From 51048ca06ecc3c57bae7f8c16b3ca9e3b1235619 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Sat, 19 Jan 2019 16:12:45 -0800 Subject: [PATCH] added querytrace documentation in README also: - rearranged things a little, adding a "dependencies" section - removed the documentation of 'enable-threads'. (this part of the change should not be backported.) --- README | 55 ++++++++++++++++++++++++++----------------------------- README.md | 42 +++++++++++++++++++----------------------- 2 files changed, 45 insertions(+), 52 deletions(-) diff --git a/README b/README index bbb0672770..6f6e6503e7 100644 --- a/README +++ b/README @@ -8,11 +8,12 @@ Contents 4. BIND 9.13 features 5. Building BIND 6. macOS - 7. Compile-time options - 8. Automated testing - 9. Documentation -10. Change log -11. Acknowledgments + 7. Dependencies + 8. Compile-time options + 9. Automated testing +10. Documentation +11. Change log +12. Acknowledgments Introduction @@ -130,7 +131,7 @@ have been removed. See https://dnsflagday.net for more details. Cryptographic support has been modernized. BIND now uses the best available pseudo-random number generator for the platform on which it's built. Very old versions of OpenSSL are no longer supported. Cryptography -is now mandatory: building BIND without DNSSEC is now longer supported. +is now mandatory: building BIND without DNSSEC is no longer supported. Special code to support certain legacy operating systems has also been removed; see the file PLATFORMS.md for details of supported platforms. In @@ -194,30 +195,21 @@ if you have Xcode already installed you can run "xcode-select --install". This will add /usr/include to the system and install the compiler and other tools so that they can be easily found. +Dependencies + +Portions of BIND that are written in Python, including dnssec-keymgr, +dnssec-coverage, dnssec-checkds, and some of the system tests, require the +'argparse' and 'ply' modules to be available. 'argparse' is a standard +module as of Python 2.7 and Python 3.2. 'ply' is available from https:// +pypi.python.org/pypi/ply. + Compile-time options To see a full list of configuration options, run configure --help. -On most platforms, BIND 9 is built with multithreading support, allowing -it to take advantage of multiple CPUs. You can configure this by -specifying --enable-threads or --disable-threads on the configure command -line. The default is to enable threads, except on some older operating -systems on which threads are known to have had problems in the past. -(Note: Prior to BIND 9.10, the default was to disable threads on Linux -systems; this has now been reversed. On Linux systems, the threaded build -is known to change BIND's behavior with respect to file permissions; it -may be necessary to specify a user with the -u option when running named.) - To build shared libraries, specify --with-libtool on the configure command line. -Certain compiled-in constants and default settings can be increased to -values better suited to large servers with abundant memory resources (e.g, -64-bit servers with 12G or more of memory) by specifying --with-tuning= -large on the configure command line. This can improve performance on big -servers, but will consume more memory and may degrade performance on -smaller systems. - For the server to support DNSSEC, you need to build it with crypto support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the OpenSSL library is installed in a nonstandard location, @@ -249,17 +241,18 @@ github.com/farsightsec/fstrm and libprotobuf-c https:// developers.google.com/protocol-buffers, and BIND must be configured with --enable-dnstap. +Certain compiled-in constants and default settings can be increased to +values better suited to large servers with abundant memory resources (e.g, +64-bit servers with 12G or more of memory) by specifying --with-tuning= +large on the configure command line. This can improve performance on big +servers, but will consume more memory and may degrade performance on +smaller systems. + On Linux, process capabilities are managed in user space using the libcap library, which can be installed on most Linux systems via the libcap-dev or libcap-devel module. Process capability support can also be disabled by configuring with --disable-linux-caps. -Portions of BIND that are written in Python, including dnssec-keymgr, -dnssec-coverage, dnssec-checkds, and some of the system tests, require the -'argparse' and 'ply' modules to be available. 'argparse' is a standard -module as of Python 2.7 and Python 3.2. 'ply' is available from https:// -pypi.python.org/pypi/ply. - On some platforms it is necessary to explicitly request large file support to handle files bigger than 2GB. This can be done by using --enable-largefile on the configure command line. @@ -269,6 +262,10 @@ specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure command line. By default, fixed rrset-order is disabled to reduce memory footprint. +The --enable-querytrace option causes named to log every step of +processing every query. This should only be enabled when debugging, +because it has a significant negative impact on query performance. + make install will install named and the various BIND 9 libraries. By default, installation is into /usr/local, but this can be changed with the --prefix option when running configure. diff --git a/README.md b/README.md index 698218d247..e0c2172920 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ 1. [BIND 9.13 features](#features) 1. [Building BIND](#build) 1. [macOS](#macos) +1. [Dependencies](#dependencies) 1. [Compile-time options](#opts) 1. [Automated testing](#testing) 1. [Documentation](#doc) @@ -207,31 +208,21 @@ or if you have Xcode already installed you can run "xcode-select --install". This will add /usr/include to the system and install the compiler and other tools so that they can be easily found. +### Dependencies + +Portions of BIND that are written in Python, including +`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the +system tests, require the 'argparse' and 'ply' modules to be available. +'argparse' is a standard module as of Python 2.7 and Python 3.2. +'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply). #### Compile-time options To see a full list of configuration options, run `configure --help`. -On most platforms, BIND 9 is built with multithreading support, allowing it -to take advantage of multiple CPUs. You can configure this by specifying -`--enable-threads` or `--disable-threads` on the `configure` command line. -The default is to enable threads, except on some older operating systems on -which threads are known to have had problems in the past. (Note: Prior to -BIND 9.10, the default was to disable threads on Linux systems; this has -now been reversed. On Linux systems, the threaded build is known to change -BIND's behavior with respect to file permissions; it may be necessary to -specify a user with the -u option when running `named`.) - To build shared libraries, specify `--with-libtool` on the `configure` command line. -Certain compiled-in constants and default settings can be increased to -values better suited to large servers with abundant memory resources (e.g, -64-bit servers with 12G or more of memory) by specifying -`--with-tuning=large` on the `configure` command line. This can improve -performance on big servers, but will consume more memory and may degrade -performance on smaller systems. - For the server to support DNSSEC, you need to build it with crypto support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the OpenSSL library is installed in a nonstandard location, specify the prefix @@ -266,17 +257,18 @@ and libprotobuf-c [https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers), and BIND must be configured with `--enable-dnstap`. +Certain compiled-in constants and default settings can be increased to +values better suited to large servers with abundant memory resources (e.g, +64-bit servers with 12G or more of memory) by specifying +`--with-tuning=large` on the `configure` command line. This can improve +performance on big servers, but will consume more memory and may degrade +performance on smaller systems. + On Linux, process capabilities are managed in user space using the `libcap` library, which can be installed on most Linux systems via the `libcap-dev` or `libcap-devel` module. Process capability support can also be disabled by configuring with `--disable-linux-caps`. -Portions of BIND that are written in Python, including -`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the -system tests, require the 'argparse' and 'ply' modules to be available. -'argparse' is a standard module as of Python 2.7 and Python 3.2. -'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply). - On some platforms it is necessary to explicitly request large file support to handle files bigger than 2GB. This can be done by using `--enable-largefile` on the `configure` command line. @@ -286,6 +278,10 @@ specifying `--enable-fixed-rrset` or `--disable-fixed-rrset` on the configure command line. By default, fixed rrset-order is disabled to reduce memory footprint. +The `--enable-querytrace` option causes `named` to log every step of +processing every query. This should only be enabled when debugging, because +it has a significant negative impact on query performance. + `make install` will install `named` and the various BIND 9 libraries. By default, installation is into /usr/local, but this can be changed with the `--prefix` option when running `configure`.