I l@ve RuBoard Previous Section Next Section

8.2 Upgrading from BIND 4 to BIND 8 or 9

8.2.1 Problem

You want to upgrade a name server from BIND 4 to BIND 8 or 9.

8.2.2 Solution

Convert the name server's named.boot file into an equivalent named.conf file using named-bootconf.sh or manually, if you prefer. You can find named-bootconf.sh in BIND 9's contrib/named-bootconf directory, or in BIND 8's bin/named-bootconf directory. named-bootconf reads a file in named.boot format from standard input and writes a functionally equivalent named.conf file to standard output. So, for example, you could run it like this:

$ named-bootconf.sh < /etc/named.boot > named.conf

If you're upgrading to a version of BIND more recent than BIND 8.2, you'll also need to add a $TTL control statement to each of your zone data files. See Section 2.2 for an explanation of the $TTL control statement.

BIND 8 and 9 both have stricter rules governing the contents of a zone than BIND 4. For example, BIND 4 allowed you to attach multiple CNAME records to a single domain name; BIND 8 and 9 don't, by default. BIND 4 allowed you to attach a CNAME record and other record types to a single domain name; BIND 8 and 9 don't. It's a good idea to either use BIND 9's named-checkzone program (Section 5.3) to check the zone before loading it or examine the upgraded name server's syslog output closely after starting it.

BIND 4 name servers also send all UDP traffic from port 53, whereas newer name servers use a random source port. After upgrading, you may need to adjust firewall rules or configure the name server to use port 53 as its source port (Section 7.3).

8.2.3 Discussion

Arguably more important than any of this is that the newest BIND 8 and 9 name servers fix many bugs and vulnerabilities, and support many new security features. Take a look at Chapter 7 to get an idea of how you can secure a brand-spanking new name server.

If you still have BIND 4 name servers running as slaves to this name server, see Section 8.4 for instructions on how to accommodate the older name servers.

8.2.4 See Also

Section 2.2 for coverage of the $TTL control statement, Section 5.3 for how to drive named-checkzone, and Section 7.3 for the getting a BIND name server to work with a firewall.

    I l@ve RuBoard Previous Section Next Section