1Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 2Copyright (C) 2001 Internet Software Consortium. 3See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. 4 5$Id: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp $ 6 7 BIND 4 to BIND 9 Migration Notes 8 9To transition from BIND 4 to BIND 9 you first need to convert your 10configuration file to the new format. There is a conversion tool in 11contrib/named-bootconf that allows you to do this. 12 13 named-bootconf.sh < /etc/named.boot > /etc/named.conf 14 15BIND 9 uses a system assigned port for the UDP queries it makes rather 16than port 53 that BIND 4 uses. This may conflict with some firewalls. 17The following directives in /etc/named.conf allows you to specify 18a port to use. 19 20 query-source address * port 53; 21 transfer-source * port 53; 22 notify-source * port 53; 23 24BIND 9 no longer uses the minimum field to specify the TTL of records 25without a explicit TTL. Use the $TTL directive to specify a default TTL 26before the first record without a explicit TTL. 27 28 $TTL 3600 29 @ IN SOA ns1.example.com. hostmaster.example.com. ( 30 2001021100 31 7200 32 1200 33 3600000 34 7200 ) 35 36BIND 9 does not support multiple CNAMEs with the same owner name. 37 38 Illegal: 39 www.example.com. CNAME host1.example.com. 40 www.example.com. CNAME host2.example.com. 41 42BIND 9 does not support "CNAMEs with other data" with the same owner name, 43ignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support. 44 45 Illegal: 46 www.example.com. CNAME host1.example.com. 47 www.example.com. MX 10 host2.example.com. 48 49BIND 9 is less tolerant of errors in master files, so check your logs and 50fix any errors reported. The named-checkzone program can also be to check 51master files. 52 53Outgoing zone transfers now use the "many-answers" format by default. 54This format is not understood by certain old versions of BIND 4. 55You can work around this problem using the option "transfer-format 56one-answer;", but since these old versions all have known security 57problems, the correct fix is to upgrade the slave servers. 58