HEADS UP: BIND 9 imported, and working!

[Doug Barton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,

BIND 9.3.0-REL has been imported into the base to replace BIND 8. It is 
now fully functional, although there are a few nits and nats that are 
being addressed.

There are many differences between BIND 8 and 9. Some of the more 
important ones are how picky BIND 9 is about zone file format. Some 
zones that loaded fine under BIND 8 will not load with 9. The named 
process is controlled with a program called rndc. The ndc binary is no 
longer present. The other user utilities have changed as well. For 
example, the output of dig is significantly different, and the output of 
host is slightly different. This may require rewriting scripts that 
depend on these utilities.

In the config file, there are a few directives from BIND 8 that are no 
longer valid in BIND 9. named will complain about them when you start 
it, so check the logs. Some command line options have also changed. In 
particular the -g argument to named is no longer used to set the group 
ID. That is now picked up from the group associated with the user ID 
named is started with when using the -u option. The other thing admins 
with busy servers may notice is that named now has a client limit. If 
you get error messages about this in your logs, check the documentation 
for how to adjust it.

More information about these issues can be found in 
/usr/share/doc/bind9, especially the misc/migration file, and of course 
the manual in arm.

Finally, as mentioned above, some binaries that were part of BIND 8 are 
no longer present, and some functionality is now present in different 
areas. Below is a matrix of those changes:

/usr/libexec/named-xfer GONE	Functionality is now in named itself
/usr/bin/dnskeygen      GONE    /usr/sbin/dnssec-keygen
/usr/bin/dnsquery       GONE
/usr/sbin/named.restart GONE    /etc/rc.d/named restart
/usr/sbin/ndc           GONE    /usr/sbin/rndc
/usr/sbin/nslookup      /usr/bin/nslookup
/usr/sbin/nsupdate      /usr/bin/nsupdate

Finally, I would like to offer very sincere thanks to the people that 
made this possible. Tom Rhodes, Ruslan, and especially Dag-Erling have 
gone way beyond the call of duty, and created a beautiful new framework 
that is more sophisticated, and more useful than anything I cold have 
come up with on my own. They provided excellent help and advice, and 
were very patient about teaching me as they went along. I own them all 
$DINNER and $ADULT_BEVERAGES of the highest order. :)

I'd also like to thank Rober Watson and Peter Wemm for their advice and 
encouragement, and last but not least, Scott Long for kicking my butt 
hard enough to admit that I needed help with this.

The plan is to merge this into RELENG_5 before the 5.3-RELEASE. There 
are some more bits that I'd like to try and merge before then, like a 
default chroot setup, but that may have to wait till after the release.

Enjoy,

Doug

- -- 

     This .signature sanitized for your protection

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBVO8NyIakK9Wy8PsRAn/GAKCQfjZNx/irOezTbkAYCULJIC3X4wCgjaFT
vPcqJkl9InKhOZ3nYGXFMPU=
=KYwn
-----END PGP SIGNATURE-----