Context Navigation

← Previous Changeset
Next Changeset →

Changeset 53217a6

Timestamp:

05/18/2005 03:39:14 PM (19 years ago)

Author:

Manuel Canales Esparcia <manuel@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

85190c3

Parents:

ab3a3af7

Message:

Tagged bind.xml

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4342 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

: 1 edited

server/major/bind.xml (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

server/major/bind.xml

-              rab3a3af7
+              r53217a6
   %general-entities;
 <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
 <!ENTITY bind-md5sum "fdb42fff7e345372ac52a4493b77b694">
 <!ENTITY bind-size "4.6 MB">
 <!ENTITY bind-buildsize "87 MB">
 <!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)">
+  <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+  <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+  <!ENTITY bind-md5sum "fdb42fff7e345372ac52a4493b77b694">
+  <!ENTITY bind-size "4.6 MB">
+  <!ENTITY bind-buildsize "87 MB">
+  <!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)">
 ]>
 <sect1 id="bind" xreflabel="BIND-&bind-version;p1">
+<sect1info>
+<othername>$LastChangedBy$</othername>
+<date>$Date$</date>
+</sect1info>
+<?dbhtml filename="bind.html"?>
+<title><acronym>BIND</acronym>-&bind-version;p1</title>
+<indexterm zone="bind">
+<primary sortas="a-BIND">BIND</primary>
+</indexterm>
+<sect2>
+<title>Introduction to
+<application><acronym>BIND</acronym></application></title>
+<para>The <application><acronym>BIND</acronym></application> package
+provides a <acronym>DNS</acronym> server and client utilities. If you
+are only interested in the utilities, refer to the
+<xref linkend="bind-utils"/>.</para>
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP):
+<ulink url="&bind-download-http;"/></para></listitem>
+<listitem><para>Download (FTP):
+<ulink url="&bind-download-ftp;"/></para></listitem>
+<listitem><para>Download MD5 sum:
+&bind-md5sum;</para></listitem>
+<listitem><para>Download size:
+&bind-size;</para></listitem>
+<listitem><para>Estimated disk space required:
+&bind-buildsize;</para></listitem>
+<listitem><para>Estimated build time:
+&bind-time;</para></listitem></itemizedlist>
+</sect3>
+<sect3><title>Additional downloads</title>
+<itemizedlist spacing='compact'>
+<listitem><para><ulink
+url="ftp://ftp.isc.org/isc/bind9/9.3.0/&bind-version;-patch1"/></para>
+</listitem>
+</itemizedlist>
+</sect3>
+<sect3><title><application><acronym>BIND</acronym></application>
+dependencies</title>
+<sect4><title>Optional</title>
+<para><xref linkend="openssl"/></para>
+</sect4>
+<sect4><title>Optional (to run the full test suite)</title>
+<para><xref linkend="net-tools"/> (for <command>ifconfig</command>) and
+<xref linkend="perl-modules"/>: Net-DNS</para>
+</sect4>
+<sect4><title>Optional (to [re]build documentation)</title>
+<para><xref linkend="openjade"/>,
+<xref linkend="jadetex"/>,
+<xref linkend="docbook-dsssl"/></para>
+</sect4>
+</sect3>
+</sect2>
+<sect2>
+<title>Installation of
+<application><acronym>BIND</acronym></application></title>
+<para>Install <application><acronym>BIND</acronym></application> by
+running the following commands:</para>
+<screen><userinput><command>patch -Np1 -i ../&bind-version;-patch1 &amp;&amp;
+  <?dbhtml filename="bind.html"?>
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+  <title>BIND-&bind-version;p1</title>
+  <indexterm zone="bind">
+    <primary sortas="a-BIND">BIND</primary>
+  </indexterm>
+  <sect2 role="package">
+    <title>Introduction to BIND</title>
+    <para>The <application>BIND</application> package provides a DNS server
+    and client utilities. If you are only interested in the utilities, refer
+    to the <xref linkend="bind-utils"/>.</para>
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &bind-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &bind-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &bind-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &bind-time;</para>
+      </listitem>
+    </itemizedlist>
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing='compact'>
+      <listitem>
+        <para><ulink
+        url="ftp://ftp.isc.org/isc/bind9/9.3.0/&bind-version;-patch1"/></para>
+      </listitem>
+    </itemizedlist>
+    <bridgehead renderas="sect3">BIND Dependencies</bridgehead>
+    <bridgehead renderas="sect4">Optional</bridgehead>
+    <para><xref linkend="openssl"/></para>
+    <bridgehead renderas="sect4">Optional (to Run the Full
+    Test Suite)</bridgehead>
+    <para><xref linkend="net-tools"/> (for <command>ifconfig</command>)
+    and <xref linkend="perl-modules"/>: Net-DNS</para>
+    <bridgehead renderas="sect4">Optional (to [Re]Build
+    Documentation)</bridgehead>
+    <para><xref linkend="openjade"/>,
+    <xref linkend="jadetex"/>,
+    <xref linkend="docbook-dsssl"/></para>
+  </sect2>
+  <sect2 role="installation">
+    <title>Installation of BIND</title>
+    <para>Install <application>BIND</application> by running the
+    following commands:</para>
+<screen><userinput>patch -Np1 -i ../&bind-version;-patch1 &amp;&amp;
 sed -i -e "s/dsssl-stylesheets/&amp;-1.78/g" configure &amp;&amp;
 ./configure --prefix=/usr --sysconfdir=/etc \
     --enable-threads --with-libtool &amp;&amp;
 make</command></userinput></screen>
 <para>Now, as the root user:</para>
 <screen><userinput role='root'><command>make install &amp;&amp;
+make</userinput></screen>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+<screen role="root"><userinput>make install &amp;&amp;
 chmod 755 \
     /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} &amp;&amp;
 mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &amp;&amp;
+mv -v /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &amp;&amp;
 cd doc &amp;&amp;
 install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &amp;&amp;
 install -m644 arm/*.html \
+install -v -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &amp;&amp;
+install -v -m644 arm/*.html \
     /usr/share/doc/bind-9.3.0/arm &amp;&amp;
 install -m644 draft/*.txt \
+install -v -m644 draft/*.txt \
     /usr/share/doc/bind-9.3.0/draft &amp;&amp;
 install -m644 rfc/* \
+install -v -m644 rfc/* \
     /usr/share/doc/bind-9.3.0/rfc &amp;&amp;
 install -m644 \
+install -v -m644 \
     misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
+    /usr/share/doc/bind-9.3.0/misc</command></userinput></screen>
+<para>In order to run the complete test suite before installing the
+package, you need to set up some dummy interfaces (requires
+<command>ifconfig</command>). Issue the following commands to run the
+complete suite of tests (you will have to be the root user to issue the
+<command>ifconfig</command> commands):</para>
+<screen><userinput role='root'><command>bin/tests/system/ifconfig.sh up &amp;&amp;
+    /usr/share/doc/bind-9.3.0/misc</userinput></screen>
+    <para>In order to run the complete test suite before installing the
+    package, you need to set up some dummy interfaces (requires
+    <command>ifconfig</command>). Issue the following commands to run the
+    complete suite of tests (you will have to be the <systemitem
+    class="username">root</systemitem> user to issue the
+    <command>ifconfig</command> commands):</para>
+<screen role="root"><userinput>bin/tests/system/ifconfig.sh up &amp;&amp;
 make check &gt;check.log 2&gt;&amp;1 &amp;&amp;
+bin/tests/system/ifconfig.sh down</command></userinput></screen>
+<para>If desired, issue the following command to ensure all 145 tests ran
+successfully:</para>
+<screen><userinput><command>grep "R:PASS" check.log | wc -l</command></userinput></screen>
+</sect2>
+<sect2>
+<title>Command explanations</title>
+<para><command>patch -Np1 -i ../&bind-version;-patch1</command>: There's a
+vulnerability in the <acronym>DNS</acronym><acronym>SEC</acronym> code. See
+<ulink url="http://www.kb.cert.org/vuls/id/938617"/>. The patch fixes the
+bug.</para>
+<para><command>sed -i -e ... configure</command>: This command forces
+<command>configure</command> to look for the <acronym>DSSSL</acronym>
+stylesheets in the standard <acronym>BLFS</acronym> location.</para>
+<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
+<application><acronym>BIND</acronym></application> to look for configuration
+files in <filename class='directory'>/etc</filename> instead of
+<filename class='directory'>/usr/etc</filename>.</para>
+<para><parameter>--enable-threads</parameter>: This parameter enables
+multi-threading capability.</para>
+<para><parameter>--with-libtool</parameter>: This parameter forces the
+building of dynamic libraries and links the installed binaries to these
+libraries.</para>
+<para><command>cd doc; install ...</command>: These commands install the
+additional package documentation. Optionally, omit any or all of these
+commands.</para>
+</sect2>
+<sect2>
+<title>Configuring
+<application><acronym>BIND</acronym></application></title>
+<sect3 id="bind-config"><title>Config files</title>
+<para><filename>named.conf</filename>,
+<filename>root.hints</filename>,
+<filename>127.0.0</filename>,
+<filename>rndc.conf</filename> and
+<filename>resolv.conf</filename></para>
+<indexterm zone="bind bind-config">
+<primary sortas="e-etc-named.conf">/etc/named.conf</primary></indexterm>
+<indexterm zone="bind bind-config">
+<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary></indexterm>
+<indexterm zone="bind bind-config">
+<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary></indexterm>
+<indexterm zone="bind bind-config">
+<primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
+</indexterm>
+<indexterm zone="bind bind-config">
+<primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
+</indexterm>
+</sect3>
+<sect3><title>Configuration Information</title>
+<para><application><acronym>BIND</acronym></application> will be configured
+to run in a <command>chroot</command> jail as an unprivileged user (named).
+This configuration is more secure in that a <acronym>DNS</acronym> compromise
+can only affect a few files in the named user's <envar>HOME</envar>
+directory.</para>
+<para>Create the unprivileged user and group named:</para>
+<screen><userinput role='root'><command>groupadd named &amp;&amp;
+useradd -m -c "BIND Owner" -g named -s /bin/false named</command></userinput></screen>
+<para>Set up some files, directories and devices needed by
+<application><acronym>BIND</acronym></application>:</para>
+<screen><userinput role='root'><command>cd /home/named &amp;&amp;
+bin/tests/system/ifconfig.sh down</userinput></screen>
+    <para>If desired, issue the following command to ensure all 145 tests
+    ran successfully:</para>
+<screen><userinput>grep "R:PASS" check.log | wc -l</userinput></screen>
+  </sect2>
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+    <para><command>patch -Np1 -i ../&bind-version;-patch1</command>: There's a
+    vulnerability in the DNSSEC code. See
+    <ulink url="http://www.kb.cert.org/vuls/id/938617"/>. The patch fixes the
+    bug.</para>
+    <para><command>sed -i -e ... configure</command>: This command forces
+    <command>configure</command> to look for the DSSSL stylesheets in the
+    standard BLFS location.</para>
+    <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
+    <application>BIND</application> to look for configuration
+    files in <filename class='directory'>/etc</filename> instead of
+    <filename class='directory'>/usr/etc</filename>.</para>
+    <para><parameter>--enable-threads</parameter>: This parameter enables
+    multi-threading capability.</para>
+    <para><parameter>--with-libtool</parameter>: This parameter forces the
+    building of dynamic libraries and links the installed binaries to these
+    libraries.</para>
+    <para><command>cd doc; install ...</command>: These commands install the
+    additional package documentation. Optionally, omit any or all of these
+    commands.</para>
+  </sect2>
+  <sect2 role="configuration">
+    <title>Configuring BIND</title>
+    <sect3 id="bind-config">
+      <title>Config files</title>
+      <para><filename>named.conf</filename>,
+      <filename>root.hints</filename>,
+      <filename>127.0.0</filename>,
+      <filename>rndc.conf</filename> and
+      <filename>resolv.conf</filename></para>
+      <indexterm zone="bind bind-config">
+        <primary sortas="e-etc-named.conf">/etc/named.conf</primary>
+      </indexterm>
+      <indexterm zone="bind bind-config">
+      <primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
+      </indexterm>
+      <indexterm zone="bind bind-config">
+        <primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
+      </indexterm>
+      <indexterm zone="bind bind-config">
+        <primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
+      </indexterm>
+      <indexterm zone="bind bind-config">
+        <primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
+      </indexterm>
+    </sect3>
+    <sect3>
+      <title>Configuration Information</title>
+      <para><application>BIND</application> will be configured to run in a
+      <command>chroot</command> jail as an unprivileged user (<systemitem
+      class="username">named</systemitem>). This configuration is more secure
+      in that a DNS compromise can only affect a few files in the <systemitem
+      class="username">named</systemitem> user's <envar>HOME</envar>
+      directory.</para>
+      <para>Create the unprivileged user and group <systemitem
+      class="username">named</systemitem>:</para>
+<screen role="root"><userinput>groupadd named &amp;&amp;
+useradd -m -c "BIND Owner" -g named -s /bin/false named</userinput></screen>
+      <para>Set up some files, directories and devices needed by
+      <application>BIND</application>:</para>
+<screen role="root"><userinput>cd /home/named &amp;&amp;
 mkdir -p dev etc/namedb/slave var/run &amp;&amp;
 mknod /home/named/dev/null c 1 3 &amp;&amp;
 …
 chmod 666 /home/named/dev/{null,random} &amp;&amp;
 mkdir /home/named/etc/namedb/pz &amp;&amp;
 cp /etc/localtime /home/named/etc</command></userinput></screen>
+<para>Then, generate a key for use in the <filename>named.conf</filename>
+and <filename>rdnc.conf</filename> files using the
 <command>rndc-confgen</command> command:</para>
 <screen><userinput role='root'><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>
+<para>Create the <filename>named.conf</filename> file from which named
+will read the location of zone files, root name servers and secure
 <acronym>DNS</acronym> keys:</para>
 <screen><userinput role='root'><command>cat &gt; /home/named/etc/named.conf &lt;&lt; "EOF"</command>
  options {
+cp /etc/localtime /home/named/etc</userinput></screen>
+      <para>Then, generate a key for use in the <filename>named.conf</filename>
+      and <filename>rdnc.conf</filename> files using the
+      <command>rndc-confgen</command> command:</para>
+<screen role="root"><userinput>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</userinput></screen>
+      <para>Create the <filename>named.conf</filename> file from which
+      <command>named</command> will read the location of zone files, root
+      name servers and secure DNS keys:</para>
+<screen role="root"><userinput>cat &gt; /home/named/etc/named.conf &lt;&lt; "EOF"
+<literal> options {
      directory "/etc/namedb";
     pid-file "/var/run/named.pid";
     statistics-file "/var/run/named.stats";
  };
  controls {
 …
                                           // this channel
   };
+};
+<command>EOF</command></userinput></screen>
+<para>Create the <filename>rndc.conf</filename> file with the following
+commands:</para>
+<screen><userinput role='root'><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
+key rndc_key {
+};</literal>
+EOF</userinput></screen>
+      <para>Create the <filename>rndc.conf</filename> file with the following
+      commands:</para>
+<screen role="root"><userinput>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"
+<literal>key rndc_key {
 algorithm "hmac-md5";
     secret
 …
     default-server localhost;
     default-key    rndc_key;
 };
 <command>EOF</command></userinput></screen>
+<para>The <filename>rndc.conf</filename> file contains information for
+controlling named operations with the <command>rndc</command>
 utility.</para>
 <para>Create a zone file with the following contents:</para>
 <screen><userinput role='root'><command>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"</command>
 $TTL 3D
+};</literal>
+EOF</userinput></screen>
+      <para>The <filename>rndc.conf</filename> file contains information for
+      controlling <command>named</command> operations with the
+      <command>rndc</command> utility.</para>
+      <para>Create a zone file with the following contents:</para>
+<screen role="root"><userinput>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"
+<literal>$TTL 3D
 @      IN      SOA     ns.local.domain. hostmaster.local.domain. (
        ; Serial
 …
 D)     ; Minimum TTL
                 NS      ns.local.domain.
+               PTR     localhost.
+<command>EOF</command></userinput></screen>
+<para>Create the <filename>root.hints</filename> file with the following
+commands:</para>
+<note><para>Caution must be used to ensure there are no leading spaces in this
+file.</para></note>
+<screen><userinput><command>cat &gt; /home/named/etc/namedb/root.hints &lt;&lt; "EOF"</command>
+.                       6D  IN      NS      A.ROOT-SERVERS.NET.
+               PTR     localhost.</literal>
+EOF</userinput></screen>
+      <para>Create the <filename>root.hints</filename> file with the following
+      commands:</para>
+      <note>
+        <para>Caution must be used to ensure there are no leading spaces in
+        this file.</para>
+      </note>
+<screen role="root"><userinput>cat &gt; /home/named/etc/namedb/root.hints &lt;&lt; "EOF"
+<literal>.                       6D  IN      NS      A.ROOT-SERVERS.NET.
 .                       6D  IN      NS      B.ROOT-SERVERS.NET.
 .                       6D  IN      NS      C.ROOT-SERVERS.NET.
 …
 K.ROOT-SERVERS.NET.     6D  IN      A       193.0.14.129
 L.ROOT-SERVERS.NET.     6D  IN      A       198.32.64.12
+M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
+<command>EOF</command></userinput></screen>
+<para>The <filename>root.hints</filename> file is a list of root name servers.
+This file must be updated periodically with the <command>dig</command>
+utility.  A current copy of root.hints can be obtained from
+<ulink url="ftp://rs.internic.net/domain/named.root" />. Consult the
+<ulink url="http://www.bind9.net/Bv9ARM.html"><application>
+<acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink>
+for details.</para>
+<para>Create or modify <filename>resolv.conf</filename> to use the new
+name server with the following commands:</para>
+<note><para>Replace <replaceable>[yourdomain.com]</replaceable> with your own
+valid domain name.</para></note>
+<screen><userinput role='root'><command>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
+cat &gt; /etc/resolv.conf &lt;&lt; "EOF"</command>
+search <replaceable>[yourdomain.com]</replaceable>
+nameserver 127.0.0.1
+<command>EOF</command></userinput></screen>
+<para>Set permissions on the <command>chroot</command> jail with the
+following command:</para>
+<screen><userinput role='root'><command>chown -R named.named /home/named</command></userinput></screen>
+<para id="bind-init">To start the <acronym>DNS</acronym> server at boot, install the
+<filename>/etc/rc.d/init.d/bind</filename> init script included in the
+<xref linkend="intro-important-bootscripts"/> package.</para>
+<indexterm zone="bind bind-init">
+<primary sortas="f-bind">bind</primary></indexterm>
+<screen><userinput role='root'><command>make install-bind</command></userinput></screen>
+<para>Now start <application><acronym>BIND</acronym></application> with
+the new boot script:</para>
+<screen><userinput role='root'><command>/etc/rc.d/init.d/bind start</command></userinput></screen>
+</sect3>
+<sect3><title>Testing <application><acronym>BIND</acronym></application></title>
+<para>Test out the new
+<application><acronym>BIND</acronym></application> 9 installation. First
+query the local host address with <command>dig</command>:</para>
+<screen><userinput><command>dig -x 127.0.0.1</command></userinput></screen>
+<para>Now try an external name lookup, taking note of the speed
+difference in repeated lookups due to the caching. Run the
+<command>dig</command> command twice on the same address:</para>
+<screen><userinput><command>dig www.linuxfromscratch.org &amp;&amp;
+dig www.linuxfromscratch.org</command></userinput></screen>
+<para>You can see almost instantaneous results with the named caching lookups.
+Consult the <application><acronym>BIND</acronym></application> Administrator
+Reference Manual located at
+<filename>doc/arm/Bv9ARM.html</filename> in the package source tree, for
+further configuration options.</para>
+</sect3>
+</sect2>
+<sect2>
+<title>Contents</title>
+<segmentedlist>
+<segtitle>Installed Programs</segtitle>
+<segtitle>Installed Libraries</segtitle>
+<segtitle>Installed Directories</segtitle>
+<seglistitem>
+<seg>dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd,
+named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc and
+rndc-confgen</seg>
+<seg>libbind9.[so,a], libdns.[so,a], libisc.[so,a], libisccc.[so,a],
+libisccfg.[so,a] and liblwres.[so,a]</seg>
+<seg>/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst,
+/usr/include/isc, /usr/include/isccc, /usr/include/isccfg, /usr/include/lwres
+and /usr/share/doc/bind-&bind-version;</seg>
+</seglistitem>
+</segmentedlist>
+<variablelist>
+<bridgehead renderas="sect3">Short Descriptions</bridgehead>
+<?dbfo list-presentation="list"?>
+<varlistentry id="dig">
+<term><command>dig</command></term>
+<listitem><para>interrogates <acronym>DNS</acronym> servers.</para>
+<indexterm zone="bind dig">
+<primary sortas="b-dig">dig</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="dnssec-keygen">
+<term><command>dnssec-keygen</command></term>
+<listitem><para>is a key generator for secure <acronym>DNS</acronym>.</para>
+<indexterm zone="bind dnssec-keygen">
+<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="dnssec-signzone">
+<term><command>dnssec-signzone</command></term>
+<listitem><para>generates signed versions of zone files.</para>
+<indexterm zone="bind dnssec-signzone">
+<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="host">
+<term><command>host</command></term>
+<listitem><para>is a utility for <acronym>DNS</acronym> lookups.</para>
+<indexterm zone="bind host">
+<primary sortas="b-host">host</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="lwresd">
+<term><command>lwresd</command></term>
+<listitem><para>is a caching-only name server for local process use.</para>
+<indexterm zone="bind lwresd">
+<primary sortas="b-lwresd">lwresd</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="named">
+<term><command>named</command></term>
+<listitem><para>is the name server daemon.</para>
+<indexterm zone="bind named">
+<primary sortas="b-named">named</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="named-checkconf">
+<term><command>named-checkconf</command></term>
+<listitem><para>checks the syntax of <filename>named.conf</filename>
+files.</para>
+<indexterm zone="bind named-checkconf">
+<primary sortas="b-named-checkconf">named-checkconf</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="named-checkzone">
+<term><command>named-checkzone</command></term>
+<listitem><para>checks zone file validity.</para>
+<indexterm zone="bind named-checkzone">
+<primary sortas="b-named-checkzone">named-checkzone</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="nslookup">
+<term><command>nslookup</command></term>
+<listitem><para>is a program used to query Internet domain nameservers.</para>
+<indexterm zone="bind nslookup">
+<primary sortas="b-nslookup">nslookup</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="nsupdate">
+<term><command>nsupdate</command></term>
+<listitem><para>is used to submit <acronym>DNS</acronym> update
+requests.</para>
+<indexterm zone="bind nsupdate">
+<primary sortas="b-nsupdate">nsupdate</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="rndc">
+<term><command>rndc</command></term>
+<listitem><para>controls the operation of
+<application><acronym>BIND</acronym></application>.</para>
+<indexterm zone="bind rndc">
+<primary sortas="b-rndc">rndc</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="rndc-confgen">
+<term><command>rndc-confgen</command></term>
+<listitem><para>generates <filename>rndc.conf</filename> files.</para>
+<indexterm zone="bind rndc-confgen">
+<primary sortas="b-rndc-confgen">rndc-confgen</primary>
+</indexterm></listitem>
+</varlistentry>
+</variablelist>
+</sect2>
+M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33</literal>
+EOF</userinput></screen>
+      <para>The <filename>root.hints</filename> file is a list of root
+      name servers. This file must be updated periodically with the
+      <command>dig</command> utility. A current copy of root.hints can be
+      obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
+      Consult the <ulink url="http://www.bind9.net/Bv9ARM.html">BIND 9
+      Administrator Reference Manual</ulink> for details.</para>
+      <para>Create or modify <filename>resolv.conf</filename> to use the new
+      name server with the following commands:</para>
+      <note>
+        <para>Replace <replaceable>[yourdomain.com]</replaceable> with
+        your own valid domain name.</para>
+      </note>
+<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
+cat &gt; /etc/resolv.conf &lt;&lt; "EOF"
+<literal>search <replaceable>[yourdomain.com]</replaceable>
+nameserver 127.0.0.1</literal>
+EOF</userinput></screen>
+      <para>Set permissions on the <command>chroot</command> jail with the
+      following command:</para>
+<screen role="root"><userinput>chown -R named.named /home/named</userinput></screen>
+    </sect3>
+    <sect3  id="bind-init">
+      <title>Boot Script</title>
+      <para>To start the DNS server at boot, install the
+      <filename>/etc/rc.d/init.d/bind</filename> init script included
+      in the <xref linkend="intro-important-bootscripts"/> package.</para>
+      <indexterm zone="bind bind-init">
+        <primary sortas="f-bind">bind</primary>
+      </indexterm>
+<screen role="root"><userinput>make install-bind</userinput></screen>
+      <para>Now start <application>BIND</application> with
+      the new boot script:</para>
+<screen role="root"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
+    </sect3>
+    <sect3>
+      <title>Testing BIND</title>
+      <para>Test out the new <application>BIND</application> 9 installation.
+      First query the local host address with <command>dig</command>:</para>
+<screen><userinput>dig -x 127.0.0.1</userinput></screen>
+      <para>Now try an external name lookup, taking note of the speed
+      difference in repeated lookups due to the caching. Run the
+      <command>dig</command> command twice on the same address:</para>
+<screen><userinput>dig www.linuxfromscratch.org &amp;&amp;
+dig www.linuxfromscratch.org</userinput></screen>
+      <para>You can see almost instantaneous results with the named caching
+      lookups. Consult the <application>BIND</application> Administrator
+      Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
+      in the package source tree, for further configuration options.</para>
+    </sect3>
+  </sect2>
+  <sect2 role="content">
+    <title>Contents</title>
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Libraries</segtitle>
+      <segtitle>Installed Directories</segtitle>
+      <seglistitem>
+        <seg>dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd,
+        named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc, and
+        rndc-confgen</seg>
+        <seg>libbind9.[so,a], libdns.[so,a], libisc.[so,a], libisccc.[so,a],
+        libisccfg.[so,a], and liblwres.[so,a]</seg>
+        <seg>/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst,
+        /usr/include/isc, /usr/include/isccc, /usr/include/isccfg,
+        /usr/include/lwres, and /usr/share/doc/bind-&bind-version;</seg>
+      </seglistitem>
+    </segmentedlist>
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+      <varlistentry id="dig">
+        <term><command>dig</command></term>
+        <listitem>
+          <para>interrogates DNS servers.</para>
+          <indexterm zone="bind dig">
+            <primary sortas="b-dig">dig</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="dnssec-keygen">
+        <term><command>dnssec-keygen</command></term>
+        <listitem>
+          <para>is a key generator for secure DNS.</para>
+          <indexterm zone="bind dnssec-keygen">
+            <primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="dnssec-signzone">
+        <term><command>dnssec-signzone</command></term>
+        <listitem>
+          <para>generates signed versions of zone files.</para>
+          <indexterm zone="bind dnssec-signzone">
+            <primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="host">
+        <term><command>host</command></term>
+        <listitem>
+          <para>is a utility for DNS lookups.</para>
+          <indexterm zone="bind host">
+            <primary sortas="b-host">host</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="lwresd">
+        <term><command>lwresd</command></term>
+        <listitem>
+          <para>is a caching-only name server for local process use.</para>
+          <indexterm zone="bind lwresd">
+            <primary sortas="b-lwresd">lwresd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="named">
+        <term><command>named</command></term>
+        <listitem>
+          <para>is the name server daemon.</para>
+          <indexterm zone="bind named">
+            <primary sortas="b-named">named</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="named-checkconf">
+        <term><command>named-checkconf</command></term>
+        <listitem>
+          <para>checks the syntax of <filename>named.conf</filename>
+          files.</para>
+          <indexterm zone="bind named-checkconf">
+            <primary sortas="b-named-checkconf">named-checkconf</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="named-checkzone">
+        <term><command>named-checkzone</command></term>
+        <listitem>
+          <para>checks zone file validity.</para>
+          <indexterm zone="bind named-checkzone">
+            <primary sortas="b-named-checkzone">named-checkzone</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="nslookup">
+        <term><command>nslookup</command></term>
+        <listitem>
+          <para>is a program used to query Internet domain nameservers.</para>
+          <indexterm zone="bind nslookup">
+            <primary sortas="b-nslookup">nslookup</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="nsupdate">
+        <term><command>nsupdate</command></term>
+        <listitem>
+          <para>is used to submit DNS update requests.</para>
+          <indexterm zone="bind nsupdate">
+            <primary sortas="b-nsupdate">nsupdate</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="rndc">
+        <term><command>rndc</command></term>
+        <listitem>
+          <para>controls the operation of <application>BIND</application>.</para>
+          <indexterm zone="bind rndc">
+            <primary sortas="b-rndc">rndc</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="rndc-confgen">
+        <term><command>rndc-confgen</command></term>
+        <listitem>
+          <para>generates <filename>rndc.conf</filename> files.</para>
+          <indexterm zone="bind rndc-confgen">
+            <primary sortas="b-rndc-confgen">rndc-confgen</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </sect2>
 </sect1>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 53217a6

Legend:

server/major/bind.xml

Download in other formats: