Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 2001, 2003 Internet Software Consortium. See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. $Id: readme1st.txt,v 1.7.2.7 2004/03/09 06:12:48 marka Exp $ Release of BIND 9.2 for Window NT/2000 This is a maintenance release of BIND 9.2 for Window NT/2000. Only IPv4 stacks are supported on the box running this version of BIND. IPv6 stacks will be supported in a future release. Kit Installation Information If you have previously installed BIND 8 or BIND 4 on the system that you wish to install this kit, you MUST use the BIND 8 or BIND 4 installer to uninstall the previous kit. For BIND 8.2.x, you can use the BINDInstall that comes with the BIND 8 kit to uninstall it. The BIND 9 installer will NOT uninstall the BIND 8 binaries. That will be fixed in a future release. Unpack the kit into any convenient directory and run the BINDInstall program. This will install the named and associated programs into the correct directories and set up the required registry keys. Controlling BIND Windows NT/2000 uses the same rndc program as is used on Unix systems. The rndc.conf file must be configured for your system in order to work. You will need to generate a key for this. To do this use the rndc-confgen program. The program will be installed in the same directory as named: dns/bin/. From the DOS prompt, use the command this way: rndc-confgen -a which will create a rndc.key file in the dns/etc directory. This will allow you to run rndc without an explicit rndc.conf file or key and control entry in named.conf file. See section 3.4.1.2 of the ARM for details of this. An rndc.conf can also be generated by running: rndc-confgen > rndc.conf which will create the rndc.conf file in the current directory, but not copy it to the dns/etc directory where it needs to reside. If you create rndc.conf this way you will need to copy the same key statement into named.conf. The additions look like the following: key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxx=="; }; controls { inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; }; }; Note that the value of the secret must come from the key generated above for rndc and must be the same key value for both. Details of this may be found in section 3.4.1.2 of the ARM. If you have rndc on a Unix box you can use it to control BIND on the NT/W2K box as well as using the Windows version of rndc to control a BIND 9 daemon on a Unix box. However you must have key statements valid for the servers you wish to control, specifically the IP address and key in both named.conf and rndc.conf. Again see section 3.4.1.2 of the ARM for details. In addition BIND is installed as a win32 system service, can be started and stopped in the same way as any other service and automatically starts whenever the system is booted. Signals are not supported and are in fact ignored. Note: Unlike most Windows applications, named does not, change its working directory when started as a service. If you wish to use relative files in named.conf you will need to specify a working directory. Documentation This kit includes Documentation in HTML format. The documentation is not copied during the installation process so you should move it to any convenient location for later reference. Of particular importance is the BIND 9 Administrator's Reference Manual (Bv9ARM*.html) which provides detailed information on BIND 9. In addition, there are HTML pages for each of the BIND 9 applications. DNS Tools The following tools have been built for Windows NT: dig, nslookup, host, nsupdate, rndc, rndc-confgen, named-checkconf, named-checkzone, dnssec-keygen, dnssec-makekeyset, dnssec-signkey, dnssec-signzone. The tools will NOT run on Win9x, only WinNT and Win2000. The latter tools are for use with DNSSEC. All tools are installed in the dns/bin directory. IMPORTANT NOTE ON USING THE TOOLS: If you wish to use nsupdate on a win32 platform to do dynamic updates to a zone you MUST create a resolv.conf in the System32\Drivers\etc directory containing a list of nameserver addresses to use to find the nameserver authoritative for the zone. The format of this file is: nameserver 1.2.3.4 nameserver 5.6.7.8 Replace the IP addresses with your real addresses. 127.0.0.1 is a valid address if you are running a nameserver on the localhost. In addition, if you use dig, host or nslookup, you will need this file on the system where you are running these tools unless you have BIND running on that system. This will be fixed in a future release. Messages are logged to the Application log in the EventViewer. Problems Please report all problems to bind9-bugs@isc.org and not to me. All other questions should go to the bind-users@isc.org mailing list or the comp.protocol.dns.bind news group. Danny Mayer