Changeset 16473a92

Timestamp:

12/10/2004 03:33:21 AM (19 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

89033ca

Parents:

30e1539

Message:

Updated BIND server instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3095 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• introduction/welcome/changelog.xml (modified) (1 diff)
• server/other/bind.xml (modified) (15 diffs)

introduction/welcome/changelog.xml

@@ -25 +25 @@
 <listitem><para>December 9th, 2004 [randy]: Added a chown command to the 
 GStreamer instructions to fix incorrect permissions on installed 
-documentation; added Net::DNS Perl Module (and dependency 
-modules).</para></listitem>
+documentation; added Net::DNS Perl Module (and dependency modules); modified 
+BIND server instructions to build shared libraries and multi-threaded 
+binaries, install additional documentation, removed BDB dependency and 
+instructions to run the full test suite.</para></listitem>
 
 <listitem><para>December 8th, 2004 [igor]: Changed ProFTPD login shell

server/other/bind.xml

@@ -8 +8 @@
 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
 <!ENTITY bind-size "4.6 MB">
-<!ENTITY bind-buildsize "138 MB">
-<!ENTITY bind-time "0.67 SBU">
-
+<!ENTITY bind-buildsize "87 MB">
+<!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)">
 ]>
 
@@ -22 +21 @@
 
 <sect2>
-<title>Introduction to <application><acronym>BIND</acronym></application></title>
+<title>Introduction to 
+<application><acronym>BIND</acronym></application></title>
 
 <para>The <application><acronym>BIND</acronym></application> package
 provides a <acronym>DNS</acronym> server and client utilities. If you
-are only interested in the utilities, refer to the <xref linkend="bind-utils"/>.</para>
+are only interested in the utilities, refer to the 
+<xref linkend="bind-utils"/>.</para>
 
 <sect3><title>Package information</title>
 <itemizedlist spacing='compact'>
-<listitem><para>Download (HTTP): <ulink url="&bind-download-http;"/></para></listitem>
-<listitem><para>Download (FTP): <ulink url="&bind-download-ftp;"/></para></listitem>
-<listitem><para>Download size: &bind-size;</para></listitem>
-<listitem><para>Estimated Disk space required: &bind-buildsize;</para></listitem>
-<listitem><para>Estimated build time: &bind-time;</para></listitem></itemizedlist>
+<listitem><para>Download (HTTP): 
+<ulink url="&bind-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): 
+<ulink url="&bind-download-ftp;"/></para></listitem>
+<listitem><para>Download size: 
+&bind-size;</para></listitem>
+<listitem><para>Estimated disk space required: 
+&bind-buildsize;</para></listitem>
+<listitem><para>Estimated build time: 
+&bind-time;</para></listitem></itemizedlist>
 </sect3>
 
-<sect3><title><application><acronym>BIND</acronym></application> dependencies</title>
+<sect3><title><application><acronym>BIND</acronym></application> 
+dependencies</title>
 <sect4><title>Optional</title>
-<para>
-<xref linkend="openssl"/>,
-<xref linkend="db"/>,
-<xref linkend="openjade"/> and
-<xref linkend="jadetex"/>
-</para></sect4>
+<para><xref linkend="openssl"/></para>
+</sect4>
+
+<sect4><title>Optional (to run the full test suite)</title>
+<para><xref linkend="net-tools"/> (for <command>ifconfig</command>) and 
+<xref linkend="perl-modules"/>: Net-DNS</para>
+</sect4>
+
+<sect4><title>Optional (to [re]build documentation)</title>
+<para><xref linkend="openjade"/>, 
+<xref linkend="jadetex"/>, 
+<xref linkend="docbook-dsssl"/></para>
+</sect4>
 </sect3>
 
@@ -50 +64 @@
 
 <sect2>
-<title>Installation of <application><acronym>BIND</acronym></application></title>
+<title>Installation of 
+<application><acronym>BIND</acronym></application></title>
 
 <para>Install <application><acronym>BIND</acronym></application> by
 running the following commands:</para>
 
-<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
+<screen><userinput><command>sed -i -e "s/dsssl-stylesheets/&amp;-1.78/g" configure &amp;&amp;
+./configure --prefix=/usr --sysconfdir=/etc \
+    --enable-threads --with-libtool &amp;&amp;
 make &amp;&amp;
-make install</command></userinput></screen>
+make install &amp;&amp;
+chmod 755 \
+    /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} &amp;&amp;
+mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &amp;&amp;
+cd doc &amp;&amp;
+install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &amp;&amp;
+install -m644 arm/*.html \
+    /usr/share/doc/bind-9.3.0/arm &amp;&amp;
+install -m644 draft/*.txt \
+    /usr/share/doc/bind-9.3.0/draft &amp;&amp;
+install -m644 rfc/* \
+    /usr/share/doc/bind-9.3.0/rfc &amp;&amp;
+install -m644 misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
+    /usr/share/doc/bind-9.3.0/misc</command></userinput></screen>
+
+<para>In order to run the complete test suite before installing the 
+package, you need to set up some dummy interfaces (requires 
+<command>ifconfig</command>). Issue the following commands to run the 
+complete suite of tests:</para>
+
+<screen><userinput><command>bin/tests/system/ifconfig.sh up &amp;&amp;
+make check &gt;check.log 2&gt;&amp;1 &amp;&amp;
+bin/tests/system/ifconfig.sh down</command></userinput></screen>
+
+<para>If desired, issue the following command to ensure all 145 tests ran 
+successfully:</para>
+
+<screen><userinput><command>grep "R:PASS" check.log | wc -l</command></userinput></screen>
+
+</sect2>
+
+<sect2>
+<title>Command explanations</title>
+
+<para><command>sed -i -e ... configure</command>: This command forces 
+<command>configure</command> to look for the <acronym>DSSSL</acronym> 
+stylesheets in the standard <acronym>BLFS</acronym> location.</para>
+
+<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces 
+<application><acronym>BIND</acronym></application> to look for configuration 
+files in <filename class='directory'>/etc</filename> instead of 
+<filename class='directory'>/usr/etc</filename>.</para>
+
+<para><parameter>--enable-threads</parameter>: This parameter enables 
+multi-threading capability.</para>
+
+<para><parameter>--with-libtool</parameter>: This parameter forces the 
+building of dynamic libraries and links the installed binaries to these 
+libraries.</para>
+
+<para><command>cd doc; install ...</command>: These commands install the 
+additional package documentation. Optionally, omit any or all of these 
+commands.</para>
 
 </sect2>
@@ -66 +135 @@
 
 <sect3><title>Config files</title>
-<para><filename>named.conf</filename>, <filename>root.hints</filename>,
+<para><filename>named.conf</filename>, <filename>root.hints</filename>, 
 <filename>127.0.0</filename>, <filename>rndc.conf</filename></para>
 </sect3>
@@ -72 +141 @@
 <sect3><title>Configuration Information</title>
 
-<para><application><acronym>BIND</acronym></application> will configured
-to run in a chroot jail as an unprivileged user (named). This configuration 
-is more secure in that a <acronym>DNS</acronym> compromise can only affect 
-a few files in the named user's <envar>HOME</envar> directory.</para> 
+<para><application><acronym>BIND</acronym></application> will be configured 
+to run in a <command>chroot</command> jail as an unprivileged user (named). 
+This configuration is more secure in that a <acronym>DNS</acronym> compromise 
+can only affect a few files in the named user's <envar>HOME</envar> 
+directory.</para> 
 
 <para>Create the unprivileged user and group named:</para>
 
 <screen><userinput><command>groupadd named &amp;&amp;
-useradd -m -g named -s /bin/false named</command></userinput></screen>
-
-<para>Set up some files, directories and devices needed by
+useradd -m -c "BIND Owner" -g named -s /bin/false named</command></userinput></screen>
+
+<para>Set up some files, directories and devices needed by 
 <application><acronym>BIND</acronym></application>:</para>
 
@@ -99 +169 @@
 <screen><userinput><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>
 
-<para>Create the <filename>named.conf</filename> file from which named
-will read the location of zone files, root name servers and secure
+<para>Create the <filename>named.conf</filename> file from which named 
+will read the location of zone files, root name servers and secure 
 <acronym>DNS</acronym> keys:</para>
 
@@ -167 +237 @@
 <command>EOF</command></userinput></screen>
 
-<para>Create the <filename>rndc.conf</filename> with the following commands:</para>
-                                                                                                                     
+<para>Create the <filename>rndc.conf</filename> file with the following 
+commands:</para>
+
 <screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
 key rndc_key {
@@ -180 +251 @@
 };
 <command>EOF</command></userinput></screen>
-                                                                                                                     
-<para>The <filename>rndc.conf</filename> file contains information for
-controlling named operations with the <command>rndc</command>
+
+<para>The <filename>rndc.conf</filename> file contains information for 
+controlling named operations with the <command>rndc</command> 
 utility.</para>
 
@@ -202 +273 @@
 commands:</para>
 
-<note><para>Caution must be used to ensure no leading spaces in this
+<note><para>Caution must be used to ensure there are no leading spaces in this 
 file.</para></note>
 
@@ -234 +305 @@
 <command>EOF</command></userinput></screen>
 
-<para>The <filename>root.hints</filename> file is a list of root name
-servers. This file must be updated periodically with the
-<command>dig</command> utility.  A current copy of root.hints can be
-obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
-Consult the <ulink url="http://www.bind9.net/Bv9ARM.html"><application><acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> for
-details.</para>
-
-<para>Create or modify <filename>resolv.conf</filename> to use the new
+<para>The <filename>root.hints</filename> file is a list of root name servers. 
+This file must be updated periodically with the <command>dig</command> 
+utility.  A current copy of root.hints can be obtained from 
+<ulink url="ftp://rs.internic.net/domain/named.root" />. Consult the 
+<ulink url="http://www.bind9.net/Bv9ARM.html"><application>
+<acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> 
+for details.</para>
+
+<para>Create or modify <filename>resolv.conf</filename> to use the new 
 name server with the following commands:</para>
 
-<note><para>Replace yourdomain.com with your own valid domain
-name.</para></note>
+<note><para>Replace <replaceable>[yourdomain.com]</replaceable> with your own 
+valid domain name.</para></note>
 
 <screen><userinput><command>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
@@ -253 +325 @@
 <command>EOF</command></userinput></screen>
 
-<para>Set permissions on the chroot jail with the following
-command:</para>
+<para>Set permissions on the <command>chroot</command> jail with the 
+following command:</para>
 
 <screen><userinput><command>chown -R named.named /home/named</command></userinput></screen>
 
-<para>To start the DNS server at boot, install the <filename>/etc/rc.d/init.d/bind</filename>
-init script included in the <xref linkend="intro-important-bootscripts"/> package.</para>
-                                                                                                                
+<para>To start the <acronym>DNS</acronym> server at boot, install the 
+<filename>/etc/rc.d/init.d/bind</filename> init script included in the 
+<xref linkend="intro-important-bootscripts"/> package.</para>
+
 <screen><userinput><command>make install-bind</command></userinput></screen>
 
@@ -279 +352 @@
 
 <para>Now try an external name lookup, taking note of the speed
-difference in repeated lookups due to the caching. Run the dig command
-twice on the same address:</para>
-
-<para><screen><userinput><command>dig www.linuxfromscratch.org &amp;&amp;
+difference in repeated lookups due to the caching. Run the 
+<command>dig</command> command twice on the same address:</para>
+
+<screen><userinput><command>dig www.linuxfromscratch.org &amp;&amp;
 dig www.linuxfromscratch.org</command></userinput></screen>
-You can see almost instantaneous results with the named caching lookups.
-Consult <filename>bind-&bind-version;/doc/arm/Bv9ARM.html</filename>,
-the <application><acronym>BIND</acronym></application> Administrator
-Reference Manual for further configuration options.</para>
-
+
+<para>You can see almost instantaneous results with the named caching lookups. 
+Consult the <application><acronym>BIND</acronym></application> Administrator 
+Reference Manual located at 
+<filename>doc/arm/Bv9ARM.html</filename> in the package source tree, for 
+further configuration options.</para>
 </sect3>
 
@@ -296 +370 @@
 <title>Contents</title>
 
-<para>The <application><acronym>BIND</acronym></application> package contains
-<command>dig</command>,
-<command>host</command>,
-<command>isc-config.sh</command>,
-<command>nslookup</command>,
-<command>rndc</command>,
-<command>rndc-confgen</command>,
-<command>named-checkconf</command>,
-<command>named-checkzone</command>,
-<command>lwresd</command>,
-<command>named</command>,
-<command>dnssec-signzone</command>,
-<command>dnssec-signkey</command>,
-<command>dnssec-keygen</command>,
-<command>dnssec-makekeyset</command> and
-<command>nsupdate</command>.</para>
+<para>The <application><acronym>BIND</acronym></application> package contains 
+<command>dig</command>, 
+<command>dnssec-keygen</command>, 
+<command>dnssec-signzone</command>, 
+<command>host</command>, 
+<command>isc-config.sh</command>, 
+<command>lwresd</command>, 
+<command>named</command>, 
+<command>named-checkconf</command>, 
+<command>named-checkzone</command>, 
+<command>nslookup</command>, 
+<command>nsupdate</command>, 
+<command>rndc</command>, 
+<command>rndc-confgen</command>, 
+<filename class='libraryfile'>libbind9</filename>, 
+<filename class='libraryfile'>libdns</filename>, 
+<filename class='libraryfile'>libisc</filename>, 
+<filename class='libraryfile'>libisccc</filename>, 
+<filename class='libraryfile'>libisccfg</filename> and 
+<filename class='libraryfile'>liblwres</filename>.</para>
 </sect2>
 
@@ -320 +398 @@
 servers.</para></sect3>
 
+<sect3><title>dnssec-keygen</title>
+<para><command>dnssec-keygen</command> is a key generator for secure
+<acronym>DNS</acronym>.</para></sect3>
+
+<sect3><title>dnssec-signzone</title>
+<para><command>dnssec-signzone</command> generates signed versions of
+zone files.</para></sect3>
+
 <sect3><title>host</title>
 <para><command>host</command> is a utility for <acronym>DNS</acronym>
 lookups.</para></sect3>
 
+<sect3><title>lwresd</title>
+<para><command>lwresd</command> is a caching-only name server for local
+process use.</para></sect3>
+
+<sect3><title>named</title>
+<para><command>named</command> is the name server daemon.</para></sect3>
+
+<sect3><title>named-checkconf</title>
+<para><command>named-checkconf</command> checks the syntax of
+<filename>named.conf</filename> files.</para></sect3>
+
+<sect3><title>named-checkzone</title>
+<para><command>named-checkzone</command> checks zone file
+validity.</para></sect3>
+
 <sect3><title>nslookup</title>
 <para><command>nslookup</command> is a program used to query Internet
 domain nameservers.</para></sect3>
 
+<sect3><title>nsupdate</title>
+<para><command>nsupdate</command> is used to submit
+<acronym>DNS</acronym> update requests.</para></sect3>
+
 <sect3><title>rndc</title>
 <para><command>rndc</command> controls the operation of
@@ -336 +441 @@
 <filename>rndc.conf</filename> files.</para></sect3>
 
-<sect3><title>named-checkconf</title>
-<para><command>named-checkconf</command> checks the syntax of
-<filename>named.conf</filename> files.</para></sect3>
-
-<sect3><title>named-checkzone</title>
-<para><command>named-checkzone</command> checks zone file
-validity.</para></sect3>
-
-<sect3><title>lwresd</title>
-<para><command>lwresd</command> is a caching-only name server for local
-process use.</para></sect3>
-
-<sect3><title>named</title>
-<para><command>named</command> is the name server daemon.</para></sect3>
-
-<sect3><title>dnssec-signzone</title>
-<para><command>dnssec-signzone</command> generates signed versions of
-zone files.</para></sect3>
-
-<sect3><title>dnssec-signkey</title>
-<para><command>dnssec-signkey</command> signs zone file key
-sets.</para></sect3>
-
-<sect3><title>dnssec-keygen</title>
-<para><command>dnssec-keygen</command> is a key generator for secure
-<acronym>DNS</acronym>.</para></sect3>
-
-<sect3><title>dnssec-makekeyset</title>
-<para><command>dnssec-makekeyset</command> generates a key set from one
-or more keys created by dnssec-keygen.</para></sect3>
-
-<sect3><title>nsupdate</title>
-<para><command>nsupdate</command> is used to submit
-<acronym>DNS</acronym> update requests.</para></sect3>
-
 </sect2>