• Home
  • History
  • Annotate
  • only in this directory
NameDateSize

..23-Jan-201337

BINDBuild.dswH A D17-Mar-201116 KiB

BuildAll.batH A D23-Mar-20105 KiB

BuildPost.batH A D27-Aug-20091.3 KiB

BuildSetup.batH A D23-Mar-20103.6 KiB

dnsheadergen.batH A D27-Aug-20091.2 KiB

index.htmlH A D12-Jul-20122 KiB

makedefs.plH A D12-Jul-20124 KiB

makeversion.plH A D12-Jul-20124 KiB

readme1st.txtH A D12-Jul-20126.6 KiB

setpk11provider.plH A D12-Jul-20122.9 KiB

SetupLibs.batH A D01-Feb-20121.4 KiB

updatelibxml2.plH A D12-Jul-20127.2 KiB

updateopenssl.plH A D12-Jul-20123.1 KiB

win32-build.txtH A D12-Jul-20125.9 KiB

readme1st.txt

1Copyright (C) 2004, 2005, 2007-2009, 2012  Internet Systems Consortium, Inc. ("ISC")
2Copyright (C) 2001, 2003  Internet Software Consortium.
3See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
4
5$Id$
6
7	   Release of BIND 9.7 for Windows and later.
8
9This is a release of BIND 9.7 for Windows XP and later.
10  
11	Important Kit Installation Information
12
13As of release 9.3.0, BINDInstall requires that you install it under
14a account with restricted privileges. The installer will prompt
15you for an account name, the default is "named", and a password for
16that account. It will also check for the existence of that account.
17If it does not exist is will create it with only the privileges
18required to run BIND. If the account does exist it will check that
19it has only the one privilege required: "Log on as a service". If
20it has too many privileges it will prompt you if you want to continue.
21
22With BIND running under an account name it is necessary for all
23files and directories that BIND uses to have permissions set up for
24the named account if the files are on an NTFS disk. BIND requires
25that the account have read and write access to the directory for
26the pid file, any files that are maintained either for slave zones
27or for master zones supporting dynamic updates. The account will
28also need read access to the named.conf and any other file that it
29needs to read.
30
31"NT AUTHORITY\LocalService" is also an acceptable account.  This
32account is built into Windows and no password is required.  Appropriate
33file permissions will also need to be set for "NT AUTHORITY\LocalService"
34similar to those that would have been required for the "named" account.
35
36It is important that on Windows the directory directive is used in
37the options section to tell BIND where to find the files used in
38named.conf (default %WINDOWS%\system32\dns\etc\named.conf).
39
40e.g.
41	options {
42		directory "C:\WINDOWS\system32\dns\etc";
43	};
44
45If you have previously installed BIND 8 or BIND 4 on the system
46that you wish to install this kit, you MUST use the BIND 8 or BIND
474 installer to uninstall the previous kit.  For BIND 8.2.x, you can
48use the BINDInstall that comes with the BIND 8 kit to uninstall it.
49The BIND 9 installer will NOT uninstall the BIND 8 binaries.  That
50will be fixed in a future release.
51
52Unpack the kit into any convenient directory and run the BINDInstall
53program.  This will install the named and associated programs into
54the correct directories and set up the required registry keys.
55
56Messages are logged to the Application log in the EventViewer.
57
58	Controlling BIND
59
60Windows uses the same rndc program as is used on Unix systems.  The
61rndc.conf file must be configured for your system in order to work.
62You will need to generate a key for this. To do this use the
63rndc-confgen program. The program will be installed in the same
64directory as named: dns/bin/.  From the DOS prompt, use the command
65this way:
66
67rndc-confgen -a
68
69which will create a rndc.key file in the dns/etc directory. This will
70allow you to run rndc without an explicit rndc.conf file or key and
71control entry in named.conf file. See section 3.4.1.2 of the ARM for
72details of this. An rndc.conf can also be generated by running:
73
74rndc-confgen > rndc.conf
75
76which will create the rndc.conf file in the current directory, but
77not copy it to the dns/etc directory where it needs to reside. If
78you create rndc.conf this way you will need to copy the same key
79statement into named.conf.
80
81The additions look like the following:
82
83key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxx=="; };
84
85controls {
86	inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };
87};
88
89Note that the value of the secret must come from the key generated
90above for rndc and must be the same key value for both. Details of
91this may be found in section 3.4.1.2 of the ARM. If you have rndc
92on a Unix box you can use it to control BIND on the Windows box as
93well as using the Windows version of rndc to control a BIND 9 daemon
94on a Unix box. However you must have key statements valid for the
95servers you wish to control, specifically the IP address and key
96in both named.conf and rndc.conf. Again see section 3.4.1.2 of the
97ARM for details.
98
99In order to you rndc from a different system it is important to
100ensure that the clocks are synchronized. The clocks must be kept
101within 5 minutes of each other or the rndc commands will fail
102authentication. Use NTP or other time synchronization software to
103keep your clocks accurate. NTP can be found at http://www.ntp.org/.
104
105In addition BIND is installed as a win32 system service, can be
106started and stopped in the same way as any other service and
107automatically starts whenever the system is booted. Signals are not
108supported and are in fact ignored.
109
110Note: Unlike most Windows applications, named does not, change its
111working directory when started as a service.  If you wish to use
112relative files in named.conf you will need to specify a working
113directory using the directory directive options.
114
115	Documentation
116
117This kit includes Documentation in HTML format.  The documentation
118is not copied during the installation process so you should move
119it to any convenient location for later reference. Of particular
120importance is the BIND 9 Administrator's Reference Manual (Bv9ARM*.html)
121which provides detailed information on BIND 9. In addition, there
122are HTML pages for each of the BIND 9 applications.
123
124	DNS Tools
125
126The following tools have been built for Windows: dig, nslookup,
127host, nsupdate, rndc, rndc-confgen, named-checkconf, named-checkzone,
128dnssec-keygen, dnssec-signzone, dnssec-dsfromkey and dnssec-keyfromlabel.
129The latter tools are for use with DNSSEC.  All tools are installed
130in the dns/bin directory.
131
132IMPORTANT NOTE ON USING THE TOOLS:
133
134It is no longer necessary to create a resolv.conf file on Windows
135as the tools will look in the registry for the required nameserver
136information. However if you wish to create a resolv.conf file as
137follows it will use it in preference to the registry nameserver
138entries.
139
140To create a resolv.conf you need to place it in the System32\Drivers\etc
141directory and it needs to contain a list of nameserver addresses
142to use to find the nameserver authoritative for the zone. The format
143of this file is:
144
145nameserver 1.2.3.4
146nameserver 5.6.7.8
147
148Replace the IP addresses with your real addresses.  127.0.0.1 is a
149valid address if you are running a nameserver on the localhost.
150
151	Problems
152
153Please report all problems to bind9-bugs@isc.org and not to me. All
154other questions should go to the bind-users@isc.org mailing list
155or the comp.protocol.dns.bind news group.
156
157	Danny Mayer
158	mayer@ntp.isc.org
159
160