/contrib/bind9/doc/misc/migration-4to9
https://bitbucket.org/freebsd/freebsd-head/ · #! · 57 lines · 43 code · 14 blank · 0 comment · 0 complexity · 430fe5a5f016159d7724ebda5a535f66 MD5 · raw file
- Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001 Internet Software Consortium.
- See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
- $Id: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp $
- BIND 4 to BIND 9 Migration Notes
- To transition from BIND 4 to BIND 9 you first need to convert your
- configuration file to the new format. There is a conversion tool in
- contrib/named-bootconf that allows you to do this.
- named-bootconf.sh < /etc/named.boot > /etc/named.conf
- BIND 9 uses a system assigned port for the UDP queries it makes rather
- than port 53 that BIND 4 uses. This may conflict with some firewalls.
- The following directives in /etc/named.conf allows you to specify
- a port to use.
- query-source address * port 53;
- transfer-source * port 53;
- notify-source * port 53;
- BIND 9 no longer uses the minimum field to specify the TTL of records
- without a explicit TTL. Use the $TTL directive to specify a default TTL
- before the first record without a explicit TTL.
- $TTL 3600
- @ IN SOA ns1.example.com. hostmaster.example.com. (
- 2001021100
- 7200
- 1200
- 3600000
- 7200 )
- BIND 9 does not support multiple CNAMEs with the same owner name.
-
- Illegal:
- www.example.com. CNAME host1.example.com.
- www.example.com. CNAME host2.example.com.
- BIND 9 does not support "CNAMEs with other data" with the same owner name,
- ignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support.
- Illegal:
- www.example.com. CNAME host1.example.com.
- www.example.com. MX 10 host2.example.com.
- BIND 9 is less tolerant of errors in master files, so check your logs and
- fix any errors reported. The named-checkzone program can also be to check
- master files.
- Outgoing zone transfers now use the "many-answers" format by default.
- This format is not understood by certain old versions of BIND 4.
- You can work around this problem using the option "transfer-format
- one-answer;", but since these old versions all have known security
- problems, the correct fix is to upgrade the slave servers.