Upgrading to BIND9 (was Re: bind8.2 security issues)

Jim Reid jim at rfc1035.com
Mon Jul 1 15:20:44 UTC 2002 

>>>>> "Steve" == Steve Foster <fosters at uk.psi.com> writes:

    Steve> i decided to build from scratch, and it seems to have gone
    Steve> okay. I have started named with a modified version of the
    Steve> named.conf i used to use for our 8.2.3 installations,
    Steve> certain things had to be removed for it to start, such as
    Steve> the following:

    Steve> named-xfer "/usr/local/sbin/named-xfer" ;

    Steve>         topology { localhost; localnets; { 154.32/16; }; };

These are not in BIND9. The former is obsolete and the latter is not
implemented. Did you read the documentation, especially the BIND9
migration notes in doc/misc/migration? Legacy syntax from BIND8 config
files is parsed but otherwise ignored by the BIND9 server, apart from
warnings in the logs.

    Steve> Are these not used anymore, and is there an equivalent of
    Steve> named-xfer, this is not something i need now, but will be
    Steve> when/if i build my secondary and primary servers???

The BIND9 name servers handles inbound zone transfers itself. There's
no need for it to have a separate executable to do this, unlike BIND4
or BIND8.

    Steve> Do i need to worry anout rndc.key, or is this for something
    Steve> else other than resolving, and is there any specific
    Steve> options for named.conf to fix the "couldn't add command
    Steve> channel 127.0.0.1#953: file not found" error.

Read the migration notes. BIND9 uses a new protocol and program to
control the name server. The program is called rndc and it supersedes
ndc. The migration notes have a reference to rndc-confgen which is the
utility used to create the named.conf statements needed to set up the
server side of the rndc control socket. [Though if you read the ARM
and man page for rndc, you shouldn't need a utility to create those
statements for named.conf.] The log messages are telling you the
server didn't create this socket (=> you can't control the name server
with rndc) because it doesn't do this unless the server's explicitly
told about it in named.conf.

    Steve> my conf file is attached below, i couldn't find a sample
    Steve> resolver file, or does anybody have a 9 specific one i can
    Steve> review.

The syntax and contents of resolv.conf does not change between BIND8
and BIND9.

More information about the bind-users mailing list