BIND version 9.0.0 Beta 1 Available

David R. Conrad David.Conrad at
Sat Feb 5 01:38:59 UTC 2000

[apologies for possible duplicates]

Announcing the release of BIND version 9 Beta 1.

ISC is proud to announce the public availability of BIND version 9 Beta 1. 
This is an early beta release, not intended for production use.  Most core
functionality is present, but significant work remains to be completed.

BIND version 9 beta 1 is available from:

PGP signature:

Three new mailing lists have been created:

	bind9-bugs at	for submitting BINDv9 bugs/enhancements
	bind9-workers at	for developer discussions about BINDv9
	bind9-users at	for general discussions about BINDv9

To subscribe bind9-workers or bind9-users, send a message with the word
"subscribe" to bind9-workers-request at or bind9-users-request at
respectively.  Note that these mailing lists are separate from the lists for
discussing BIND version 8 or earlier.

Enclosed is the README file included with the distribution kit.

Executive Director, ISC

	BIND version 9 is a major rewrite of nearly all aspects of the
	underlying BIND architecture. This re-architecting of BIND was
	necessitated by the expected demands of:

		- Domain name system growth, particularly in very large
		  zones such as .COM
		- Protocol enhancements necessary to securely query and
		  update zones
		- Protocol enhancements necessary to take advantage of
		  certain architectural features of IP version 6

	These demands implied performance requirements that were not
	necessarily easy to attain with the BIND version 8
	architecture.  In particular, BIND must not only be able to
	run on multi-processor multi-threaded systems, but must take
	full advantage of the performance enhancements these
	architectures can provide. In addition, the underlying data
	storage architecture of BIND version 8 does not lend itself to
	implementing alternative back end databases, such as would be
	desirable for the support of multi-gigabyte zones. As such
	zones are easily foreseeable in the relatively near future,
	the data storage architecture needed revision. The feature
	requirements for BIND version 9 included:

		- Scalability
			Thread safety
		        Multi-processor scalability
		        Support for very large zones

		- Security
		        Support for DNSSEC
		        Support for TSIG
		        Auditability (code and operation)
		        Firewall support (split DNS)

		- Portability

		- Maintainability

		- Protocol Enhancements
		        IXFR, DDNS, Notify, EDNS0
		        Improved standards conformance

		- Operational enhancements
		        High availability and reliability
		        Support for alternative back end databases

		- IP version 6 support
		        IPv6 resource records (A6, DNAME, etc.)
		        Bitstring labels

	BIND version 9 development has been underwritten by the following

		Stichting NLNet - NLNet Foundation
	        Sun Microsystems, Inc.
	        Hewlett Packard
	        Compaq Computer Corporation
	        Process Software Corporation
	        Silicon Graphics, Inc.
	        Network Associates, Inc.
	        U.S. Defense Information Systems Agency
		USENIX Association

BIND 9.0.0b1

	BIND 9.0.0b1 is the first public release of BIND 9 code.  It will
	be most useful to advanced users working with IPv6 or DNSSEC.

	BIND 9.0.0b1 is not functionally complete, and is not a release
	candidate for BIND 9.0.0.  The ISC anticipates a number of additional
	beta releases between now and May, when BIND 9.0.0 is scheduled to
	be released.

	The ISC does not recommend using BIND 9.0.0b1 for "production"

	We hope users of BIND 9.0.0b1 will provide feedback, bug fixes, and
	enhancements.  If you are not in a position to do so, it would
	probably be better to wait until subsequent releases.

	Much of the core technology planned for BIND 9.0.0 is in this beta
	release.  Some of the highlights are:


			Support for bitstring labels, DNAME, and A6 records.

			IPv6-aware resolver (follows A6 chains, can use IPv6 to
			talk to other nameservers).

			The nameserver listens on an IPv6 socket.


			All new RR types supported.

			The server generates DNSSEC responses for secure zones.


			DNS messages using UDP have been limited to 512
			bytes.  This is too small for DNSSEC replies, whose
			signature and key records can be large.  EDNS0 allows
			larger UDP messages to be sent.
			EDNS0 is understood by the server, and used by the

	Some of the more significant items that will be implemented or
	enhanced in a future beta are

		DNSSEC validation

			The server does not currently validate DNSSEC


			Notify is not yet implemented.

		Configuration File

			Some config file items are not yet implemented.
			See doc/misc/options for a summary of the current

		Selective Forwarding


			Future releases will contain a lot more documentation,
			but a preliminary version of the Administrator's
			Reference Manual is in the doc/arm subdirectory.


	BIND 9 currently requires a UNIX system with an ANSI C compiler,
	basic POSIX support, and a good pthreads implementation.

	We've had successful builds and tests on the following systems

		AIX 4.3
		COMPAQ Tru64 UNIX 4.0D
		HP-UX 11
		IRIX64 6.5
		NetBSD current (with "unproven" pthreads)
		Red Hat Linux 6.0, 6.1
		Solaris 2.6, 7, 8 (beta)

	To build, just


	"make install" will install "named" and the various BIND 9 libraries.
	By default, installation is into /usr/local, but this can be changed
	with the "--prefix" option when running "configure".

	Shared libraries will be built if "--with-libtool" is added to the
	"configure" command.

	Building with gcc is not supported, unless gcc is the vendor's usual
	compiler (e.g. the various BSD systems, Linux).

	Parts of the library can be tested by running "make test" from the
	bin/tests subdirectory.

Bug Reports and Mailing Lists

	Bugs reports should be sent to

		bind9-bugs at

	To join the BIND 9 Users mailing list, send mail to

		bind9-users-request at

	If you're planning on making changes to the BIND 9 source
	code, you might want to join the BIND 9 Workers mailing list.
	Send mail to

		bind9-workers-request at

"named" command line options

	-c <config_file>

	-d <debug_level>

	-f				Run in the foreground.

	-N <number_of_cpus>		

	-t <directory>			Chroot to <directory> before running.

	-u <username>			Run as user <username> after binding
					to privileged ports.

	Use of the "-t" option while still running as "root" doesn't
	enhance security on most systems.  The way chroot() is defined
	allows a process with root privileges to escape the chroot jail.

	The "-u" option is not currently useful on Linux.  Linux threads
	are actually processes sharing a common address space.  An unfortunate
	side effect of this is that some system calls, e.g. setuid() that
	in a typical pthreads environment would affect all threads only affect
	the calling thread/process on Linux.  The good news is that BIND 9
	uses the Linux kernel's capability mechanism to drop all root
	powers except the ability to bind() to a privileged port.

	On systems with more than one CPU, the "-N" option should be used
	to indicate how many CPUs there are.

Note to Programmers

	The APIs for the libraries in BIND 9 are not yet frozen.
	We expect the existing library interfaces in the release to be
	quite stable, however, and unless we've specifically indicated that
	an interface is temporary, we don't anticipate major changes in
	future releases.

More information about the bind-announce mailing list