Copyright (C) 2001, 2003 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: readme1st.txt,v 1.1.1.2 2003/03/18 19:18:45 rbraun Exp $
Release of BIND 9.2.2 for Window NT/2000
This is a maintenance release of BIND 9.2 for Window NT/2000. Only
IPv4 stacks are supported on the box running this version of BIND.
IPv6 stacks will be supported in a future release.
Kit Installation Information
If you have previously installed BIND 8 or BIND 4 on the system that
you wish to install this kit, you MUST use the BIND 8 or BIND 4 installer
to uninstall the previous kit. For BIND 8.2.x, you can use the
BINDInstall that comes with the BIND 8 kit to uninstall it. The BIND 9
installer will NOT uninstall the BIND 8 binaries. That will be fixed
in a future release.
Unpack the kit into any convenient directory and run the BINDInstall
program. This will install the named and associated programs into
the correct directories and set up the required registry keys.
Controlling BIND
Windows NT/2000 uses the same rndc program as is used on Unix
systems. The rndc.conf file must be configured for your system in
order to work. You will need to generate a key for this. To do this
use the rndc-confgen program. The program will be installed in the
same directory as named: dns/bin/. From the DOS prompt, use the
command this way:
rndc-confgen -a
which will create a rndc.key file in the dns/etc directory. This will
allow you to run rndc without an explicit rndc.conf file or key and
control entry in named.conf file. See section 3.4.1.2 of the ARM for
details of this. An rndc.conf can also be generated by running:
rndc-confgen > rndc.conf
which will create the rndc.conf file in the current directory, but not
copy it to the dns/etc directory where it needs to reside. If you create
rndc.conf this way you will need to copy the same key statement into
named.conf.
The additions look like the following:
key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxx=="; };
controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };
};
Note that the value of the secret must come from the key generated
above for rndc and must be the same key value for both. Details of
this may be found in section 3.4.1.2 of the ARM. If you have rndc
on a Unix box you can use it to control BIND on the NT/W2K box as
well as using the Windows version of rndc to control a BIND 9
daemon on a Unix box. However you must have key statements valid for
the servers you wish to control, specifically the IP address and key
in both named.conf and rndc.conf. Again see section 3.4.1.2 of the
ARM for details.
In addition BIND is installed as a win32 system service, can be
started and stopped in the same way as any other service and
automatically starts whenever the system is booted. Signals are
not supported and are in fact ignored.
Note: Unlike most Windows applications, named does not, change its
working directory when started as a service. If you wish to use
relative files in named.conf you will need to specify a working
directory.
Documentation
This kit includes Documentation in HTML format. The documentation is not
copied during the installation process so you should move it to any convenient
location for later reference. Of particular importance is the BIND 9
Administrator's Reference Manual (Bv9ARM*.html) which provides detailed
information on BIND 9. In addition, there are HTML pages for each of the
BIND 9 applications.
DNS Tools
The following tools have been built for Windows NT: dig, nslookup, host,
nsupdate, rndc, rndc-confgen, named-checkconf, named-checkzone, dnssec-keygen,
dnssec-makekeyset, dnssec-signkey, dnssec-signzone. The tools will NOT run on
Win9x, only WinNT and Win2000. The latter tools are for use with DNSSEC. All
tools are installed in the dns/bin directory.
IMPORTANT NOTE ON USING THE TOOLS:
If you wish to use nsupdate on a win32 platform to do dynamic updates
to a zone you MUST create a resolv.conf in the System32\Drivers\etc
directory containing a list of nameserver addresses to use to find
the nameserver authoritative for the zone. The format of this file is:
nameserver 1.2.3.4
nameserver 5.6.7.8
Replace the IP addresses with your real addresses. 127.0.0.1 is a valid
address if you are running a nameserver on the localhost.
In addition, if you use dig, host or nslookup, you will need this
file on the system where you are running these tools unless you have
BIND running on that system.
This will be fixed in a future release.
Messages are logged to the Application log in the EventViewer.
Problems
Please report all problems to bind9-bugs@isc.org and not to me. All
other questions should go to the bind-users@isc.org mailing list or the
comp.protocol.dns.bind news group.
Danny Mayer
danny.mayer@nominum.com