Changeset 16473a92


Ignore:
Timestamp:
12/10/2004 03:33:21 AM (17 years ago)
Author:
Randy McMurchy <randy@…>
Branches:
10.0, 10.1, 11.0, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, krejzi/svn, nosym, perl-modules, qt5new, systemd-11177, systemd-13485, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
89033ca
Parents:
30e1539
Message:

Updated BIND server instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3095 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • introduction/welcome/changelog.xml

    r30e1539 r16473a92  
    2525<listitem><para>December 9th, 2004 [randy]: Added a chown command to the
    2626GStreamer instructions to fix incorrect permissions on installed
    27 documentation; added Net::DNS Perl Module (and dependency
    28 modules).</para></listitem>
     27documentation; added Net::DNS Perl Module (and dependency modules); modified
     28BIND server instructions to build shared libraries and multi-threaded
     29binaries, install additional documentation, removed BDB dependency and
     30instructions to run the full test suite.</para></listitem>
    2931
    3032<listitem><para>December 8th, 2004 [igor]: Changed ProFTPD login shell
  • server/other/bind.xml

    r30e1539 r16473a92  
    88<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
    99<!ENTITY bind-size "4.6 MB">
    10 <!ENTITY bind-buildsize "138 MB">
    11 <!ENTITY bind-time "0.67 SBU">
    12 
     10<!ENTITY bind-buildsize "87 MB">
     11<!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)">
    1312]>
    1413
     
    2221
    2322<sect2>
    24 <title>Introduction to <application><acronym>BIND</acronym></application></title>
     23<title>Introduction to
     24<application><acronym>BIND</acronym></application></title>
    2525
    2626<para>The <application><acronym>BIND</acronym></application> package
    2727provides a <acronym>DNS</acronym> server and client utilities. If you
    28 are only interested in the utilities, refer to the <xref linkend="bind-utils"/>.</para>
     28are only interested in the utilities, refer to the
     29<xref linkend="bind-utils"/>.</para>
    2930
    3031<sect3><title>Package information</title>
    3132<itemizedlist spacing='compact'>
    32 <listitem><para>Download (HTTP): <ulink url="&bind-download-http;"/></para></listitem>
    33 <listitem><para>Download (FTP): <ulink url="&bind-download-ftp;"/></para></listitem>
    34 <listitem><para>Download size: &bind-size;</para></listitem>
    35 <listitem><para>Estimated Disk space required: &bind-buildsize;</para></listitem>
    36 <listitem><para>Estimated build time: &bind-time;</para></listitem></itemizedlist>
     33<listitem><para>Download (HTTP):
     34<ulink url="&bind-download-http;"/></para></listitem>
     35<listitem><para>Download (FTP):
     36<ulink url="&bind-download-ftp;"/></para></listitem>
     37<listitem><para>Download size:
     38&bind-size;</para></listitem>
     39<listitem><para>Estimated disk space required:
     40&bind-buildsize;</para></listitem>
     41<listitem><para>Estimated build time:
     42&bind-time;</para></listitem></itemizedlist>
    3743</sect3>
    3844
    39 <sect3><title><application><acronym>BIND</acronym></application> dependencies</title>
     45<sect3><title><application><acronym>BIND</acronym></application>
     46dependencies</title>
    4047<sect4><title>Optional</title>
    41 <para>
    42 <xref linkend="openssl"/>,
    43 <xref linkend="db"/>,
    44 <xref linkend="openjade"/> and
    45 <xref linkend="jadetex"/>
    46 </para></sect4>
     48<para><xref linkend="openssl"/></para>
     49</sect4>
     50
     51<sect4><title>Optional (to run the full test suite)</title>
     52<para><xref linkend="net-tools"/> (for <command>ifconfig</command>) and
     53<xref linkend="perl-modules"/>: Net-DNS</para>
     54</sect4>
     55
     56<sect4><title>Optional (to [re]build documentation)</title>
     57<para><xref linkend="openjade"/>,
     58<xref linkend="jadetex"/>,
     59<xref linkend="docbook-dsssl"/></para>
     60</sect4>
    4761</sect3>
    4862
     
    5064
    5165<sect2>
    52 <title>Installation of <application><acronym>BIND</acronym></application></title>
     66<title>Installation of
     67<application><acronym>BIND</acronym></application></title>
    5368
    5469<para>Install <application><acronym>BIND</acronym></application> by
    5570running the following commands:</para>
    5671
    57 <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
     72<screen><userinput><command>sed -i -e "s/dsssl-stylesheets/&amp;-1.78/g" configure &amp;&amp;
     73./configure --prefix=/usr --sysconfdir=/etc \
     74    --enable-threads --with-libtool &amp;&amp;
    5875make &amp;&amp;
    59 make install</command></userinput></screen>
     76make install &amp;&amp;
     77chmod 755 \
     78    /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} &amp;&amp;
     79mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &amp;&amp;
     80cd doc &amp;&amp;
     81install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &amp;&amp;
     82install -m644 arm/*.html \
     83    /usr/share/doc/bind-9.3.0/arm &amp;&amp;
     84install -m644 draft/*.txt \
     85    /usr/share/doc/bind-9.3.0/draft &amp;&amp;
     86install -m644 rfc/* \
     87    /usr/share/doc/bind-9.3.0/rfc &amp;&amp;
     88install -m644 misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
     89    /usr/share/doc/bind-9.3.0/misc</command></userinput></screen>
     90
     91<para>In order to run the complete test suite before installing the
     92package, you need to set up some dummy interfaces (requires
     93<command>ifconfig</command>). Issue the following commands to run the
     94complete suite of tests:</para>
     95
     96<screen><userinput><command>bin/tests/system/ifconfig.sh up &amp;&amp;
     97make check &gt;check.log 2&gt;&amp;1 &amp;&amp;
     98bin/tests/system/ifconfig.sh down</command></userinput></screen>
     99
     100<para>If desired, issue the following command to ensure all 145 tests ran
     101successfully:</para>
     102
     103<screen><userinput><command>grep "R:PASS" check.log | wc -l</command></userinput></screen>
     104
     105</sect2>
     106
     107<sect2>
     108<title>Command explanations</title>
     109
     110<para><command>sed -i -e ... configure</command>: This command forces
     111<command>configure</command> to look for the <acronym>DSSSL</acronym>
     112stylesheets in the standard <acronym>BLFS</acronym> location.</para>
     113
     114<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
     115<application><acronym>BIND</acronym></application> to look for configuration
     116files in <filename class='directory'>/etc</filename> instead of
     117<filename class='directory'>/usr/etc</filename>.</para>
     118
     119<para><parameter>--enable-threads</parameter>: This parameter enables
     120multi-threading capability.</para>
     121
     122<para><parameter>--with-libtool</parameter>: This parameter forces the
     123building of dynamic libraries and links the installed binaries to these
     124libraries.</para>
     125
     126<para><command>cd doc; install ...</command>: These commands install the
     127additional package documentation. Optionally, omit any or all of these
     128commands.</para>
    60129
    61130</sect2>
     
    66135
    67136<sect3><title>Config files</title>
    68 <para><filename>named.conf</filename>, <filename>root.hints</filename>,
     137<para><filename>named.conf</filename>, <filename>root.hints</filename>, 
    69138<filename>127.0.0</filename>, <filename>rndc.conf</filename></para>
    70139</sect3>
     
    72141<sect3><title>Configuration Information</title>
    73142
    74 <para><application><acronym>BIND</acronym></application> will configured
    75 to run in a chroot jail as an unprivileged user (named). This configuration
    76 is more secure in that a <acronym>DNS</acronym> compromise can only affect
    77 a few files in the named user's <envar>HOME</envar> directory.</para>
     143<para><application><acronym>BIND</acronym></application> will be configured
     144to run in a <command>chroot</command> jail as an unprivileged user (named).
     145This configuration is more secure in that a <acronym>DNS</acronym> compromise
     146can only affect a few files in the named user's <envar>HOME</envar>
     147directory.</para>
    78148
    79149<para>Create the unprivileged user and group named:</para>
    80150
    81151<screen><userinput><command>groupadd named &amp;&amp;
    82 useradd -m -g named -s /bin/false named</command></userinput></screen>
    83 
    84 <para>Set up some files, directories and devices needed by
     152useradd -m -c "BIND Owner" -g named -s /bin/false named</command></userinput></screen>
     153
     154<para>Set up some files, directories and devices needed by 
    85155<application><acronym>BIND</acronym></application>:</para>
    86156
     
    99169<screen><userinput><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>
    100170
    101 <para>Create the <filename>named.conf</filename> file from which named
    102 will read the location of zone files, root name servers and secure
     171<para>Create the <filename>named.conf</filename> file from which named 
     172will read the location of zone files, root name servers and secure 
    103173<acronym>DNS</acronym> keys:</para>
    104174
     
    167237<command>EOF</command></userinput></screen>
    168238
    169 <para>Create the <filename>rndc.conf</filename> with the following commands:</para>
    170                                                                                                                      
     239<para>Create the <filename>rndc.conf</filename> file with the following
     240commands:</para>
     241
    171242<screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
    172243key rndc_key {
     
    180251};
    181252<command>EOF</command></userinput></screen>
    182                                                                                                                      
    183 <para>The <filename>rndc.conf</filename> file contains information for
    184 controlling named operations with the <command>rndc</command>
     253
     254<para>The <filename>rndc.conf</filename> file contains information for 
     255controlling named operations with the <command>rndc</command> 
    185256utility.</para>
    186257
     
    202273commands:</para>
    203274
    204 <note><para>Caution must be used to ensure no leading spaces in this
     275<note><para>Caution must be used to ensure there are no leading spaces in this
    205276file.</para></note>
    206277
     
    234305<command>EOF</command></userinput></screen>
    235306
    236 <para>The <filename>root.hints</filename> file is a list of root name
    237 servers. This file must be updated periodically with the
    238 <command>dig</command> utility.  A current copy of root.hints can be
    239 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
    240 Consult the <ulink url="http://www.bind9.net/Bv9ARM.html"><application><acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> for
    241 details.</para>
    242 
    243 <para>Create or modify <filename>resolv.conf</filename> to use the new
     307<para>The <filename>root.hints</filename> file is a list of root name servers.
     308This file must be updated periodically with the <command>dig</command>
     309utility.  A current copy of root.hints can be obtained from
     310<ulink url="ftp://rs.internic.net/domain/named.root" />. Consult the
     311<ulink url="http://www.bind9.net/Bv9ARM.html"><application>
     312<acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink>
     313for details.</para>
     314
     315<para>Create or modify <filename>resolv.conf</filename> to use the new
    244316name server with the following commands:</para>
    245317
    246 <note><para>Replace yourdomain.com with your own valid domain
    247 name.</para></note>
     318<note><para>Replace <replaceable>[yourdomain.com]</replaceable> with your own
     319valid domain name.</para></note>
    248320
    249321<screen><userinput><command>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
     
    253325<command>EOF</command></userinput></screen>
    254326
    255 <para>Set permissions on the chroot jail with the following
    256 command:</para>
     327<para>Set permissions on the <command>chroot</command> jail with the
     328following command:</para>
    257329
    258330<screen><userinput><command>chown -R named.named /home/named</command></userinput></screen>
    259331
    260 <para>To start the DNS server at boot, install the <filename>/etc/rc.d/init.d/bind</filename>
    261 init script included in the <xref linkend="intro-important-bootscripts"/> package.</para>
    262                                                                                                                
     332<para>To start the <acronym>DNS</acronym> server at boot, install the
     333<filename>/etc/rc.d/init.d/bind</filename> init script included in the
     334<xref linkend="intro-important-bootscripts"/> package.</para>
     335
    263336<screen><userinput><command>make install-bind</command></userinput></screen>
    264337
     
    279352
    280353<para>Now try an external name lookup, taking note of the speed
    281 difference in repeated lookups due to the caching. Run the dig command
    282 twice on the same address:</para>
    283 
    284 <para><screen><userinput><command>dig www.linuxfromscratch.org &amp;&amp;
     354difference in repeated lookups due to the caching. Run the
     355<command>dig</command> command twice on the same address:</para>
     356
     357<screen><userinput><command>dig www.linuxfromscratch.org &amp;&amp;
    285358dig www.linuxfromscratch.org</command></userinput></screen>
    286 You can see almost instantaneous results with the named caching lookups.
    287 Consult <filename>bind-&bind-version;/doc/arm/Bv9ARM.html</filename>,
    288 the <application><acronym>BIND</acronym></application> Administrator
    289 Reference Manual for further configuration options.</para>
    290 
     359
     360<para>You can see almost instantaneous results with the named caching lookups.
     361Consult the <application><acronym>BIND</acronym></application> Administrator
     362Reference Manual located at
     363<filename>doc/arm/Bv9ARM.html</filename> in the package source tree, for
     364further configuration options.</para>
    291365</sect3>
    292366
     
    296370<title>Contents</title>
    297371
    298 <para>The <application><acronym>BIND</acronym></application> package contains
    299 <command>dig</command>,
    300 <command>host</command>,
    301 <command>isc-config.sh</command>,
    302 <command>nslookup</command>,
    303 <command>rndc</command>,
    304 <command>rndc-confgen</command>,
    305 <command>named-checkconf</command>,
    306 <command>named-checkzone</command>,
    307 <command>lwresd</command>,
    308 <command>named</command>,
    309 <command>dnssec-signzone</command>,
    310 <command>dnssec-signkey</command>,
    311 <command>dnssec-keygen</command>,
    312 <command>dnssec-makekeyset</command> and
    313 <command>nsupdate</command>.</para>
     372<para>The <application><acronym>BIND</acronym></application> package contains
     373<command>dig</command>,
     374<command>dnssec-keygen</command>,
     375<command>dnssec-signzone</command>,
     376<command>host</command>,
     377<command>isc-config.sh</command>,
     378<command>lwresd</command>,
     379<command>named</command>,
     380<command>named-checkconf</command>,
     381<command>named-checkzone</command>,
     382<command>nslookup</command>,
     383<command>nsupdate</command>,
     384<command>rndc</command>,
     385<command>rndc-confgen</command>,
     386<filename class='libraryfile'>libbind9</filename>,
     387<filename class='libraryfile'>libdns</filename>,
     388<filename class='libraryfile'>libisc</filename>,
     389<filename class='libraryfile'>libisccc</filename>,
     390<filename class='libraryfile'>libisccfg</filename> and
     391<filename class='libraryfile'>liblwres</filename>.</para>
    314392</sect2>
    315393
     
    320398servers.</para></sect3>
    321399
     400<sect3><title>dnssec-keygen</title>
     401<para><command>dnssec-keygen</command> is a key generator for secure
     402<acronym>DNS</acronym>.</para></sect3>
     403
     404<sect3><title>dnssec-signzone</title>
     405<para><command>dnssec-signzone</command> generates signed versions of
     406zone files.</para></sect3>
     407
    322408<sect3><title>host</title>
    323409<para><command>host</command> is a utility for <acronym>DNS</acronym>
    324410lookups.</para></sect3>
    325411
     412<sect3><title>lwresd</title>
     413<para><command>lwresd</command> is a caching-only name server for local
     414process use.</para></sect3>
     415
     416<sect3><title>named</title>
     417<para><command>named</command> is the name server daemon.</para></sect3>
     418
     419<sect3><title>named-checkconf</title>
     420<para><command>named-checkconf</command> checks the syntax of
     421<filename>named.conf</filename> files.</para></sect3>
     422
     423<sect3><title>named-checkzone</title>
     424<para><command>named-checkzone</command> checks zone file
     425validity.</para></sect3>
     426
    326427<sect3><title>nslookup</title>
    327428<para><command>nslookup</command> is a program used to query Internet
    328429domain nameservers.</para></sect3>
    329430
     431<sect3><title>nsupdate</title>
     432<para><command>nsupdate</command> is used to submit
     433<acronym>DNS</acronym> update requests.</para></sect3>
     434
    330435<sect3><title>rndc</title>
    331436<para><command>rndc</command> controls the operation of
     
    336441<filename>rndc.conf</filename> files.</para></sect3>
    337442
    338 <sect3><title>named-checkconf</title>
    339 <para><command>named-checkconf</command> checks the syntax of
    340 <filename>named.conf</filename> files.</para></sect3>
    341 
    342 <sect3><title>named-checkzone</title>
    343 <para><command>named-checkzone</command> checks zone file
    344 validity.</para></sect3>
    345 
    346 <sect3><title>lwresd</title>
    347 <para><command>lwresd</command> is a caching-only name server for local
    348 process use.</para></sect3>
    349 
    350 <sect3><title>named</title>
    351 <para><command>named</command> is the name server daemon.</para></sect3>
    352 
    353 <sect3><title>dnssec-signzone</title>
    354 <para><command>dnssec-signzone</command> generates signed versions of
    355 zone files.</para></sect3>
    356 
    357 <sect3><title>dnssec-signkey</title>
    358 <para><command>dnssec-signkey</command> signs zone file key
    359 sets.</para></sect3>
    360 
    361 <sect3><title>dnssec-keygen</title>
    362 <para><command>dnssec-keygen</command> is a key generator for secure
    363 <acronym>DNS</acronym>.</para></sect3>
    364 
    365 <sect3><title>dnssec-makekeyset</title>
    366 <para><command>dnssec-makekeyset</command> generates a key set from one
    367 or more keys created by dnssec-keygen.</para></sect3>
    368 
    369 <sect3><title>nsupdate</title>
    370 <para><command>nsupdate</command> is used to submit
    371 <acronym>DNS</acronym> update requests.</para></sect3>
    372 
    373443</sect2>
    374444
Note: See TracChangeset for help on using the changeset viewer.