1135446StrhodesCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 2135446StrhodesCopyright (C) 2001 Internet Software Consortium. 3135446StrhodesSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms. 4135446Strhodes 5234010Sdougb$Id: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp $ 6135446Strhodes 7135446Strhodes BIND 4 to BIND 9 Migration Notes 8135446Strhodes 9135446StrhodesTo transition from BIND 4 to BIND 9 you first need to convert your 10135446Strhodesconfiguration file to the new format. There is a conversion tool in 11135446Strhodescontrib/named-bootconf that allows you to do this. 12135446Strhodes 13135446Strhodes named-bootconf.sh < /etc/named.boot > /etc/named.conf 14135446Strhodes 15135446StrhodesBIND 9 uses a system assigned port for the UDP queries it makes rather 16135446Strhodesthan port 53 that BIND 4 uses. This may conflict with some firewalls. 17135446StrhodesThe following directives in /etc/named.conf allows you to specify 18135446Strhodesa port to use. 19135446Strhodes 20135446Strhodes query-source address * port 53; 21135446Strhodes transfer-source * port 53; 22135446Strhodes notify-source * port 53; 23135446Strhodes 24135446StrhodesBIND 9 no longer uses the minimum field to specify the TTL of records 25135446Strhodeswithout a explicit TTL. Use the $TTL directive to specify a default TTL 26135446Strhodesbefore the first record without a explicit TTL. 27135446Strhodes 28135446Strhodes $TTL 3600 29135446Strhodes @ IN SOA ns1.example.com. hostmaster.example.com. ( 30135446Strhodes 2001021100 31135446Strhodes 7200 32135446Strhodes 1200 33135446Strhodes 3600000 34135446Strhodes 7200 ) 35135446Strhodes 36135446StrhodesBIND 9 does not support multiple CNAMEs with the same owner name. 37135446Strhodes 38135446Strhodes Illegal: 39135446Strhodes www.example.com. CNAME host1.example.com. 40135446Strhodes www.example.com. CNAME host2.example.com. 41135446Strhodes 42135446StrhodesBIND 9 does not support "CNAMEs with other data" with the same owner name, 43135446Strhodesignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support. 44135446Strhodes 45135446Strhodes Illegal: 46135446Strhodes www.example.com. CNAME host1.example.com. 47135446Strhodes www.example.com. MX 10 host2.example.com. 48135446Strhodes 49135446StrhodesBIND 9 is less tolerant of errors in master files, so check your logs and 50135446Strhodesfix any errors reported. The named-checkzone program can also be to check 51135446Strhodesmaster files. 52135446Strhodes 53135446StrhodesOutgoing zone transfers now use the "many-answers" format by default. 54135446StrhodesThis format is not understood by certain old versions of BIND 4. 55135446StrhodesYou can work around this problem using the option "transfer-format 56135446Strhodesone-answer;", but since these old versions all have known security 57135446Strhodesproblems, the correct fix is to upgrade the slave servers. 58