright (c) 1989
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of
California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-
Portions Copyright (c) 1993 by Digital Equipment Corporation.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies, and that
the name of Digital Equipment Corporation not be used in advertising or
publicity pertaining to distribution of the document or software without
specific, written prior permission.
THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
-
--Copyright--
To build this: QUICK
(on SUNOS, use the BSD build environment or you will
get the wrong definition for O_NDELAY)
look at conf/options.h and edit to your tastes.
The OPTIONS file here in this directory will help you
figure out what to do.
You should also look at the Makefile to select the proper set
of definitions depending on whether you are using Ultrix,
SunOS, and other 4.[23] BSD-alikes or using BSD 4.4, BSD/386,
and other net2-alikes.
"make links" will build a shadow source tree full
of symbolic links. the default name of this tree
is "./native.b", but you can override it by setting
the DST variable on the "make" command line, as in:
make DST=vax.b SRC=..
if your DST is not a subdir of "here", you will need to
override the SRC variable's default (which is ".."),
as in:
make DST=/tmp/vax.b SRC=`pwd`
note that the DST directory must be nonexistent at
the time that you run "make links".
after "make links", you can cd to the new build
directory, check the settings in the Makefile, and
run "make depend". if you aren't using "make links"
(shame on you), just use "make depend" from "here".
"make depend" may fail on your system; if so, look in
the bin/ directory and find a mkdep that does in fact
work for you.
if you skip the "make depend" phase, or after you run it,
you can do "make all" (from the build directory if you
used "make links" or from "here" if you're just hacking
around). you will get the following new things out of it:
res/libresolv.a
compat/lib/lib44bsd.a (optional)
include/{netdb,resolv}.h
include/arpa/{inet,nameser}.h
compat/include/sys/{cdefs,bitypes}.h
tools/{nstest,nsquery,dig,host}
tools/nslookup/nslookup
named/named
named/named-xfer
if you have trouble with "make all", check conf/portability.h
for things that your system needs, or doesn't need, or whatever.
it is preferable to add #ifdef's to conf/portability.h than to
add them anywhere else.
from the build directory (or "here" if you didn't
use "make links"), you can try "make -n install"
which will tell you what will be installed. it might
actually be right; however, what you will probably have to
do is copy the above files into the places you want
run them from. the other files you will need are:
tools/nslookup/nslookup.help
named/named.restart
named/named.reload
resolver library notes: to install it, either put the .a
file into /usr/local/lib or /usr/lib (if you use -lresolv
on all the links of your networking software), or use "ar"
to put all res/*.o directly into your /lib/libc.a file.
either way you will want to copy the include files
(including those from compat/include/sys) over to
/usr/include (or /usr/local/include if you're willing to
use -I/usr/local/include on all your network-software
compiles). something like this:
cp res/libresolv.a /usr/lib; ranlib /usr/lib/libresolv.a
tar chf - include | (cd /usr/include; tar xvpf -)
cp compat/include/sys/*.h /usr/include/sys
installing the man pages is left as an exercise for the
reader. there are just too many different versions of
"man" floating around for me to be able to help you figure
out what to do for the one you happen to be using.
WARNING: If you were running a BIND 4.8.3 or earlier based
named you should remove all cache files prior to starting
named. It would generally be a good idea to remove all cache
files regardless when installing a new version. The creadability
code depends upon the cache files having been made with the
latest named-xfer for correct operation.
(special compilation-related warning about SunOS systems:)
From: Tom Limoncelli
To: vixie (Paul A Vixie)
Date: Mon, 11 Jan 93 11:30:39 EST
Sun compiler v2.0.1 hates bind4.9 code.
Sun has 3 compilers:
/usr/ucb/cc -- the default for SunOS 4.1.[123],
dropped in Solaris 2.0.
/usr/lang/cc -- the "unbundled" cc v1.0
(pretty good, but expensive), only
generates code for SunOS 4.1.x.
/usr/lang/cc.2.0.1 -- the latest "unbundled" cc,
for when they stop shipping the
bundled version altogether. This
generates code for SunOS 4.1.x and Solaris 2.x.
Sun's 2.0.1 C compiler (the one with the floating licenses) for SunOS
4.1.x outputs a HUGE number of warnings. They can be ignored.
--------------------- (4.8.3 README -- mostly obsolete now)
This directory contains all the info and sources
for the Berkeley Internet Name Domain server.
You should read and understand these directions before starting
to install the libraries and nameserver. Some of these steps
replace existing source and binary files; you should make backups
of all existing files before you begin this installation.
Two installation procedures are described. The first is for 4.3BSD
and other similar systems that are already configured to use earlier
versions of the nameserver, and which have the new version of <netdb.h>
(containing a h_addr_list field in the hostent structure). The second
procedure is for 4.2BSD and derived systems. This procedure requires
more decisions to be made, and may have to be varied due to system
or operation constraints.
The subdirectories and their contents are:
bin - shell scripts used by current Berkeley makefiles
man - manual pages & documentation
doc - copy of Bind Operations Guide, and other documents
include - include files to go in /usr/include
named - name server sources
res - source for C library resolver routines (and other libc additions)
(may be used as separate library, resolv.a)
conf/master - Sample data files
tools - some test programs
Here is how to install the name server on 4.3BSD:
0) cp bin/mkdep.append /usr/ucb/mkdep
cp bin/manroff /usr/man/manroff
1) cp include/arpa/nameser.h /usr/include/arpa
2) cp include/*.h /usr/include
3) cp man/*.1 /usr/man/manl
cp man/*.3 /usr/man/man3
cp man/*.5 /usr/man/man5
cp man/*.7 /usr/man/man7
cp man/*.8 /usr/man/man8
4) NOTE: Don't install the Makefiles on 4.3 Tahoe Release
cp res/{res*.c,herror.c} /usr/src/lib/libc/net
cp res/Makefile.libc.net /usr/src/lib/libc/net/Makefile
cp res/strcasecmp.c /usr/src/lib/libc/gen
cp res/strpbrk.c /usr/src/lib/libc/compat-sys5
cp res/named/{*.c,Makefile} /usr/src/lib/libc/net/named
5) add strcasecmp.[co] to the Makefile in /usr/src/lib/libc/gen
6) add strpbrk.[co] to the Makefile in /usr/src/lib/libc/compat-sys5
7) rebuild and install /lib/libc.a.
8) edit named/pathnames.h to correpond with your system's configuration
9) cd named; make depend; make all; make install
10) cd tools/nslookup; make nslookup; make install
11) create the master files (samples in conf/master/*)
12) edit /etc/rc.local to include:
if [ -f /etc/named ]; then
/etc/named; echo -n ' named' >/dev/console
fi
13) recompile network client and server programs that use gethostbyname, etc.
Here is how to install the name server on 4.2BSD or similar systems.
First, a few notes on the choices that must be made.
Rather than building libresolv.a, you may wish to integrate the resolver
routines into /lib/libc.a. This is recommended to make it easy to recompile
network programs once named is running. This procedure may require hand-
tayloring on some systems.
You will have to choose a version of mkdep from the bin directory
that will work on your system:
If you've modified make(1) to use .depend files as described
in the current sendmail distribution, use mkdep; otherwise,
if you have the 4.3BSD cc -M option, use mkdep.append; on ultrix,
use mkdep.ultrix (uses cc -Em); otherwise, use mkdep.old.compiler.
The mkdep script is used by "make depend" to regenerate Makefile dependency
lists.
You will need to chose a version of netdb.h. First, check /usr/include/netdb.h
on your system. If the hostent structure has a h_addr_list entry, you can
probably use your existing netdb.h or the one in include/netdb.h.
If the existing netdb.h in /usr/include does not have a h_addr_list field,
you will have to decide whether to update to the 4.3BSD format of the hostent
structure. This is the best approach, but cannot be used unless you plan
to upgrade entirely: if you use the new structure in /usr/include/resolv.h,
you must recompile everything that uses the hostent structure, including
the rest of the C library and all networking programs, without using
any pre-existing object files. If this isn't possible or desirable,
and /usr/include/netdb.h doesn't have an h_addr_list line, use
include/netdb.h.4.2 instead of netdb.h. The other version of netdb.h
(include/netdb.h.4.2.compat) may be used instead of include/netdb.h.4.2.
This version along with a change in res/named/gethostnamadr.c.compat
provide for using the new format of the hostent structure while having
binary compatibility with existing libraries.
On systems with Sun RPC, you will have to merge include/netdb.h or
include/netdb.h.4.2 with /usr/include/netdb.h; copy the rpc-related lines
into the appropriate copy of netdb.h. Alternatively, use an alternate
include path when compiling the resolver library and programs that use it.
0) cp bin/{whatever} /usr/ucb/mkdep (see above)
cp bin/manroff /usr/man/manroff
1) cp include/arpa/nameser.h /usr/include/arpa
Also, on ultrix 2.x, if you haven't fixed
the inet_addr definition in inet.h, do
cp include/arpa/inet.h /usr/include/arpa
2) cp include/resolv.h /usr/include
3) cp include/netdb.h /usr/include/netdb.h
OR
cp include/netdb.h.4.2 /usr/include/netdb.h
OR
edit /usr/include/netdb.h
4) cp man/*.1 /usr/man/manl
cp man/*.3 /usr/man/man3
cp man/*.5 /usr/man/man5
cp man/*.7 /usr/man/man7
cp man/*.8 /usr/man/man8
5) cd res; make depend;
make libresolv.a;
make install
OR
update the libc sources as in the 4.3BSD instructions above
and use res/Makefile as a guide for integration
and omit the RES=-lresolv in the next two steps
OR
compile the .o files in res according to Makefile,
then use place those object files in /lib/libc.a (keeping a backup!)
and omit the RES=-lresolv in the next two steps
6) edit named/pathnames.h to correpond with your system's configuration
7) cd named; make depend; make RES=-lresolv all; make install
(if your system defines signal-catching routines to return int
instead of void, use "make DEFINES=-DSIG_FN=int RES=-lresolv all")
8) edit tools/nslookup/pathnames.h to correpond with your system's
configuration
9) cd tools/nslookup; make RES=-lresolv nslookup install
10) create the master files (samples in conf/master/*)
11) edit /etc/rc.local to include:
if [ -f /etc/named ]; then
/etc/named; echo -n ' named' >/dev/console
fi
12) eventually, recompile network client and server programs that use
gethostbyname, etc.