Changeset 634cf991 for server/major

Timestamp:

02/18/2012 06:41:27 PM (12 years ago)

Author:

Andrew Benton <andy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

c81750a

Parents:

bd5c017

Message:

bind tweaks

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9463 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• server/major/bind.xml (modified) (10 diffs)

server/major/bind.xml

@@ -4 +4 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
-  <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
-  <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+  <!ENTITY bind-download-http
+  "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+  <!ENTITY bind-download-ftp
+  "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
   <!ENTITY bind-md5sum "afa41f8203d50bedad65071f9b6f96d7">
   <!ENTITY bind-size "8.1 MB">
   <!ENTITY bind-buildsize "260 MB">
-  <!ENTITY bind-time "1.7 SBU (additional 13 minutes, processor independent, to run the complete test suite)">
+  <!ENTITY bind-time "1.7 SBU (additional 13 minutes, processor independent, to
+  run the complete test suite)">
 ]>
 
@@ -61 +64 @@
       <listitem>
         <para>Optional patch (if net-tools is not installed):
-        <ulink url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
+        <ulink
+        url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
       </listitem>
     </itemizedlist>
@@ -75 +79 @@
     patch to utilize iproute2, but the IPv6 tests will fail)</para>
 
-    <bridgehead renderas="sect4">Optional (to rebuild documentation)</bridgehead>
+    <bridgehead renderas="sect4">Optional (to rebuild the
+    documentation)</bridgehead>
     <para role="optional"><!--<xref linkend="tetex"/> or-->
     <xref linkend="texlive"/>, and
@@ -141 +146 @@
     misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
     /usr/share/doc/bind-&bind-version;/misc</userinput></screen>
-
   </sect2>
 
@@ -167 +171 @@
     additional package documentation. Omit any or all of these commands if
     desired.</para>
-
   </sect2>
 
@@ -195 +198 @@
 
       <indexterm zone="bind bind-config">
-        <primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
+        <primary
+        sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
       </indexterm>
 
       <indexterm zone="bind bind-config">
-        <primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
+        <primary
+        sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
       </indexterm>
-
     </sect3>
 
@@ -225 +229 @@
 
 <screen role="root"><userinput>cd /srv/named &amp;&amp;
-mkdir -p dev etc/namedb/slave var/run &amp;&amp;
+mkdir -p dev etc/namedb/{slave,pz} usr/lib/engines var/run/named &amp;&amp;
 mknod /srv/named/dev/null c 1 3 &amp;&amp;
 mknod /srv/named/dev/random c 1 8 &amp;&amp;
 chmod 666 /srv/named/dev/{null,random} &amp;&amp;
-mkdir /srv/named/etc/namedb/pz &amp;&amp;
-cp /etc/localtime /srv/named/etc</userinput></screen>
-
-      <para>Then, generate a key for use in the <filename>named.conf</filename>
-      and <filename>rdnc.conf</filename> files using the
+cp /etc/localtime etc &amp;&amp;
+touch /srv/named/managed-keys.bind &amp;&amp;
+cp /usr/lib/engines/libgost.so usr/lib/engines &amp;&amp;
+[ $(arch) = x86_64 ] &amp;&amp; ln -sv lib usr/lib64</userinput></screen>
+
+      <para>The <filename>rndc.conf</filename> file contains information for
+      controlling <command>named</command> operations with the
+      <command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
       <command>rndc-confgen</command> command:</para>
 
-<screen role="root"><userinput>rndc-confgen -r /dev/urandom -b 512 | \
-    grep -m 1 "secret" | cut -d '"' -f 2</userinput></screen>
-
-      <para>Create the <filename>named.conf</filename> file from which
+<screen role="root"><userinput>rndc-confgen -r /dev/urandom -b 512 > /etc/rndc.conf &amp;&amp;
+sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf</userinput></screen>
+
+      <para>Complete the <filename>named.conf</filename> file from which
       <command>named</command> will read the location of zone files, root
       name servers and secure DNS keys:</para>
 
-<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
-<literal> options {
-     directory "/etc/namedb";
+<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt;&gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
+<literal>options {
+    directory "/etc/namedb";
     pid-file "/var/run/named.pid";
     statistics-file "/var/run/named.stats";
 
- };
- controls {
-     inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
- };
- key "rndc_key" {
-     algorithm hmac-md5;
-     secret "<replaceable>&lt;Insert secret from rndc-confgen's output here&gt;</replaceable>";
- };
- zone "." {
-     type hint;
-     file "root.hints";
- };
- zone "0.0.127.in-addr.arpa" {
-     type master;
-     file "pz/127.0.0";
- };
+};
+zone "." {
+    type hint;
+    file "root.hints";
+};
+zone "0.0.127.in-addr.arpa" {
+    type master;
+    file "pz/127.0.0";
+};
 
 // Bind 9 now logs by default through syslog (except debug).
@@ -270 +270 @@
 
 logging {
-     category default { default_syslog; default_debug; };
-     category unmatched { null; };
+    category default { default_syslog; default_debug; };
+    category unmatched { null; };
 
   channel default_syslog {
@@ -298 +298 @@
 
   channel null {
-     null;                                // toss anything sent to
+      null;                               // toss anything sent to
                                           // this channel
   };
 };</literal>
-
 EOF</userinput></screen>
-
-      <para>Create the <filename>rndc.conf</filename> file with the following
-      commands:</para>
-
-<screen role="root"><userinput>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"
-<literal>key rndc_key {
-algorithm "hmac-md5";
-    secret
-    "<replaceable>&lt;Insert secret from rndc-confgen's output here&gt;</replaceable>";
-    };
-options {
-    default-server localhost;
-    default-key    rndc_key;
-};</literal>
-EOF</userinput></screen>
-
-      <para>The <filename>rndc.conf</filename> file contains information for
-      controlling <command>named</command> operations with the
-      <command>rndc</command> utility.</para>
 
       <para>Create a zone file with the following contents:</para>
@@ -399 +379 @@
       following command:</para>
 
-<screen role="root"><userinput>chown -R named.named /srv/named</userinput></screen>
+<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
 
     </sect3>