BIND-9 vs. BIND-8 config incompatabilities continued....

Greg A. Woods woods at weird.com
Mon Jan 29 21:47:00 UTC 2001 

[ On Monday, January 29, 2001 at 01:36:42 (-0800), Eric A. Hall wrote: ]
> Subject: Re: sorry to ruin several of your evenings...
>
> Somebody asked about an in-place upgrade from BIND 8.x to BIND 9.1.0
> (sorry I purged some mails before their time). Just for the sake of
> readiness, be aware that there are some 8.x options which are unsupported
> in 9.x. I did an in-place upgrade and had to make a few (mostly
> insignificant) changes which may be problematic for larger sites.
> 
> The global config entries I had to remove were:
> 
> fake-iquery yes
> multiple-cnames yes
> rfc2308-type1 yes
> check-names slave ignore
> maintain-ixfr-base true

That's just the beginning!  :-)

Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'memstatistics-file' is not yet implemented
Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: the default for the 'auth-nxdomain' option is now 'no'
Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'host-statistics' is not yet implemented
Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'use-id-pool' is obsolete
Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'check-names' is not implemented
Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'os' ignored
Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'parser' ignored
Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'load' ignored
Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'panic' ignored
Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'packet' ignored
Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'eventlib' ignored

I don't yet know if "host-statistics" is still necessary to be able to
see the source of an RR in a dump file, or not, but if so then that'll
be a road-block in keeping me from using 9.1.0 in production.

I'm also very partial to 'check-names'.  I've been happy using the
following in many locations:

        check-names master fail;
        check-names slave fail;
        check-names response fail;


Even more critically the old 'ndc' program has been replaced by 'rndc',
which won't work until you've configured it (/etc/rndc.conf) *and* you
add "controls" statements to your /etc/named.conf to allow it to
connect, authenticate, and send commands.  There doesn't seem to be a
default way of setting it up for local-only control.  I haven't done
this yet

Even worse than that the new BIND-9 'named' not only doesn't handle
signals in the same way as previous versions, but it shuts down instead
of ignoring SIGINT (which used to generate a dump file, which is why
I've not yet successfully generated and viewed a dump file to see if the
source of the RR is recorded in there!).  So:


WARNING:  Anyone with scripts or other programs that use signals
(i.e. kill(1), or kill(2)) to control their named process will almost
certainly have to re-code to work with BIND-9 (and use 'rndc' and/or its
mechanisms)!


You'll also find that the new named-checkconf fails if you use:

	options {
	        directory "/etc/namedb";
	};

and then try to do something like:

	include "named-rfc1918.conf";
	include "named-slave.conf";
	include "named-master.conf";

However the named process itself does seem to do the
chdir("/etc/namedb") before trying to do the "include"s,
and if you start named-checkconf from within the right
directory it'll work....

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>      <robohack!woods>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>

More information about the NANOG mailing list