The Documentation

In the doc subdirectory, several new documents describe BIND 9.0.0. For the somewhat experienced administrator, the doc/misc/migration document is perhaps the most interesting document of all. The main README file, or the CHANGES file, is likely to be the best place to find succinct information if any changes occurred in the BIND 9 you're dealing with as compared to 9.0.0rc1.

Administrator Reference Manual

In doc/arm you will find the BIND 9 Administrator Reference Manual. This is the replacement for the BOG (Bind Operations Guide) of BIND 4. This is a very extensive document, and reading it is highly recommended. If for no reason other than because it will give you an alternative presentation of what you find in this book, which can clarify things for you, or alternatively reassure you that you already know everything.

New Configuration Options

In the doc/misc directory, you will find a summary of the supported options in BIND 9's named.conf file. Here are the highlights.

The old maintain-ixfr-base, support-ixfr, and ixfr-base options are now obsolete. BIND 9 maintains an incremental database whenever it can. Instead, you can use the provide-ixfr option inside the options, server, and view clauses. This controls whether incremental zone transfers will be available at all to the given server or for the given view. The request-ixfr option can be used to control whether you want to ask for incremental transfers at all, with a given server or for a given view. Normally, you would want to use incremental transfers the only reason I can think of to not use it is if it's buggy. If IXFR is not available from a server, BIND falls back to AXFR.

In BIND 9 the named-xfer program is built in and not an external program. This makes the named-xfer option obsolete and adds some previously unavailable controls to zone transfers:

 max-transfer-time-in number; max-transfer-idle-in number; max-transfer-time-out number; max-transfer-idle-out number; 

All these go either in the options, zone, or view sections of the conf file. number is the number of minutes. max-transfer-time-in controls how long inbound zone transfers can run, in total, before they time out; the default is two hours. In contrast, max-transfer-idle-in limits how long BIND will wait on a stalled zone transfer before it is abandoned; the default is one hour. max-transfer-time-out and max-transfer-idle-out do the same thing for outbound transfers, and both have the same timeouts. If you serve many zones, these timeouts (or the number of simultaneous transfers) might need to be adjusted. However, if you're in that situation, you probably already did this.

In Chapter 3, "Maintenance and Enhancements," I described the CNAME rules that BIND 8 (may) enforce. BIND 9 does not enforce these, for the time being. Thus, the multiple-cnames option is inactive. The checks might be reintroduced at any time, though, and they are enforced for dynamic updates. So, violating the CNAME rules is a definite no-no.

The deallocate-on-exit option is now always on for debugging reasons, so the option is obsolete.

The has-old-clients functionality in BIND 8 was incorrectly implemented, and the option is ignored in BIND 9. To get BIND 9 to be old-client compatible use the following instead:

 options {   auth-nxdomain yes;   rfc2308-type1 no; };