What is the difference between Ver. 4 and Ver. 8?
Joseph S D Yao
jsdy at cospo.osis.gov
Thu Mar 23 19:30:01 UTC 2000
On Wed, Feb 23, 2000 at 08:18:50AM -0600, Chris Zimmerman wrote:
> Please forgive my ignorance, but I have recently run into an issue with BIND
> 4.x.x (AIX 4.2.1), where I am more familiar with BIND 8.x.x. My problem is
> this: we have an internal DNS server for hostname resolution running on AIX
> 4.2.1. I have been trying to send e-mail between systems internally (UNIX
> to UNIX, or NT to UNIX), but I have been unable as sendmail has been
> complaining of a "Hostname Lookup Failure." After conversing with the
> sendmail folks for a few days, I decided to try running BIND 8.2.2 patch 5
> on my local Linux machine, import enough DNS information to make it
> functional for email between 2 systems, then try to send mail. As soon as I
> started BIND locally, even the queued messages from previous attempts were
> delivered. What I would like to know is what is different about 8 that is
> preventing 4 from working?
>
> One thing that did arise during the troubleshooting was that the internal
> DNS is giving non-authoritative answers for everything. To see if it was a
> config issue with the named.boot, I tried the script that converts the
> named.boot to the named.conf, and then restarted my local DNS-everything
> still worked. We are looking to upgrade to BIND 8, but I will not only need
> some solid reasons for doing so, but I need to see if I can fix the BIND 4
> on the AIX machine until this upgrade can be completed.
BIND 8.* has many security and performance fixes that BIND 4.* does
not. It also has many new capabilities. All users of BIND 4.* are
strongly encouraged to migrate to BIND 8.*, currently 8.2.2-P5. BIND
9.0 is coming out soon; but it is not yet in a usable shape.
BIND 8.* is mostly backwards-compatible with BIND 4.*. It does not
accept certain configurations that are known to be security hazards or
that otherwise do not conform to existing standards.
- It will only accept the RFC-defined character set, which includes
alphanumerics and '-', in host and domain names. No '_'.
- It will only accept statements in a zone file if they are in that
zone. So, for instance, you can't slip a record for "disney.com"
in the zone file for "mclaneco.com".
- BIND 8.2ff change the meaning of the last element of the SOA record
from "default record TTL" to "negative zone TTL". There is a new
syntactic element, "$TTL", which goes before anything and declares
the default TTL to be inserted in all records.
- The config file formats are totally changed, so the name was
changed. Fortunately, as you know, there's a tool to automate most
changeovers.
If things started working immediately when you started running BIND 8
on some machine X, then I would say that BIND had not previously been
working on machine X, but that the machines that started working had
machine X's IP address as a "nameserver" in their /etc/resolv.conf
files. Just a guess.
Go to BIND 8. For now. ;-)
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list