Changeset 53217a6
- Timestamp:
- 05/18/2005 03:39:14 PM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 85190c3
- Parents:
- ab3a3af7
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/major/bind.xml
rab3a3af7 r53217a6 5 5 %general-entities; 6 6 7 <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">9 <!ENTITY bind-md5sum "fdb42fff7e345372ac52a4493b77b694">10 <!ENTITY bind-size "4.6 MB">11 <!ENTITY bind-buildsize "87 MB">12 <!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)">7 <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz"> 8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz"> 9 <!ENTITY bind-md5sum "fdb42fff7e345372ac52a4493b77b694"> 10 <!ENTITY bind-size "4.6 MB"> 11 <!ENTITY bind-buildsize "87 MB"> 12 <!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)"> 13 13 ]> 14 14 15 15 <sect1 id="bind" xreflabel="BIND-&bind-version;p1"> 16 <sect1info> 17 <othername>$LastChangedBy$</othername> 18 <date>$Date$</date> 19 </sect1info> 20 <?dbhtml filename="bind.html"?> 21 <title><acronym>BIND</acronym>-&bind-version;p1</title> 22 <indexterm zone="bind"> 23 <primary sortas="a-BIND">BIND</primary> 24 </indexterm> 25 26 <sect2> 27 <title>Introduction to 28 <application><acronym>BIND</acronym></application></title> 29 30 <para>The <application><acronym>BIND</acronym></application> package 31 provides a <acronym>DNS</acronym> server and client utilities. If you 32 are only interested in the utilities, refer to the 33 <xref linkend="bind-utils"/>.</para> 34 35 <sect3><title>Package information</title> 36 <itemizedlist spacing='compact'> 37 <listitem><para>Download (HTTP): 38 <ulink url="&bind-download-http;"/></para></listitem> 39 <listitem><para>Download (FTP): 40 <ulink url="&bind-download-ftp;"/></para></listitem> 41 <listitem><para>Download MD5 sum: 42 &bind-md5sum;</para></listitem> 43 <listitem><para>Download size: 44 &bind-size;</para></listitem> 45 <listitem><para>Estimated disk space required: 46 &bind-buildsize;</para></listitem> 47 <listitem><para>Estimated build time: 48 &bind-time;</para></listitem></itemizedlist> 49 </sect3> 50 51 <sect3><title>Additional downloads</title> 52 <itemizedlist spacing='compact'> 53 <listitem><para><ulink 54 url="ftp://ftp.isc.org/isc/bind9/9.3.0/&bind-version;-patch1"/></para> 55 </listitem> 56 </itemizedlist> 57 </sect3> 58 59 <sect3><title><application><acronym>BIND</acronym></application> 60 dependencies</title> 61 <sect4><title>Optional</title> 62 <para><xref linkend="openssl"/></para> 63 </sect4> 64 65 <sect4><title>Optional (to run the full test suite)</title> 66 <para><xref linkend="net-tools"/> (for <command>ifconfig</command>) and 67 <xref linkend="perl-modules"/>: Net-DNS</para> 68 </sect4> 69 70 <sect4><title>Optional (to [re]build documentation)</title> 71 <para><xref linkend="openjade"/>, 72 <xref linkend="jadetex"/>, 73 <xref linkend="docbook-dsssl"/></para> 74 </sect4> 75 </sect3> 76 77 </sect2> 78 79 <sect2> 80 <title>Installation of 81 <application><acronym>BIND</acronym></application></title> 82 83 <para>Install <application><acronym>BIND</acronym></application> by 84 running the following commands:</para> 85 86 <screen><userinput><command>patch -Np1 -i ../&bind-version;-patch1 && 16 <?dbhtml filename="bind.html"?> 17 18 <sect1info> 19 <othername>$LastChangedBy$</othername> 20 <date>$Date$</date> 21 </sect1info> 22 23 <title>BIND-&bind-version;p1</title> 24 25 <indexterm zone="bind"> 26 <primary sortas="a-BIND">BIND</primary> 27 </indexterm> 28 29 <sect2 role="package"> 30 <title>Introduction to BIND</title> 31 32 <para>The <application>BIND</application> package provides a DNS server 33 and client utilities. If you are only interested in the utilities, refer 34 to the <xref linkend="bind-utils"/>.</para> 35 36 <bridgehead renderas="sect3">Package Information</bridgehead> 37 <itemizedlist spacing="compact"> 38 <listitem> 39 <para>Download (HTTP): <ulink url="&bind-download-http;"/></para> 40 </listitem> 41 <listitem> 42 <para>Download (FTP): <ulink url="&bind-download-ftp;"/></para> 43 </listitem> 44 <listitem> 45 <para>Download MD5 sum: &bind-md5sum;</para> 46 </listitem> 47 <listitem> 48 <para>Download size: &bind-size;</para> 49 </listitem> 50 <listitem> 51 <para>Estimated disk space required: &bind-buildsize;</para> 52 </listitem> 53 <listitem> 54 <para>Estimated build time: &bind-time;</para> 55 </listitem> 56 </itemizedlist> 57 58 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 59 <itemizedlist spacing='compact'> 60 <listitem> 61 <para><ulink 62 url="ftp://ftp.isc.org/isc/bind9/9.3.0/&bind-version;-patch1"/></para> 63 </listitem> 64 </itemizedlist> 65 66 <bridgehead renderas="sect3">BIND Dependencies</bridgehead> 67 68 <bridgehead renderas="sect4">Optional</bridgehead> 69 <para><xref linkend="openssl"/></para> 70 71 <bridgehead renderas="sect4">Optional (to Run the Full 72 Test Suite)</bridgehead> 73 <para><xref linkend="net-tools"/> (for <command>ifconfig</command>) 74 and <xref linkend="perl-modules"/>: Net-DNS</para> 75 76 <bridgehead renderas="sect4">Optional (to [Re]Build 77 Documentation)</bridgehead> 78 <para><xref linkend="openjade"/>, 79 <xref linkend="jadetex"/>, 80 <xref linkend="docbook-dsssl"/></para> 81 82 </sect2> 83 84 <sect2 role="installation"> 85 <title>Installation of BIND</title> 86 87 <para>Install <application>BIND</application> by running the 88 following commands:</para> 89 90 <screen><userinput>patch -Np1 -i ../&bind-version;-patch1 && 87 91 sed -i -e "s/dsssl-stylesheets/&-1.78/g" configure && 88 92 ./configure --prefix=/usr --sysconfdir=/etc \ 89 93 --enable-threads --with-libtool && 90 make</ command></userinput></screen>91 92 <para>Now, as the rootuser:</para>93 94 <screen ><userinput role='root'><command>make install &&94 make</userinput></screen> 95 96 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 97 98 <screen role="root"><userinput>make install && 95 99 chmod 755 \ 96 100 /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} && 97 mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &&101 mv -v /usr/share/man/man8/named.conf.5 /usr/share/man/man5 && 98 102 cd doc && 99 install - d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &&100 install - m644 arm/*.html \103 install -v -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} && 104 install -v -m644 arm/*.html \ 101 105 /usr/share/doc/bind-9.3.0/arm && 102 install - m644 draft/*.txt \106 install -v -m644 draft/*.txt \ 103 107 /usr/share/doc/bind-9.3.0/draft && 104 install - m644 rfc/* \108 install -v -m644 rfc/* \ 105 109 /usr/share/doc/bind-9.3.0/rfc && 106 install - m644 \110 install -v -m644 \ 107 111 misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \ 108 /usr/share/doc/bind-9.3.0/misc</command></userinput></screen> 109 110 <para>In order to run the complete test suite before installing the 111 package, you need to set up some dummy interfaces (requires 112 <command>ifconfig</command>). Issue the following commands to run the 113 complete suite of tests (you will have to be the root user to issue the 114 <command>ifconfig</command> commands):</para> 115 116 <screen><userinput role='root'><command>bin/tests/system/ifconfig.sh up && 112 /usr/share/doc/bind-9.3.0/misc</userinput></screen> 113 114 <para>In order to run the complete test suite before installing the 115 package, you need to set up some dummy interfaces (requires 116 <command>ifconfig</command>). Issue the following commands to run the 117 complete suite of tests (you will have to be the <systemitem 118 class="username">root</systemitem> user to issue the 119 <command>ifconfig</command> commands):</para> 120 121 <screen role="root"><userinput>bin/tests/system/ifconfig.sh up && 117 122 make check >check.log 2>&1 && 118 bin/tests/system/ifconfig.sh down</command></userinput></screen> 119 120 <para>If desired, issue the following command to ensure all 145 tests ran 121 successfully:</para> 122 123 <screen><userinput><command>grep "R:PASS" check.log | wc -l</command></userinput></screen> 124 125 </sect2> 126 127 <sect2> 128 <title>Command explanations</title> 129 130 <para><command>patch -Np1 -i ../&bind-version;-patch1</command>: There's a 131 vulnerability in the <acronym>DNS</acronym><acronym>SEC</acronym> code. See 132 <ulink url="http://www.kb.cert.org/vuls/id/938617"/>. The patch fixes the 133 bug.</para> 134 135 <para><command>sed -i -e ... configure</command>: This command forces 136 <command>configure</command> to look for the <acronym>DSSSL</acronym> 137 stylesheets in the standard <acronym>BLFS</acronym> location.</para> 138 139 <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces 140 <application><acronym>BIND</acronym></application> to look for configuration 141 files in <filename class='directory'>/etc</filename> instead of 142 <filename class='directory'>/usr/etc</filename>.</para> 143 144 <para><parameter>--enable-threads</parameter>: This parameter enables 145 multi-threading capability.</para> 146 147 <para><parameter>--with-libtool</parameter>: This parameter forces the 148 building of dynamic libraries and links the installed binaries to these 149 libraries.</para> 150 151 <para><command>cd doc; install ...</command>: These commands install the 152 additional package documentation. Optionally, omit any or all of these 153 commands.</para> 154 155 </sect2> 156 157 <sect2> 158 <title>Configuring 159 <application><acronym>BIND</acronym></application></title> 160 161 <sect3 id="bind-config"><title>Config files</title> 162 <para><filename>named.conf</filename>, 163 <filename>root.hints</filename>, 164 <filename>127.0.0</filename>, 165 <filename>rndc.conf</filename> and 166 <filename>resolv.conf</filename></para> 167 <indexterm zone="bind bind-config"> 168 <primary sortas="e-etc-named.conf">/etc/named.conf</primary></indexterm> 169 <indexterm zone="bind bind-config"> 170 <primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary></indexterm> 171 <indexterm zone="bind bind-config"> 172 <primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary></indexterm> 173 <indexterm zone="bind bind-config"> 174 <primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary> 175 </indexterm> 176 <indexterm zone="bind bind-config"> 177 <primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary> 178 </indexterm> 179 </sect3> 180 181 <sect3><title>Configuration Information</title> 182 183 <para><application><acronym>BIND</acronym></application> will be configured 184 to run in a <command>chroot</command> jail as an unprivileged user (named). 185 This configuration is more secure in that a <acronym>DNS</acronym> compromise 186 can only affect a few files in the named user's <envar>HOME</envar> 187 directory.</para> 188 189 <para>Create the unprivileged user and group named:</para> 190 191 <screen><userinput role='root'><command>groupadd named && 192 useradd -m -c "BIND Owner" -g named -s /bin/false named</command></userinput></screen> 193 194 <para>Set up some files, directories and devices needed by 195 <application><acronym>BIND</acronym></application>:</para> 196 197 <screen><userinput role='root'><command>cd /home/named && 123 bin/tests/system/ifconfig.sh down</userinput></screen> 124 125 <para>If desired, issue the following command to ensure all 145 tests 126 ran successfully:</para> 127 128 <screen><userinput>grep "R:PASS" check.log | wc -l</userinput></screen> 129 130 </sect2> 131 132 <sect2 role="commands"> 133 <title>Command Explanations</title> 134 135 <para><command>patch -Np1 -i ../&bind-version;-patch1</command>: There's a 136 vulnerability in the DNSSEC code. See 137 <ulink url="http://www.kb.cert.org/vuls/id/938617"/>. The patch fixes the 138 bug.</para> 139 140 <para><command>sed -i -e ... configure</command>: This command forces 141 <command>configure</command> to look for the DSSSL stylesheets in the 142 standard BLFS location.</para> 143 144 <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces 145 <application>BIND</application> to look for configuration 146 files in <filename class='directory'>/etc</filename> instead of 147 <filename class='directory'>/usr/etc</filename>.</para> 148 149 <para><parameter>--enable-threads</parameter>: This parameter enables 150 multi-threading capability.</para> 151 152 <para><parameter>--with-libtool</parameter>: This parameter forces the 153 building of dynamic libraries and links the installed binaries to these 154 libraries.</para> 155 156 <para><command>cd doc; install ...</command>: These commands install the 157 additional package documentation. Optionally, omit any or all of these 158 commands.</para> 159 160 </sect2> 161 162 <sect2 role="configuration"> 163 <title>Configuring BIND</title> 164 165 <sect3 id="bind-config"> 166 <title>Config files</title> 167 168 <para><filename>named.conf</filename>, 169 <filename>root.hints</filename>, 170 <filename>127.0.0</filename>, 171 <filename>rndc.conf</filename> and 172 <filename>resolv.conf</filename></para> 173 174 <indexterm zone="bind bind-config"> 175 <primary sortas="e-etc-named.conf">/etc/named.conf</primary> 176 </indexterm> 177 178 <indexterm zone="bind bind-config"> 179 <primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary> 180 </indexterm> 181 182 <indexterm zone="bind bind-config"> 183 <primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary> 184 </indexterm> 185 186 <indexterm zone="bind bind-config"> 187 <primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary> 188 </indexterm> 189 190 <indexterm zone="bind bind-config"> 191 <primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary> 192 </indexterm> 193 194 </sect3> 195 196 <sect3> 197 <title>Configuration Information</title> 198 199 <para><application>BIND</application> will be configured to run in a 200 <command>chroot</command> jail as an unprivileged user (<systemitem 201 class="username">named</systemitem>). This configuration is more secure 202 in that a DNS compromise can only affect a few files in the <systemitem 203 class="username">named</systemitem> user's <envar>HOME</envar> 204 directory.</para> 205 206 <para>Create the unprivileged user and group <systemitem 207 class="username">named</systemitem>:</para> 208 209 <screen role="root"><userinput>groupadd named && 210 useradd -m -c "BIND Owner" -g named -s /bin/false named</userinput></screen> 211 212 <para>Set up some files, directories and devices needed by 213 <application>BIND</application>:</para> 214 215 <screen role="root"><userinput>cd /home/named && 198 216 mkdir -p dev etc/namedb/slave var/run && 199 217 mknod /home/named/dev/null c 1 3 && … … 201 219 chmod 666 /home/named/dev/{null,random} && 202 220 mkdir /home/named/etc/namedb/pz && 203 cp /etc/localtime /home/named/etc</ command></userinput></screen>204 205 <para>Then, generate a key for use in the <filename>named.conf</filename> 206 and <filename>rdnc.conf</filename> files using the 207 <command>rndc-confgen</command> command:</para>208 209 <screen ><userinput role='root'><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>210 211 <para>Create the <filename>named.conf</filename> file from which named 212 will read the location of zone files, root name servers and secure 213 <acronym>DNS</acronym>keys:</para>214 215 <screen ><userinput role='root'><command>cat > /home/named/etc/named.conf << "EOF"</command>216 options {221 cp /etc/localtime /home/named/etc</userinput></screen> 222 223 <para>Then, generate a key for use in the <filename>named.conf</filename> 224 and <filename>rdnc.conf</filename> files using the 225 <command>rndc-confgen</command> command:</para> 226 227 <screen role="root"><userinput>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</userinput></screen> 228 229 <para>Create the <filename>named.conf</filename> file from which 230 <command>named</command> will read the location of zone files, root 231 name servers and secure DNS keys:</para> 232 233 <screen role="root"><userinput>cat > /home/named/etc/named.conf << "EOF" 234 <literal> options { 217 235 directory "/etc/namedb"; 218 236 pid-file "/var/run/named.pid"; 219 237 statistics-file "/var/run/named.stats"; 220 238 221 239 }; 222 240 controls { … … 271 289 // this channel 272 290 }; 273 }; 274 275 276 277 <command>EOF</command></userinput></screen> 278 279 <para>Create the <filename>rndc.conf</filename> file with the following 280 commands:</para> 281 282 <screen><userinput role='root'><command>cat > /etc/rndc.conf << "EOF"</command> 283 key rndc_key { 291 };</literal> 292 293 EOF</userinput></screen> 294 295 <para>Create the <filename>rndc.conf</filename> file with the following 296 commands:</para> 297 298 <screen role="root"><userinput>cat > /etc/rndc.conf << "EOF" 299 <literal>key rndc_key { 284 300 algorithm "hmac-md5"; 285 301 secret … … 289 305 default-server localhost; 290 306 default-key rndc_key; 291 }; 292 <command>EOF</command></userinput></screen>293 294 <para>The <filename>rndc.conf</filename> file contains information for 295 controlling named operations with the <command>rndc</command> 296 utility.</para>297 298 <para>Create a zone file with the following contents:</para>299 300 <screen ><userinput role='root'><command>cat > /home/named/etc/namedb/pz/127.0.0 << "EOF"</command>301 $TTL 3D307 };</literal> 308 EOF</userinput></screen> 309 310 <para>The <filename>rndc.conf</filename> file contains information for 311 controlling <command>named</command> operations with the 312 <command>rndc</command> utility.</para> 313 314 <para>Create a zone file with the following contents:</para> 315 316 <screen role="root"><userinput>cat > /home/named/etc/namedb/pz/127.0.0 << "EOF" 317 <literal>$TTL 3D 302 318 @ IN SOA ns.local.domain. hostmaster.local.domain. ( 303 319 1 ; Serial … … 307 323 1D) ; Minimum TTL 308 324 NS ns.local.domain. 309 1 PTR localhost. 310 <command>EOF</command></userinput></screen> 311 312 <para>Create the <filename>root.hints</filename> file with the following 313 commands:</para> 314 315 <note><para>Caution must be used to ensure there are no leading spaces in this 316 file.</para></note> 317 318 <screen><userinput><command>cat > /home/named/etc/namedb/root.hints << "EOF"</command> 319 . 6D IN NS A.ROOT-SERVERS.NET. 325 1 PTR localhost.</literal> 326 EOF</userinput></screen> 327 328 <para>Create the <filename>root.hints</filename> file with the following 329 commands:</para> 330 331 <note> 332 <para>Caution must be used to ensure there are no leading spaces in 333 this file.</para> 334 </note> 335 336 <screen role="root"><userinput>cat > /home/named/etc/namedb/root.hints << "EOF" 337 <literal>. 6D IN NS A.ROOT-SERVERS.NET. 320 338 . 6D IN NS B.ROOT-SERVERS.NET. 321 339 . 6D IN NS C.ROOT-SERVERS.NET. … … 342 360 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129 343 361 L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12 344 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33 345 <command>EOF</command></userinput></screen> 346 347 <para>The <filename>root.hints</filename> file is a list of root name servers. 348 This file must be updated periodically with the <command>dig</command> 349 utility. A current copy of root.hints can be obtained from 350 <ulink url="ftp://rs.internic.net/domain/named.root" />. Consult the 351 <ulink url="http://www.bind9.net/Bv9ARM.html"><application> 352 <acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> 353 for details.</para> 354 355 <para>Create or modify <filename>resolv.conf</filename> to use the new 356 name server with the following commands:</para> 357 358 <note><para>Replace <replaceable>[yourdomain.com]</replaceable> with your own 359 valid domain name.</para></note> 360 361 <screen><userinput role='root'><command>cp /etc/resolv.conf /etc/resolv.conf.bak && 362 cat > /etc/resolv.conf << "EOF"</command> 363 search <replaceable>[yourdomain.com]</replaceable> 364 nameserver 127.0.0.1 365 <command>EOF</command></userinput></screen> 366 367 <para>Set permissions on the <command>chroot</command> jail with the 368 following command:</para> 369 370 <screen><userinput role='root'><command>chown -R named.named /home/named</command></userinput></screen> 371 372 <para id="bind-init">To start the <acronym>DNS</acronym> server at boot, install the 373 <filename>/etc/rc.d/init.d/bind</filename> init script included in the 374 <xref linkend="intro-important-bootscripts"/> package.</para> 375 <indexterm zone="bind bind-init"> 376 <primary sortas="f-bind">bind</primary></indexterm> 377 378 <screen><userinput role='root'><command>make install-bind</command></userinput></screen> 379 380 <para>Now start <application><acronym>BIND</acronym></application> with 381 the new boot script:</para> 382 383 <screen><userinput role='root'><command>/etc/rc.d/init.d/bind start</command></userinput></screen> 384 385 </sect3> 386 387 <sect3><title>Testing <application><acronym>BIND</acronym></application></title> 388 389 <para>Test out the new 390 <application><acronym>BIND</acronym></application> 9 installation. First 391 query the local host address with <command>dig</command>:</para> 392 393 <screen><userinput><command>dig -x 127.0.0.1</command></userinput></screen> 394 395 <para>Now try an external name lookup, taking note of the speed 396 difference in repeated lookups due to the caching. Run the 397 <command>dig</command> command twice on the same address:</para> 398 399 <screen><userinput><command>dig www.linuxfromscratch.org && 400 dig www.linuxfromscratch.org</command></userinput></screen> 401 402 <para>You can see almost instantaneous results with the named caching lookups. 403 Consult the <application><acronym>BIND</acronym></application> Administrator 404 Reference Manual located at 405 <filename>doc/arm/Bv9ARM.html</filename> in the package source tree, for 406 further configuration options.</para> 407 </sect3> 408 409 </sect2> 410 411 <sect2> 412 <title>Contents</title> 413 414 <segmentedlist> 415 <segtitle>Installed Programs</segtitle> 416 <segtitle>Installed Libraries</segtitle> 417 <segtitle>Installed Directories</segtitle> 418 419 <seglistitem> 420 <seg>dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd, 421 named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc and 422 rndc-confgen</seg> 423 <seg>libbind9.[so,a], libdns.[so,a], libisc.[so,a], libisccc.[so,a], 424 libisccfg.[so,a] and liblwres.[so,a]</seg> 425 <seg>/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst, 426 /usr/include/isc, /usr/include/isccc, /usr/include/isccfg, /usr/include/lwres 427 and /usr/share/doc/bind-&bind-version;</seg> 428 </seglistitem> 429 </segmentedlist> 430 431 <variablelist> 432 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 433 <?dbfo list-presentation="list"?> 434 435 <varlistentry id="dig"> 436 <term><command>dig</command></term> 437 <listitem><para>interrogates <acronym>DNS</acronym> servers.</para> 438 <indexterm zone="bind dig"> 439 <primary sortas="b-dig">dig</primary> 440 </indexterm></listitem> 441 </varlistentry> 442 443 <varlistentry id="dnssec-keygen"> 444 <term><command>dnssec-keygen</command></term> 445 <listitem><para>is a key generator for secure <acronym>DNS</acronym>.</para> 446 <indexterm zone="bind dnssec-keygen"> 447 <primary sortas="b-dnssec-keygen">dnssec-keygen</primary> 448 </indexterm></listitem> 449 </varlistentry> 450 451 <varlistentry id="dnssec-signzone"> 452 <term><command>dnssec-signzone</command></term> 453 <listitem><para>generates signed versions of zone files.</para> 454 <indexterm zone="bind dnssec-signzone"> 455 <primary sortas="b-dnssec-signzone">dnssec-signzone</primary> 456 </indexterm></listitem> 457 </varlistentry> 458 459 <varlistentry id="host"> 460 <term><command>host</command></term> 461 <listitem><para>is a utility for <acronym>DNS</acronym> lookups.</para> 462 <indexterm zone="bind host"> 463 <primary sortas="b-host">host</primary> 464 </indexterm></listitem> 465 </varlistentry> 466 467 <varlistentry id="lwresd"> 468 <term><command>lwresd</command></term> 469 <listitem><para>is a caching-only name server for local process use.</para> 470 <indexterm zone="bind lwresd"> 471 <primary sortas="b-lwresd">lwresd</primary> 472 </indexterm></listitem> 473 </varlistentry> 474 475 <varlistentry id="named"> 476 <term><command>named</command></term> 477 <listitem><para>is the name server daemon.</para> 478 <indexterm zone="bind named"> 479 <primary sortas="b-named">named</primary> 480 </indexterm></listitem> 481 </varlistentry> 482 483 <varlistentry id="named-checkconf"> 484 <term><command>named-checkconf</command></term> 485 <listitem><para>checks the syntax of <filename>named.conf</filename> 486 files.</para> 487 <indexterm zone="bind named-checkconf"> 488 <primary sortas="b-named-checkconf">named-checkconf</primary> 489 </indexterm></listitem> 490 </varlistentry> 491 492 <varlistentry id="named-checkzone"> 493 <term><command>named-checkzone</command></term> 494 <listitem><para>checks zone file validity.</para> 495 <indexterm zone="bind named-checkzone"> 496 <primary sortas="b-named-checkzone">named-checkzone</primary> 497 </indexterm></listitem> 498 </varlistentry> 499 500 <varlistentry id="nslookup"> 501 <term><command>nslookup</command></term> 502 <listitem><para>is a program used to query Internet domain nameservers.</para> 503 <indexterm zone="bind nslookup"> 504 <primary sortas="b-nslookup">nslookup</primary> 505 </indexterm></listitem> 506 </varlistentry> 507 508 <varlistentry id="nsupdate"> 509 <term><command>nsupdate</command></term> 510 <listitem><para>is used to submit <acronym>DNS</acronym> update 511 requests.</para> 512 <indexterm zone="bind nsupdate"> 513 <primary sortas="b-nsupdate">nsupdate</primary> 514 </indexterm></listitem> 515 </varlistentry> 516 517 <varlistentry id="rndc"> 518 <term><command>rndc</command></term> 519 <listitem><para>controls the operation of 520 <application><acronym>BIND</acronym></application>.</para> 521 <indexterm zone="bind rndc"> 522 <primary sortas="b-rndc">rndc</primary> 523 </indexterm></listitem> 524 </varlistentry> 525 526 <varlistentry id="rndc-confgen"> 527 <term><command>rndc-confgen</command></term> 528 <listitem><para>generates <filename>rndc.conf</filename> files.</para> 529 <indexterm zone="bind rndc-confgen"> 530 <primary sortas="b-rndc-confgen">rndc-confgen</primary> 531 </indexterm></listitem> 532 </varlistentry> 533 </variablelist> 534 535 </sect2> 362 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33</literal> 363 EOF</userinput></screen> 364 365 <para>The <filename>root.hints</filename> file is a list of root 366 name servers. This file must be updated periodically with the 367 <command>dig</command> utility. A current copy of root.hints can be 368 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />. 369 Consult the <ulink url="http://www.bind9.net/Bv9ARM.html">BIND 9 370 Administrator Reference Manual</ulink> for details.</para> 371 372 <para>Create or modify <filename>resolv.conf</filename> to use the new 373 name server with the following commands:</para> 374 375 <note> 376 <para>Replace <replaceable>[yourdomain.com]</replaceable> with 377 your own valid domain name.</para> 378 </note> 379 380 <screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak && 381 cat > /etc/resolv.conf << "EOF" 382 <literal>search <replaceable>[yourdomain.com]</replaceable> 383 nameserver 127.0.0.1</literal> 384 EOF</userinput></screen> 385 386 <para>Set permissions on the <command>chroot</command> jail with the 387 following command:</para> 388 389 <screen role="root"><userinput>chown -R named.named /home/named</userinput></screen> 390 391 </sect3> 392 393 <sect3 id="bind-init"> 394 <title>Boot Script</title> 395 396 <para>To start the DNS server at boot, install the 397 <filename>/etc/rc.d/init.d/bind</filename> init script included 398 in the <xref linkend="intro-important-bootscripts"/> package.</para> 399 400 <indexterm zone="bind bind-init"> 401 <primary sortas="f-bind">bind</primary> 402 </indexterm> 403 404 <screen role="root"><userinput>make install-bind</userinput></screen> 405 406 <para>Now start <application>BIND</application> with 407 the new boot script:</para> 408 409 <screen role="root"><userinput>/etc/rc.d/init.d/bind start</userinput></screen> 410 411 </sect3> 412 413 <sect3> 414 <title>Testing BIND</title> 415 416 <para>Test out the new <application>BIND</application> 9 installation. 417 First query the local host address with <command>dig</command>:</para> 418 419 <screen><userinput>dig -x 127.0.0.1</userinput></screen> 420 421 <para>Now try an external name lookup, taking note of the speed 422 difference in repeated lookups due to the caching. Run the 423 <command>dig</command> command twice on the same address:</para> 424 425 <screen><userinput>dig www.linuxfromscratch.org && 426 dig www.linuxfromscratch.org</userinput></screen> 427 428 <para>You can see almost instantaneous results with the named caching 429 lookups. Consult the <application>BIND</application> Administrator 430 Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename> 431 in the package source tree, for further configuration options.</para> 432 433 </sect3> 434 435 </sect2> 436 437 <sect2 role="content"> 438 <title>Contents</title> 439 440 <segmentedlist> 441 <segtitle>Installed Programs</segtitle> 442 <segtitle>Installed Libraries</segtitle> 443 <segtitle>Installed Directories</segtitle> 444 445 <seglistitem> 446 <seg>dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd, 447 named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc, and 448 rndc-confgen</seg> 449 <seg>libbind9.[so,a], libdns.[so,a], libisc.[so,a], libisccc.[so,a], 450 libisccfg.[so,a], and liblwres.[so,a]</seg> 451 <seg>/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst, 452 /usr/include/isc, /usr/include/isccc, /usr/include/isccfg, 453 /usr/include/lwres, and /usr/share/doc/bind-&bind-version;</seg> 454 </seglistitem> 455 </segmentedlist> 456 457 <variablelist> 458 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 459 <?dbfo list-presentation="list"?> 460 <?dbhtml list-presentation="table"?> 461 462 <varlistentry id="dig"> 463 <term><command>dig</command></term> 464 <listitem> 465 <para>interrogates DNS servers.</para> 466 <indexterm zone="bind dig"> 467 <primary sortas="b-dig">dig</primary> 468 </indexterm> 469 </listitem> 470 </varlistentry> 471 472 <varlistentry id="dnssec-keygen"> 473 <term><command>dnssec-keygen</command></term> 474 <listitem> 475 <para>is a key generator for secure DNS.</para> 476 <indexterm zone="bind dnssec-keygen"> 477 <primary sortas="b-dnssec-keygen">dnssec-keygen</primary> 478 </indexterm> 479 </listitem> 480 </varlistentry> 481 482 <varlistentry id="dnssec-signzone"> 483 <term><command>dnssec-signzone</command></term> 484 <listitem> 485 <para>generates signed versions of zone files.</para> 486 <indexterm zone="bind dnssec-signzone"> 487 <primary sortas="b-dnssec-signzone">dnssec-signzone</primary> 488 </indexterm> 489 </listitem> 490 </varlistentry> 491 492 <varlistentry id="host"> 493 <term><command>host</command></term> 494 <listitem> 495 <para>is a utility for DNS lookups.</para> 496 <indexterm zone="bind host"> 497 <primary sortas="b-host">host</primary> 498 </indexterm> 499 </listitem> 500 </varlistentry> 501 502 <varlistentry id="lwresd"> 503 <term><command>lwresd</command></term> 504 <listitem> 505 <para>is a caching-only name server for local process use.</para> 506 <indexterm zone="bind lwresd"> 507 <primary sortas="b-lwresd">lwresd</primary> 508 </indexterm> 509 </listitem> 510 </varlistentry> 511 512 <varlistentry id="named"> 513 <term><command>named</command></term> 514 <listitem> 515 <para>is the name server daemon.</para> 516 <indexterm zone="bind named"> 517 <primary sortas="b-named">named</primary> 518 </indexterm> 519 </listitem> 520 </varlistentry> 521 522 <varlistentry id="named-checkconf"> 523 <term><command>named-checkconf</command></term> 524 <listitem> 525 <para>checks the syntax of <filename>named.conf</filename> 526 files.</para> 527 <indexterm zone="bind named-checkconf"> 528 <primary sortas="b-named-checkconf">named-checkconf</primary> 529 </indexterm> 530 </listitem> 531 </varlistentry> 532 533 <varlistentry id="named-checkzone"> 534 <term><command>named-checkzone</command></term> 535 <listitem> 536 <para>checks zone file validity.</para> 537 <indexterm zone="bind named-checkzone"> 538 <primary sortas="b-named-checkzone">named-checkzone</primary> 539 </indexterm> 540 </listitem> 541 </varlistentry> 542 543 <varlistentry id="nslookup"> 544 <term><command>nslookup</command></term> 545 <listitem> 546 <para>is a program used to query Internet domain nameservers.</para> 547 <indexterm zone="bind nslookup"> 548 <primary sortas="b-nslookup">nslookup</primary> 549 </indexterm> 550 </listitem> 551 </varlistentry> 552 553 <varlistentry id="nsupdate"> 554 <term><command>nsupdate</command></term> 555 <listitem> 556 <para>is used to submit DNS update requests.</para> 557 <indexterm zone="bind nsupdate"> 558 <primary sortas="b-nsupdate">nsupdate</primary> 559 </indexterm> 560 </listitem> 561 </varlistentry> 562 563 <varlistentry id="rndc"> 564 <term><command>rndc</command></term> 565 <listitem> 566 <para>controls the operation of <application>BIND</application>.</para> 567 <indexterm zone="bind rndc"> 568 <primary sortas="b-rndc">rndc</primary> 569 </indexterm> 570 </listitem> 571 </varlistentry> 572 573 <varlistentry id="rndc-confgen"> 574 <term><command>rndc-confgen</command></term> 575 <listitem> 576 <para>generates <filename>rndc.conf</filename> files.</para> 577 <indexterm zone="bind rndc-confgen"> 578 <primary sortas="b-rndc-confgen">rndc-confgen</primary> 579 </indexterm> 580 </listitem> 581 </varlistentry> 582 583 </variablelist> 584 585 </sect2> 536 586 537 587 </sect1> 538
Note:
See TracChangeset
for help on using the changeset viewer.