What is the difference between Ver. 4 and Ver. 8?

Joseph S D Yao jsdy at cospo.osis.gov
Thu Mar 23 19:30:01 UTC 2000 

On Wed, Feb 23, 2000 at 08:18:50AM -0600, Chris Zimmerman wrote:
> Please forgive my ignorance, but I have recently run into an issue with BIND
> 4.x.x (AIX 4.2.1), where I am more familiar with BIND 8.x.x.  My problem is
> this:  we have an internal DNS server for hostname resolution running on AIX
> 4.2.1.  I have been trying to send e-mail between systems internally (UNIX
> to UNIX, or NT to UNIX), but I have been unable as sendmail has been
> complaining of a "Hostname Lookup Failure."  After conversing with the
> sendmail folks for a few days, I decided to try running BIND 8.2.2 patch 5
> on my local Linux machine, import enough DNS information to make it
> functional for email between 2 systems, then try to send mail.  As soon as I
> started BIND locally, even the queued messages from previous attempts were
> delivered.  What I would like to know is what is different about 8 that is
> preventing 4 from working?  
> 
> One thing that did arise during the troubleshooting was that the internal
> DNS is giving non-authoritative answers for everything.  To see if it was a
> config issue with the named.boot, I tried the script that converts the
> named.boot to the named.conf, and then restarted my local DNS-everything
> still worked.  We are looking to upgrade to BIND 8, but I will not only need
> some solid reasons for doing so, but I need to see if I can fix the BIND 4
> on the AIX machine until this upgrade can be completed.

BIND 8.* has many security and performance fixes that BIND 4.* does
not.  It also has many new capabilities.  All users of BIND 4.* are
strongly encouraged to migrate to BIND 8.*, currently 8.2.2-P5.  BIND
9.0 is coming out soon; but it is not yet in a usable shape.

BIND 8.* is mostly backwards-compatible with BIND 4.*.  It does not
accept certain configurations that are known to be security hazards or
that otherwise do not conform to existing standards.
  - It will only accept the RFC-defined character set, which includes
    alphanumerics and '-', in host and domain names.  No '_'.
  - It will only accept statements in a zone file if they are in that
    zone.  So, for instance, you can't slip a record for "disney.com"
    in the zone file for "mclaneco.com".
  - BIND 8.2ff change the meaning of the last element of the SOA record
    from "default record TTL" to "negative zone TTL".  There is a new
    syntactic element, "$TTL", which goes before anything and declares
    the default TTL to be inserted in all records.
  - The config file formats are totally changed, so the name was
    changed.  Fortunately, as you know, there's a tool to automate most
    changeovers.

If things started working immediately when you started running BIND 8
on some machine X, then I would say that BIND had not previously been
working on machine X, but that the machines that started working had
machine X's IP address as a "nameserver" in their /etc/resolv.conf
files.  Just a guess.

Go to BIND 8.  For now.  ;-)

-- 
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

More information about the bind-users mailing list