Changes between Version 1 and Version 2 of bind

10/15/2019 07:09:21 AM (4 years ago)



  • bind

    v1 v2  
    33[wiki:MajorServers Up][[br]]
    44[wiki:BlfsNotes Top]
     6For those whose system is not connected to the Internet yet,[[BR]]
     7To ensure BIND will build dnssec-keymgr, install a python module as the root user: [[BR]]
     9This command will timeout:
     12pip3 install ply
     15Download file from another server:
     20Then run the command with the file once transferred into your build:
     23pip3 install ply-3.11.tar.gz
     26'''Processing ./ply-3.11.tar.gz
     27Installing collected packages: ply
     28  Running install for ply ... done
     29Successfully installed ply-3.11n'''
     32 - Alternate source
     35PLY is currently in maintenance mode only. [[BR]]
     36Critical bugs (if any) will be addressed, but no new features are being added.[[BR]]
     37If you are looking for a parser generator with a more modern flavor, look at the SLY Project.[[BR]]
     3802/15/2018 PLY-3.11 is last release.
     42More information on DLZ
     43To use DLZ (Dynamically Loadable Zones) in Bind[[BR]]
     48Error in creating rndc.conf file:
     51rndc-confgen -r /dev/urandom -b 512 > /etc/rndc.conf &&
     52sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf
     54     '''The -r option has been deprecated.'''
     56See Ticket #12649 new defect
     57BIND-9.14.5 rndc-confgen: The -r option has been deprecated.
     59Use this instead:
     62rndc-confgen -a -b 512 -t /srv/named
     65     '''wrote key file "/etc/rndc.key"[[BR]]
     66     wrote key file "/srv/named/etc/rndc.key"'''
     68If you ran the command with -r previously, clean up unnecessary files it created.
     71rm /etc/rndc.conf /srv/named/etc/rndc.conf
     74Notes from man page:
     75-a option:
     76Do automatic rndc configuration. This creates a file rndc.key in /etc (or whatever sysconfdir was specified as when BIND was built) that is read by both rndc and named on startup. The rndc.key file defines a default command channel and authentication key allowing rndc to communicate with named on the local host with no further configuration.
     77Running rndc-confgen -a allows BIND 9 and rndc to be used as drop-in replacements for BIND 8 and ndc, with no changes to the existing BIND 8 named.conf file.
     78If a more elaborate configuration than that generated by rndc-confgen -a is required, for example if rndc is to be used remotely, you should run rndc-confgen without the -a option and set up a rndc.conf and named.conf as directed.
     80-t option:
     81Used with the -a option to specify a directory where named will run chrooted. An additional copy of the rndc.key will be written relative to this directory so that it will be found by the chrooted named.
     84If you want the latest root.hints file, run this:
     89cp /srv/named/etc/namedb/root.hints /srv/named/etc/namedb/root.hints.old
     90md5sum named.root |grep -f named.root.md5 && mv named.root /srv/named/etc/namedb/root.hints
     92If md5sum fails then the file is not updated.
     94Only difference as of Oct. 14th, 2019 was the Root Level B
     95B.ROOT-SERVERS.NET.      3600000      A
     97And notice the addr-class "IN" is missing from the records?
     98Not sure why that is missing there since the instructions in the book say:
     99"A current copy of root.hints can be obtained from"
     101You can use this command to dig the file instead:
     104dig  .  ns > db.cache
     105cat db.cache |grep '^\.\|^[a-z]' >/srv/named/etc/namedb/root.hints
     108That will give you a file very close to the BLFS example.
     109Sanitized so no leading spaces are introduced.
     110But seems a bit confusing the names change from [[BR]]
     111named.root to db.cache to root.hints.[[BR]]
     113Maybe someone can explain why this is all over the place?