[blfs-book] r9463 - trunk/BOOK/server/major

andy at linuxfromscratch.org andy at linuxfromscratch.org
Sat Feb 18 10:41:31 PST 2012


Author: andy
Date: 2012-02-18 11:41:27 -0700 (Sat, 18 Feb 2012)
New Revision: 9463

Modified:
   trunk/BOOK/server/major/bind.xml
Log:
bind tweaks

Modified: trunk/BOOK/server/major/bind.xml
===================================================================
--- trunk/BOOK/server/major/bind.xml	2012-02-18 17:09:33 UTC (rev 9462)
+++ trunk/BOOK/server/major/bind.xml	2012-02-18 18:41:27 UTC (rev 9463)
@@ -3,12 +3,15 @@
    "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
-  <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
-  <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+  <!ENTITY bind-download-http
+  "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+  <!ENTITY bind-download-ftp
+  "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
   <!ENTITY bind-md5sum "afa41f8203d50bedad65071f9b6f96d7">
   <!ENTITY bind-size "8.1 MB">
   <!ENTITY bind-buildsize "260 MB">
-  <!ENTITY bind-time "1.7 SBU (additional 13 minutes, processor independent, to run the complete test suite)">
+  <!ENTITY bind-time "1.7 SBU (additional 13 minutes, processor independent, to
+  run the complete test suite)">
 ]>
 
 <sect1 id="bind" xreflabel="BIND-&bind-version;">
@@ -60,7 +63,8 @@
     <itemizedlist spacing='compact'>
       <listitem>
         <para>Optional patch (if net-tools is not installed):
-        <ulink url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
+        <ulink
+        url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
       </listitem>
     </itemizedlist>
 
@@ -74,7 +78,8 @@
     <xref linkend="net-tools"/> (you may omit net-tools by using the optional
     patch to utilize iproute2, but the IPv6 tests will fail)</para>
 
-    <bridgehead renderas="sect4">Optional (to rebuild documentation)</bridgehead>
+    <bridgehead renderas="sect4">Optional (to rebuild the
+    documentation)</bridgehead>
     <para role="optional"><!--<xref linkend="tetex"/> or-->
     <xref linkend="texlive"/>, and
     <xref linkend="libxslt"/></para>
@@ -140,7 +145,6 @@
 install -v -m644 \
     misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
     /usr/share/doc/bind-&bind-version;/misc</userinput></screen>
-
   </sect2>
 
   <sect2 role="commands">
@@ -166,7 +170,6 @@
     <para><command>cd doc; install ...</command>: These commands install
     additional package documentation. Omit any or all of these commands if
     desired.</para>
-
   </sect2>
 
   <sect2 role="configuration">
@@ -194,13 +197,14 @@
       </indexterm>
 
       <indexterm zone="bind bind-config">
-        <primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
+        <primary
+        sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
       </indexterm>
 
       <indexterm zone="bind bind-config">
-        <primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
+        <primary
+        sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
       </indexterm>
-
     </sect3>
 
     <sect3>
@@ -224,53 +228,49 @@
       <application>BIND</application>:</para>
 
 <screen role="root"><userinput>cd /srv/named &&
-mkdir -p dev etc/namedb/slave var/run &&
+mkdir -p dev etc/namedb/{slave,pz} usr/lib/engines var/run/named &&
 mknod /srv/named/dev/null c 1 3 &&
 mknod /srv/named/dev/random c 1 8 &&
 chmod 666 /srv/named/dev/{null,random} &&
-mkdir /srv/named/etc/namedb/pz &&
-cp /etc/localtime /srv/named/etc</userinput></screen>
+cp /etc/localtime etc &&
+touch /srv/named/managed-keys.bind &&
+cp /usr/lib/engines/libgost.so usr/lib/engines &&
+[ $(arch) = x86_64 ] && ln -sv lib usr/lib64</userinput></screen>
 
-      <para>Then, generate a key for use in the <filename>named.conf</filename>
-      and <filename>rdnc.conf</filename> files using the
+      <para>The <filename>rndc.conf</filename> file contains information for
+      controlling <command>named</command> operations with the
+      <command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
       <command>rndc-confgen</command> command:</para>
 
-<screen role="root"><userinput>rndc-confgen -r /dev/urandom -b 512 | \
-    grep -m 1 "secret" | cut -d '"' -f 2</userinput></screen>
+<screen role="root"><userinput>rndc-confgen -r /dev/urandom -b 512 > /etc/rndc.conf &&
+sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf</userinput></screen>
 
-      <para>Create the <filename>named.conf</filename> file from which
+      <para>Complete the <filename>named.conf</filename> file from which
       <command>named</command> will read the location of zone files, root
       name servers and secure DNS keys:</para>
 
-<screen role="root"><?dbfo keep-together="auto"?><userinput>cat > /srv/named/etc/named.conf << "EOF"
-<literal> options {
-     directory "/etc/namedb";
+<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
+<literal>options {
+    directory "/etc/namedb";
     pid-file "/var/run/named.pid";
     statistics-file "/var/run/named.stats";
 
- };
- controls {
-     inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
- };
- key "rndc_key" {
-     algorithm hmac-md5;
-     secret "<replaceable><Insert secret from rndc-confgen's output here></replaceable>";
- };
- zone "." {
-     type hint;
-     file "root.hints";
- };
- zone "0.0.127.in-addr.arpa" {
-     type master;
-     file "pz/127.0.0";
- };
+};
+zone "." {
+    type hint;
+    file "root.hints";
+};
+zone "0.0.127.in-addr.arpa" {
+    type master;
+    file "pz/127.0.0";
+};
 
 // Bind 9 now logs by default through syslog (except debug).
 // These are the default logging rules.
 
 logging {
-     category default { default_syslog; default_debug; };
-     category unmatched { null; };
+    category default { default_syslog; default_debug; };
+    category unmatched { null; };
 
   channel default_syslog {
       syslog daemon;                      // send to syslog's daemon
@@ -297,32 +297,12 @@
   };
 
   channel null {
-     null;                                // toss anything sent to
+      null;                               // toss anything sent to
                                           // this channel
   };
 };</literal>
-
 EOF</userinput></screen>
 
-      <para>Create the <filename>rndc.conf</filename> file with the following
-      commands:</para>
-
-<screen role="root"><userinput>cat > /etc/rndc.conf << "EOF"
-<literal>key rndc_key {
-algorithm "hmac-md5";
-    secret
-    "<replaceable><Insert secret from rndc-confgen's output here></replaceable>";
-    };
-options {
-    default-server localhost;
-    default-key    rndc_key;
-};</literal>
-EOF</userinput></screen>
-
-      <para>The <filename>rndc.conf</filename> file contains information for
-      controlling <command>named</command> operations with the
-      <command>rndc</command> utility.</para>
-
       <para>Create a zone file with the following contents:</para>
 
 <screen role="root"><userinput>cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
@@ -398,7 +378,7 @@
       <para>Set permissions on the <command>chroot</command> jail with the
       following command:</para>
 
-<screen role="root"><userinput>chown -R named.named /srv/named</userinput></screen>
+<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
 
     </sect3>
 




More information about the blfs-book mailing list