Context Navigation

-              r21a08bf
+              r4472e923
     <title>Introduction to BIND</title>
+    <para>The <application>BIND</application> package provides a DNS server
+    and client utilities. If you are only interested in the utilities, refer
+    to the <xref linkend="bind-utils"/>.</para>
+    <para>
+      The <application>BIND</application> package provides a DNS server
+      and client utilities. If you are only interested in the utilities, refer
+      to the <xref linkend="bind-utils"/>.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&bind-download-http;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
+        <para>
+          Download (FTP): <ulink url="&bind-download-ftp;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download MD5 sum: &bind-md5sum;</para>
+        <para>
+          Download MD5 sum: &bind-md5sum;
+        </para>
       </listitem>
       <listitem>
+        <para>Download size: &bind-size;</para>
+        <para>
+          Download size: &bind-size;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated disk space required: &bind-buildsize;</para>
+        <para>
+          Estimated disk space required: &bind-buildsize;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated build time: &bind-time;</para>
+        <para>
+          Estimated build time: &bind-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <itemizedlist spacing='compact'>
       <listitem>
+        <para>Optional patch (if net-tools is not installed):
+        <ulink
+        url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
+        <para>
+          Optional patch (if net-tools is not installed): <ulink
+          url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/>
+        </para>
       </listitem>
     </itemizedlist>
 …
     <title>Installation of BIND</title>
 <!--
+    <para>If you have chosen not to install net-tools, apply the iproute2
+    patch with the following command:</para>
+    <para>
+      If you have chosen not to install net-tools, apply the iproute2
+      patch with the following command:
+    </para>
 <screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
 -->
+    <para>To ensure <application>BIND</application> will build dnssec-keymgr,
+    install a python module as the <systemitem
+    class="username">root</systemitem> user:</para>
+    <para>
+      To ensure <application>BIND</application> will build dnssec-keymgr,
+      install a python module as the <systemitem
+      class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>pip3 install ply</userinput></screen>
+    <para>Install <application>BIND</application> by running the
+    following commands:</para>
+    <para>
+      Install <application>BIND</application> by running the
+      following commands:
+    </para>
 <screen><userinput>./configure --prefix=/usr           \
 …
 make</userinput></screen>
+    <para>Issue the following commands to run the complete suite of tests.
+    First, as the <systemitem class="username">root</systemitem> user, set up
+    some test interfaces:</para>
+    <note><para>If IPv6 is not enabled in the kernel, there will be several
+    error messages: "RTNETLINK answers: Operation not permitted".  These
+    messages do not affect the tests.</para></note>
+    <para>
+      Issue the following commands to run the complete suite of tests.
+      First, as the <systemitem class="username">root</systemitem> user, set up
+      some test interfaces:
+    </para>
+    <note>
+      <para>
+        If IPv6 is not enabled in the kernel, there will be several
+        error messages: "RTNETLINK answers: Operation not permitted".  These
+        messages do not affect the tests.
+      </para>
+    </note>
 <screen role="root"
         remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
+    <para>The test suite may indicate some skipped tests depending on
+    what configuration options are used. Some tests are marked <quote>UNTESTED
+    </quote> if <xref linkend="perl-net-dns"/> is not installed.
+    To run the tests, as an unprivileged user, execute:</para>
+    <para>
+      The test suite may indicate some skipped tests depending on
+      what configuration options are used. Some tests are marked
+      <quote>UNTESTED</quote> if <xref linkend="perl-net-dns"/> is not
+      installed. To run the tests, as an unprivileged user, execute:
+    </para>
 <screen remap="test"><userinput>make -k check</userinput></screen>
+    <para>Again as <systemitem class="username">root</systemitem>, clean up the
+    test interfaces:</para>
+    <para>
+      Again as <systemitem class="username">root</systemitem>, clean up the
+      test interfaces:
+    </para>
 <screen role="root"
         remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
+    <para>Finally, install the package as the <systemitem
+    class="username">root</systemitem> user:</para>
+    <para>
+      Finally, install the package as the <systemitem
+      class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install &amp;&amp;
 …
     <title>Command Explanations</title>
+    <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
+    <application>BIND</application> to look for configuration
+    files in <filename class='directory'>/etc</filename> instead of
+    <filename class='directory'>/usr/etc</filename>.</para>
+    <para>
+      <parameter>--sysconfdir=/etc</parameter>: This parameter forces
+      <application>BIND</application> to look for configuration
+      files in <filename class='directory'>/etc</filename> instead of
+      <filename class='directory'>/usr/etc</filename>.
+    </para>
     <!-- No longer available as of 9.14.2
+    <para><parameter>- -enable-threads</parameter>: This parameter enables
+    multi-threading capability.</para>
+    <para>
+      <parameter>- -enable-threads</parameter>: This parameter enables
+      multi-threading capability.
+    </para>
     -->
+    <para><parameter>--with-libtool</parameter>: This parameter forces the
+    building of dynamic libraries and links the installed binaries to these
+    libraries.</para>
+    <para>
+      <parameter>--with-libtool</parameter>: This parameter forces the
+      building of dynamic libraries and links the installed binaries to these
+      libraries.
+    </para>
+    <para><option>--with-libidn2</option>: This parameter enables
+    the IDNA2008 (Internationalized Domain Names in Applications)
+    support.</para>
+    <para>
+      <option>--with-libidn2</option>: This parameter enables
+      the IDNA2008 (Internationalized Domain Names in Applications)
+      support.
+    </para>
 <!-- no longer available
+    <para><parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter
+    specifes a non-blocking random device for use with digital signatures.</para>
+    <para>
+      <parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter
+      specifes a non-blocking random device for use with digital signatures.
+    </para>
 -->
+    <para><option>--enable-fetchlimit</option>: Use this option if you want
+    to be able to limit the rate of recursive client queries. This may be
+    useful on servers which receive a large number of queries.</para>
+    <para><option>--disable-linux-caps</option>: BIND can also be built without
+    capability support by using this option, at the cost of some loss of
+    security.</para>
+    <para><option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
+    one (or more) of those options to add Dynamically Loadable Zones support.
+    For more information refer to
+    <ulink url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
+    <para>
+      <option>--enable-fetchlimit</option>: Use this option if you want
+      to be able to limit the rate of recursive client queries. This may be
+      useful on servers which receive a large number of queries.
+    </para>
+    <para>
+      <option>--disable-linux-caps</option>: BIND can also be built without
+      capability support by using this option, at the cost of some loss of
+      security.
+    </para>
+    <para>
+      <option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
+      one (or more) of those options to add Dynamically Loadable Zones support.
+      For more information refer to <ulink
+      url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
     </para>
 …
       href="../../xincludes/static-libraries.xml"/>
+    <para><command>cd doc; install ...</command>: These commands install
+    additional package documentation. Omit any or all of these commands if
+    desired.</para>
+    <para>
+      <command>cd doc; install ...</command>: These commands install
+      additional package documentation. Omit any or all of these commands if
+      desired.
+    </para>
   </sect2>
 …
       <title>Config files</title>
+      <para><filename>named.conf</filename>,
+      <filename>root.hints</filename>,
+      <filename>127.0.0</filename>,
+      <filename>rndc.conf</filename> and
+      <filename>resolv.conf</filename></para>
+      <para>
+        <filename>named.conf</filename>,
+        <filename>root.hints</filename>,
+        <filename>127.0.0</filename>,
+        <filename>rndc.conf</filename>, and
+        <filename>resolv.conf</filename>
+      </para>
       <indexterm zone="bind bind-config">
 …
       <title>Configuration Information</title>
+      <para><application>BIND</application> will be configured to run in a
+      <command>chroot</command> jail as an unprivileged user (<systemitem
+      class="username">named</systemitem>). This configuration is more secure
+      in that a DNS compromise can only affect a few files in the <systemitem
+      class="username">named</systemitem> user's <envar>HOME</envar>
+      directory.</para>
+      <para>Create the unprivileged user and group <systemitem
+      class="username">named</systemitem>:</para>
+      <para>
+        <application>BIND</application> will be configured to run in a
+        <command>chroot</command> jail as an unprivileged user (<systemitem
+        class="username">named</systemitem>). This configuration is more secure
+        in that a DNS compromise can only affect a few files in the <systemitem
+        class="username">named</systemitem> user's <envar>HOME</envar>
+        directory.
+      </para>
+      <para>
+        Create the unprivileged user and group <systemitem
+        class="username">named</systemitem>:
+      </para>
 <screen role="root"><userinput>groupadd -g 20 named &amp;&amp;
 …
 install -d -m770 -o named -g named /srv/named</userinput></screen>
+      <para>Set up some files, directories and devices needed by
+      <application>BIND</application>:</para>
+      <para>
+        Set up some files, directories and devices needed by
+        <application>BIND</application>:
+      </para>
 <screen role="root"><userinput>mkdir -p /srv/named &amp;&amp;
 …
 cp /etc/localtime etc</userinput></screen>
+      <para>The <filename>rndc.conf</filename> file contains information for
+      controlling <command>named</command> operations with the
+      <command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
+      <command>rndc-confgen</command> command:</para>
+   <screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
+      <para>Complete the <filename>named.conf</filename> file from which
+      <command>named</command> will read the location of zone files, root
+      name servers and secure DNS keys:</para>
+      <para>
+        The <filename>rndc.conf</filename> file contains information for
+        controlling <command>named</command> operations with the
+        <command>rndc</command> utility. Generate a key for use in the
+        <filename>named.conf</filename> and <filename>rdnc.conf</filename>
+        with the <command>rndc-confgen</command> command:
+      </para>
+<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
+      <para>
+        Complete the <filename>named.conf</filename> file from which
+        <command>named</command> will read the location of zone files, root
+        name servers and secure DNS keys:
+      </para>
 <screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt;&gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
 …
 EOF</userinput></screen>
+      <para>Create a zone file with the following contents:</para>
+      <para>
+        Create a zone file with the following contents:
+      </para>
 <screen role="root"><userinput>cat &gt; /srv/named/etc/named/pz/127.0.0 &lt;&lt; "EOF"
 …
 EOF</userinput></screen>
+      <para>Create the <filename>root.hints</filename> file with the following
+      commands:</para>
+      <para>
+        Create the <filename>root.hints</filename> file with the following
+        commands:
+      </para>
       <note>
+        <para>Caution must be used to ensure there are no leading spaces in
+        this file.</para>
+        <para>
+          Caution must be used to ensure there are no leading spaces in
+          this file.
+        </para>
       </note>
 …
 EOF</userinput></screen>
+      <para>The <filename>root.hints</filename> file is a list of root name
+      servers. This file must be updated periodically with the
+      <command>dig</command> utility. A current copy of root.hints can be
+      obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
+      For details, consult the "BIND 9 Administrator Reference Manual", included
+      in every source archive of BIND 9 distributed by ISC, in HTML and PDF
+      formats, also available at
+      <ulink url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html">
+      BIND 9 Administrator Reference Manual</ulink>.</para>
+      <para>Create or modify <filename>resolv.conf</filename> to use the new
+      name server with the following commands:</para>
+      <para>
+        The <filename>root.hints</filename> file is a list of root name
+        servers. This file must be updated periodically with the
+        <command>dig</command> utility. A current copy of root.hints can be
+        obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
+        For details, consult the "BIND 9 Administrator Reference Manual",
+        included in every source archive of BIND 9 distributed by ISC, in HTML
+        and PDF formats, also available at <ulink
+        url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html">
+        BIND 9 Administrator Reference Manual</ulink>.
+      </para>
+      <para>
+        Create or modify <filename>resolv.conf</filename> to use the new
+        name server with the following commands:
+      </para>
       <note>
+        <para>Replace <replaceable>&lt;yourdomain.com&gt;</replaceable> with
+        your own valid domain name.</para>
+        <para>
+          Replace <replaceable>&lt;yourdomain.com&gt;</replaceable> with
+          your own valid domain name.
+        </para>
       </note>
 …
 EOF</userinput></screen>
+      <para>Set permissions on the <command>chroot</command> jail with the
+      following command:</para>
+      <para>
+        Set permissions on the <command>chroot</command> jail with the
+        following command:
+      </para>
 <screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
 …
              <phrase revision="systemd">Systemd Unit</phrase></title>
+      <para>To start the DNS server at boot, install the
+      <phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
+      script</phrase>
+      <phrase revision="systemd"><filename>named.service</filename>
+      unit</phrase> included in the
+      <xref linkend="bootscripts" revision="sysv"/>
+      <xref linkend="systemd-units" revision="systemd"/> package.</para>
+      <para>
+        To start the DNS server at boot, install the
+        <phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
+        script</phrase>
+        <phrase revision="systemd"><filename>named.service</filename>
+        unit</phrase> included in the
+        <xref linkend="bootscripts" revision="sysv"/>
+        <xref linkend="systemd-units" revision="systemd"/> package:
+      </para>
       <indexterm zone="bind bind-init">
 …
 <screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
+      <para>Now start <application>BIND</application> with
+      the following command:</para>
+      <para>
+        Now start <application>BIND</application> with the following command:
+      </para>
 <screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
 …
       <title>Testing BIND</title>
+      <para>Test out the new <application>BIND</application> 9 installation.
+      First query the local host address with <command>dig</command>:</para>
+      <para>
+        Test out the new <application>BIND</application> 9 installation.
+        First query the local host address with <command>dig</command>:
+      </para>
 <screen><userinput>dig -x 127.0.0.1</userinput></screen>
+      <para>Now try an external name lookup, taking note of the speed
+      difference in repeated lookups due to the caching. Run the
+      <command>dig</command> command twice on the same address:</para>
+      <para>
+        Now try an external name lookup, taking note of the speed
+        difference in repeated lookups due to the caching. Run the
+        <command>dig</command> command twice on the same address:
+      </para>
 <screen><userinput>dig www.&lfs-domainname; &amp;&amp;
 dig www.&lfs-domainname;</userinput></screen>
+      <para>You can see almost instantaneous results with the named caching
+      lookups. Consult the <application>BIND</application> Administrator
+      Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
+      in the package source tree, for further configuration options.</para>
+      <para>
+        You can see almost instantaneous results with the named caching
+        lookups. Consult the <application>BIND</application> Administrator
+        Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
+        in the package source tree, for further configuration options.
+      </para>
     </sect3>
 …
         <term><command>dig</command></term>
         <listitem>
+          <para>interrogates DNS servers.</para>
+          <para>
+            interrogates DNS servers.
+          </para>
           <indexterm zone="bind dig">
             <primary sortas="b-dig">dig</primary>
 …
         <term><command>dnssec-keygen</command></term>
         <listitem>
+          <para>is a key generator for secure DNS.</para>
+          <para>
+            is a key generator for secure DNS.
+          </para>
           <indexterm zone="bind dnssec-keygen">
             <primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
 …
         <term><command>dnssec-signzone</command></term>
         <listitem>
+          <para>generates signed versions of zone files.</para>
+          <para>
+            generates signed versions of zone files.
+          </para>
           <indexterm zone="bind dnssec-signzone">
             <primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
 …
         <term><command>host</command></term>
         <listitem>
+          <para>is a utility for DNS lookups.</para>
+          <para>
+            is a utility for DNS lookups.
+          </para>
           <indexterm zone="bind host">
             <primary sortas="b-host">host</primary>
 …
         <term><command>lwresd</command></term>
         <listitem>
+          <para>is a caching-only name server for local process use.</para>
+          <para>
+            is a caching-only name server for local process use.
+          </para>
           <indexterm zone="bind lwresd">
             <primary sortas="b-lwresd">lwresd</primary>
 …
         <term><command>named</command></term>
         <listitem>
+          <para>is the name server daemon.</para>
+          <para>
+            is the name server daemon.
+          </para>
           <indexterm zone="bind named">
             <primary sortas="b-named">named</primary>
 …
         <term><command>named-checkconf</command></term>
         <listitem>
+          <para>checks the syntax of <filename>named.conf</filename>
+          files.</para>
+          <para>
+            checks the syntax of <filename>named.conf</filename>
+            files.
+          </para>
           <indexterm zone="bind named-checkconf">
             <primary sortas="b-named-checkconf">named-checkconf</primary>
 …
         <term><command>named-checkzone</command></term>
         <listitem>
+          <para>checks zone file validity.</para>
+          <para>
+            checks zone file validity.
+          </para>
           <indexterm zone="bind named-checkzone">
             <primary sortas="b-named-checkzone">named-checkzone</primary>
 …
         <term><command>nslookup</command></term>
         <listitem>
+          <para>is a program used to query Internet domain nameservers.</para>
+          <para>
+            is a program used to query Internet domain nameservers.
+          </para>
           <indexterm zone="bind nslookup">
             <primary sortas="b-nslookup">nslookup</primary>
 …
         <term><command>nsupdate</command></term>
         <listitem>
+          <para>is used to submit DNS update requests.</para>
+          <para>
+            is used to submit DNS update requests.
+          </para>
           <indexterm zone="bind nsupdate">
             <primary sortas="b-nsupdate">nsupdate</primary>
 …
         <term><command>rndc</command></term>
         <listitem>
+          <para>controls the operation of <application>BIND</application>.</para>
+          <para>
+            controls the operation of <application>BIND</application>.
+          </para>
           <indexterm zone="bind rndc">
             <primary sortas="b-rndc">rndc</primary>
 …
         <term><command>rndc-confgen</command></term>
         <listitem>
+          <para>generates <filename>rndc.conf</filename> files.</para>
+          <para>
+            generates <filename>rndc.conf</filename> files.
+          </para>
           <indexterm zone="bind rndc-confgen">
             <primary sortas="b-rndc-confgen">rndc-confgen</primary>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 4472e923 for server/major/bind.xml

Legend:

server/major/bind.xml

Download in other formats: