1135446StrhodesCopyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
2135446StrhodesCopyright (C) 2001  Internet Software Consortium.
3135446StrhodesSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
4135446Strhodes
5234010Sdougb$Id: migration-4to9,v 1.4 2004/03/05 05:04:53 marka Exp $
6135446Strhodes
7135446Strhodes		   BIND 4 to BIND 9 Migration Notes
8135446Strhodes
9135446StrhodesTo transition from BIND 4 to BIND 9 you first need to convert your
10135446Strhodesconfiguration file to the new format.  There is a conversion tool in
11135446Strhodescontrib/named-bootconf that allows you to do this.
12135446Strhodes
13135446Strhodes	named-bootconf.sh < /etc/named.boot > /etc/named.conf
14135446Strhodes
15135446StrhodesBIND 9 uses a system assigned port for the UDP queries it makes rather
16135446Strhodesthan port 53 that BIND 4 uses.  This may conflict with some firewalls.
17135446StrhodesThe following directives in /etc/named.conf allows you to specify
18135446Strhodesa port to use.
19135446Strhodes
20135446Strhodes	query-source address * port 53;
21135446Strhodes	transfer-source * port 53;
22135446Strhodes	notify-source * port 53;
23135446Strhodes
24135446StrhodesBIND 9 no longer uses the minimum field to specify the TTL of records
25135446Strhodeswithout a explicit TTL.  Use the $TTL directive to specify a default TTL
26135446Strhodesbefore the first record without a explicit TTL.
27135446Strhodes
28135446Strhodes	$TTL 3600
29135446Strhodes	@	IN	SOA	ns1.example.com. hostmaster.example.com. (
30135446Strhodes				2001021100
31135446Strhodes				7200
32135446Strhodes				1200
33135446Strhodes				3600000
34135446Strhodes				7200 )
35135446Strhodes
36135446StrhodesBIND 9 does not support multiple CNAMEs with the same owner name.
37135446Strhodes	
38135446Strhodes	Illegal:
39135446Strhodes	www.example.com. CNAME host1.example.com.
40135446Strhodes	www.example.com. CNAME host2.example.com.
41135446Strhodes
42135446StrhodesBIND 9 does not support "CNAMEs with other data" with the same owner name,
43135446Strhodesignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support.
44135446Strhodes
45135446Strhodes	Illegal:
46135446Strhodes	www.example.com. CNAME host1.example.com.
47135446Strhodes	www.example.com. MX 10 host2.example.com.
48135446Strhodes
49135446StrhodesBIND 9 is less tolerant of errors in master files, so check your logs and
50135446Strhodesfix any errors reported.  The named-checkzone program can also be to check
51135446Strhodesmaster files.
52135446Strhodes
53135446StrhodesOutgoing zone transfers now use the "many-answers" format by default.
54135446StrhodesThis format is not understood by certain old versions of BIND 4.  
55135446StrhodesYou can work around this problem using the option "transfer-format
56135446Strhodesone-answer;", but since these old versions all have known security
57135446Strhodesproblems, the correct fix is to upgrade the slave servers.
58