Changeset 4472e923 for server/major/bind.xml
- Timestamp:
- 03/07/2020 09:40:50 AM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 99c61a4
- Parents:
- 21a08bf
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/major/bind.xml
r21a08bf r4472e923 30 30 <title>Introduction to BIND</title> 31 31 32 <para>The <application>BIND</application> package provides a DNS server 33 and client utilities. If you are only interested in the utilities, refer 34 to the <xref linkend="bind-utils"/>.</para> 32 <para> 33 The <application>BIND</application> package provides a DNS server 34 and client utilities. If you are only interested in the utilities, refer 35 to the <xref linkend="bind-utils"/>. 36 </para> 35 37 36 38 &lfs91_checked; … … 39 41 <itemizedlist spacing="compact"> 40 42 <listitem> 41 <para>Download (HTTP): <ulink url="&bind-download-http;"/></para> 43 <para> 44 Download (HTTP): <ulink url="&bind-download-http;"/> 45 </para> 42 46 </listitem> 43 47 <listitem> 44 <para>Download (FTP): <ulink url="&bind-download-ftp;"/></para> 48 <para> 49 Download (FTP): <ulink url="&bind-download-ftp;"/> 50 </para> 45 51 </listitem> 46 52 <listitem> 47 <para>Download MD5 sum: &bind-md5sum;</para> 53 <para> 54 Download MD5 sum: &bind-md5sum; 55 </para> 48 56 </listitem> 49 57 <listitem> 50 <para>Download size: &bind-size;</para> 58 <para> 59 Download size: &bind-size; 60 </para> 51 61 </listitem> 52 62 <listitem> 53 <para>Estimated disk space required: &bind-buildsize;</para> 63 <para> 64 Estimated disk space required: &bind-buildsize; 65 </para> 54 66 </listitem> 55 67 <listitem> 56 <para>Estimated build time: &bind-time;</para> 68 <para> 69 Estimated build time: &bind-time; 70 </para> 57 71 </listitem> 58 72 </itemizedlist> … … 61 75 <itemizedlist spacing='compact'> 62 76 <listitem> 63 <para>Optional patch (if net-tools is not installed): 64 <ulink 65 url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para> 77 <para> 78 Optional patch (if net-tools is not installed): <ulink 79 url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/> 80 </para> 66 81 </listitem> 67 82 </itemizedlist> … … 116 131 <title>Installation of BIND</title> 117 132 <!-- 118 <para>If you have chosen not to install net-tools, apply the iproute2 119 patch with the following command:</para> 133 <para> 134 If you have chosen not to install net-tools, apply the iproute2 135 patch with the following command: 136 </para> 120 137 121 138 <screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen> 122 139 --> 123 140 124 <para>To ensure <application>BIND</application> will build dnssec-keymgr, 125 install a python module as the <systemitem 126 class="username">root</systemitem> user:</para> 141 <para> 142 To ensure <application>BIND</application> will build dnssec-keymgr, 143 install a python module as the <systemitem 144 class="username">root</systemitem> user: 145 </para> 127 146 128 147 <screen role="root"><userinput>pip3 install ply</userinput></screen> 129 148 130 <para>Install <application>BIND</application> by running the 131 following commands:</para> 149 <para> 150 Install <application>BIND</application> by running the 151 following commands: 152 </para> 132 153 133 154 <screen><userinput>./configure --prefix=/usr \ … … 139 160 make</userinput></screen> 140 161 141 <para>Issue the following commands to run the complete suite of tests. 142 First, as the <systemitem class="username">root</systemitem> user, set up 143 some test interfaces:</para> 144 145 <note><para>If IPv6 is not enabled in the kernel, there will be several 146 error messages: "RTNETLINK answers: Operation not permitted". These 147 messages do not affect the tests.</para></note> 162 <para> 163 Issue the following commands to run the complete suite of tests. 164 First, as the <systemitem class="username">root</systemitem> user, set up 165 some test interfaces: 166 </para> 167 168 <note> 169 <para> 170 If IPv6 is not enabled in the kernel, there will be several 171 error messages: "RTNETLINK answers: Operation not permitted". These 172 messages do not affect the tests. 173 </para> 174 </note> 148 175 149 176 <screen role="root" 150 177 remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen> 151 178 152 <para>The test suite may indicate some skipped tests depending on 153 what configuration options are used. Some tests are marked <quote>UNTESTED 154 </quote> if <xref linkend="perl-net-dns"/> is not installed. 155 To run the tests, as an unprivileged user, execute:</para> 179 <para> 180 The test suite may indicate some skipped tests depending on 181 what configuration options are used. Some tests are marked 182 <quote>UNTESTED</quote> if <xref linkend="perl-net-dns"/> is not 183 installed. To run the tests, as an unprivileged user, execute: 184 </para> 156 185 157 186 <screen remap="test"><userinput>make -k check</userinput></screen> 158 187 159 <para>Again as <systemitem class="username">root</systemitem>, clean up the 160 test interfaces:</para> 188 <para> 189 Again as <systemitem class="username">root</systemitem>, clean up the 190 test interfaces: 191 </para> 161 192 162 193 <screen role="root" 163 194 remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen> 164 195 165 <para>Finally, install the package as the <systemitem 166 class="username">root</systemitem> user:</para> 196 <para> 197 Finally, install the package as the <systemitem 198 class="username">root</systemitem> user: 199 </para> 167 200 168 201 <screen role="root"><userinput>make install && … … 181 214 <title>Command Explanations</title> 182 215 183 <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces 184 <application>BIND</application> to look for configuration 185 files in <filename class='directory'>/etc</filename> instead of 186 <filename class='directory'>/usr/etc</filename>.</para> 216 <para> 217 <parameter>--sysconfdir=/etc</parameter>: This parameter forces 218 <application>BIND</application> to look for configuration 219 files in <filename class='directory'>/etc</filename> instead of 220 <filename class='directory'>/usr/etc</filename>. 221 </para> 187 222 188 223 <!-- No longer available as of 9.14.2 189 <para><parameter>- -enable-threads</parameter>: This parameter enables 190 multi-threading capability.</para> 224 <para> 225 <parameter>- -enable-threads</parameter>: This parameter enables 226 multi-threading capability. 227 </para> 191 228 --> 192 229 193 <para><parameter>--with-libtool</parameter>: This parameter forces the 194 building of dynamic libraries and links the installed binaries to these 195 libraries.</para> 230 <para> 231 <parameter>--with-libtool</parameter>: This parameter forces the 232 building of dynamic libraries and links the installed binaries to these 233 libraries. 234 </para> 196 235 197 <para><option>--with-libidn2</option>: This parameter enables 198 the IDNA2008 (Internationalized Domain Names in Applications) 199 support.</para> 236 <para> 237 <option>--with-libidn2</option>: This parameter enables 238 the IDNA2008 (Internationalized Domain Names in Applications) 239 support. 240 </para> 200 241 201 242 <!-- no longer available 202 <para><parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter 203 specifes a non-blocking random device for use with digital signatures.</para> 243 <para> 244 <parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter 245 specifes a non-blocking random device for use with digital signatures. 246 </para> 204 247 --> 205 <para><option>--enable-fetchlimit</option>: Use this option if you want 206 to be able to limit the rate of recursive client queries. This may be 207 useful on servers which receive a large number of queries.</para> 208 209 <para><option>--disable-linux-caps</option>: BIND can also be built without 210 capability support by using this option, at the cost of some loss of 211 security.</para> 212 213 <para><option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use 214 one (or more) of those options to add Dynamically Loadable Zones support. 215 For more information refer to 216 <ulink url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>. 248 <para> 249 <option>--enable-fetchlimit</option>: Use this option if you want 250 to be able to limit the rate of recursive client queries. This may be 251 useful on servers which receive a large number of queries. 252 </para> 253 254 <para> 255 <option>--disable-linux-caps</option>: BIND can also be built without 256 capability support by using this option, at the cost of some loss of 257 security. 258 </para> 259 260 <para> 261 <option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use 262 one (or more) of those options to add Dynamically Loadable Zones support. 263 For more information refer to <ulink 264 url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>. 217 265 </para> 218 266 … … 220 268 href="../../xincludes/static-libraries.xml"/> 221 269 222 <para><command>cd doc; install ...</command>: These commands install 223 additional package documentation. Omit any or all of these commands if 224 desired.</para> 270 <para> 271 <command>cd doc; install ...</command>: These commands install 272 additional package documentation. Omit any or all of these commands if 273 desired. 274 </para> 225 275 </sect2> 226 276 … … 231 281 <title>Config files</title> 232 282 233 <para><filename>named.conf</filename>, 234 <filename>root.hints</filename>, 235 <filename>127.0.0</filename>, 236 <filename>rndc.conf</filename> and 237 <filename>resolv.conf</filename></para> 283 <para> 284 <filename>named.conf</filename>, 285 <filename>root.hints</filename>, 286 <filename>127.0.0</filename>, 287 <filename>rndc.conf</filename>, and 288 <filename>resolv.conf</filename> 289 </para> 238 290 239 291 <indexterm zone="bind bind-config"> … … 263 315 <title>Configuration Information</title> 264 316 265 <para><application>BIND</application> will be configured to run in a 266 <command>chroot</command> jail as an unprivileged user (<systemitem 267 class="username">named</systemitem>). This configuration is more secure 268 in that a DNS compromise can only affect a few files in the <systemitem 269 class="username">named</systemitem> user's <envar>HOME</envar> 270 directory.</para> 271 272 <para>Create the unprivileged user and group <systemitem 273 class="username">named</systemitem>:</para> 317 <para> 318 <application>BIND</application> will be configured to run in a 319 <command>chroot</command> jail as an unprivileged user (<systemitem 320 class="username">named</systemitem>). This configuration is more secure 321 in that a DNS compromise can only affect a few files in the <systemitem 322 class="username">named</systemitem> user's <envar>HOME</envar> 323 directory. 324 </para> 325 326 <para> 327 Create the unprivileged user and group <systemitem 328 class="username">named</systemitem>: 329 </para> 274 330 275 331 <screen role="root"><userinput>groupadd -g 20 named && … … 277 333 install -d -m770 -o named -g named /srv/named</userinput></screen> 278 334 279 <para>Set up some files, directories and devices needed by 280 <application>BIND</application>:</para> 335 <para> 336 Set up some files, directories and devices needed by 337 <application>BIND</application>: 338 </para> 281 339 282 340 <screen role="root"><userinput>mkdir -p /srv/named && … … 288 346 cp /etc/localtime etc</userinput></screen> 289 347 290 <para>The <filename>rndc.conf</filename> file contains information for 291 controlling <command>named</command> operations with the 292 <command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the 293 <command>rndc-confgen</command> command:</para> 294 295 <screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen> 296 297 <para>Complete the <filename>named.conf</filename> file from which 298 <command>named</command> will read the location of zone files, root 299 name servers and secure DNS keys:</para> 348 <para> 349 The <filename>rndc.conf</filename> file contains information for 350 controlling <command>named</command> operations with the 351 <command>rndc</command> utility. Generate a key for use in the 352 <filename>named.conf</filename> and <filename>rdnc.conf</filename> 353 with the <command>rndc-confgen</command> command: 354 </para> 355 356 <screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen> 357 358 <para> 359 Complete the <filename>named.conf</filename> file from which 360 <command>named</command> will read the location of zone files, root 361 name servers and secure DNS keys: 362 </para> 300 363 301 364 <screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF" … … 353 416 EOF</userinput></screen> 354 417 355 <para>Create a zone file with the following contents:</para> 418 <para> 419 Create a zone file with the following contents: 420 </para> 356 421 357 422 <screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF" … … 367 432 EOF</userinput></screen> 368 433 369 <para>Create the <filename>root.hints</filename> file with the following 370 commands:</para> 434 <para> 435 Create the <filename>root.hints</filename> file with the following 436 commands: 437 </para> 371 438 372 439 <note> 373 <para>Caution must be used to ensure there are no leading spaces in 374 this file.</para> 440 <para> 441 Caution must be used to ensure there are no leading spaces in 442 this file. 443 </para> 375 444 </note> 376 445 … … 417 486 EOF</userinput></screen> 418 487 419 <para>The <filename>root.hints</filename> file is a list of root name 420 servers. This file must be updated periodically with the 421 <command>dig</command> utility. A current copy of root.hints can be 422 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />. 423 For details, consult the "BIND 9 Administrator Reference Manual", included 424 in every source archive of BIND 9 distributed by ISC, in HTML and PDF 425 formats, also available at 426 <ulink url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html"> 427 BIND 9 Administrator Reference Manual</ulink>.</para> 428 429 <para>Create or modify <filename>resolv.conf</filename> to use the new 430 name server with the following commands:</para> 488 <para> 489 The <filename>root.hints</filename> file is a list of root name 490 servers. This file must be updated periodically with the 491 <command>dig</command> utility. A current copy of root.hints can be 492 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />. 493 For details, consult the "BIND 9 Administrator Reference Manual", 494 included in every source archive of BIND 9 distributed by ISC, in HTML 495 and PDF formats, also available at <ulink 496 url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html"> 497 BIND 9 Administrator Reference Manual</ulink>. 498 </para> 499 500 <para> 501 Create or modify <filename>resolv.conf</filename> to use the new 502 name server with the following commands: 503 </para> 431 504 432 505 <note> 433 <para>Replace <replaceable><yourdomain.com></replaceable> with 434 your own valid domain name.</para> 506 <para> 507 Replace <replaceable><yourdomain.com></replaceable> with 508 your own valid domain name. 509 </para> 435 510 </note> 436 511 … … 441 516 EOF</userinput></screen> 442 517 443 <para>Set permissions on the <command>chroot</command> jail with the 444 following command:</para> 518 <para> 519 Set permissions on the <command>chroot</command> jail with the 520 following command: 521 </para> 445 522 446 523 <screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen> … … 452 529 <phrase revision="systemd">Systemd Unit</phrase></title> 453 530 454 <para>To start the DNS server at boot, install the 455 <phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init 456 script</phrase> 457 <phrase revision="systemd"><filename>named.service</filename> 458 unit</phrase> included in the 459 <xref linkend="bootscripts" revision="sysv"/> 460 <xref linkend="systemd-units" revision="systemd"/> package.</para> 531 <para> 532 To start the DNS server at boot, install the 533 <phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init 534 script</phrase> 535 <phrase revision="systemd"><filename>named.service</filename> 536 unit</phrase> included in the 537 <xref linkend="bootscripts" revision="sysv"/> 538 <xref linkend="systemd-units" revision="systemd"/> package: 539 </para> 461 540 462 541 <indexterm zone="bind bind-init"> … … 467 546 <screen role="root" revision="systemd"><userinput>make install-named</userinput></screen> 468 547 469 <para>Now start <application>BIND</application> with 470 the following command:</para> 548 <para> 549 Now start <application>BIND</application> with the following command: 550 </para> 471 551 472 552 <screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen> … … 478 558 <title>Testing BIND</title> 479 559 480 <para>Test out the new <application>BIND</application> 9 installation. 481 First query the local host address with <command>dig</command>:</para> 560 <para> 561 Test out the new <application>BIND</application> 9 installation. 562 First query the local host address with <command>dig</command>: 563 </para> 482 564 483 565 <screen><userinput>dig -x 127.0.0.1</userinput></screen> 484 566 485 <para>Now try an external name lookup, taking note of the speed 486 difference in repeated lookups due to the caching. Run the 487 <command>dig</command> command twice on the same address:</para> 567 <para> 568 Now try an external name lookup, taking note of the speed 569 difference in repeated lookups due to the caching. Run the 570 <command>dig</command> command twice on the same address: 571 </para> 488 572 489 573 <screen><userinput>dig www.&lfs-domainname; && 490 574 dig www.&lfs-domainname;</userinput></screen> 491 575 492 <para>You can see almost instantaneous results with the named caching 493 lookups. Consult the <application>BIND</application> Administrator 494 Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename> 495 in the package source tree, for further configuration options.</para> 576 <para> 577 You can see almost instantaneous results with the named caching 578 lookups. Consult the <application>BIND</application> Administrator 579 Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename> 580 in the package source tree, for further configuration options. 581 </para> 496 582 497 583 </sect3> … … 583 669 <term><command>dig</command></term> 584 670 <listitem> 585 <para>interrogates DNS servers.</para> 671 <para> 672 interrogates DNS servers. 673 </para> 586 674 <indexterm zone="bind dig"> 587 675 <primary sortas="b-dig">dig</primary> … … 657 745 <term><command>dnssec-keygen</command></term> 658 746 <listitem> 659 <para>is a key generator for secure DNS.</para> 747 <para> 748 is a key generator for secure DNS. 749 </para> 660 750 <indexterm zone="bind dnssec-keygen"> 661 751 <primary sortas="b-dnssec-keygen">dnssec-keygen</primary> … … 691 781 <term><command>dnssec-signzone</command></term> 692 782 <listitem> 693 <para>generates signed versions of zone files.</para> 783 <para> 784 generates signed versions of zone files. 785 </para> 694 786 <indexterm zone="bind dnssec-signzone"> 695 787 <primary sortas="b-dnssec-signzone">dnssec-signzone</primary> … … 727 819 <term><command>host</command></term> 728 820 <listitem> 729 <para>is a utility for DNS lookups.</para> 821 <para> 822 is a utility for DNS lookups. 823 </para> 730 824 <indexterm zone="bind host"> 731 825 <primary sortas="b-host">host</primary> … … 761 855 <term><command>lwresd</command></term> 762 856 <listitem> 763 <para>is a caching-only name server for local process use.</para> 857 <para> 858 is a caching-only name server for local process use. 859 </para> 764 860 <indexterm zone="bind lwresd"> 765 861 <primary sortas="b-lwresd">lwresd</primary> … … 771 867 <term><command>named</command></term> 772 868 <listitem> 773 <para>is the name server daemon.</para> 869 <para> 870 is the name server daemon. 871 </para> 774 872 <indexterm zone="bind named"> 775 873 <primary sortas="b-named">named</primary> … … 781 879 <term><command>named-checkconf</command></term> 782 880 <listitem> 783 <para>checks the syntax of <filename>named.conf</filename> 784 files.</para> 881 <para> 882 checks the syntax of <filename>named.conf</filename> 883 files. 884 </para> 785 885 <indexterm zone="bind named-checkconf"> 786 886 <primary sortas="b-named-checkconf">named-checkconf</primary> … … 792 892 <term><command>named-checkzone</command></term> 793 893 <listitem> 794 <para>checks zone file validity.</para> 894 <para> 895 checks zone file validity. 896 </para> 795 897 <indexterm zone="bind named-checkzone"> 796 898 <primary sortas="b-named-checkzone">named-checkzone</primary> … … 852 954 <term><command>nslookup</command></term> 853 955 <listitem> 854 <para>is a program used to query Internet domain nameservers.</para> 956 <para> 957 is a program used to query Internet domain nameservers. 958 </para> 855 959 <indexterm zone="bind nslookup"> 856 960 <primary sortas="b-nslookup">nslookup</primary> … … 862 966 <term><command>nsupdate</command></term> 863 967 <listitem> 864 <para>is used to submit DNS update requests.</para> 968 <para> 969 is used to submit DNS update requests. 970 </para> 865 971 <indexterm zone="bind nsupdate"> 866 972 <primary sortas="b-nsupdate">nsupdate</primary> … … 872 978 <term><command>rndc</command></term> 873 979 <listitem> 874 <para>controls the operation of <application>BIND</application>.</para> 980 <para> 981 controls the operation of <application>BIND</application>. 982 </para> 875 983 <indexterm zone="bind rndc"> 876 984 <primary sortas="b-rndc">rndc</primary> … … 882 990 <term><command>rndc-confgen</command></term> 883 991 <listitem> 884 <para>generates <filename>rndc.conf</filename> files.</para> 992 <para> 993 generates <filename>rndc.conf</filename> files. 994 </para> 885 995 <indexterm zone="bind rndc-confgen"> 886 996 <primary sortas="b-rndc-confgen">rndc-confgen</primary>
Note:
See TracChangeset
for help on using the changeset viewer.