r3095 - in trunk/BOOK: introduction/welcome server/other

randy at linuxfromscratch.org randy at linuxfromscratch.org
Thu Dec 9 19:33:22 PST 2004


Author: randy
Date: 2004-12-09 20:33:21 -0700 (Thu, 09 Dec 2004)
New Revision: 3095

Modified:
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/server/other/bind.xml
Log:
Updated BIND server instructions

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2004-12-10 01:57:50 UTC (rev 3094)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2004-12-10 03:33:21 UTC (rev 3095)
@@ -24,8 +24,10 @@
 
 <listitem><para>December 9th, 2004 [randy]: Added a chown command to the 
 GStreamer instructions to fix incorrect permissions on installed 
-documentation; added Net::DNS Perl Module (and dependency 
-modules).</para></listitem>
+documentation; added Net::DNS Perl Module (and dependency modules); modified 
+BIND server instructions to build shared libraries and multi-threaded 
+binaries, install additional documentation, removed BDB dependency and 
+instructions to run the full test suite.</para></listitem>
 
 <listitem><para>December 8th, 2004 [igor]: Changed ProFTPD login shell
 to /usr/lib/proftpd/proftpdshell as suggested by Nathan

Modified: trunk/BOOK/server/other/bind.xml
===================================================================
--- trunk/BOOK/server/other/bind.xml	2004-12-10 01:57:50 UTC (rev 3094)
+++ trunk/BOOK/server/other/bind.xml	2004-12-10 03:33:21 UTC (rev 3095)
@@ -7,9 +7,8 @@
 <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
 <!ENTITY bind-size "4.6 MB">
-<!ENTITY bind-buildsize "138 MB">
-<!ENTITY bind-time "0.67 SBU">
-
+<!ENTITY bind-buildsize "87 MB">
+<!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)">
 ]>
 
 <sect1 id="bind" xreflabel="BIND-&bind-version;">
@@ -21,67 +20,138 @@
 <title><acronym>BIND</acronym>-&bind-version;</title>
 
 <sect2>
-<title>Introduction to <application><acronym>BIND</acronym></application></title>
+<title>Introduction to 
+<application><acronym>BIND</acronym></application></title>
 
 <para>The <application><acronym>BIND</acronym></application> package
 provides a <acronym>DNS</acronym> server and client utilities. If you
-are only interested in the utilities, refer to the <xref linkend="bind-utils"/>.</para>
+are only interested in the utilities, refer to the 
+<xref linkend="bind-utils"/>.</para>
 
 <sect3><title>Package information</title>
 <itemizedlist spacing='compact'>
-<listitem><para>Download (HTTP): <ulink url="&bind-download-http;"/></para></listitem>
-<listitem><para>Download (FTP): <ulink url="&bind-download-ftp;"/></para></listitem>
-<listitem><para>Download size: &bind-size;</para></listitem>
-<listitem><para>Estimated Disk space required: &bind-buildsize;</para></listitem>
-<listitem><para>Estimated build time: &bind-time;</para></listitem></itemizedlist>
+<listitem><para>Download (HTTP): 
+<ulink url="&bind-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): 
+<ulink url="&bind-download-ftp;"/></para></listitem>
+<listitem><para>Download size: 
+&bind-size;</para></listitem>
+<listitem><para>Estimated disk space required: 
+&bind-buildsize;</para></listitem>
+<listitem><para>Estimated build time: 
+&bind-time;</para></listitem></itemizedlist>
 </sect3>
 
-<sect3><title><application><acronym>BIND</acronym></application> dependencies</title>
+<sect3><title><application><acronym>BIND</acronym></application> 
+dependencies</title>
 <sect4><title>Optional</title>
-<para>
-<xref linkend="openssl"/>,
-<xref linkend="db"/>,
-<xref linkend="openjade"/> and
-<xref linkend="jadetex"/>
-</para></sect4>
+<para><xref linkend="openssl"/></para>
+</sect4>
+
+<sect4><title>Optional (to run the full test suite)</title>
+<para><xref linkend="net-tools"/> (for <command>ifconfig</command>) and 
+<xref linkend="perl-modules"/>: Net-DNS</para>
+</sect4>
+
+<sect4><title>Optional (to [re]build documentation)</title>
+<para><xref linkend="openjade"/>, 
+<xref linkend="jadetex"/>, 
+<xref linkend="docbook-dsssl"/></para>
+</sect4>
 </sect3>
 
 </sect2>
 
 <sect2>
-<title>Installation of <application><acronym>BIND</acronym></application></title>
+<title>Installation of 
+<application><acronym>BIND</acronym></application></title>
 
 <para>Install <application><acronym>BIND</acronym></application> by
 running the following commands:</para>
 
-<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc &&
+<screen><userinput><command>sed -i -e "s/dsssl-stylesheets/&-1.78/g" configure &&
+./configure --prefix=/usr --sysconfdir=/etc \
+    --enable-threads --with-libtool &&
 make &&
-make install</command></userinput></screen>
+make install &&
+chmod 755 \
+    /usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} &&
+mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &&
+cd doc &&
+install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &&
+install -m644 arm/*.html \
+    /usr/share/doc/bind-9.3.0/arm &&
+install -m644 draft/*.txt \
+    /usr/share/doc/bind-9.3.0/draft &&
+install -m644 rfc/* \
+    /usr/share/doc/bind-9.3.0/rfc &&
+install -m644 misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
+    /usr/share/doc/bind-9.3.0/misc</command></userinput></screen>
 
+<para>In order to run the complete test suite before installing the 
+package, you need to set up some dummy interfaces (requires 
+<command>ifconfig</command>). Issue the following commands to run the 
+complete suite of tests:</para>
+
+<screen><userinput><command>bin/tests/system/ifconfig.sh up &&
+make check >check.log 2>&1 &&
+bin/tests/system/ifconfig.sh down</command></userinput></screen>
+
+<para>If desired, issue the following command to ensure all 145 tests ran 
+successfully:</para>
+
+<screen><userinput><command>grep "R:PASS" check.log | wc -l</command></userinput></screen>
+
 </sect2>
 
 <sect2>
+<title>Command explanations</title>
+
+<para><command>sed -i -e ... configure</command>: This command forces 
+<command>configure</command> to look for the <acronym>DSSSL</acronym> 
+stylesheets in the standard <acronym>BLFS</acronym> location.</para>
+
+<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces 
+<application><acronym>BIND</acronym></application> to look for configuration 
+files in <filename class='directory'>/etc</filename> instead of 
+<filename class='directory'>/usr/etc</filename>.</para>
+
+<para><parameter>--enable-threads</parameter>: This parameter enables 
+multi-threading capability.</para>
+
+<para><parameter>--with-libtool</parameter>: This parameter forces the 
+building of dynamic libraries and links the installed binaries to these 
+libraries.</para>
+
+<para><command>cd doc; install ...</command>: These commands install the 
+additional package documentation. Optionally, omit any or all of these 
+commands.</para>
+
+</sect2>
+
+<sect2>
 <title>Configuring
 <application><acronym>BIND</acronym></application></title>
 
 <sect3><title>Config files</title>
-<para><filename>named.conf</filename>, <filename>root.hints</filename>,
+<para><filename>named.conf</filename>, <filename>root.hints</filename>, 
 <filename>127.0.0</filename>, <filename>rndc.conf</filename></para>
 </sect3>
 
 <sect3><title>Configuration Information</title>
 
-<para><application><acronym>BIND</acronym></application> will configured
-to run in a chroot jail as an unprivileged user (named). This configuration 
-is more secure in that a <acronym>DNS</acronym> compromise can only affect 
-a few files in the named user's <envar>HOME</envar> directory.</para> 
+<para><application><acronym>BIND</acronym></application> will be configured 
+to run in a <command>chroot</command> jail as an unprivileged user (named). 
+This configuration is more secure in that a <acronym>DNS</acronym> compromise 
+can only affect a few files in the named user's <envar>HOME</envar> 
+directory.</para> 
 
 <para>Create the unprivileged user and group named:</para>
 
 <screen><userinput><command>groupadd named &&
-useradd -m -g named -s /bin/false named</command></userinput></screen>
+useradd -m -c "BIND Owner" -g named -s /bin/false named</command></userinput></screen>
 
-<para>Set up some files, directories and devices needed by
+<para>Set up some files, directories and devices needed by 
 <application><acronym>BIND</acronym></application>:</para>
 
 <screen><userinput><command>cd /home/named &&
@@ -98,8 +168,8 @@
 
 <screen><userinput><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>
 
-<para>Create the <filename>named.conf</filename> file from which named
-will read the location of zone files, root name servers and secure
+<para>Create the <filename>named.conf</filename> file from which named 
+will read the location of zone files, root name servers and secure 
 <acronym>DNS</acronym> keys:</para>
 
 <screen><userinput><command>cat > /home/named/etc/named.conf << "EOF"</command>
@@ -166,8 +236,9 @@
 
 <command>EOF</command></userinput></screen>
 
-<para>Create the <filename>rndc.conf</filename> with the following commands:</para>
-                                                                                                                     
+<para>Create the <filename>rndc.conf</filename> file with the following 
+commands:</para>
+
 <screen><userinput><command>cat > /etc/rndc.conf << "EOF"</command>
 key rndc_key {
 algorithm "hmac-md5";
@@ -179,9 +250,9 @@
     default-key    rndc_key;
 };
 <command>EOF</command></userinput></screen>
-                                                                                                                     
-<para>The <filename>rndc.conf</filename> file contains information for
-controlling named operations with the <command>rndc</command>
+
+<para>The <filename>rndc.conf</filename> file contains information for 
+controlling named operations with the <command>rndc</command> 
 utility.</para>
 
 <para>Create a zone file with the following contents:</para>
@@ -201,7 +272,7 @@
 <para>Create the <filename>root.hints</filename> file with the following
 commands:</para>
 
-<note><para>Caution must be used to ensure no leading spaces in this
+<note><para>Caution must be used to ensure there are no leading spaces in this 
 file.</para></note>
 
 <screen><userinput><command>cat > /home/named/etc/namedb/root.hints << "EOF"</command>
@@ -233,18 +304,19 @@
 M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
 <command>EOF</command></userinput></screen>
 
-<para>The <filename>root.hints</filename> file is a list of root name
-servers. This file must be updated periodically with the
-<command>dig</command> utility.  A current copy of root.hints can be
-obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
-Consult the <ulink url="http://www.bind9.net/Bv9ARM.html"><application><acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> for
-details.</para>
+<para>The <filename>root.hints</filename> file is a list of root name servers. 
+This file must be updated periodically with the <command>dig</command> 
+utility.  A current copy of root.hints can be obtained from 
+<ulink url="ftp://rs.internic.net/domain/named.root" />. Consult the 
+<ulink url="http://www.bind9.net/Bv9ARM.html"><application>
+<acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> 
+for details.</para>
 
-<para>Create or modify <filename>resolv.conf</filename> to use the new
+<para>Create or modify <filename>resolv.conf</filename> to use the new 
 name server with the following commands:</para>
 
-<note><para>Replace yourdomain.com with your own valid domain
-name.</para></note>
+<note><para>Replace <replaceable>[yourdomain.com]</replaceable> with your own 
+valid domain name.</para></note>
 
 <screen><userinput><command>cp /etc/resolv.conf /etc/resolv.conf.bak &&
 cat > /etc/resolv.conf << "EOF"</command>
@@ -252,14 +324,15 @@
 nameserver 127.0.0.1
 <command>EOF</command></userinput></screen>
 
-<para>Set permissions on the chroot jail with the following
-command:</para>
+<para>Set permissions on the <command>chroot</command> jail with the 
+following command:</para>
 
 <screen><userinput><command>chown -R named.named /home/named</command></userinput></screen>
 
-<para>To start the DNS server at boot, install the <filename>/etc/rc.d/init.d/bind</filename>
-init script included in the <xref linkend="intro-important-bootscripts"/> package.</para>
-                                                                                                                
+<para>To start the <acronym>DNS</acronym> server at boot, install the 
+<filename>/etc/rc.d/init.d/bind</filename> init script included in the 
+<xref linkend="intro-important-bootscripts"/> package.</para>
+
 <screen><userinput><command>make install-bind</command></userinput></screen>
 
 <para>Now start <application><acronym>BIND</acronym></application> with
@@ -278,16 +351,17 @@
 <screen><userinput><command>dig -x 127.0.0.1</command></userinput></screen>
 
 <para>Now try an external name lookup, taking note of the speed
-difference in repeated lookups due to the caching. Run the dig command
-twice on the same address:</para>
+difference in repeated lookups due to the caching. Run the 
+<command>dig</command> command twice on the same address:</para>
 
-<para><screen><userinput><command>dig www.linuxfromscratch.org &&
+<screen><userinput><command>dig www.linuxfromscratch.org &&
 dig www.linuxfromscratch.org</command></userinput></screen>
-You can see almost instantaneous results with the named caching lookups.
-Consult <filename>bind-&bind-version;/doc/arm/Bv9ARM.html</filename>,
-the <application><acronym>BIND</acronym></application> Administrator
-Reference Manual for further configuration options.</para>
 
+<para>You can see almost instantaneous results with the named caching lookups. 
+Consult the <application><acronym>BIND</acronym></application> Administrator 
+Reference Manual located at 
+<filename>doc/arm/Bv9ARM.html</filename> in the package source tree, for 
+further configuration options.</para>
 </sect3>
 
 </sect2>
@@ -295,22 +369,26 @@
 <sect2>
 <title>Contents</title>
 
-<para>The <application><acronym>BIND</acronym></application> package contains
-<command>dig</command>,
-<command>host</command>,
-<command>isc-config.sh</command>,
-<command>nslookup</command>,
-<command>rndc</command>,
-<command>rndc-confgen</command>,
-<command>named-checkconf</command>,
-<command>named-checkzone</command>,
-<command>lwresd</command>,
-<command>named</command>,
-<command>dnssec-signzone</command>,
-<command>dnssec-signkey</command>,
-<command>dnssec-keygen</command>,
-<command>dnssec-makekeyset</command> and
-<command>nsupdate</command>.</para>
+<para>The <application><acronym>BIND</acronym></application> package contains 
+<command>dig</command>, 
+<command>dnssec-keygen</command>, 
+<command>dnssec-signzone</command>, 
+<command>host</command>, 
+<command>isc-config.sh</command>, 
+<command>lwresd</command>, 
+<command>named</command>, 
+<command>named-checkconf</command>, 
+<command>named-checkzone</command>, 
+<command>nslookup</command>, 
+<command>nsupdate</command>, 
+<command>rndc</command>, 
+<command>rndc-confgen</command>, 
+<filename class='libraryfile'>libbind9</filename>, 
+<filename class='libraryfile'>libdns</filename>, 
+<filename class='libraryfile'>libisc</filename>, 
+<filename class='libraryfile'>libisccc</filename>, 
+<filename class='libraryfile'>libisccfg</filename> and 
+<filename class='libraryfile'>liblwres</filename>.</para>
 </sect2>
 
 <sect2><title>Description</title>
@@ -319,22 +397,25 @@
 <para><command>dig</command> interrogates <acronym>DNS</acronym>
 servers.</para></sect3>
 
+<sect3><title>dnssec-keygen</title>
+<para><command>dnssec-keygen</command> is a key generator for secure
+<acronym>DNS</acronym>.</para></sect3>
+
+<sect3><title>dnssec-signzone</title>
+<para><command>dnssec-signzone</command> generates signed versions of
+zone files.</para></sect3>
+
 <sect3><title>host</title>
 <para><command>host</command> is a utility for <acronym>DNS</acronym>
 lookups.</para></sect3>
 
-<sect3><title>nslookup</title>
-<para><command>nslookup</command> is a program used to query Internet
-domain nameservers.</para></sect3>
+<sect3><title>lwresd</title>
+<para><command>lwresd</command> is a caching-only name server for local
+process use.</para></sect3>
 
-<sect3><title>rndc</title>
-<para><command>rndc</command> controls the operation of
-<application><acronym>BIND</acronym></application>.</para></sect3>
+<sect3><title>named</title>
+<para><command>named</command> is the name server daemon.</para></sect3>
 
-<sect3><title>rndc-confgen</title>
-<para><command>rndc-confgen</command> generates
-<filename>rndc.conf</filename> files.</para></sect3>
-
 <sect3><title>named-checkconf</title>
 <para><command>named-checkconf</command> checks the syntax of
 <filename>named.conf</filename> files.</para></sect3>
@@ -343,33 +424,22 @@
 <para><command>named-checkzone</command> checks zone file
 validity.</para></sect3>
 
-<sect3><title>lwresd</title>
-<para><command>lwresd</command> is a caching-only name server for local
-process use.</para></sect3>
+<sect3><title>nslookup</title>
+<para><command>nslookup</command> is a program used to query Internet
+domain nameservers.</para></sect3>
 
-<sect3><title>named</title>
-<para><command>named</command> is the name server daemon.</para></sect3>
-
-<sect3><title>dnssec-signzone</title>
-<para><command>dnssec-signzone</command> generates signed versions of
-zone files.</para></sect3>
-
-<sect3><title>dnssec-signkey</title>
-<para><command>dnssec-signkey</command> signs zone file key
-sets.</para></sect3>
-
-<sect3><title>dnssec-keygen</title>
-<para><command>dnssec-keygen</command> is a key generator for secure
-<acronym>DNS</acronym>.</para></sect3>
-
-<sect3><title>dnssec-makekeyset</title>
-<para><command>dnssec-makekeyset</command> generates a key set from one
-or more keys created by dnssec-keygen.</para></sect3>
-
 <sect3><title>nsupdate</title>
 <para><command>nsupdate</command> is used to submit
 <acronym>DNS</acronym> update requests.</para></sect3>
 
+<sect3><title>rndc</title>
+<para><command>rndc</command> controls the operation of
+<application><acronym>BIND</acronym></application>.</para></sect3>
+
+<sect3><title>rndc-confgen</title>
+<para><command>rndc-confgen</command> generates
+<filename>rndc.conf</filename> files.</para></sect3>
+
 </sect2>
 
 </sect1>




More information about the blfs-book mailing list