Changeset 16473a92
- Timestamp:
- 12/10/2004 03:33:21 AM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 89033ca
- Parents:
- 30e1539
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
introduction/welcome/changelog.xml
r30e1539 r16473a92 25 25 <listitem><para>December 9th, 2004 [randy]: Added a chown command to the 26 26 GStreamer instructions to fix incorrect permissions on installed 27 documentation; added Net::DNS Perl Module (and dependency 28 modules).</para></listitem> 27 documentation; added Net::DNS Perl Module (and dependency modules); modified 28 BIND server instructions to build shared libraries and multi-threaded 29 binaries, install additional documentation, removed BDB dependency and 30 instructions to run the full test suite.</para></listitem> 29 31 30 32 <listitem><para>December 8th, 2004 [igor]: Changed ProFTPD login shell -
server/other/bind.xml
r30e1539 r16473a92 8 8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz"> 9 9 <!ENTITY bind-size "4.6 MB"> 10 <!ENTITY bind-buildsize "138 MB"> 11 <!ENTITY bind-time "0.67 SBU"> 12 10 <!ENTITY bind-buildsize "87 MB"> 11 <!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)"> 13 12 ]> 14 13 … … 22 21 23 22 <sect2> 24 <title>Introduction to <application><acronym>BIND</acronym></application></title> 23 <title>Introduction to 24 <application><acronym>BIND</acronym></application></title> 25 25 26 26 <para>The <application><acronym>BIND</acronym></application> package 27 27 provides a <acronym>DNS</acronym> server and client utilities. If you 28 are only interested in the utilities, refer to the <xref linkend="bind-utils"/>.</para> 28 are only interested in the utilities, refer to the 29 <xref linkend="bind-utils"/>.</para> 29 30 30 31 <sect3><title>Package information</title> 31 32 <itemizedlist spacing='compact'> 32 <listitem><para>Download (HTTP): <ulink url="&bind-download-http;"/></para></listitem> 33 <listitem><para>Download (FTP): <ulink url="&bind-download-ftp;"/></para></listitem> 34 <listitem><para>Download size: &bind-size;</para></listitem> 35 <listitem><para>Estimated Disk space required: &bind-buildsize;</para></listitem> 36 <listitem><para>Estimated build time: &bind-time;</para></listitem></itemizedlist> 33 <listitem><para>Download (HTTP): 34 <ulink url="&bind-download-http;"/></para></listitem> 35 <listitem><para>Download (FTP): 36 <ulink url="&bind-download-ftp;"/></para></listitem> 37 <listitem><para>Download size: 38 &bind-size;</para></listitem> 39 <listitem><para>Estimated disk space required: 40 &bind-buildsize;</para></listitem> 41 <listitem><para>Estimated build time: 42 &bind-time;</para></listitem></itemizedlist> 37 43 </sect3> 38 44 39 <sect3><title><application><acronym>BIND</acronym></application> dependencies</title> 45 <sect3><title><application><acronym>BIND</acronym></application> 46 dependencies</title> 40 47 <sect4><title>Optional</title> 41 <para> 42 <xref linkend="openssl"/>, 43 <xref linkend="db"/>, 44 <xref linkend="openjade"/> and 45 <xref linkend="jadetex"/> 46 </para></sect4> 48 <para><xref linkend="openssl"/></para> 49 </sect4> 50 51 <sect4><title>Optional (to run the full test suite)</title> 52 <para><xref linkend="net-tools"/> (for <command>ifconfig</command>) and 53 <xref linkend="perl-modules"/>: Net-DNS</para> 54 </sect4> 55 56 <sect4><title>Optional (to [re]build documentation)</title> 57 <para><xref linkend="openjade"/>, 58 <xref linkend="jadetex"/>, 59 <xref linkend="docbook-dsssl"/></para> 60 </sect4> 47 61 </sect3> 48 62 … … 50 64 51 65 <sect2> 52 <title>Installation of <application><acronym>BIND</acronym></application></title> 66 <title>Installation of 67 <application><acronym>BIND</acronym></application></title> 53 68 54 69 <para>Install <application><acronym>BIND</acronym></application> by 55 70 running the following commands:</para> 56 71 57 <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc && 72 <screen><userinput><command>sed -i -e "s/dsssl-stylesheets/&-1.78/g" configure && 73 ./configure --prefix=/usr --sysconfdir=/etc \ 74 --enable-threads --with-libtool && 58 75 make && 59 make install</command></userinput></screen> 76 make install && 77 chmod 755 \ 78 /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} && 79 mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 && 80 cd doc && 81 install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} && 82 install -m644 arm/*.html \ 83 /usr/share/doc/bind-9.3.0/arm && 84 install -m644 draft/*.txt \ 85 /usr/share/doc/bind-9.3.0/draft && 86 install -m644 rfc/* \ 87 /usr/share/doc/bind-9.3.0/rfc && 88 install -m644 misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \ 89 /usr/share/doc/bind-9.3.0/misc</command></userinput></screen> 90 91 <para>In order to run the complete test suite before installing the 92 package, you need to set up some dummy interfaces (requires 93 <command>ifconfig</command>). Issue the following commands to run the 94 complete suite of tests:</para> 95 96 <screen><userinput><command>bin/tests/system/ifconfig.sh up && 97 make check >check.log 2>&1 && 98 bin/tests/system/ifconfig.sh down</command></userinput></screen> 99 100 <para>If desired, issue the following command to ensure all 145 tests ran 101 successfully:</para> 102 103 <screen><userinput><command>grep "R:PASS" check.log | wc -l</command></userinput></screen> 104 105 </sect2> 106 107 <sect2> 108 <title>Command explanations</title> 109 110 <para><command>sed -i -e ... configure</command>: This command forces 111 <command>configure</command> to look for the <acronym>DSSSL</acronym> 112 stylesheets in the standard <acronym>BLFS</acronym> location.</para> 113 114 <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces 115 <application><acronym>BIND</acronym></application> to look for configuration 116 files in <filename class='directory'>/etc</filename> instead of 117 <filename class='directory'>/usr/etc</filename>.</para> 118 119 <para><parameter>--enable-threads</parameter>: This parameter enables 120 multi-threading capability.</para> 121 122 <para><parameter>--with-libtool</parameter>: This parameter forces the 123 building of dynamic libraries and links the installed binaries to these 124 libraries.</para> 125 126 <para><command>cd doc; install ...</command>: These commands install the 127 additional package documentation. Optionally, omit any or all of these 128 commands.</para> 60 129 61 130 </sect2> … … 66 135 67 136 <sect3><title>Config files</title> 68 <para><filename>named.conf</filename>, <filename>root.hints</filename>, 137 <para><filename>named.conf</filename>, <filename>root.hints</filename>, 69 138 <filename>127.0.0</filename>, <filename>rndc.conf</filename></para> 70 139 </sect3> … … 72 141 <sect3><title>Configuration Information</title> 73 142 74 <para><application><acronym>BIND</acronym></application> will configured 75 to run in a chroot jail as an unprivileged user (named). This configuration 76 is more secure in that a <acronym>DNS</acronym> compromise can only affect 77 a few files in the named user's <envar>HOME</envar> directory.</para> 143 <para><application><acronym>BIND</acronym></application> will be configured 144 to run in a <command>chroot</command> jail as an unprivileged user (named). 145 This configuration is more secure in that a <acronym>DNS</acronym> compromise 146 can only affect a few files in the named user's <envar>HOME</envar> 147 directory.</para> 78 148 79 149 <para>Create the unprivileged user and group named:</para> 80 150 81 151 <screen><userinput><command>groupadd named && 82 useradd -m - g named -s /bin/false named</command></userinput></screen>83 84 <para>Set up some files, directories and devices needed by 152 useradd -m -c "BIND Owner" -g named -s /bin/false named</command></userinput></screen> 153 154 <para>Set up some files, directories and devices needed by 85 155 <application><acronym>BIND</acronym></application>:</para> 86 156 … … 99 169 <screen><userinput><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen> 100 170 101 <para>Create the <filename>named.conf</filename> file from which named 102 will read the location of zone files, root name servers and secure 171 <para>Create the <filename>named.conf</filename> file from which named 172 will read the location of zone files, root name servers and secure 103 173 <acronym>DNS</acronym> keys:</para> 104 174 … … 167 237 <command>EOF</command></userinput></screen> 168 238 169 <para>Create the <filename>rndc.conf</filename> with the following commands:</para> 170 239 <para>Create the <filename>rndc.conf</filename> file with the following 240 commands:</para> 241 171 242 <screen><userinput><command>cat > /etc/rndc.conf << "EOF"</command> 172 243 key rndc_key { … … 180 251 }; 181 252 <command>EOF</command></userinput></screen> 182 183 <para>The <filename>rndc.conf</filename> file contains information for 184 controlling named operations with the <command>rndc</command> 253 254 <para>The <filename>rndc.conf</filename> file contains information for 255 controlling named operations with the <command>rndc</command> 185 256 utility.</para> 186 257 … … 202 273 commands:</para> 203 274 204 <note><para>Caution must be used to ensure no leading spaces in this275 <note><para>Caution must be used to ensure there are no leading spaces in this 205 276 file.</para></note> 206 277 … … 234 305 <command>EOF</command></userinput></screen> 235 306 236 <para>The <filename>root.hints</filename> file is a list of root name 237 servers. This file must be updated periodically with the 238 <command>dig</command> utility. A current copy of root.hints can be 239 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />. 240 Consult the <ulink url="http://www.bind9.net/Bv9ARM.html"><application><acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> for 241 details.</para> 242 243 <para>Create or modify <filename>resolv.conf</filename> to use the new 307 <para>The <filename>root.hints</filename> file is a list of root name servers. 308 This file must be updated periodically with the <command>dig</command> 309 utility. A current copy of root.hints can be obtained from 310 <ulink url="ftp://rs.internic.net/domain/named.root" />. Consult the 311 <ulink url="http://www.bind9.net/Bv9ARM.html"><application> 312 <acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> 313 for details.</para> 314 315 <para>Create or modify <filename>resolv.conf</filename> to use the new 244 316 name server with the following commands:</para> 245 317 246 <note><para>Replace yourdomain.com with your own valid domain247 name.</para></note>318 <note><para>Replace <replaceable>[yourdomain.com]</replaceable> with your own 319 valid domain name.</para></note> 248 320 249 321 <screen><userinput><command>cp /etc/resolv.conf /etc/resolv.conf.bak && … … 253 325 <command>EOF</command></userinput></screen> 254 326 255 <para>Set permissions on the chroot jail with the following256 command:</para>327 <para>Set permissions on the <command>chroot</command> jail with the 328 following command:</para> 257 329 258 330 <screen><userinput><command>chown -R named.named /home/named</command></userinput></screen> 259 331 260 <para>To start the DNS server at boot, install the <filename>/etc/rc.d/init.d/bind</filename> 261 init script included in the <xref linkend="intro-important-bootscripts"/> package.</para> 262 332 <para>To start the <acronym>DNS</acronym> server at boot, install the 333 <filename>/etc/rc.d/init.d/bind</filename> init script included in the 334 <xref linkend="intro-important-bootscripts"/> package.</para> 335 263 336 <screen><userinput><command>make install-bind</command></userinput></screen> 264 337 … … 279 352 280 353 <para>Now try an external name lookup, taking note of the speed 281 difference in repeated lookups due to the caching. Run the dig command282 twice on the same address:</para>283 284 < para><screen><userinput><command>dig www.linuxfromscratch.org &&354 difference in repeated lookups due to the caching. Run the 355 <command>dig</command> command twice on the same address:</para> 356 357 <screen><userinput><command>dig www.linuxfromscratch.org && 285 358 dig www.linuxfromscratch.org</command></userinput></screen> 286 You can see almost instantaneous results with the named caching lookups. 287 Consult <filename>bind-&bind-version;/doc/arm/Bv9ARM.html</filename>, 288 the <application><acronym>BIND</acronym></application> Administrator 289 Reference Manual for further configuration options.</para> 290 359 360 <para>You can see almost instantaneous results with the named caching lookups. 361 Consult the <application><acronym>BIND</acronym></application> Administrator 362 Reference Manual located at 363 <filename>doc/arm/Bv9ARM.html</filename> in the package source tree, for 364 further configuration options.</para> 291 365 </sect3> 292 366 … … 296 370 <title>Contents</title> 297 371 298 <para>The <application><acronym>BIND</acronym></application> package contains 299 <command>dig</command>, 300 <command>host</command>, 301 <command>isc-config.sh</command>, 302 <command>nslookup</command>, 303 <command>rndc</command>, 304 <command>rndc-confgen</command>, 305 <command>named-checkconf</command>, 306 <command>named-checkzone</command>, 307 <command>lwresd</command>, 308 <command>named</command>, 309 <command>dnssec-signzone</command>, 310 <command>dnssec-signkey</command>, 311 <command>dnssec-keygen</command>, 312 <command>dnssec-makekeyset</command> and 313 <command>nsupdate</command>.</para> 372 <para>The <application><acronym>BIND</acronym></application> package contains 373 <command>dig</command>, 374 <command>dnssec-keygen</command>, 375 <command>dnssec-signzone</command>, 376 <command>host</command>, 377 <command>isc-config.sh</command>, 378 <command>lwresd</command>, 379 <command>named</command>, 380 <command>named-checkconf</command>, 381 <command>named-checkzone</command>, 382 <command>nslookup</command>, 383 <command>nsupdate</command>, 384 <command>rndc</command>, 385 <command>rndc-confgen</command>, 386 <filename class='libraryfile'>libbind9</filename>, 387 <filename class='libraryfile'>libdns</filename>, 388 <filename class='libraryfile'>libisc</filename>, 389 <filename class='libraryfile'>libisccc</filename>, 390 <filename class='libraryfile'>libisccfg</filename> and 391 <filename class='libraryfile'>liblwres</filename>.</para> 314 392 </sect2> 315 393 … … 320 398 servers.</para></sect3> 321 399 400 <sect3><title>dnssec-keygen</title> 401 <para><command>dnssec-keygen</command> is a key generator for secure 402 <acronym>DNS</acronym>.</para></sect3> 403 404 <sect3><title>dnssec-signzone</title> 405 <para><command>dnssec-signzone</command> generates signed versions of 406 zone files.</para></sect3> 407 322 408 <sect3><title>host</title> 323 409 <para><command>host</command> is a utility for <acronym>DNS</acronym> 324 410 lookups.</para></sect3> 325 411 412 <sect3><title>lwresd</title> 413 <para><command>lwresd</command> is a caching-only name server for local 414 process use.</para></sect3> 415 416 <sect3><title>named</title> 417 <para><command>named</command> is the name server daemon.</para></sect3> 418 419 <sect3><title>named-checkconf</title> 420 <para><command>named-checkconf</command> checks the syntax of 421 <filename>named.conf</filename> files.</para></sect3> 422 423 <sect3><title>named-checkzone</title> 424 <para><command>named-checkzone</command> checks zone file 425 validity.</para></sect3> 426 326 427 <sect3><title>nslookup</title> 327 428 <para><command>nslookup</command> is a program used to query Internet 328 429 domain nameservers.</para></sect3> 329 430 431 <sect3><title>nsupdate</title> 432 <para><command>nsupdate</command> is used to submit 433 <acronym>DNS</acronym> update requests.</para></sect3> 434 330 435 <sect3><title>rndc</title> 331 436 <para><command>rndc</command> controls the operation of … … 336 441 <filename>rndc.conf</filename> files.</para></sect3> 337 442 338 <sect3><title>named-checkconf</title>339 <para><command>named-checkconf</command> checks the syntax of340 <filename>named.conf</filename> files.</para></sect3>341 342 <sect3><title>named-checkzone</title>343 <para><command>named-checkzone</command> checks zone file344 validity.</para></sect3>345 346 <sect3><title>lwresd</title>347 <para><command>lwresd</command> is a caching-only name server for local348 process use.</para></sect3>349 350 <sect3><title>named</title>351 <para><command>named</command> is the name server daemon.</para></sect3>352 353 <sect3><title>dnssec-signzone</title>354 <para><command>dnssec-signzone</command> generates signed versions of355 zone files.</para></sect3>356 357 <sect3><title>dnssec-signkey</title>358 <para><command>dnssec-signkey</command> signs zone file key359 sets.</para></sect3>360 361 <sect3><title>dnssec-keygen</title>362 <para><command>dnssec-keygen</command> is a key generator for secure363 <acronym>DNS</acronym>.</para></sect3>364 365 <sect3><title>dnssec-makekeyset</title>366 <para><command>dnssec-makekeyset</command> generates a key set from one367 or more keys created by dnssec-keygen.</para></sect3>368 369 <sect3><title>nsupdate</title>370 <para><command>nsupdate</command> is used to submit371 <acronym>DNS</acronym> update requests.</para></sect3>372 373 443 </sect2> 374 444
Note:
See TracChangeset
for help on using the changeset viewer.