Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) Oracle Solaris 11 Express 11/10 |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. The Name Service Switch (Overview)
Part II DNS Setup and Administration
3. DNS Setup and Administration (Reference)
Migrating From BIND 8 to BIND 9
DNS and the Service Management Facility
The rndc.conf Configuration File
Differences in the Control Channels
BIND 9 Commands, Files, Tools, and Options
BIND 9 Tools and Configuration Files
Comparison of BIND 8 and BIND 9 Commands and Files
Descriptions of Command and Option Changes
Multicast DNS and Service Discovery
Part III NIS Setup and Administration
4. Network Information Service (NIS) (Overview)
5. Setting Up and Configuring NIS Service
Part IV LDAP Naming Services Setup and Administration
8. Introduction to LDAP Naming Services (Overview/Reference)
9. LDAP Basic Components and Concepts (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Sun Java System Directory Server With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP General Reference (Reference)
15. Transitioning From NIS to LDAP (Overview/Tasks)
Part V Active Directory Naming Service
The following list compares the named.conf options between BIND 8 and BIND 9. It also provides a brief description of the changes. An OK in the Changes column denotes the option works unchanged for the BIND 9 version of named.
|
1Obsolete due to architectural differences.
2Default set to yes in BIND 8, no in BIND 9.
4Doesn't work if no forwarder specified; Gives an error of no matching 'forwarders' statement in that case.
6Default set to one-answer in BIND 8 and many-answers in BIND 9.
7No need for this option as BIND 9 trims the size of its log file automatically.
This section describes any differences between BIND 8 and BIND 9 statements.
unix is the default for ndc and all of the arguments are compiled in. inet is the only option for rndc and nothing is compiled in.
Syntax controls { [ inet ip_addr port ip_port allow { address_match_list; }; ] OK [ unix path_name perm number owner number group number; ] Not Implemented };
Logging syntax has changed significantly. See The named.conf Options for a list of named.conf options.
The syntax for the zone statement in the BIND 8 named.conf man page is.mostly supported for BIND 9 except for the following:
[ pubkey number number number string; ] Obsolete [ check-names ( warn | fail | ignore ); ] Not Implemented
Works unchanged in BIND 9.
Syntax acl name { address_match_list };
Works unchanged in BIND 9.
Syntax key key_id { algorithm algorithm_id; secret secret_string; };
Works unchanged, however the code to use this statement has been turned off in BIND 9.2.4.
Syntax trusted-keys { [ domain_name flags protocol algorithm key; ] };
support-ixfr is obsolete, however all of the following options work unchanged in BIND 9. Note the default for transfer-format has changed.
Syntax server ip_addr { [ bogus yes_or_no; ] [ transfers number; ] [ transfer-format ( one-answer | many-answers ); ] [ keys { key_id [ key_id ... ] }; ] [ edns yes_or_no; ] };
Works unchanged in BIND 9.
Syntax include path_name;
A detailed named.conf man page is not included with BIND 9.2.4. Following is a summary of the named.conf options that are supported in BIND 9.2.4.
options { blackhole { <address_match_element>; ... }; coresize <size>; datasize <size>; deallocate-on-exit <boolean>; // obsolete directory <quoted_string>; dump-file <quoted_string>; fake-iquery <boolean>; // obsolete files <size>; has-old-clients <boolean>; // obsolete heartbeat-interval <integer>; host-statistics <boolean>; // not implemented host-statistics-max <integer>; // not implemented interface-interval <integer>; listen-on [ port <integer> ] { <address_match_element>; ... }; listen-on-v6 [ port <integer> ] { <address_match_element>; ... }; match-mapped-addresses <boolean>; memstatistics-file <quoted_string>; // not implemented multiple-cnames <boolean>; // obsolete named-xfer <quoted_string>; // obsolete pid-file <quoted_string>; port <integer>; random-device <quoted_string>; recursive-clients <integer>; rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... }; // not implemented serial-queries <integer>; // obsolete serial-query-rate <integer>; stacksize <size>; statistics-file <quoted_string>; statistics-interval <integer>; // not yet implemented tcp-clients <integer>; tkey-dhkey <quoted_string> <integer>; tkey-gssapi-credential <quoted_string>; tkey-domain <quoted_string>; transfers-per-ns <integer>; transfers-in <integer>; transfers-out <integer>; treat-cr-as-space <boolean>; // obsolete use-id-pool <boolean>; // obsolete use-ixfr <boolean>; version <quoted_string>; allow-recursion { <address_match_element>; ... }; allow-v6-synthesis { <address_match_element>; ... }; sortlist { <address_match_element>; ... }; topology { <address_match_element>; ... }; // not implemented auth-nxdomain <boolean>; // default changed minimal-responses <boolean>; recursion <boolean>; provide-ixfr <boolean>; request-ixfr <boolean>; fetch-glue <boolean>; // obsolete rfc2308-type1 <boolean>; // not yet implemented additional-from-auth <boolean>; additional-from-cache <boolean>; query-source <querysource4>; query-source-v6 <querysource6>; cleaning-interval <integer>; min-roots <integer>; // not implemented lame-ttl <integer>; max-ncache-ttl <integer>; max-cache-ttl <integer>; transfer-format ( many-answers | one-answer ); max-cache-size <size_no_default>; check-names <string> <string>; // not implemented cache-file <quoted_string>; allow-query { <address_match_element>; ... }; allow-transfer { <address_match_element>; ... }; allow-update-forwarding { <address_match_element>; ... }; allow-notify { <address_match_element>; ... }; notify <notifytype>; notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; dialup <dialuptype>; forward ( first | only ); forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; maintain-ixfr-base <boolean>; // obsolete max-ixfr-log-size <size>; // obsolete transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; max-transfer-time-in <integer>; max-transfer-time-out <integer>; max-transfer-idle-in <integer>; max-transfer-idle-out <integer>; max-retry-time <integer>; min-retry-time <integer>; max-refresh-time <integer>; min-refresh-time <integer>; sig-validity-interval <integer>; zone-statistics <boolean>; }; controls { inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ]; unix <unsupported>; // not implemented }; acl <string> { <address_match_element>; ... }; logging { channel <string> { file <logfile>; syslog <optional_facility>; null; stderr; severity <logseverity>; print-time <boolean>; print-severity <boolean>; print-category <boolean>; }; category <string> { <string>; ... }; }; view <string> <optional_class> { match-clients { <address_match_element>; ... }; match-destinations { <address_match_element>; ... }; match-recursive-only <boolean>; key <string> { algorithm <string>; secret <string>; }; zone <string> <optional_class> { type ( master | slave | stub | hint | forward ); allow-update { <address_match_element>; ... }; file <quoted_string>; ixfr-base <quoted_string>; // obsolete ixfr-tmp-file <quoted_string>; // obsolete masters [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ key <string> ]; ... }; pubkey <integer> <integer> <integer> <quoted_string>; // obsolete update-policy { ( grant | deny ) <string> ( name | subdomain | wildcard | self ) <string> <rrtypelist>; ... }; database <string>; check-names <string>; // not implemented allow-query { <address_match_element>; ... }; allow-transfer { <address_match_element>; ... }; allow-update-forwarding { <address_match_element>; ... }; allow-notify { <address_match_element>; ... }; notify <notifytype>; notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; dialup <dialuptype>; forward ( first | only ); forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; maintain-ixfr-base <boolean>; // obsolete max-ixfr-log-size <size>; // obsolete transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; max-transfer-time-in <integer>; max-transfer-time-out <integer>; max-transfer-idle-in <integer>; max-transfer-idle-out <integer>; max-retry-time <integer>; min-retry-time <integer>; max-refresh-time <integer>; min-refresh-time <integer>; sig-validity-interval <integer>; zone-statistics <boolean>; }; server { bogus <boolean>; provide-ixfr <boolean>; request-ixfr <boolean>; support-ixfr <boolean>; // obsolete transfers <integer>; transfer-format ( many-answers | one-answer ); keys <server_key>; edns <boolean>; }; trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; allow-recursion { <address_match_element>; ... }; allow-v6-synthesis { <address_match_element>; ... }; sortlist { <address_match_element>; ... }; topology { <address_match_element>; ... }; // not implemented auth-nxdomain <boolean>; // default changed minimal-responses <boolean>; recursion <boolean>; provide-ixfr <boolean>; request-ixfr <boolean>; fetch-glue <boolean>; // obsolete rfc2308-type1 <boolean>; // not yet implemented additional-from-auth <boolean>; additional-from-cache <boolean>; query-source <querysource4>; query-source-v6 <querysource6>; cleaning-interval <integer>; min-roots <integer>; // not implemented lame-ttl <integer>; max-ncache-ttl <integer>; max-cache-ttl <integer>; transfer-format ( many-answers | one-answer ); max-cache-size <size_no_default>; check-names <string> <string>; // not implemented cache-file <quoted_string>; allow-query { <address_match_element>; ... }; allow-transfer { <address_match_element>; ... }; allow-update-forwarding { <address_match_element>; ... }; allow-notify { <address_match_element>; ... }; notify <notifytype>; notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; dialup <dialuptype>; forward ( first | only ); forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; maintain-ixfr-base <boolean>; // obsolete max-ixfr-log-size <size>; // obsolete transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; max-transfer-time-in <integer>; max-transfer-time-out <integer>; max-transfer-idle-in <integer>; max-transfer-idle-out <integer>; max-retry-time <integer>; min-retry-time <integer>; max-refresh-time <integer>; min-refresh-time <integer>; sig-validity-interval <integer>; zone-statistics <boolean>; }; lwres { listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; view <string> <optional_class>; search { <string>; ... }; ndots <integer>; }; key <string> { algorithm <string>; secret <string>; }; zone <string> <optional_class> { type ( master | slave | stub | hint | forward ); allow-update { <address_match_element>; ... }; file <quoted_string>; ixfr-base <quoted_string>; // obsolete ixfr-tmp-file <quoted_string>; // obsolete masters [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ key <string> ]; ... }; pubkey <integer> <integer> <integer> <quoted_string>; // obsolete update-policy { ( grant | deny ) <string> ( name | subdomain | wildcard | self ) <string> <rrtypelist>; ... }; database <string>; check-names <string>; // not implemented allow-query { <address_match_element>; ... }; allow-transfer { <address_match_element>; ... }; allow-update-forwarding { <address_match_element>; ... }; allow-notify { <address_match_element>; ... }; notify <notifytype>; notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; dialup <dialuptype>; forward ( first | only ); forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; maintain-ixfr-base <boolean>; // obsolete max-ixfr-log-size <size>; // obsolete transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]; max-transfer-time-in <integer>; max-transfer-time-out <integer>; max-transfer-idle-in <integer>; max-transfer-idle-out <integer>; max-retry-time <integer>; min-retry-time <integer>; max-refresh-time <integer>; min-refresh-time <integer>; sig-validity-interval <integer>; zone-statistics <boolean>; }; server { bogus <boolean>; provide-ixfr <boolean>; request-ixfr <boolean>; support-ixfr <boolean>; // obsolete transfers <integer>; transfer-format ( many-answers | one-answer ); keys <server_key>; edns <boolean>; }; trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };