North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BIND-9 vs. BIND-8 config incompatabilities continued....
[ On Monday, January 29, 2001 at 01:36:42 (-0800), Eric A. Hall wrote: ] > Subject: Re: sorry to ruin several of your evenings... > > Somebody asked about an in-place upgrade from BIND 8.x to BIND 9.1.0 > (sorry I purged some mails before their time). Just for the sake of > readiness, be aware that there are some 8.x options which are unsupported > in 9.x. I did an in-place upgrade and had to make a few (mostly > insignificant) changes which may be problematic for larger sites. > > The global config entries I had to remove were: > > fake-iquery yes > multiple-cnames yes > rfc2308-type1 yes > check-names slave ignore > maintain-ixfr-base true That's just the beginning! :-) Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'memstatistics-file' is not yet implemented Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: the default for the 'auth-nxdomain' option is now 'no' Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'host-statistics' is not yet implemented Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'use-id-pool' is obsolete Jan 29 13:37:46 proven /usr/pkg/sbin/named[22298]: option 'check-names' is not implemented Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'os' ignored Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'parser' ignored Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'load' ignored Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'panic' ignored Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'packet' ignored Jan 29 13:37:47 proven /usr/pkg/sbin/named[22298]: unknown logging category 'eventlib' ignored I don't yet know if "host-statistics" is still necessary to be able to see the source of an RR in a dump file, or not, but if so then that'll be a road-block in keeping me from using 9.1.0 in production. I'm also very partial to 'check-names'. I've been happy using the following in many locations: check-names master fail; check-names slave fail; check-names response fail; Even more critically the old 'ndc' program has been replaced by 'rndc', which won't work until you've configured it (/etc/rndc.conf) *and* you add "controls" statements to your /etc/named.conf to allow it to connect, authenticate, and send commands. There doesn't seem to be a default way of setting it up for local-only control. I haven't done this yet Even worse than that the new BIND-9 'named' not only doesn't handle signals in the same way as previous versions, but it shuts down instead of ignoring SIGINT (which used to generate a dump file, which is why I've not yet successfully generated and viewed a dump file to see if the source of the RR is recorded in there!). So: WARNING: Anyone with scripts or other programs that use signals (i.e. kill(1), or kill(2)) to control their named process will almost certainly have to re-code to work with BIND-9 (and use 'rndc' and/or its mechanisms)! You'll also find that the new named-checkconf fails if you use: options { directory "/etc/namedb"; }; and then try to do something like: include "named-rfc1918.conf"; include "named-slave.conf"; include "named-master.conf"; However the named process itself does seem to do the chdir("/etc/namedb") before trying to do the "include"s, and if you start named-checkconf from within the right directory it'll work.... -- Greg A. Woods +1 416 218-0098 VE3TCP <[email protected]> <robohack!woods> Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>
|