Copyright (C) 2001, 2003  Internet Software Consortium.

See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.



$Id: readme1st.txt,v 1.7.2.5 2003/08/06 02:43:28 marka Exp $



	   Release of BIND 9.2.3rc1 for Window NT/2000



This is a maintenance release of BIND 9.2 for Window NT/2000.  Only

IPv4 stacks are supported on the box running this version of BIND.

IPv6 stacks will be supported in a future release.

  

	Kit Installation Information



If you have previously installed BIND 8 or BIND 4 on the system that

you wish to install this kit, you MUST use the BIND 8 or BIND 4 installer

to uninstall the previous kit.  For BIND 8.2.x, you can use the

BINDInstall that comes with the BIND 8 kit to uninstall it. The BIND 9

installer will NOT uninstall the BIND 8 binaries.  That will be fixed

in a future release.



Unpack the kit into any convenient directory and run the BINDInstall

program.  This will install the named and associated programs into

the correct directories and set up the required registry keys.



	Controlling BIND



Windows NT/2000 uses the same rndc program as is used on Unix

systems.  The rndc.conf file must be configured for your system in

order to work. You will need to generate a key for this. To do this

use the rndc-confgen program. The program will be installed in the

same directory as named: dns/bin/.  From the DOS prompt, use the

command this way:



rndc-confgen -a



which will create a rndc.key file in the dns/etc directory. This will

allow you to run rndc without an explicit rndc.conf file or key and

control entry in named.conf file. See section 3.4.1.2 of the ARM for

details of this. An rndc.conf can also be generated by running:



rndc-confgen > rndc.conf



which will create the rndc.conf file in the current directory, but not

copy it to the dns/etc directory where it needs to reside. If you create

rndc.conf this way you will need to copy the same key statement into

named.conf.



The additions look like the following:



key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxx=="; };



controls {

	inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };

};



Note that the value of the secret must come from the key generated

above for rndc and must be the same key value for both. Details of

this may be found in section 3.4.1.2 of the ARM. If you have rndc

on a Unix box you can use it to control BIND on the NT/W2K box as

well as using the Windows version of rndc to control a BIND 9

daemon on a Unix box. However you must have key statements valid for

the servers you wish to control, specifically the IP address and key

in both named.conf and rndc.conf. Again see section 3.4.1.2 of the

ARM for details.



In addition BIND is installed as a win32 system service, can be

started and stopped in the same way as any other service and

automatically starts whenever the system is booted. Signals are

not supported and are in fact ignored.



Note: Unlike most Windows applications, named does not, change its

working directory when started as a service.  If you wish to use

relative files in named.conf you will need to specify a working

directory.



	Documentation



This kit includes Documentation in HTML format.  The documentation is not

copied during the installation process so you should move it to any convenient

location for later reference. Of particular importance is the BIND 9

Administrator's Reference Manual (Bv9ARM*.html) which provides detailed

information on BIND 9. In addition, there are HTML pages for each of the

BIND 9 applications.



	DNS Tools



The following tools have been built for Windows NT: dig, nslookup, host,

nsupdate, rndc, rndc-confgen, named-checkconf, named-checkzone, dnssec-keygen,

dnssec-makekeyset, dnssec-signkey, dnssec-signzone. The tools will NOT run on

Win9x, only WinNT and Win2000. The latter tools are for use with DNSSEC. All

tools are installed in the dns/bin directory.



IMPORTANT NOTE ON USING THE TOOLS:

If you wish to use nsupdate on a win32 platform to do dynamic updates

to a zone you MUST create a resolv.conf in the System32\Drivers\etc

directory containing a list of nameserver addresses to use to find

the nameserver authoritative for the zone. The format of this file is:



nameserver 1.2.3.4

nameserver 5.6.7.8



Replace the IP addresses with your real addresses.  127.0.0.1 is a valid

address if you are running a nameserver on the localhost. 



In addition, if you use dig, host or nslookup, you will need this

file on the system where you are running these tools unless you have

BIND running on that system.



This will be fixed in a future release.



Messages are logged to the Application log in the EventViewer.



	Problems



Please report all problems to bind9-bugs@isc.org and not to me. All

other questions should go to the bind-users@isc.org mailing list or the

comp.protocol.dns.bind news group.



	Danny Mayer



