BIND version 9.0.0 Beta 1 Available
David R. Conrad
David.Conrad at nominum.com
Sat Feb 5 01:38:59 UTC 2000
[apologies for possible duplicates]
Announcing the release of BIND version 9 Beta 1.
ISC is proud to announce the public availability of BIND version 9 Beta 1.
This is an early beta release, not intended for production use. Most core
functionality is present, but significant work remains to be completed.
BIND version 9 beta 1 is available from:
Three new mailing lists have been created:
bind9-bugs at isc.org: for submitting BINDv9 bugs/enhancements
bind9-workers at isc.org: for developer discussions about BINDv9
bind9-users at isc.org: for general discussions about BINDv9
To subscribe bind9-workers or bind9-users, send a message with the word
"subscribe" to bind9-workers-request at isc.org or bind9-users-request at isc.org
respectively. Note that these mailing lists are separate from the lists for
discussing BIND version 8 or earlier.
Enclosed is the README file included with the distribution kit.
Executive Director, ISC
BIND version 9 is a major rewrite of nearly all aspects of the
underlying BIND architecture. This re-architecting of BIND was
necessitated by the expected demands of:
- Domain name system growth, particularly in very large
zones such as .COM
- Protocol enhancements necessary to securely query and
- Protocol enhancements necessary to take advantage of
certain architectural features of IP version 6
These demands implied performance requirements that were not
necessarily easy to attain with the BIND version 8
architecture. In particular, BIND must not only be able to
run on multi-processor multi-threaded systems, but must take
full advantage of the performance enhancements these
architectures can provide. In addition, the underlying data
storage architecture of BIND version 8 does not lend itself to
implementing alternative back end databases, such as would be
desirable for the support of multi-gigabyte zones. As such
zones are easily foreseeable in the relatively near future,
the data storage architecture needed revision. The feature
requirements for BIND version 9 included:
Support for very large zones
Support for DNSSEC
Support for TSIG
Auditability (code and operation)
Firewall support (split DNS)
- Protocol Enhancements
IXFR, DDNS, Notify, EDNS0
Improved standards conformance
- Operational enhancements
High availability and reliability
Support for alternative back end databases
- IP version 6 support
IPv6 resource records (A6, DNAME, etc.)
BIND version 9 development has been underwritten by the following
Stichting NLNet - NLNet Foundation
Sun Microsystems, Inc.
Compaq Computer Corporation
Process Software Corporation
Silicon Graphics, Inc.
Network Associates, Inc.
U.S. Defense Information Systems Agency
BIND 9.0.0b1 is the first public release of BIND 9 code. It will
be most useful to advanced users working with IPv6 or DNSSEC.
BIND 9.0.0b1 is not functionally complete, and is not a release
candidate for BIND 9.0.0. The ISC anticipates a number of additional
beta releases between now and May, when BIND 9.0.0 is scheduled to
The ISC does not recommend using BIND 9.0.0b1 for "production"
We hope users of BIND 9.0.0b1 will provide feedback, bug fixes, and
enhancements. If you are not in a position to do so, it would
probably be better to wait until subsequent releases.
Much of the core technology planned for BIND 9.0.0 is in this beta
release. Some of the highlights are:
Support for bitstring labels, DNAME, and A6 records.
IPv6-aware resolver (follows A6 chains, can use IPv6 to
talk to other nameservers).
The nameserver listens on an IPv6 socket.
All new RR types supported.
The server generates DNSSEC responses for secure zones.
DNS messages using UDP have been limited to 512
bytes. This is too small for DNSSEC replies, whose
signature and key records can be large. EDNS0 allows
larger UDP messages to be sent.
EDNS0 is understood by the server, and used by the
Some of the more significant items that will be implemented or
enhanced in a future beta are
The server does not currently validate DNSSEC
Notify is not yet implemented.
Some config file items are not yet implemented.
See doc/misc/options for a summary of the current
Future releases will contain a lot more documentation,
but a preliminary version of the Administrator's
Reference Manual is in the doc/arm subdirectory.
BIND 9 currently requires a UNIX system with an ANSI C compiler,
basic POSIX support, and a good pthreads implementation.
We've had successful builds and tests on the following systems
COMPAQ Tru64 UNIX 4.0D
NetBSD current (with "unproven" pthreads)
Red Hat Linux 6.0, 6.1
Solaris 2.6, 7, 8 (beta)
To build, just
"make install" will install "named" and the various BIND 9 libraries.
By default, installation is into /usr/local, but this can be changed
with the "--prefix" option when running "configure".
Shared libraries will be built if "--with-libtool" is added to the
Building with gcc is not supported, unless gcc is the vendor's usual
compiler (e.g. the various BSD systems, Linux).
Parts of the library can be tested by running "make test" from the
Bug Reports and Mailing Lists
Bugs reports should be sent to
bind9-bugs at isc.org
To join the BIND 9 Users mailing list, send mail to
bind9-users-request at isc.org
If you're planning on making changes to the BIND 9 source
code, you might want to join the BIND 9 Workers mailing list.
Send mail to
bind9-workers-request at isc.org
"named" command line options
-f Run in the foreground.
-t <directory> Chroot to <directory> before running.
-u <username> Run as user <username> after binding
to privileged ports.
Use of the "-t" option while still running as "root" doesn't
enhance security on most systems. The way chroot() is defined
allows a process with root privileges to escape the chroot jail.
The "-u" option is not currently useful on Linux. Linux threads
are actually processes sharing a common address space. An unfortunate
side effect of this is that some system calls, e.g. setuid() that
in a typical pthreads environment would affect all threads only affect
the calling thread/process on Linux. The good news is that BIND 9
uses the Linux kernel's capability mechanism to drop all root
powers except the ability to bind() to a privileged port.
On systems with more than one CPU, the "-N" option should be used
to indicate how many CPUs there are.
Note to Programmers
The APIs for the libraries in BIND 9 are not yet frozen.
We expect the existing library interfaces in the release to be
quite stable, however, and unless we've specifically indicated that
an interface is temporary, we don't anticipate major changes in
More information about the bind-announce