Ticket #143: bind.patch

File bind.patch, 14.0 KB (added by billy@…, 19 years ago)

Adds BIND 9

  • bind/bind-config-exp.xml

    diff --exclude=CVS -Naur ./bind/bind-config-exp.xml /home/billy/NEWBLFS/BOOK/server/other/bind/bind-config-exp.xml
    old new  
     2<title>Configuration command explanations</title>
     4groupadd -g 200 named &amp;&amp;
     5useradd -m -g named -u 200 -s /bin/false named &amp;&amp;
     6cd /home/named &amp;&amp;
     7mkdir -p dev etc/namedb/slave var/run &amp;&amp;
     8mknod /home/named/dev/null c 1 3 &amp;&amp;
     9mknod /home/named/dev/random c 1 8 &amp;&amp;
     10chmod 666 /home/named/dev/{null,random} &amp;&amp;
     11mkdir /home/named/etc/namedb/pz &amp;&amp;
     12cp /etc/localtime /home/named/etc : </userinput>
     14Create the unprivileged user and group named, along with device files
     15that named will need access to inside the chroot jail.</para>
     18cat &gt; /home/named/etc/named.conf &lt;&lt; "EOF" : </userinput>
     19Create the BIND configuration file, from which named will read the
     20location of zone files, root nameservers and secure DNS keys.</para>
     22cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF" : </userinput>
     23Create a single zone file.</para>
     25cat > /home/named/etc/namedb/root.hints << "EOF" : </userinput>
     26The root.hints file is a list of root nameservers.  This file must be
     27updated periodically with the dig utility.  Consult the BIND 9
     28Administrator Reference Manual for details.</para>
     30cat > /etc/rndc.conf << "EOF" : </userinput>
     31The rncd.conf file contains information for controlling named
     32operations with the rndc utility.</para>
     35cat > /etc/resolv.conf << "EOF" : </userinput>
     36The resolv.conf file will specify the local host( as the
     40cat > /etc/rc.d/init.d/bind << "EOF" : </userinput>
     41Create the boot script for BIND 9, used to start and stop the name
     42server daemon, named.</para>
  • bind/bind-config.xml

    diff --exclude=CVS -Naur ./bind/bind-config.xml /home/billy/NEWBLFS/BOOK/server/other/bind/bind-config.xml
    old new  
     2<title>Configuring BIND</title>
     3<para>We will configure BIND to run in a chroot jail as an unprivileged
     4user(named).  This configuration is more secure in that a DNS
     5compromise can only affect a few files in the named user's $HOME
     6directory </para>
     8<para>First we set up some files and directories needed by
     11groupadd -g 200 named &amp;&amp;
     12useradd -m -g named -u 200 -s /bin/false named &amp;&amp;
     13cd /home/named &amp;&amp;
     14mkdir -p dev etc/namedb/slave var/run &amp;&amp;
     15mknod /home/named/dev/null c 1 3 &amp;&amp;
     16mknod /home/named/dev/random c 1 8 &amp;&amp;
     17chmod 666 /home/named/dev/{null,random} &amp;&amp;
     18mkdir /home/named/etc/namedb/pz &amp;&amp;
     19cp /etc/localtime /home/named/etc
     22<sect3><title>Config files</title>
     23<para><userinput>named.conf, root.hints, 127.0.0, rndc.conf
     26<para>Create the named.conf file with the following commands:</para>
     28cat > /home/named/etc/named.conf << "EOF"
     29 options {
     30     directory "/etc/namedb";
     31    pid-file "/var/run/named.pid";
     32    statistics-file "/var/run/named.stats";
     34 };
     35 controls {
     36     inet allow { localhost; } keys { rndc_key; };
     37 };
     38 key "rndc_key" {
     39     algorithm hmac-md5;
     40     secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
     41 };
     42 zone "." {
     43     type hint;
     44     file "root.hints";
     45 };
     46 zone "0.0.127.in-addr.arpa" {
     47     type master;
     48     file "pz/127.0.0";
     49 };
     52<para>Create a zone file with the following contents: </para>
     54cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt "EOF"
     55$TTL 3D
     56@      IN      SOA     ns.local.domain. hostmaster.local.domain. (
     57                        1       ; Serial
     58                        8H      ; Refresh
     59                        2H      ; Retry
     60                        4W      ; Expire
     61                        1D)     ; Minimum TTL
     62                NS      ns.local.domain.
     631               PTR     localhost.
     67<para>Create the root.hints file with the following commands: </para>
     68<note><para>Caution must be used to insure no leading spaces in this
     71cat > /home/named/etc/namedb/root.hints << "EOF"
     72.                       6D  IN      NS      A.ROOT-SERVERS.NET.
     73.                       6D  IN      NS      B.ROOT-SERVERS.NET.
     74.                       6D  IN      NS      C.ROOT-SERVERS.NET.
     75.                       6D  IN      NS      D.ROOT-SERVERS.NET.
     76.                       6D  IN      NS      E.ROOT-SERVERS.NET.
     77.                       6D  IN      NS      F.ROOT-SERVERS.NET.
     78.                       6D  IN      NS      G.ROOT-SERVERS.NET.
     79.                       6D  IN      NS      H.ROOT-SERVERS.NET.
     80.                       6D  IN      NS      I.ROOT-SERVERS.NET.
     81.                       6D  IN      NS      J.ROOT-SERVERS.NET.
     82.                       6D  IN      NS      K.ROOT-SERVERS.NET.
     83.                       6D  IN      NS      L.ROOT-SERVERS.NET.
     84.                       6D  IN      NS      M.ROOT-SERVERS.NET.
     85A.ROOT-SERVERS.NET.     6D  IN      A
     86B.ROOT-SERVERS.NET.     6D  IN      A
     87C.ROOT-SERVERS.NET.     6D  IN      A
     88D.ROOT-SERVERS.NET.     6D  IN      A
     89E.ROOT-SERVERS.NET.     6D  IN      A
     90F.ROOT-SERVERS.NET.     6D  IN      A
     91G.ROOT-SERVERS.NET.     6D  IN      A
     92H.ROOT-SERVERS.NET.     6D  IN      A
     93I.ROOT-SERVERS.NET.     6D  IN      A
     94J.ROOT-SERVERS.NET.     6D  IN      A
     95K.ROOT-SERVERS.NET.     6D  IN      A
     96L.ROOT-SERVERS.NET.     6D  IN      A
     97M.ROOT-SERVERS.NET.     6D  IN      A
     101<para>Create the rndc.conf with the following commands:</para>
     103cat > /etc/rndc.conf << "EOF"
     104key rndc_key {
     105algorithm "hmac-md5";
     106    secret
     107    "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
     108    };
     109options {
     110    default-server localhost;
     111    default-key    rndc_key;
     116<para>Create or modify resolv.conf to use the new nameserver with the
     117following commands: </para>
     118<note><para>Replace yourdomain.com with your own valid domain
     122cp /etc/resolv.conf /etc/resolv.conf.bak
     123cat > /etc/resolv.conf << "EOF"
     124search yourdomain.com
     129<para>Set permissions on the chroot jail with the following
     132chown -R named.named /home/named
     135<para>Create the BIND boot script:</para>
     137cat &gt; /etc/rc.d/init.d/bind &lt;&lt; "EOF"
     139# Begin $rc_base/init.d/bind
     140# Based on sysklogd script from LFS-3.1 and earlier.
     141# Rewritten by Gerard Beekmans  - gerard@linuxfromscratch.org
     142source /etc/sysconfig/rc
     143source $rc_functions
     144case "$1" in
     145        start)
     146                echo "Starting named..."
     147                loadproc /usr/sbin/named -u named -t /home/named -c \
     148                        /etc/named.conf
     149                ;;
     150        stop)
     151                echo "Stopping named..."
     152                killproc /usr/sbin/named
     153                ;;
     154        restart)
     155                $0 stop
     156                sleep 1
     157                $0 start
     158                ;;
     159   reload)
     160                echo "Reloading named..."
     161                /usr/sbin/rndc -c /etc/rndc.conf reload
     162                ;;
     164        status)
     165                statusproc /usr/sbin/named
     166                ;;
     167        *)
     168                echo "Usage: $0 {start|stop|restart|status}"
     169                exit 1
     170                ;;
     172# End $rc_base/init.d/bind
     176<para>Add the run level symlinks:</para>
     178chmod 754 /etc/rc.d/init.d/bind &&
     179ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc0.d/K90bind &&
     180ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc1.d/K90bind &&
     181ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc2.d/K90bind &&
     182ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc3.d/S600bind &&
     183ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc4.d/S600bind &&
     184ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc5.d/S600bind &&
     185ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc6.d/K90bind
     188<para>Now start BIND with the new boot script: </para>
     190/etc/rc.d/init.d/bind start
     193<sect3><title>Testing BIND</title>
     194<para>Test out the new BIND 9 installation.  First query the local
     195host address with dig:</para>
     197dig -x
     199<para>Now try an external name lookup, taking note of the speed
     200difference in repeated lookups due to the caching.  Run the dig
     201command twice on the same address:</para>
     203dig beyond.linuxfromscratch.org &amp;&amp;
     204dig beyond.linuxfromscratch.org
     206You can see almost instantaneous results with the named caching
     207lookups.  Consult bind-&bind-version;/doc/arm/Bv9ARM.html, the BIND
     208Administrator Reference Manual for further configuration options.
  • bind/bind-desc.xml

    diff --exclude=CVS -Naur ./bind/bind-desc.xml /home/billy/NEWBLFS/BOOK/server/other/bind/bind-desc.xml
    old new  
     4<para>The BIND package contains
     16<userinput>dnssec-makekeyset</userinput> and
     23<para>dig interrogates DNS servers.</para></sect3>
     25<para>host is a utility for DNS lookups.</para></sect3>
     27<para>rndc controls the operation of BIND.</para></sect3>
     29<para>rndc-confgen generates rndc.conf files.</para></sect3>
     31<para>named-checkconf checks the syntax of named.conf
     34<para>named-checkzone checks zone file validity.</para></sect3>
     36<para>lwresd is a caching-only name server for local process
     39<para>named is the name server daemon.</para></sect3>
     41<para>dnssec-signzone generates signed versions of zone
     44<para>dnssec-signkey signs zone file key sets.</para></sect3>
     46<para>dnssec-keygen is a key generator for secure DNS.</para></sect3>
     48<para>dnssec-makekeyset generates a key set from one or more keys
     49created by dnssec-keygen.</para></sect3>
     51<para>nsupdate is used to submit DNS update requests.</para></sect3>
  • bind/bind-inst.xml

    diff --exclude=CVS -Naur ./bind/bind-inst.xml /home/billy/NEWBLFS/BOOK/server/other/bind/bind-inst.xml
    old new  
     2<title>Installation of BIND</title>
     4<para>Install BIND by running the following commands:</para>
     7./configure --prefix=/usr &amp;&amp;
     8make &amp;&amp;
     9make install
  • bind/bind-intro.xml

    diff --exclude=CVS -Naur ./bind/bind-intro.xml /home/billy/NEWBLFS/BOOK/server/other/bind/bind-intro.xml
    old new  
     2<title>Introduction to BIND &bind-version;</title>
     4<screen>Download location (HTTP):       <ulink url="&bind-download-ftp;"/>
     5Version used:                   &bind-version;
     6Package size:                   &bind-size;
     7Estimated Disk space required:  &bind-buildsize;</screen>
     9<para>The Bind package provides a DNS server and client
  • bind/bind.ent

    diff --exclude=CVS -Naur ./bind/bind.ent /home/billy/NEWBLFS/BOOK/server/other/bind/bind.ent
    old new  
    11<!ENTITY bind SYSTEM "../bind.xml">
     2<!ENTITY bind-intro SYSTEM "bind-intro.xml">
     3<!ENTITY bind-inst SYSTEM "bind-inst.xml">
     4<!ENTITY bind-exp SYSTEM "bind-exp.xml">
     5<!ENTITY bind-config-exp SYSTEM "bind-config-exp.xml">
     6<!ENTITY bind-desc SYSTEM "bind-desc.xml">
     7<!ENTITY bind-config SYSTEM "bind-config.xml">
     8<!ENTITY bind-buildsize "37 MB">
     9<!ENTITY bind-version "9.2.2rc1">
     10<!ENTITY bind-download-ftp
     12<!ENTITY bind-download-ftp "">
     13<!ENTITY bind-size "5.3 MB">
  • bind.xml

    diff --exclude=CVS -Naur ./bind.xml /home/billy/NEWBLFS/BOOK/server/other/bind.xml
    old new  
    1 <sect1 id="bind" xreflabel="bind">
     1<sect1 id="bind" xreflabel="bind-&bind-version;">
    22<?dbhtml filename="bind.html" dir="server"?>
    3 <title>bind</title>
     3<title>BIND &bind-version;</title>
    5 <para>TO BE DONE</para>