1Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
2Copyright (C) 2001  Internet Software Consortium.
3See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
4
5$Id: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp $
6
7		   BIND 4 to BIND 9 Migration Notes
8
9To transition from BIND 4 to BIND 9 you first need to convert your
10configuration file to the new format.  There is a conversion tool in
11contrib/named-bootconf that allows you to do this.
12
13	named-bootconf.sh < /etc/named.boot > /etc/named.conf
14
15BIND 9 uses a system assigned port for the UDP queries it makes rather
16than port 53 that BIND 4 uses.  This may conflict with some firewalls.
17The following directives in /etc/named.conf allows you to specify
18a port to use.
19
20	query-source address * port 53;
21	transfer-source * port 53;
22	notify-source * port 53;
23
24BIND 9 no longer uses the minimum field to specify the TTL of records
25without a explicit TTL.  Use the $TTL directive to specify a default TTL
26before the first record without a explicit TTL.
27
28	$TTL 3600
29	@	IN	SOA	ns1.example.com. hostmaster.example.com. (
30				2001021100
31				7200
32				1200
33				3600000
34				7200 )
35
36BIND 9 does not support multiple CNAMEs with the same owner name.
37	
38	Illegal:
39	www.example.com. CNAME host1.example.com.
40	www.example.com. CNAME host2.example.com.
41
42BIND 9 does not support "CNAMEs with other data" with the same owner name,
43ignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support.
44
45	Illegal:
46	www.example.com. CNAME host1.example.com.
47	www.example.com. MX 10 host2.example.com.
48
49BIND 9 is less tolerant of errors in master files, so check your logs and
50fix any errors reported.  The named-checkzone program can also be to check
51master files.
52
53Outgoing zone transfers now use the "many-answers" format by default.
54This format is not understood by certain old versions of BIND 4.  
55You can work around this problem using the option "transfer-format
56one-answer;", but since these old versions all have known security
57problems, the correct fix is to upgrade the slave servers.
58