sorry to ruin several of your evenings...
Eric A. Hall
ehall at ehsco.com
Mon Jan 29 09:36:42 UTC 2001
Somebody asked about an in-place upgrade from BIND 8.x to BIND 9.1.0
(sorry I purged some mails before their time). Just for the sake of
readiness, be aware that there are some 8.x options which are unsupported
in 9.x. I did an in-place upgrade and had to make a few (mostly
insignificant) changes which may be problematic for larger sites.
http://www.isc.org/products/BIND/docs/config/options.html is the online
reference for the 8.x server
The global config entries I had to remove were:
fake-iquery yes
returns the original query as the answer when Inverse Query is
issued (rare). it was mostly useful for ancient versions of
nslookup, and probably is not used by anybody now. I used it for
testing purposes. I don't know if 9.x supports inverse queries
or not. No loss either way.
multiple-cnames yes
allows a domain name entry to have multiple CNAME references,
this is often used by sites to fake load distribution algorithms.
should not be used by anybody, but is anyway. I used it for
testing purposes. I would guess that 9.x finally gave up on
this legacy ghost. No loss for me, will be problematic for some,
despite all of the well-intentioned warnings.
rfc2308-type1 yes
from the online docs: If yes, the server will send NS records
along with the SOA record for negative answers. You need to set
this to no if you have an old BIND server using you as a
forwarder that does not understand negative answers which
contain both SOA and NS records or you have an old version of
sendmail. The correct fix is to upgrade the broken server or
sendmail. The default is no.
I had this enabled for testing purposes, but I can't remember
exactly why now. It may have been for compatibility testing
with some older servers but I can't remember. According to the
options document it should be allowed but 9.1.0 bitched about
it. No problems yet so no loss yet.
check-names slave ignore
lets you load a zone that contains A records with "illegal"
hostnames. the "slave ignore" paramater is needed with 8.x
in order to secondary for Active Directory (AD breaks the law
on allowable characters in hostnames by assinging an A record
with the AD domain name, especially annoying since a lot of
people want to use that A record for web activities). 8.x was
overly conservative in this regard (sometimes an A is not a
hostname), 9.x doesn't seem to stop you from defining A records
with illegal hostnames so no loss.
maintain-ixfr-base true
used to keep a transaction journal for incremental transfer
operations (IXFR). I haven't gotten IXFR tested out yet with
9.1.0 but apparently this is automagic now. the option is
listed as obsolete and is not recognized so I am probably
doing something wrong (or nsupdate is still broken).
There are lots of obsolete entries so an in-place upgrade for complex
configs really needs to be tested first. Also note that named.conf man
pages are not in the 9.1.0 build, so "man named.conf" will most likely
reuse your 8.x docs, which won't jive with the 9.1.0 options.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
More information about the NANOG
mailing list