1*00b67f09SDavid van MoolenbroekCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 2*00b67f09SDavid van MoolenbroekCopyright (C) 2001 Internet Software Consortium. 3*00b67f09SDavid van MoolenbroekSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms. 4*00b67f09SDavid van Moolenbroek 5*00b67f09SDavid van MoolenbroekId: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp 6*00b67f09SDavid van Moolenbroek 7*00b67f09SDavid van Moolenbroek BIND 4 to BIND 9 Migration Notes 8*00b67f09SDavid van Moolenbroek 9*00b67f09SDavid van MoolenbroekTo transition from BIND 4 to BIND 9 you first need to convert your 10*00b67f09SDavid van Moolenbroekconfiguration file to the new format. There is a conversion tool in 11*00b67f09SDavid van Moolenbroekcontrib/named-bootconf that allows you to do this. 12*00b67f09SDavid van Moolenbroek 13*00b67f09SDavid van Moolenbroek named-bootconf.sh < /etc/named.boot > /etc/named.conf 14*00b67f09SDavid van Moolenbroek 15*00b67f09SDavid van MoolenbroekBIND 9 uses a system assigned port for the UDP queries it makes rather 16*00b67f09SDavid van Moolenbroekthan port 53 that BIND 4 uses. This may conflict with some firewalls. 17*00b67f09SDavid van MoolenbroekThe following directives in /etc/named.conf allows you to specify 18*00b67f09SDavid van Moolenbroeka port to use. 19*00b67f09SDavid van Moolenbroek 20*00b67f09SDavid van Moolenbroek query-source address * port 53; 21*00b67f09SDavid van Moolenbroek transfer-source * port 53; 22*00b67f09SDavid van Moolenbroek notify-source * port 53; 23*00b67f09SDavid van Moolenbroek 24*00b67f09SDavid van MoolenbroekBIND 9 no longer uses the minimum field to specify the TTL of records 25*00b67f09SDavid van Moolenbroekwithout a explicit TTL. Use the $TTL directive to specify a default TTL 26*00b67f09SDavid van Moolenbroekbefore the first record without a explicit TTL. 27*00b67f09SDavid van Moolenbroek 28*00b67f09SDavid van Moolenbroek $TTL 3600 29*00b67f09SDavid van Moolenbroek @ IN SOA ns1.example.com. hostmaster.example.com. ( 30*00b67f09SDavid van Moolenbroek 2001021100 31*00b67f09SDavid van Moolenbroek 7200 32*00b67f09SDavid van Moolenbroek 1200 33*00b67f09SDavid van Moolenbroek 3600000 34*00b67f09SDavid van Moolenbroek 7200 ) 35*00b67f09SDavid van Moolenbroek 36*00b67f09SDavid van MoolenbroekBIND 9 does not support multiple CNAMEs with the same owner name. 37*00b67f09SDavid van Moolenbroek 38*00b67f09SDavid van Moolenbroek Illegal: 39*00b67f09SDavid van Moolenbroek www.example.com. CNAME host1.example.com. 40*00b67f09SDavid van Moolenbroek www.example.com. CNAME host2.example.com. 41*00b67f09SDavid van Moolenbroek 42*00b67f09SDavid van MoolenbroekBIND 9 does not support "CNAMEs with other data" with the same owner name, 43*00b67f09SDavid van Moolenbroekignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support. 44*00b67f09SDavid van Moolenbroek 45*00b67f09SDavid van Moolenbroek Illegal: 46*00b67f09SDavid van Moolenbroek www.example.com. CNAME host1.example.com. 47*00b67f09SDavid van Moolenbroek www.example.com. MX 10 host2.example.com. 48*00b67f09SDavid van Moolenbroek 49*00b67f09SDavid van MoolenbroekBIND 9 is less tolerant of errors in master files, so check your logs and 50*00b67f09SDavid van Moolenbroekfix any errors reported. The named-checkzone program can also be to check 51*00b67f09SDavid van Moolenbroekmaster files. 52*00b67f09SDavid van Moolenbroek 53*00b67f09SDavid van MoolenbroekOutgoing zone transfers now use the "many-answers" format by default. 54*00b67f09SDavid van MoolenbroekThis format is not understood by certain old versions of BIND 4. 55*00b67f09SDavid van MoolenbroekYou can work around this problem using the option "transfer-format 56*00b67f09SDavid van Moolenbroekone-answer;", but since these old versions all have known security 57*00b67f09SDavid van Moolenbroekproblems, the correct fix is to upgrade the slave servers. 58