Context Navigation

bind.xml@ c67fbf64

Visit:

systemd-11177

Last change on this file since c67fbf64 was c67fbf64, checked in by Krejzi <krejzi@…>, 11 years ago

Remove packages that are now in lfs systemd from blfs.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@11302 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 21.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http " ">
8	<!ENTITY bind-download-ftp
9	"ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
10	<!ENTITY bind-md5sum "7baa8359f0773e04f63d7e694db1909c">
11	<!ENTITY bind-size "7.2 MB">
12	<!ENTITY bind-buildsize "110 MB (additional 50 MB to run the test suite)">
13	<!ENTITY bind-time "1.3 SBU (additional 15 minutes, processor independent, to
14	run the complete test suite)">
15	]>
16
17	<sect1 id="bind" xreflabel="BIND-&bind-version;">
18	<?dbhtml filename="bind.html"?>
19
20	<sect1info>
21	<othername>$LastChangedBy$</othername>
22	<date>$Date$</date>
23	</sect1info>
24
25	<title>BIND-&bind-version;</title>
26
27	<indexterm zone="bind">
28	<primary sortas="a-BIND">BIND</primary>
29	</indexterm>
30
31	<sect2 role="package">
32	<title>Introduction to BIND</title>
33
34	<para>The <application>BIND</application> package provides a DNS server
35	and client utilities. If you are only interested in the utilities, refer
36	to the <xref linkend="bind-utils"/>.</para>
37
38	&lfs73_checked;
39
40	<bridgehead renderas="sect3">Package Information</bridgehead>
41	<itemizedlist spacing="compact">
42	<listitem>
43	<para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
44	</listitem>
45	<listitem>
46	<para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
47	</listitem>
48	<listitem>
49	<para>Download MD5 sum: &bind-md5sum;</para>
50	</listitem>
51	<listitem>
52	<para>Download size: &bind-size;</para>
53	</listitem>
54	<listitem>
55	<para>Estimated disk space required: &bind-buildsize;</para>
56	</listitem>
57	<listitem>
58	<para>Estimated build time: &bind-time;</para>
59	</listitem>
60	</itemizedlist>
61
62	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
63	<itemizedlist spacing='compact'>
64	<listitem>
65	<para>Optional patch (if net-tools is not installed):
66	<ulink
67	url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
68	</listitem>
69	</itemizedlist>
70
71	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
72
73	<bridgehead renderas="sect4">Optional</bridgehead>
74	<para role="optional">
75	<xref linkend="libxml2"/>,
76	<xref linkend="mitkrb"/> and
77	<xref linkend="openssl"/>
78	</para>
79
80	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
81	<para role="optional">
82	<xref linkend="perl-net-dns"/> and
83	<xref linkend="net-tools"/> (you may omit net-tools by using the optional
84	patch to utilize iproute2, but the IPv6 tests will fail)
85	</para>
86
87	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
88	<para role="optional">
89	<xref linkend="doxygen"/>,
90	<xref linkend="texlive"/>, and
91	<xref linkend="libxslt"/>
92	</para>
93
94	<para condition="html" role="usernotes">User Notes:
95	<ulink url="&blfs-wiki;/bind"/></para>
96
97	</sect2>
98
99	<sect2 role="installation">
100	<title>Installation of BIND</title>
101
102	<para>If you have chosen not to install net-tools, apply the iproute2
103	patch with the following command:</para>
104
105	<screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
106
107	<!--
108	<para>If you want to <command>configure</command>
109	<application>BIND</application> with the option
110	<option>- -disable-static</option> fix a bug in one of the Makefiles:</para>
111	<!- - this is a bug in bind-9.8.1 that wasn't in bind-9.8.0 - ->
112
113	<screen><userinput>sed -i 's# driver.o# .libs/driver.o#' bin/tests/system/dlzexternal/Makefile.in</userinput></screen>
114	-->
115	<para>Install <application>BIND</application> by running the
116	following commands:</para>
117
118	<screen><userinput>./configure --prefix=/usr \
119	--sysconfdir=/etc \
120	--localstatedir=/var \
121	--mandir=/usr/share/man \
122	--enable-threads \
123	--with-libtool \
124	--disable-static &&
125	make</userinput></screen>
126
127	<para>Issue the following commands to run the complete suite of tests.
128	First, as the <systemitem class="username">root</systemitem> user, set up
129	some test interfaces:</para>
130
131	<screen role="root"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
132
133	<para>Now run the test suite as an unprivileged user:</para>
134
135	<screen><userinput>make check 2>&1 \| tee check.log</userinput></screen>
136
137	<para>Again as <systemitem class="username">root</systemitem>, clean up the
138	test interfaces:</para>
139
140	<screen role="root"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
141
142	<para>Issue the following command to check that all 185 tests
143	ran successfully:</para>
144
145	<screen><userinput>grep "R:PASS" check.log \| wc -l</userinput></screen>
146
147	<para>Finally, install the package as the <systemitem
148	class="username">root</systemitem> user:</para>
149
150	<screen role="root"><userinput>make install &&
151	chmod -v 0755 /usr/lib/lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.? &&
152
153	install -v -m755 -d /usr/share/doc/bind-&bind-version;/{arm,misc} &&
154	install -v -m644 doc/arm/*.html \
155	/usr/share/doc/bind-&bind-version;/arm &&
156	install -v -m644 \
157	doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
158	/usr/share/doc/bind-&bind-version;/misc</userinput></screen>
159	</sect2>
160
161	<sect2 role="commands">
162	<title>Command Explanations</title>
163
164	<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
165	<application>BIND</application> to look for configuration
166	files in <filename class='directory'>/etc</filename> instead of
167	<filename class='directory'>/usr/etc</filename>.</para>
168
169	<para><parameter>--enable-threads</parameter>: This parameter enables
170	multi-threading capability.</para>
171
172	<para><parameter>--with-libtool</parameter>: This parameter forces the
173	building of dynamic libraries and links the installed binaries to these
174	libraries.</para>
175
176	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
177	href="../../xincludes/static-libraries.xml"/>
178
179	<para><command>chmod 755
180	/usr/lib/{lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.?}</command>:
181	Enable the execute bit to prevent a warning when using
182	<command>ldd</command> to check library dependencies.</para>
183
184	<para><command>cd doc; install ...</command>: These commands install
185	additional package documentation. Omit any or all of these commands if
186	desired.</para>
187	</sect2>
188
189	<sect2 role="configuration">
190	<title>Configuring BIND</title>
191
192	<sect3 id="bind-config">
193	<title>Config files</title>
194
195	<para><filename>named.conf</filename>,
196	<filename>root.hints</filename>,
197	<filename>127.0.0</filename>,
198	<filename>rndc.conf</filename> and
199	<filename>resolv.conf</filename></para>
200
201	<indexterm zone="bind bind-config">
202	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
203	</indexterm>
204
205	<indexterm zone="bind bind-config">
206	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
207	</indexterm>
208
209	<indexterm zone="bind bind-config">
210	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
211	</indexterm>
212
213	<indexterm zone="bind bind-config">
214	<primary
215	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
216	</indexterm>
217
218	<indexterm zone="bind bind-config">
219	<primary
220	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
221	</indexterm>
222	</sect3>
223
224	<sect3>
225	<title>Configuration Information</title>
226
227	<para><application>BIND</application> will be configured to run in a
228	<command>chroot</command> jail as an unprivileged user (<systemitem
229	class="username">named</systemitem>). This configuration is more secure
230	in that a DNS compromise can only affect a few files in the <systemitem
231	class="username">named</systemitem> user's <envar>HOME</envar>
232	directory.</para>
233
234	<para>Create the unprivileged user and group <systemitem
235	class="username">named</systemitem>:</para>
236
237	<screen role="root"><userinput>groupadd -g 20 named &&
238	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
239	install -d -m770 -o named -g named /srv/named</userinput></screen>
240
241	<para>Set up some files, directories and devices needed by
242	<application>BIND</application>:</para>
243
244	<screen role="root"><userinput>cd /srv/named &&
245	mkdir -p dev etc/namedb/{slave,pz} usr/lib/engines var/run/named &&
246	mknod /srv/named/dev/null c 1 3 &&
247	mknod /srv/named/dev/random c 1 8 &&
248	chmod 666 /srv/named/dev/{null,random} &&
249	cp /etc/localtime etc &&
250	touch /srv/named/managed-keys.bind &&
251	cp /usr/lib/engines/libgost.so usr/lib/engines &&
252	[ $(uname -m) = x86_64 ] && ln -sv lib usr/lib64</userinput></screen>
253
254	<para>The <filename>rndc.conf</filename> file contains information for
255	controlling <command>named</command> operations with the
256	<command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
257	<command>rndc-confgen</command> command:</para>
258
259	<screen role="root"><userinput>rndc-confgen -r /dev/urandom -b 512 > /etc/rndc.conf &&
260	sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf</userinput></screen>
261
262	<para>Complete the <filename>named.conf</filename> file from which
263	<command>named</command> will read the location of zone files, root
264	name servers and secure DNS keys:</para>
265
266	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
267	<literal>options {
268	directory "/etc/namedb";
269	pid-file "/var/run/named.pid";
270	statistics-file "/var/run/named.stats";
271
272	};
273	zone "." {
274	type hint;
275	file "root.hints";
276	};
277	zone "0.0.127.in-addr.arpa" {
278	type master;
279	file "pz/127.0.0";
280	};
281
282	// Bind 9 now logs by default through syslog (except debug).
283	// These are the default logging rules.
284
285	logging {
286	category default { default_syslog; default_debug; };
287	category unmatched { null; };
288
289	channel default_syslog {
290	syslog daemon; // send to syslog's daemon
291	// facility
292	severity info; // only send priority info
293	// and higher
294	};
295
296	channel default_debug {
297	file "named.run"; // write to named.run in
298	// the working directory
299	// Note: stderr is used instead
300	// of "named.run"
301	// if the server is started
302	// with the '-f' option.
303	severity dynamic; // log at the server's
304	// current debug level
305	};
306
307	channel default_stderr {
308	stderr; // writes to stderr
309	severity info; // only send priority info
310	// and higher
311	};
312
313	channel null {
314	null; // toss anything sent to
315	// this channel
316	};
317	};</literal>
318	EOF</userinput></screen>
319
320	<para>Create a zone file with the following contents:</para>
321
322	<screen role="root"><userinput>cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
323	<literal>$TTL 3D
324	@ IN SOA ns.local.domain. hostmaster.local.domain. (
325	1 ; Serial
326	8H ; Refresh
327	2H ; Retry
328	4W ; Expire
329	1D) ; Minimum TTL
330	NS ns.local.domain.
331	1 PTR localhost.</literal>
332	EOF</userinput></screen>
333
334	<para>Create the <filename>root.hints</filename> file with the following
335	commands:</para>
336
337	<note>
338	<para>Caution must be used to ensure there are no leading spaces in
339	this file.</para>
340	</note>
341
342	<screen role="root"><userinput>cat > /srv/named/etc/namedb/root.hints << "EOF"
343	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
344	. 6D IN NS B.ROOT-SERVERS.NET.
345	. 6D IN NS C.ROOT-SERVERS.NET.
346	. 6D IN NS D.ROOT-SERVERS.NET.
347	. 6D IN NS E.ROOT-SERVERS.NET.
348	. 6D IN NS F.ROOT-SERVERS.NET.
349	. 6D IN NS G.ROOT-SERVERS.NET.
350	. 6D IN NS H.ROOT-SERVERS.NET.
351	. 6D IN NS I.ROOT-SERVERS.NET.
352	. 6D IN NS J.ROOT-SERVERS.NET.
353	. 6D IN NS K.ROOT-SERVERS.NET.
354	. 6D IN NS L.ROOT-SERVERS.NET.
355	. 6D IN NS M.ROOT-SERVERS.NET.
356	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
357	B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
358	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
359	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
360	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
361	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
362	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
363	H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
364	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
365	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
366	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
367	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
368	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33</literal>
369	EOF</userinput></screen>
370
371	<para>The <filename>root.hints</filename> file is a list of root
372	name servers. This file must be updated periodically with the
373	<command>dig</command> utility. A current copy of root.hints can be
374	obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
375	Consult the <ulink url="http://www.bind9.net/Bv9ARM.html">BIND 9
376	Administrator Reference Manual</ulink> for details.</para>
377
378	<para>Create or modify <filename>resolv.conf</filename> to use the new
379	name server with the following commands:</para>
380
381	<note>
382	<para>Replace <replaceable><yourdomain.com></replaceable> with
383	your own valid domain name.</para>
384	</note>
385
386	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
387	cat > /etc/resolv.conf << "EOF"
388	<literal>search <replaceable><yourdomain.com></replaceable>
389	nameserver 127.0.0.1</literal>
390	EOF</userinput></screen>
391
392	<para>Set permissions on the <command>chroot</command> jail with the
393	following command:</para>
394
395	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
396
397	</sect3>
398
399	<sect3 id="bind-init">
400	<title>Boot Script</title>
401
402	<para>To start the DNS server at boot, install the
403	<filename>/etc/rc.d/init.d/bind</filename> init script included
404	in the <xref linkend="bootscripts"/> package.</para>
405
406	<indexterm zone="bind bind-init">
407	<primary sortas="f-bind">bind</primary>
408	</indexterm>
409
410	<screen role="root"><userinput>make install-bind</userinput></screen>
411
412	<para>Now start <application>BIND</application> with
413	the new boot script:</para>
414
415	<screen role="root"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
416
417	</sect3>
418
419	<sect3>
420	<title>Testing BIND</title>
421
422	<para>Test out the new <application>BIND</application> 9 installation.
423	First query the local host address with <command>dig</command>:</para>
424
425	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
426
427	<para>Now try an external name lookup, taking note of the speed
428	difference in repeated lookups due to the caching. Run the
429	<command>dig</command> command twice on the same address:</para>
430
431	<screen><userinput>dig www.&lfs-domainname; &&
432	dig www.&lfs-domainname;</userinput></screen>
433
434	<para>You can see almost instantaneous results with the named caching
435	lookups. Consult the <application>BIND</application> Administrator
436	Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
437	in the package source tree, for further configuration options.</para>
438
439	</sect3>
440
441	</sect2>
442
443	<sect2 role="content">
444	<title>Contents</title>
445
446	<segmentedlist>
447	<segtitle>Installed Programs</segtitle>
448	<segtitle>Installed Libraries</segtitle>
449	<segtitle>Installed Directories</segtitle>
450
451	<seglistitem>
452	<seg>arpaname, ddns-confgen, dig, dnssec-checkds, dnssec-coverage,
453	dnssec-dsfromkey, dnssec-keyfromlabel, dnssec-keygen, dnssec-revoke,
454	dnssec-settime, dnssec-signzone, dnssec-verify, genrandom, host,
455	isc-config.sh, isc-hmac-fixup, lwresd, named, named-checkconf,
456	named-checkzone, named-journalprint, nsec3hash, nslookup, nsupdate, rndc
457	and rndc-confgen</seg>
458	<seg>libbind9.so, libdns.so, libisccc.so, libisccfg.so, libisc.so and
459	liblwres.so</seg>
460	<seg>/srv/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst,
461	/usr/include/isc, /usr/include/isccc, /usr/include/isccfg,
462	/usr/include/lwres and /usr/share/doc/bind-&bind-version;</seg>
463	</seglistitem>
464	</segmentedlist>
465
466	<variablelist>
467	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
468	<?dbfo list-presentation="list"?>
469	<?dbhtml list-presentation="table"?>
470
471	<varlistentry id="dig">
472	<term><command>dig</command></term>
473	<listitem>
474	<para>interrogates DNS servers.</para>
475	<indexterm zone="bind dig">
476	<primary sortas="b-dig">dig</primary>
477	</indexterm>
478	</listitem>
479	</varlistentry>
480
481	<varlistentry id="dnssec-keygen">
482	<term><command>dnssec-keygen</command></term>
483	<listitem>
484	<para>is a key generator for secure DNS.</para>
485	<indexterm zone="bind dnssec-keygen">
486	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
487	</indexterm>
488	</listitem>
489	</varlistentry>
490
491	<varlistentry id="dnssec-signzone">
492	<term><command>dnssec-signzone</command></term>
493	<listitem>
494	<para>generates signed versions of zone files.</para>
495	<indexterm zone="bind dnssec-signzone">
496	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
497	</indexterm>
498	</listitem>
499	</varlistentry>
500
501	<varlistentry id="host">
502	<term><command>host</command></term>
503	<listitem>
504	<para>is a utility for DNS lookups.</para>
505	<indexterm zone="bind host">
506	<primary sortas="b-host">host</primary>
507	</indexterm>
508	</listitem>
509	</varlistentry>
510
511	<varlistentry id="lwresd">
512	<term><command>lwresd</command></term>
513	<listitem>
514	<para>is a caching-only name server for local process use.</para>
515	<indexterm zone="bind lwresd">
516	<primary sortas="b-lwresd">lwresd</primary>
517	</indexterm>
518	</listitem>
519	</varlistentry>
520
521	<varlistentry id="named">
522	<term><command>named</command></term>
523	<listitem>
524	<para>is the name server daemon.</para>
525	<indexterm zone="bind named">
526	<primary sortas="b-named">named</primary>
527	</indexterm>
528	</listitem>
529	</varlistentry>
530
531	<varlistentry id="named-checkconf">
532	<term><command>named-checkconf</command></term>
533	<listitem>
534	<para>checks the syntax of <filename>named.conf</filename>
535	files.</para>
536	<indexterm zone="bind named-checkconf">
537	<primary sortas="b-named-checkconf">named-checkconf</primary>
538	</indexterm>
539	</listitem>
540	</varlistentry>
541
542	<varlistentry id="named-checkzone">
543	<term><command>named-checkzone</command></term>
544	<listitem>
545	<para>checks zone file validity.</para>
546	<indexterm zone="bind named-checkzone">
547	<primary sortas="b-named-checkzone">named-checkzone</primary>
548	</indexterm>
549	</listitem>
550	</varlistentry>
551
552	<varlistentry id="nslookup">
553	<term><command>nslookup</command></term>
554	<listitem>
555	<para>is a program used to query Internet domain nameservers.</para>
556	<indexterm zone="bind nslookup">
557	<primary sortas="b-nslookup">nslookup</primary>
558	</indexterm>
559	</listitem>
560	</varlistentry>
561
562	<varlistentry id="nsupdate">
563	<term><command>nsupdate</command></term>
564	<listitem>
565	<para>is used to submit DNS update requests.</para>
566	<indexterm zone="bind nsupdate">
567	<primary sortas="b-nsupdate">nsupdate</primary>
568	</indexterm>
569	</listitem>
570	</varlistentry>
571
572	<varlistentry id="rndc">
573	<term><command>rndc</command></term>
574	<listitem>
575	<para>controls the operation of <application>BIND</application>.</para>
576	<indexterm zone="bind rndc">
577	<primary sortas="b-rndc">rndc</primary>
578	</indexterm>
579	</listitem>
580	</varlistentry>
581
582	<varlistentry id="rndc-confgen">
583	<term><command>rndc-confgen</command></term>
584	<listitem>
585	<para>generates <filename>rndc.conf</filename> files.</para>
586	<indexterm zone="bind rndc-confgen">
587	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
588	</indexterm>
589	</listitem>
590	</varlistentry>
591
592	</variablelist>
593
594	</sect2>
595
596	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/major/bind.xml@ c67fbf64

Download in other formats: