Changeset b8214dc6
- Timestamp:
- 10/20/2004 06:55:24 AM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 94b1dc3
- Parents:
- e16d90ee
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
basicnet/netutils/bind-utils.xml
re16d90ee rb8214dc6 7 7 <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz"> 8 8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz"> 9 <!ENTITY bind-size "4. 4MB">10 <!ENTITY bind-utils-buildsize " 47 MB">11 <!ENTITY bind-utils-time "0. 54SBU">9 <!ENTITY bind-size "4.6 MB"> 10 <!ENTITY bind-utils-buildsize "67 MB"> 11 <!ENTITY bind-utils-time "0.41 SBU"> 12 12 ]> 13 13 … … 21 21 22 22 <sect2> 23 <title>Introduction to <application><acronym>BIND</acronym> Utilities</application></title> 23 <title>Introduction to <application><acronym>BIND</acronym> 24 Utilities</application></title> 24 25 25 26 <para><application><acronym>BIND</acronym> Utilities</application> is not a … … 50 51 51 52 <sect2> 52 <title>Installation of <application><acronym>BIND</acronym> Utilities</application></title> 53 <title>Installation of <application><acronym>BIND</acronym> 54 Utilities</application></title> 53 55 54 <para>Install <application><acronym>BIND</acronym> Utilities</application> by 56 <para>Install 57 <application><acronym>BIND</acronym> Utilities</application> by 55 58 running the following commands:</para> 56 59 … … 58 61 make -C lib/dns && 59 62 make -C lib/isc && 63 make -C lib/bind9 && 64 make -C lib/isccfg && 65 make -C lib/lwres && 60 66 make -C bin/dig && 61 67 make -C bin/dig install</userinput></screen> … … 66 72 <title>Command explanations</title> 67 73 68 <para><command>make -C lib/...</command>: This command builds the libraries that are needed for the client programs.</para> 74 <para><command>make -C lib/...</command>: These commands build the 75 libraries that are needed for the client programs.</para> 69 76 70 <para><command>make -C bin/dig</command>: This command builds the client programs.</para> 77 <para><command>make -C bin/dig</command>: This command builds the 78 client programs.</para> 71 79 72 80 </sect2> -
general.ent
re16d90ee rb8214dc6 183 183 <!ENTITY nmap-version "3.70"> 184 184 <!ENTITY whois-version "4.6.21"> 185 <!ENTITY bind-version "9. 2.3">185 <!ENTITY bind-version "9.3.0"> 186 186 <!ENTITY ethereal-version "0.10.6"> 187 187 -
introduction/welcome/changelog.xml
re16d90ee rb8214dc6 22 22 23 23 <itemizedlist> 24 25 <listitem><para>October 20th, 2004 [dj]: Updated to bind-9.3.0 and 26 moved subversion to use FSFS backend.</para></listitem> 24 27 25 28 <listitem><para>October 20th, 2004 [randy]: Updated to -
server/other/bind.xml
re16d90ee rb8214dc6 7 7 <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz"> 8 8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz"> 9 <!ENTITY bind-size "4. 4MB">10 <!ENTITY bind-buildsize " 88 MB">11 <!ENTITY bind-time "0. 89SBU">9 <!ENTITY bind-size "4.6 MB"> 10 <!ENTITY bind-buildsize "138 MB"> 11 <!ENTITY bind-time "0.67 SBU"> 12 12 13 13 ]> … … 72 72 <sect3><title>Configuration Information</title> 73 73 74 <para>We will configure 75 <application><acronym>BIND</acronym></application> to run in a chroot 76 jail as an unprivileged user (named). This configuration is more secure 77 in that a <acronym>DNS</acronym> compromise can only affect a few files 78 in the named user's <envar>HOME</envar> directory.</para> 79 80 <para>First we create the unprivileged user and group named:</para> 74 <para><application><acronym>BIND</acronym></application> will configured 75 to run in a chroot jail as an unprivileged user (named). This configuration 76 is more secure in that a <acronym>DNS</acronym> compromise can only affect 77 a few files in the named user's <envar>HOME</envar> directory.</para> 78 79 <para>Create the unprivileged user and group named:</para> 81 80 82 81 <screen><userinput><command>groupadd named && 83 82 useradd -m -g named -s /bin/false named</command></userinput></screen> 84 83 85 <para> Then we set up some files, directories and devices needed by84 <para>Set up some files, directories and devices needed by 86 85 <application><acronym>BIND</acronym></application>:</para> 87 86 … … 94 93 cp /etc/localtime /home/named/etc</command></userinput></screen> 95 94 95 <para>Then, generate a key for use in the <filename>named.conf</filename> 96 and <filename>rdnc.conf</filename> files using the 97 <command>rndc-confgen</command> command:</para> 98 99 <screen><userinput><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen> 100 96 101 <para>Create the <filename>named.conf</filename> file from which named 97 102 will read the location of zone files, root name servers and secure … … 110 115 key "rndc_key" { 111 116 algorithm hmac-md5; 112 secret "<replaceable>[ c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";117 secret "<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>"; 113 118 }; 114 119 zone "." { … … 121 126 }; 122 127 <command>EOF</command></userinput></screen> 128 129 <para>Create the <filename>rndc.conf</filename> with the following commands:</para> 130 131 <screen><userinput><command>cat > /etc/rndc.conf << "EOF"</command> 132 key rndc_key { 133 algorithm "hmac-md5"; 134 secret 135 "<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>"; 136 }; 137 options { 138 default-server localhost; 139 default-key rndc_key; 140 }; 141 <command>EOF</command></userinput></screen> 142 143 <para>The <filename>rndc.conf</filename> file contains information for 144 controlling named operations with the <command>rndc</command> 145 utility.</para> 123 146 124 147 <para>Create a zone file with the following contents:</para> … … 177 200 details.</para> 178 201 179 <para>Create the <filename>rndc.conf</filename> with the following commands:</para>180 181 <screen><userinput><command>cat > /etc/rndc.conf << "EOF"</command>182 key rndc_key {183 algorithm "hmac-md5";184 secret185 "<replaceable>[c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";186 };187 options {188 default-server localhost;189 default-key rndc_key;190 };191 <command>EOF</command></userinput></screen>192 193 <para>The <filename>rndc.conf</filename> file contains information for194 controlling named operations with the <command>rndc</command>195 utility.</para>196 197 202 <para>Create or modify <filename>resolv.conf</filename> to use the new 198 203 name server with the following commands:</para> -
server/other/svnserver.xml
re16d90ee rb8214dc6 83 83 <sect3><title>2. Create a <application>Subversion</application> 84 84 repository.</title> 85 86 <para>With subversion-1.1.0 and greater, a new type of repository 87 data-store is availible, <acronym>FSFS</acronym>. There is a tradeoff 88 for speed with the new backend, however, the repository can now be 89 placed on a network mount, and any corruption does not require an 90 admin to recover the repository. For more information and comparison 91 between <acronym>FSFS</acronym> and <acronym>BDB</acronym>, plese see 92 <ulink url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>. 93 Optionally you can pass <parameter>bdb</parameter> in place of 94 <parameter>fsfs</parameter> in the following command to create a 95 BerkelyDB data-store.</para> 96 85 97 <para>Create a new <application>Subversion</application> repository with 86 98 the following commands:</para> … … 88 100 <screen><userinput><command>install -d -m0755 /srv && 89 101 install -d -m0755 -o svn -g svn /srv/svn/repositories && 90 svnadmin create /srv/svn/repositories/svntest</command></userinput></screen>102 svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</command></userinput></screen> 91 103 92 104 <para>Now that the repository is created, we need to populate it with … … 209 221 <command>EOF</command></userinput></screen> 210 222 211 <para>Finally, if you wish to simply start the sever in daemon modeat223 <para>Finally, if you wish to simply start the sever at 212 224 startup, install the svn bootscript included in the 213 225 <xref linkend="intro-important-bootscripts"/> package.</para>
Note:
See TracChangeset
for help on using the changeset viewer.