summaryrefslogtreecommitdiffstats
path: root/win32utils/readme1st.txt
diff options
context:
space:
mode:
Diffstat (limited to 'win32utils/readme1st.txt')
-rw-r--r--win32utils/readme1st.txt159
1 files changed, 159 insertions, 0 deletions
diff --git a/win32utils/readme1st.txt b/win32utils/readme1st.txt
new file mode 100644
index 0000000..a56e729
--- /dev/null
+++ b/win32utils/readme1st.txt
@@ -0,0 +1,159 @@
+Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2001, 2003 Internet Software Consortium.
+See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
+
+$Id: readme1st.txt,v 1.18.372.2 2008/12/14 21:33:07 tbox Exp $
+
+ Release of BIND 9.5 for Window 2000/XP/2003
+
+This is a release of BIND 9.5 for Window 2000/XP/2003.
+Only IPv4 stacks are supported on the box running this version of BIND.
+IPv6 stacks will be supported in a future release.
+
+ Important Kit Installation Information
+
+As of release 9.3.0, BINDInstall requires that you install
+it under an account with restricted privileges. The installer
+will prompt you for an account name, the default is "named", and
+a password for that account. It will also check for the existence
+of that account. If it does not exist is will create it with only
+the privileges required to run BIND. If the account does exist it
+will check that it has only the one privilege required:
+"Log on as a service". If it has too many privileges it will prompt
+you if you want to continue.
+
+With BIND running under an account name it is necessary for all
+files and directories that BIND uses to have permissions set up
+for the named account if the files are on an NTFS disk. BIND requires
+that the account have read and write access to the directory for
+the pid file, any files that are maintained either for slave zones
+or for master zones supporting dynamic updates. The account will
+also need read access to the named.conf and any other file that
+it needs to read.
+
+It is important that on Windows the directory directive is used in
+the options section to tell BIND where to find the files used in
+named.conf (default %WINDOWS%\system32\dns\etc\named.conf).
+
+e.g.
+ options {
+ directory "C:\WINDOWS\system32\dns\etc";
+ };
+
+If you have previously installed BIND 8 or BIND 4 on the system that
+you wish to install this kit, you MUST use the BIND 8 or BIND 4 installer
+to uninstall the previous kit. For BIND 8.2.x, you can use the
+BINDInstall that comes with the BIND 8 kit to uninstall it. The BIND 9
+installer will NOT uninstall the BIND 8 binaries. That will be fixed
+in a future release.
+
+Unpack the kit into any convenient directory and run the BINDInstall
+program. This will install the named and associated programs into
+the correct directories and set up the required registry keys.
+
+Messages are logged to the Application log in the EventViewer.
+
+ Controlling BIND
+
+Windows NT/2000 uses the same rndc program as is used on Unix
+systems. The rndc.conf file must be configured for your system in
+order to work. You will need to generate a key for this. To do this
+use the rndc-confgen program. The program will be installed in the
+same directory as named: dns/bin/. From the DOS prompt, use the
+command this way:
+
+rndc-confgen -a
+
+which will create a rndc.key file in the dns/etc directory. This will
+allow you to run rndc without an explicit rndc.conf file or key and
+control entry in named.conf file. See section 3.4.1.2 of the ARM for
+details of this. An rndc.conf can also be generated by running:
+
+rndc-confgen > rndc.conf
+
+which will create the rndc.conf file in the current directory, but not
+copy it to the dns/etc directory where it needs to reside. If you create
+rndc.conf this way you will need to copy the same key statement into
+named.conf.
+
+The additions look like the following:
+
+key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxx=="; };
+
+controls {
+ inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };
+};
+
+Note that the value of the secret must come from the key generated
+above for rndc and must be the same key value for both. Details of
+this may be found in section 3.4.1.2 of the ARM. If you have rndc
+on a Unix box you can use it to control BIND on the NT/W2K box as
+well as using the Windows version of rndc to control a BIND 9
+daemon on a Unix box. However you must have key statements valid for
+the servers you wish to control, specifically the IP address and key
+in both named.conf and rndc.conf. Again see section 3.4.1.2 of the
+ARM for details.
+
+In order to you rndc from a different system it is important to
+ensure that the clocks are synchronized. The clocks must be kept
+within 5 minutes of each other or the rndc commands will fail
+authentication. Use NTP or other time synchronization software
+to keep your clocks accurate. NTP can be found at
+http://www.ntp.org/.
+
+In addition BIND is installed as a win32 system service, can be
+started and stopped in the same way as any other service and
+automatically starts whenever the system is booted. Signals are
+not supported and are in fact ignored.
+
+Note: Unlike most Windows applications, named does not, change its
+working directory when started as a service. If you wish to use
+relative files in named.conf you will need to specify a working
+directory using the directory directive options.
+
+ Documentation
+
+This kit includes Documentation in HTML format. The documentation is not
+copied during the installation process so you should move it to any convenient
+location for later reference. Of particular importance is the BIND 9
+Administrator's Reference Manual (Bv9ARM*.html) which provides detailed
+information on BIND 9. In addition, there are HTML pages for each of the
+BIND 9 applications.
+
+ DNS Tools
+
+The following tools have been built for Windows NT: dig, nslookup,
+host, nsupdate, rndc, rndc-confgen, named-checkconf, named-checkzone,
+dnssec-keygen, dnssec-signzone, dnssec-dsfromkey and dnssec-keyfromlabel.
+The tools will NOT run on Win9x, only WinNT and Win2000. The latter
+tools are for use with DNSSEC. All tools are installed in the
+dns/bin directory.
+
+IMPORTANT NOTE ON USING THE TOOLS:
+
+It is no longer necessary to create a resolv.conf file on Windows as
+the tools will look in the registry for the required nameserver
+information. However if you wish to create a resolv.conf file as
+follows it will use it in preference to the registry nameserver
+entries.
+
+To create a resolv.conf you need to place it in the System32\Drivers\etc
+directory and it needs to contain a list of nameserver addresses to
+use to find the nameserver authoritative for the zone. The format of
+this file is:
+
+nameserver 1.2.3.4
+nameserver 5.6.7.8
+
+Replace the IP addresses with your real addresses. 127.0.0.1 is a valid
+address if you are running a nameserver on the localhost.
+
+ Problems
+
+Please report all problems to bind9-bugs@isc.org and not to me. All
+other questions should go to the bind-users@isc.org mailing list or the
+comp.protocol.dns.bind news group.
+
+ Danny Mayer
+ mayer@ntp.isc.org
+