cvs commit: BLFS/BOOK/server/other/bind bind-config-exp.xml bind-config.xml bind-desc.xml bind-inst.xml bind-intro.xml bind.ent

larry at linuxfromscratch.org larry at linuxfromscratch.org
Thu Aug 22 18:03:18 PDT 2002


larry       02/08/22 18:03:18

  Modified:    BOOK     index.xml
               BOOK/introduction/welcome changelog.xml credits.xml
               BOOK/server/other bind.xml
               BOOK/server/other/bind bind.ent
  Added:       BOOK/server/other/bind bind-config-exp.xml bind-config.xml
                        bind-desc.xml bind-inst.xml bind-intro.xml
  Log:
  add bind-9.2.2rc1
  
  Revision  Changes    Path
  1.31      +2 -2      BLFS/BOOK/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/index.xml,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- index.xml	20 Aug 2002 23:02:11 -0000	1.30
  +++ index.xml	23 Aug 2002 01:03:18 -0000	1.31
  @@ -2,8 +2,8 @@
   <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" 
   			"/usr/share/docbook/docbookx.dtd" [
   
  -<!ENTITY version "20020820">
  -<!ENTITY releasedate "August 20th, 2002">
  +<!ENTITY version "20020821">
  +<!ENTITY releasedate "August 21st, 2002">
   
   <!ENTITY % book SYSTEM "book/book.ent">
   <!ENTITY % preface SYSTEM "preface/preface.ent">
  
  
  
  1.76      +3 -0      BLFS/BOOK/introduction/welcome/changelog.xml
  
  Index: changelog.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/introduction/welcome/changelog.xml,v
  retrieving revision 1.75
  retrieving revision 1.76
  diff -u -r1.75 -r1.76
  --- changelog.xml	20 Aug 2002 23:02:12 -0000	1.75
  +++ changelog.xml	23 Aug 2002 01:03:18 -0000	1.76
  @@ -10,6 +10,9 @@
   
   <itemizedlist>
   
  +<listitem><para>August 21st, 2002 [larry]: Server: Added
  +bind-9.</para></listitem>
  +
   <listitem><para>August 20th, 2002 [larry]: X: Added FNLIB-0.5 and
   enlightenment-0.16.5.</para></listitem>
   
  
  
  
  1.31      +1 -1      BLFS/BOOK/introduction/welcome/credits.xml
  
  Index: credits.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/introduction/welcome/credits.xml,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- credits.xml	20 Aug 2002 23:02:12 -0000	1.30
  +++ credits.xml	23 Aug 2002 01:03:18 -0000	1.31
  @@ -89,7 +89,7 @@
   <listitem><para>db and lcms: <emphasis>Jeremy Jones and Mark
   Hymers</emphasis></para></listitem>
   
  -<listitem><para>emacs, libfam, pine, qmail, Samba and slrn: <emphasis>Billy O'Connor</emphasis></para></listitem>
  +<listitem><para>bind, emacs, libfam, pine, qmail, Samba and slrn: <emphasis>Billy O'Connor</emphasis></para></listitem>
   
   <listitem><para>fetchmail and wvdial: <emphasis>Paul
   Campbell</emphasis></para></listitem>
  
  
  
  1.2       +7 -3      BLFS/BOOK/server/other/bind.xml
  
  Index: bind.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/server/other/bind.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- bind.xml	7 Jul 2002 20:28:52 -0000	1.1
  +++ bind.xml	23 Aug 2002 01:03:18 -0000	1.2
  @@ -1,8 +1,12 @@
  -<sect1 id="bind" xreflabel="bind">
  +<sect1 id="bind" xreflabel="bind-&bind-version;">
   <?dbhtml filename="bind.html" dir="server"?>
  -<title>bind</title>
  +<title>BIND &bind-version;</title>
   
  -<para>TO BE DONE</para>
  +&bind-intro;
  +&bind-inst;
  +&bind-config;
  +&bind-config-exp;
  +&bind-desc;
   
   </sect1>
   
  
  
  
  1.2       +11 -0     BLFS/BOOK/server/other/bind/bind.ent
  
  Index: bind.ent
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/server/other/bind/bind.ent,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- bind.ent	7 Jul 2002 20:28:52 -0000	1.1
  +++ bind.ent	23 Aug 2002 01:03:18 -0000	1.2
  @@ -1 +1,12 @@
   <!ENTITY bind SYSTEM "../bind.xml">
  +<!ENTITY bind-intro SYSTEM "bind-intro.xml">
  +<!ENTITY bind-inst SYSTEM "bind-inst.xml">
  +<!ENTITY bind-exp SYSTEM "bind-exp.xml">
  +<!ENTITY bind-config-exp SYSTEM "bind-config-exp.xml">
  +<!ENTITY bind-desc SYSTEM "bind-desc.xml">
  +<!ENTITY bind-config SYSTEM "bind-config.xml">
  +<!ENTITY bind-buildsize "37 MB">
  +<!ENTITY bind-version "9.2.2rc1">
  +<!ENTITY bind-download-http "">
  +<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/9.2.2rc1/bind-9.2.2rc1.tar.gz">
  +<!ENTITY bind-size "5.3 MB">
  
  
  
  1.1                  BLFS/BOOK/server/other/bind/bind-config-exp.xml
  
  Index: bind-config-exp.xml
  ===================================================================
  <sect2>
  <title>Configuration command explanations</title>
  <para><userinput>
  groupadd -g 200 named &&
  useradd -m -g named -u 200 -s /bin/false named &&
  cd /home/named &&
  mkdir -p dev etc/namedb/slave var/run &&
  mknod /home/named/dev/null c 1 3 &&
  mknod /home/named/dev/random c 1 8 &&
  chmod 666 /home/named/dev/{null,random} &&
  mkdir /home/named/etc/namedb/pz &&
  cp /etc/localtime /home/named/etc : </userinput>
  
  Create the unprivileged user and group named, along with device files
  that named will need access to inside the chroot jail.</para>
  
  <para><userinput>
  cat > /home/named/etc/named.conf << "EOF" : </userinput>
  Create the BIND configuration file, from which named will read the
  location of zone files, root nameservers and secure DNS keys.</para>
  <para><userinput>
  cat > /home/named/etc/namedb/pz/127.0.0 << "EOF" : </userinput>
  Create a single zone file.</para>
  <para><userinput>
  cat > /home/named/etc/namedb/root.hints << "EOF" : </userinput>
  The root.hints file is a list of root nameservers.  This file must be
  updated periodically with the dig utility.  Consult the BIND 9
  Administrator Reference Manual for details.</para>
  <para><userinput>
  cat > /etc/rndc.conf << "EOF" : </userinput>
  The rncd.conf file contains information for controlling named
  operations with the rndc utility.</para>
  
  <para><userinput>
  cat > /etc/resolv.conf << "EOF" : </userinput>
  The resolv.conf file will specify the local host(127.0.0.1) as the
  nameserver.</para>
  
  <para><userinput>
  cat > /etc/rc.d/init.d/bind << "EOF" : </userinput>
  Create the boot script for BIND 9, used to start and stop the name
  server daemon, named.</para>
  
  
  
  </sect2>
  
  
  
  
  1.1                  BLFS/BOOK/server/other/bind/bind-config.xml
  
  Index: bind-config.xml
  ===================================================================
  <sect2>
  <title>Configuring BIND</title>
  <para>We will configure BIND to run in a chroot jail as an unprivileged
  user(named).  This configuration is more secure in that a DNS
  compromise can only affect a few files in the named user's $HOME
  directory </para> 
  
  <para>First we set up some files and directories needed by
  BIND:</para>
  <para><screen><userinput>
  groupadd -g 200 named &&
  useradd -m -g named -u 200 -s /bin/false named &&
  cd /home/named &&
  mkdir -p dev etc/namedb/slave var/run &&
  mknod /home/named/dev/null c 1 3 &&
  mknod /home/named/dev/random c 1 8 &&
  chmod 666 /home/named/dev/{null,random} &&
  mkdir /home/named/etc/namedb/pz &&
  cp /etc/localtime /home/named/etc
  </userinput></screen></para>
  
  <sect3><title>Config files</title>
  <para><userinput>named.conf, root.hints, 127.0.0, rndc.conf
  </userinput></para>
  
  <para>Create the named.conf file with the following commands:</para>
  <para><screen><userinput>
  cat > /home/named/etc/named.conf << "EOF"
   options {
       directory "/etc/namedb";
      pid-file "/var/run/named.pid";
      statistics-file "/var/run/named.stats";
         
   };
   controls {
       inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
   };
   key "rndc_key" {
       algorithm hmac-md5;
       secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
   };
   zone "." {
       type hint;
       file "root.hints";
   };
   zone "0.0.127.in-addr.arpa" {
       type master;
       file "pz/127.0.0";
   };
  EOF
  </userinput></screen></para>
  <para>Create a zone file with the following contents: </para>
  <para><screen><userinput>
  cat > /home/named/etc/namedb/pz/127.0.0 <&lt "EOF"
  $TTL 3D
  @      IN      SOA     ns.local.domain. hostmaster.local.domain. (
                          1       ; Serial
                          8H      ; Refresh
                          2H      ; Retry
                          4W      ; Expire
                          1D)     ; Minimum TTL
                  NS      ns.local.domain.
  1               PTR     localhost.
  EOF
  </userinput></screen></para>
  
  <para>Create the root.hints file with the following commands: </para>
  <note><para>Caution must be used to insure no leading spaces in this
  file.</para></note>
  <para><screen><userinput>
  cat > /home/named/etc/namedb/root.hints << "EOF"
  .                       6D  IN      NS      A.ROOT-SERVERS.NET.
  .                       6D  IN      NS      B.ROOT-SERVERS.NET.
  .                       6D  IN      NS      C.ROOT-SERVERS.NET.
  .                       6D  IN      NS      D.ROOT-SERVERS.NET.
  .                       6D  IN      NS      E.ROOT-SERVERS.NET.
  .                       6D  IN      NS      F.ROOT-SERVERS.NET.
  .                       6D  IN      NS      G.ROOT-SERVERS.NET.
  .                       6D  IN      NS      H.ROOT-SERVERS.NET.
  .                       6D  IN      NS      I.ROOT-SERVERS.NET.
  .                       6D  IN      NS      J.ROOT-SERVERS.NET.
  .                       6D  IN      NS      K.ROOT-SERVERS.NET.
  .                       6D  IN      NS      L.ROOT-SERVERS.NET.
  .                       6D  IN      NS      M.ROOT-SERVERS.NET.
  A.ROOT-SERVERS.NET.     6D  IN      A       198.41.0.4
  B.ROOT-SERVERS.NET.     6D  IN      A       128.9.0.107
  C.ROOT-SERVERS.NET.     6D  IN      A       192.33.4.12
  D.ROOT-SERVERS.NET.     6D  IN      A       128.8.10.90
  E.ROOT-SERVERS.NET.     6D  IN      A       192.203.230.10
  F.ROOT-SERVERS.NET.     6D  IN      A       192.5.5.241
  G.ROOT-SERVERS.NET.     6D  IN      A       192.112.36.4
  H.ROOT-SERVERS.NET.     6D  IN      A       128.63.2.53
  I.ROOT-SERVERS.NET.     6D  IN      A       192.36.148.17
  J.ROOT-SERVERS.NET.     6D  IN      A       198.41.0.10
  K.ROOT-SERVERS.NET.     6D  IN      A       193.0.14.129
  L.ROOT-SERVERS.NET.     6D  IN      A       198.32.64.12
  M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
  EOF
  </userinput></screen></para>
  
  <para>Create the rndc.conf with the following commands:</para>
  <para><screen><userinput>
  cat > /etc/rndc.conf << "EOF"
  key rndc_key {
  algorithm "hmac-md5";
      secret
      "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
      };
  options {
      default-server localhost;
      default-key    rndc_key;
  };
  EOF
  </userinput></screen></para>
  
  <para>Create or modify resolv.conf to use the new nameserver with the
  following commands: </para>
  <note><para>Replace yourdomain.com with your own valid domain
  name.</para></note>
  
  <para><screen><userinput>
  cp /etc/resolv.conf /etc/resolv.conf.bak
  cat > /etc/resolv.conf << "EOF"
  search yourdomain.com
  nameserver 127.0.0.1
  EOF
  </userinput></screen></para>
  
  <para>Set permissions on the chroot jail with the following
  command:</para>
  <para><screen><userinput>
  chown -R named.named /home/named
  </userinput></screen></para>
  
  <para>Create the BIND boot script:</para>
  <para><screen><userinput>
  cat > /etc/rc.d/init.d/bind << "EOF"
  #!/bin/bash
  # Begin $rc_base/init.d/bind
  # Based on sysklogd script from LFS-3.1 and earlier.
  # Rewritten by Gerard Beekmans  - gerard at linuxfromscratch.org
  source /etc/sysconfig/rc
  source $rc_functions
  case "$1" in
  	start)
  		echo "Starting named..."
  		loadproc /usr/sbin/named -u named -t /home/named -c \
  		        /etc/named.conf
  		;;
  	stop)
  		echo "Stopping named..."
  		killproc /usr/sbin/named
  		;;
  	restart)
  		$0 stop
  		sleep 1
  		$0 start
  		;;
     reload)
                  echo "Reloading named..."
                  /usr/sbin/rndc -c /etc/rndc.conf reload
                  ;;
  			       		
  	status)
  		statusproc /usr/sbin/named
  		;;
  	*)
  		echo "Usage: $0 {start|stop|restart|status}"
  		exit 1
  		;;
  esac
  # End $rc_base/init.d/bind
  EOF
  </userinput></screen></para>
  
  <para>Add the run level symlinks:</para>
  <para><screen><userinput>
  chmod 754 /etc/rc.d/init.d/bind &&
  ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc0.d/K90bind &&
  ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc1.d/K90bind &&
  ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc2.d/K90bind &&
  ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc3.d/S600bind &&
  ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc4.d/S600bind &&
  ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc5.d/S600bind &&
  ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc6.d/K90bind
  </userinput></screen></para>
  
  <para>Now start BIND with the new boot script: </para>
  <para><screen><userinput>
  /etc/rc.d/init.d/bind start
  </userinput></screen></para></sect3>
  
  <sect3><title>Testing BIND</title>
  <para>Test out the new BIND 9 installation.  First query the local
  host address with dig:</para>
  <para><screen><userinput>
  dig -x 127.0.0.1
  </userinput></screen></para>
  <para>Now try an external name lookup, taking note of the speed
  difference in repeated lookups due to the caching.  Run the dig
  command twice on the same address:</para>
  <para><screen><userinput>
  dig beyond.linuxfromscratch.org &&
  dig beyond.linuxfromscratch.org
  </userinput></screen>
  You can see almost instantaneous results with the named caching
  lookups.  Consult bind-&bind-version;/doc/arm/Bv9ARM.html, the BIND
  Administrator Reference Manual for further configuration options.
  </para></sect3>
  </sect2>
  
  
  
  
  1.1                  BLFS/BOOK/server/other/bind/bind-desc.xml
  
  Index: bind-desc.xml
  ===================================================================
  <sect2>
  <title>Contents</title>
  
  <para>The BIND package contains
  <userinput>dig</userinput>,
  <userinput>host</userinput>,
  <userinput>rndc</userinput>,
  <userinput>rndc-confgen</userinput>,
  <userinput>named-checkconf</userinput>,
  <userinput>named-checkzone</userinput>,
  <userinput>lwresd</userinput>,
  <userinput>named</userinput>,
  <userinput>dnssec-signzone</userinput>,
  <userinput>dnssec-signkey</userinput>,
  <userinput>dnssec-keygen</userinput>,
  <userinput>dnssec-makekeyset</userinput> and
  <userinput>nsupdate</userinput>.</para>
  </sect2>
  
  <sect2><title>Description</title>
  
  <sect3><title>dig</title>
  <para>dig interrogates DNS servers.</para></sect3>
  <sect3><title>host</title>
  <para>host is a utility for DNS lookups.</para></sect3>
  <sect3><title>rndc</title>
  <para>rndc controls the operation of BIND.</para></sect3>
  <sect3><title>rndc-confgen</title>
  <para>rndc-confgen generates rndc.conf files.</para></sect3>
  <sect3><title>named-checkconf</title>
  <para>named-checkconf checks the syntax of named.conf
  files.</para></sect3>
  <sect3><title>named-checkzone</title>
  <para>named-checkzone checks zone file validity.</para></sect3>
  <sect3><title>lwresd</title>
  <para>lwresd is a caching-only name server for local process
  use.</para></sect3>
  <sect3><title>named</title>
  <para>named is the name server daemon.</para></sect3>
  <sect3><title>dnssec-signzone</title>
  <para>dnssec-signzone generates signed versions of zone
  files.</para></sect3>
  <sect3><title>dnssec-signkey</title>
  <para>dnssec-signkey signs zone file key sets.</para></sect3>
  <sect3><title>dnssec-keygen</title>
  <para>dnssec-keygen is a key generator for secure DNS.</para></sect3>
  <sect3><title>dnssec-makekeyset</title>
  <para>dnssec-makekeyset generates a key set from one or more keys
  created by dnssec-keygen.</para></sect3>
  <sect3><title>nsupdate</title>
  <para>nsupdate is used to submit DNS update requests.</para></sect3>
  </sect2>
  
  
  
  
  1.1                  BLFS/BOOK/server/other/bind/bind-inst.xml
  
  Index: bind-inst.xml
  ===================================================================
  <sect2>
  <title>Installation of BIND</title>
  
  <para>Install BIND by running the following commands:</para>
  
  <para><screen><userinput>
  ./configure --prefix=/usr &&
  make &&
  make install
  </userinput></screen></para>
  </sect2>
  
  
  
  
  1.1                  BLFS/BOOK/server/other/bind/bind-intro.xml
  
  Index: bind-intro.xml
  ===================================================================
  <sect2>
  <title>Introduction to BIND &bind-version;</title>
  
  <screen>Download location (HTTP):       <ulink url="&bind-download-http;"/>
  Download location (FTP):        <ulink url="&bind-download-ftp;"/>
  Version used:                   &bind-version;
  Package size:                   &bind-size;
  Estimated Disk space required:  &bind-buildsize;</screen>
  
  <para>The Bind package provides a DNS server and client
  utilities.</para></sect2>
  
  
  
  
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-book' in the subject header of the message



More information about the blfs-book mailing list