Context Navigation

bind.xml@ 520f6b4f

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 520f6b4f was 520f6b4f, checked in by Randy McMurchy <randy@…>, 18 years ago

Renamed the TeX package to its proper name - teTeX

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6042 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 21.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!-- Inserted as a reminder to do this. The mention of a test suite
8	is usually right before the root user installation commands. Please
9	delete these 12 (including one blank) lines after you are done.-->
10
11	<!-- Use one of the two mentions below about a test suite,
12	delete the line that is not applicable. Of course, if the
13	test suite uses syntax other than "make check", revise the
14	line to reflect the actual syntax to run the test suite -->
15
16	<!-- <para>This package does not come with a test suite.</para> -->
17	<!-- <para>To test the results, issue: <command>make check</command>.</para> -->
18
19	<!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
20	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
21	<!ENTITY bind-md5sum "55e709501a7780233c36e25ccd15ece2">
22	<!ENTITY bind-size "5.1 MB">
23	<!ENTITY bind-buildsize "76.2 MB">
24	<!ENTITY bind-time "1.7 SBU (additional 11 minutes, processor independent, to run the complete test suite)">
25	]>
26
27	<sect1 id="bind" xreflabel="BIND-&bind-version;">
28	<?dbhtml filename="bind.html"?>
29
30	<sect1info>
31	<othername>$LastChangedBy$</othername>
32	<date>$Date$</date>
33	<keywordset>
34	<keyword role="package">bind-&bind-version;.tar</keyword>
35	<keyword role="ftpdir">bind</keyword>
36	</keywordset>
37	</sect1info>
38
39	<title>BIND-&bind-version;</title>
40
41	<indexterm zone="bind">
42	<primary sortas="a-BIND">BIND</primary>
43	</indexterm>
44
45	<sect2 role="package">
46	<title>Introduction to BIND</title>
47
48	<para>The <application>BIND</application> package provides a DNS server
49	and client utilities. If you are only interested in the utilities, refer
50	to the <xref linkend="bind-utils"/>.</para>
51
52	<bridgehead renderas="sect3">Package Information</bridgehead>
53	<itemizedlist spacing="compact">
54	<listitem>
55	<para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
56	</listitem>
57	<listitem>
58	<para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
59	</listitem>
60	<listitem>
61	<para>Download MD5 sum: &bind-md5sum;</para>
62	</listitem>
63	<listitem>
64	<para>Download size: &bind-size;</para>
65	</listitem>
66	<listitem>
67	<para>Estimated disk space required: &bind-buildsize;</para>
68	</listitem>
69	<listitem>
70	<para>Estimated build time: &bind-time;</para>
71	</listitem>
72	</itemizedlist>
73
74	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
75
76	<bridgehead renderas="sect4">Optional</bridgehead>
77	<para role="optional"><xref linkend="openssl"/></para>
78
79	<bridgehead renderas="sect4">Optional (to Run the Test Suite)</bridgehead>
80	<para role="optional"><xref linkend="net-tools"/> (for <command>ifconfig</command>)
81	and <xref linkend="perl-net-dns"/></para>
82
83	<bridgehead renderas="sect4">Optional (to [Re]Build
84	Documentation)</bridgehead>
85	<para role="optional">
86	<xref linkend="tetex"/> and
87	<xref linkend="libxslt"/></para>
88
89	<para condition="html" role="usernotes">User Notes:
90	<ulink url="&blfs-wiki;/bind"/></para>
91
92	</sect2>
93
94	<sect2 role="installation">
95	<title>Installation of BIND</title>
96
97	<para>Install <application>BIND</application> by running the
98	following commands:</para>
99
100	<screen><userinput>sed -i -e '247a #undef SO_BSDCOMPAT\n' lib/isc/unix/socket.c &&
101	./configure --prefix=/usr --sysconfdir=/etc \
102	--enable-threads --with-libtool &&
103	make</userinput></screen>
104
105	<para>Issue the following commands to run the complete suite of tests.
106	First, as <systemitem class="username">root</systemitem>, set up some test
107	interfaces:</para>
108
109	<screen role="root"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
110
111	<para>Now run the test suite as an unprivileged user:</para>
112
113	<screen><userinput>make check 2>&1 \| tee check.log</userinput></screen>
114
115	<para>Again as <systemitem class="username">root</systemitem>, clean up the
116	test interfaces:</para>
117
118	<screen role="root"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
119
120	<para>Issue the following command to check that all 144 tests
121	ran successfully:</para>
122
123	<screen><userinput>grep "R:PASS" check.log \| wc -l</userinput></screen>
124
125	<para>Finally, install the package as the <systemitem
126	class="username">root</systemitem> user:</para>
127
128	<screen role="root"><userinput>make install &&
129	chmod 755 /usr/lib/{lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.?} &&
130	cd doc &&
131	install -v -d -m755 /usr/share/doc/bind-&bind-version;/{arm,draft,misc,rfc} &&
132	install -v -m644 arm/*.html \
133	/usr/share/doc/bind-&bind-version;/arm &&
134	install -v -m644 draft/*.txt \
135	/usr/share/doc/bind-&bind-version;/draft &&
136	install -v -m644 rfc/* \
137	/usr/share/doc/bind-&bind-version;/rfc &&
138	install -v -m644 \
139	misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
140	/usr/share/doc/bind-&bind-version;/misc</userinput></screen>
141
142	</sect2>
143
144	<sect2 role="commands">
145	<title>Command Explanations</title>
146
147	<para><command>sed -i -e '247a #undef SO_BSDCOMPAT\n'
148	lib/isc/unix/socket.c</command>: This command removes an obsolete reference
149	so that the <application>bind</application> daemon does not generate
150	messages about it in the log.</para>
151
152	<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
153	<application>BIND</application> to look for configuration
154	files in <filename class='directory'>/etc</filename> instead of
155	<filename class='directory'>/usr/etc</filename>.</para>
156
157	<para><parameter>--enable-threads</parameter>: This parameter enables
158	multi-threading capability.</para>
159
160	<para><parameter>--with-libtool</parameter>: This parameter forces the
161	building of dynamic libraries and links the installed binaries to these
162	libraries.</para>
163
164	<para><command>chmod 755
165	/usr/lib/{lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.?}</command>:
166	Enable the execute bit to prevent a warning when using
167	<command>ldd</command> to check library dependencies.</para>
168
169	<para><command>cd doc; install ...</command>: These commands install the
170	additional package documentation. Optionally, omit any or all of these
171	commands.</para>
172
173	</sect2>
174
175	<sect2 role="configuration">
176	<title>Configuring BIND</title>
177
178	<sect3 id="bind-config">
179	<title>Config files</title>
180
181	<para><filename>named.conf</filename>,
182	<filename>root.hints</filename>,
183	<filename>127.0.0</filename>,
184	<filename>rndc.conf</filename> and
185	<filename>resolv.conf</filename></para>
186
187	<indexterm zone="bind bind-config">
188	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
189	</indexterm>
190
191	<indexterm zone="bind bind-config">
192	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
193	</indexterm>
194
195	<indexterm zone="bind bind-config">
196	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
197	</indexterm>
198
199	<indexterm zone="bind bind-config">
200	<primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
201	</indexterm>
202
203	<indexterm zone="bind bind-config">
204	<primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
205	</indexterm>
206
207	</sect3>
208
209	<sect3>
210	<title>Configuration Information</title>
211
212	<para><application>BIND</application> will be configured to run in a
213	<command>chroot</command> jail as an unprivileged user (<systemitem
214	class="username">named</systemitem>). This configuration is more secure
215	in that a DNS compromise can only affect a few files in the <systemitem
216	class="username">named</systemitem> user's <envar>HOME</envar>
217	directory.</para>
218
219	<para>Create the unprivileged user and group <systemitem
220	class="username">named</systemitem>:</para>
221
222	<screen role="root"><userinput>groupadd -g 20 named &&
223	useradd -m -c "BIND Owner" -g named -s /bin/false -u 20 named</userinput></screen>
224
225	<para>Set up some files, directories and devices needed by
226	<application>BIND</application>:</para>
227
228	<screen role="root"><userinput>cd /home/named &&
229	mkdir -p dev etc/namedb/slave var/run &&
230	mknod /home/named/dev/null c 1 3 &&
231	mknod /home/named/dev/random c 1 8 &&
232	chmod 666 /home/named/dev/{null,random} &&
233	mkdir /home/named/etc/namedb/pz &&
234	cp /etc/localtime /home/named/etc</userinput></screen>
235
236	<para>Then, generate a key for use in the <filename>named.conf</filename>
237	and <filename>rdnc.conf</filename> files using the
238	<command>rndc-confgen</command> command:</para>
239
240	<screen role="root"><userinput>rndc-confgen -b 512 \| grep -m 1 "secret" \| cut -d '"' -f 2</userinput></screen>
241
242	<para>Create the <filename>named.conf</filename> file from which
243	<command>named</command> will read the location of zone files, root
244	name servers and secure DNS keys:</para>
245
246	<screen role="root"><userinput>cat > /home/named/etc/named.conf << "EOF"
247	<literal> options {
248	directory "/etc/namedb";
249	pid-file "/var/run/named.pid";
250	statistics-file "/var/run/named.stats";
251
252	};
253	controls {
254	inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
255	};
256	key "rndc_key" {
257	algorithm hmac-md5;
258	secret "<replaceable><Insert secret from rndc-confgen's output here></replaceable>";
259	};
260	zone "." {
261	type hint;
262	file "root.hints";
263	};
264	zone "0.0.127.in-addr.arpa" {
265	type master;
266	file "pz/127.0.0";
267	};
268
269	// Bind 9 now logs by default through syslog (except debug).
270	// These are the default logging rules.
271
272	logging {
273	category default { default_syslog; default_debug; };
274	category unmatched { null; };
275
276	channel default_syslog {
277	syslog daemon; // send to syslog's daemon
278	// facility
279	severity info; // only send priority info
280	// and higher
281	};
282
283	channel default_debug {
284	file "named.run"; // write to named.run in
285	// the working directory
286	// Note: stderr is used instead
287	// of "named.run"
288	// if the server is started
289	// with the '-f' option.
290	severity dynamic; // log at the server's
291	// current debug level
292	};
293
294	channel default_stderr {
295	stderr; // writes to stderr
296	severity info; // only send priority info
297	// and higher
298	};
299
300	channel null {
301	null; // toss anything sent to
302	// this channel
303	};
304	};</literal>
305
306	EOF</userinput></screen>
307
308	<para>Create the <filename>rndc.conf</filename> file with the following
309	commands:</para>
310
311	<screen role="root"><userinput>cat > /etc/rndc.conf << "EOF"
312	<literal>key rndc_key {
313	algorithm "hmac-md5";
314	secret
315	"<replaceable><Insert secret from rndc-confgen's output here></replaceable>";
316	};
317	options {
318	default-server localhost;
319	default-key rndc_key;
320	};</literal>
321	EOF</userinput></screen>
322
323	<para>The <filename>rndc.conf</filename> file contains information for
324	controlling <command>named</command> operations with the
325	<command>rndc</command> utility.</para>
326
327	<para>Create a zone file with the following contents:</para>
328
329	<screen role="root"><userinput>cat > /home/named/etc/namedb/pz/127.0.0 << "EOF"
330	<literal>$TTL 3D
331	@ IN SOA ns.local.domain. hostmaster.local.domain. (
332	1 ; Serial
333	8H ; Refresh
334	2H ; Retry
335	4W ; Expire
336	1D) ; Minimum TTL
337	NS ns.local.domain.
338	1 PTR localhost.</literal>
339	EOF</userinput></screen>
340
341	<para>Create the <filename>root.hints</filename> file with the following
342	commands:</para>
343
344	<note>
345	<para>Caution must be used to ensure there are no leading spaces in
346	this file.</para>
347	</note>
348
349	<screen role="root"><userinput>cat > /home/named/etc/namedb/root.hints << "EOF"
350	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
351	. 6D IN NS B.ROOT-SERVERS.NET.
352	. 6D IN NS C.ROOT-SERVERS.NET.
353	. 6D IN NS D.ROOT-SERVERS.NET.
354	. 6D IN NS E.ROOT-SERVERS.NET.
355	. 6D IN NS F.ROOT-SERVERS.NET.
356	. 6D IN NS G.ROOT-SERVERS.NET.
357	. 6D IN NS H.ROOT-SERVERS.NET.
358	. 6D IN NS I.ROOT-SERVERS.NET.
359	. 6D IN NS J.ROOT-SERVERS.NET.
360	. 6D IN NS K.ROOT-SERVERS.NET.
361	. 6D IN NS L.ROOT-SERVERS.NET.
362	. 6D IN NS M.ROOT-SERVERS.NET.
363	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
364	B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
365	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
366	D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
367	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
368	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
369	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
370	H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
371	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
372	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
373	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
374	L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
375	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33</literal>
376	EOF</userinput></screen>
377
378	<para>The <filename>root.hints</filename> file is a list of root
379	name servers. This file must be updated periodically with the
380	<command>dig</command> utility. A current copy of root.hints can be
381	obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
382	Consult the <ulink url="http://www.bind9.net/Bv9ARM.html">BIND 9
383	Administrator Reference Manual</ulink> for details.</para>
384
385	<para>Create or modify <filename>resolv.conf</filename> to use the new
386	name server with the following commands:</para>
387
388	<note>
389	<para>Replace <replaceable><yourdomain.com></replaceable> with
390	your own valid domain name.</para>
391	</note>
392
393	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
394	cat > /etc/resolv.conf << "EOF"
395	<literal>search <replaceable><yourdomain.com></replaceable>
396	nameserver 127.0.0.1</literal>
397	EOF</userinput></screen>
398
399	<para>Set permissions on the <command>chroot</command> jail with the
400	following command:</para>
401
402	<screen role="root"><userinput>chown -R named.named /home/named</userinput></screen>
403
404	</sect3>
405
406	<sect3 id="bind-init">
407	<title>Boot Script</title>
408
409	<para>To start the DNS server at boot, install the
410	<filename>/etc/rc.d/init.d/bind</filename> init script included
411	in the <xref linkend="bootscripts"/> package.</para>
412
413	<indexterm zone="bind bind-init">
414	<primary sortas="f-bind">bind</primary>
415	</indexterm>
416
417	<screen role="root"><userinput>make install-bind</userinput></screen>
418
419	<para>Now start <application>BIND</application> with
420	the new boot script:</para>
421
422	<screen role="root"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
423
424	</sect3>
425
426	<sect3>
427	<title>Testing BIND</title>
428
429	<para>Test out the new <application>BIND</application> 9 installation.
430	First query the local host address with <command>dig</command>:</para>
431
432	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
433
434	<para>Now try an external name lookup, taking note of the speed
435	difference in repeated lookups due to the caching. Run the
436	<command>dig</command> command twice on the same address:</para>
437
438	<screen><userinput>dig www.linuxfromscratch.org &&
439	dig www.linuxfromscratch.org</userinput></screen>
440
441	<para>You can see almost instantaneous results with the named caching
442	lookups. Consult the <application>BIND</application> Administrator
443	Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
444	in the package source tree, for further configuration options.</para>
445
446	</sect3>
447
448	</sect2>
449
450	<sect2 role="content">
451	<title>Contents</title>
452
453	<segmentedlist>
454	<segtitle>Installed Programs</segtitle>
455	<segtitle>Installed Libraries</segtitle>
456	<segtitle>Installed Directories</segtitle>
457
458	<seglistitem>
459	<seg>dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd,
460	named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc, and
461	rndc-confgen</seg>
462	<seg>libbind9.{so,a}, libdns.{so,a}, libisc.{so,a}, libisccc.{so,a},
463	libisccfg.{so,a}, and liblwres.{so,a}</seg>
464	<seg>/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst,
465	/usr/include/isc, /usr/include/isccc, /usr/include/isccfg,
466	/usr/include/lwres, and /usr/share/doc/bind-&bind-version;</seg>
467	</seglistitem>
468	</segmentedlist>
469
470	<variablelist>
471	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
472	<?dbfo list-presentation="list"?>
473	<?dbhtml list-presentation="table"?>
474
475	<varlistentry id="dig">
476	<term><command>dig</command></term>
477	<listitem>
478	<para>interrogates DNS servers.</para>
479	<indexterm zone="bind dig">
480	<primary sortas="b-dig">dig</primary>
481	</indexterm>
482	</listitem>
483	</varlistentry>
484
485	<varlistentry id="dnssec-keygen">
486	<term><command>dnssec-keygen</command></term>
487	<listitem>
488	<para>is a key generator for secure DNS.</para>
489	<indexterm zone="bind dnssec-keygen">
490	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
491	</indexterm>
492	</listitem>
493	</varlistentry>
494
495	<varlistentry id="dnssec-signzone">
496	<term><command>dnssec-signzone</command></term>
497	<listitem>
498	<para>generates signed versions of zone files.</para>
499	<indexterm zone="bind dnssec-signzone">
500	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
501	</indexterm>
502	</listitem>
503	</varlistentry>
504
505	<varlistentry id="host">
506	<term><command>host</command></term>
507	<listitem>
508	<para>is a utility for DNS lookups.</para>
509	<indexterm zone="bind host">
510	<primary sortas="b-host">host</primary>
511	</indexterm>
512	</listitem>
513	</varlistentry>
514
515	<varlistentry id="lwresd">
516	<term><command>lwresd</command></term>
517	<listitem>
518	<para>is a caching-only name server for local process use.</para>
519	<indexterm zone="bind lwresd">
520	<primary sortas="b-lwresd">lwresd</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524
525	<varlistentry id="named">
526	<term><command>named</command></term>
527	<listitem>
528	<para>is the name server daemon.</para>
529	<indexterm zone="bind named">
530	<primary sortas="b-named">named</primary>
531	</indexterm>
532	</listitem>
533	</varlistentry>
534
535	<varlistentry id="named-checkconf">
536	<term><command>named-checkconf</command></term>
537	<listitem>
538	<para>checks the syntax of <filename>named.conf</filename>
539	files.</para>
540	<indexterm zone="bind named-checkconf">
541	<primary sortas="b-named-checkconf">named-checkconf</primary>
542	</indexterm>
543	</listitem>
544	</varlistentry>
545
546	<varlistentry id="named-checkzone">
547	<term><command>named-checkzone</command></term>
548	<listitem>
549	<para>checks zone file validity.</para>
550	<indexterm zone="bind named-checkzone">
551	<primary sortas="b-named-checkzone">named-checkzone</primary>
552	</indexterm>
553	</listitem>
554	</varlistentry>
555
556	<varlistentry id="nslookup">
557	<term><command>nslookup</command></term>
558	<listitem>
559	<para>is a program used to query Internet domain nameservers.</para>
560	<indexterm zone="bind nslookup">
561	<primary sortas="b-nslookup">nslookup</primary>
562	</indexterm>
563	</listitem>
564	</varlistentry>
565
566	<varlistentry id="nsupdate">
567	<term><command>nsupdate</command></term>
568	<listitem>
569	<para>is used to submit DNS update requests.</para>
570	<indexterm zone="bind nsupdate">
571	<primary sortas="b-nsupdate">nsupdate</primary>
572	</indexterm>
573	</listitem>
574	</varlistentry>
575
576	<varlistentry id="rndc">
577	<term><command>rndc</command></term>
578	<listitem>
579	<para>controls the operation of <application>BIND</application>.</para>
580	<indexterm zone="bind rndc">
581	<primary sortas="b-rndc">rndc</primary>
582	</indexterm>
583	</listitem>
584	</varlistentry>
585
586	<varlistentry id="rndc-confgen">
587	<term><command>rndc-confgen</command></term>
588	<listitem>
589	<para>generates <filename>rndc.conf</filename> files.</para>
590	<indexterm zone="bind rndc-confgen">
591	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
592	</indexterm>
593	</listitem>
594	</varlistentry>
595
596	</variablelist>
597
598	</sect2>
599
600	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/major/bind.xml@ 520f6b4f

Download in other formats: