|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sorry to ruin several of your evenings...
Somebody asked about an in-place upgrade from BIND 8.x to BIND 9.1.0 (sorry I purged some mails before their time). Just for the sake of readiness, be aware that there are some 8.x options which are unsupported in 9.x. I did an in-place upgrade and had to make a few (mostly insignificant) changes which may be problematic for larger sites. http://www.isc.org/products/BIND/docs/config/options.html is the online reference for the 8.x server The global config entries I had to remove were: fake-iquery yes returns the original query as the answer when Inverse Query is issued (rare). it was mostly useful for ancient versions of nslookup, and probably is not used by anybody now. I used it for testing purposes. I don't know if 9.x supports inverse queries or not. No loss either way. multiple-cnames yes allows a domain name entry to have multiple CNAME references, this is often used by sites to fake load distribution algorithms. should not be used by anybody, but is anyway. I used it for testing purposes. I would guess that 9.x finally gave up on this legacy ghost. No loss for me, will be problematic for some, despite all of the well-intentioned warnings. rfc2308-type1 yes from the online docs: If yes, the server will send NS records along with the SOA record for negative answers. You need to set this to no if you have an old BIND server using you as a forwarder that does not understand negative answers which contain both SOA and NS records or you have an old version of sendmail. The correct fix is to upgrade the broken server or sendmail. The default is no. I had this enabled for testing purposes, but I can't remember exactly why now. It may have been for compatibility testing with some older servers but I can't remember. According to the options document it should be allowed but 9.1.0 bitched about it. No problems yet so no loss yet. check-names slave ignore lets you load a zone that contains A records with "illegal" hostnames. the "slave ignore" paramater is needed with 8.x in order to secondary for Active Directory (AD breaks the law on allowable characters in hostnames by assinging an A record with the AD domain name, especially annoying since a lot of people want to use that A record for web activities). 8.x was overly conservative in this regard (sometimes an A is not a hostname), 9.x doesn't seem to stop you from defining A records with illegal hostnames so no loss. maintain-ixfr-base true used to keep a transaction journal for incremental transfer operations (IXFR). I haven't gotten IXFR tested out yet with 9.1.0 but apparently this is automagic now. the option is listed as obsolete and is not recognized so I am probably doing something wrong (or nsupdate is still broken). There are lots of obsolete entries so an in-place upgrade for complex configs really needs to be tested first. Also note that named.conf man pages are not in the 9.1.0 build, so "man named.conf" will most likely reuse your 8.x docs, which won't jive with the 9.1.0 options. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
|