From RHEL to CentOS BIND 9
isplist at logicore.net
isplist at logicore.net
Wed Dec 5 18:28:46 UTC 2007
Nice detailed info Matt, thanks. I'm going to give this a try if I can't get
this working using RPM's.
Mike
On Wed, 05 Dec 2007 09:45:07 -0600, Matt Tesauro wrote:
> I've got several CentOS 5 boxen running the source install of BIND.
>
> Here's a quick and dirty recipe of how I made it work for me:
>
> (1) Install the bind-chroot rpm ("yum install bind-chroot") then remove
> it (rpm -e bind bind-chroot). This is a quick way to get the chroot
> environment setup for you without a bunch of mkdir -p's - I'm lazy.
>
> (2) Get the latest source from ISC. Download into a joe user's home
> directory
>
> (3) Untar and then configure bind with the following script:
> # cat bind_configure
> CFLAGS="-O2 -march=i686 -funroll-loops"; export CFLAGS
> ./configure \
> --prefix=/usr/ \
> --sysconfdir=/etc \
> --localstatedir=/var \
> --mandir=/usr/share/man \
> --with-openssl \
> --with-libtool \
> --disable-ipv6 \
> --enable-threads \
> --disable-openssl-version-check
> (You can copy and paste this into vi or the editor of your choice - make
> sure to chmod u+x the script)
>
> (4) Run make as your joe user
>
> (5) su - to root and return to the source directory of BIND then run
> the following commands:
> find / > ~/pre_bind
> make install
> strip /usr/sbin/named
> install -c \
> -m0600 /home/[user]/bind-[version]/bin/rndc/rndc.conf /var/named/chroot/etc/
> chown named.named /var/named/chroot/etc/rndc.conf
> find / > post_bind
> diff pre_bind post_bind > bind_install
> vi bind_install [to remove extra cruft like /proc entries)
> rm pre_bind
> rm post_bind
>
> (6) Configure BIND - if your existing BIND install is sane and working,
> you can use that named.conf as a starting point. Don't forget about
> your friends for getting your setup right:
> /usr/sbin/named-checkzone
> /usr/sbin/named-checkconf
> /usr/sbin/rndc-confgen
>
> (7) I setup TSIG and rndc. Some good info can be had from the BIND
> chapter in this:
> Securing & Optimizing Linux: The Ultimate Solution
> version: 2.0
> author: Gerhard Mourani
> http://www.tldp.org/guides.html
> (most of this is modifications of stuff I learned from that great
> resource)
>
> (8) If/when a new version of BIND comes out, use the list of installed
> files as a means to remove the source installed BIND by vi'ing the file
> doing :1,$s/>/rm -f/ after making sure you _want_ to delete all entries
> in that file. Save it and chmod u+x and execute ./bind_install to
> remove the install. You can use your configure script to get the new
> source configured the same and follow the steps above for the new
> version.
>
> Note: The above assumes you have gcc and the necessary libraries
> installed. BIND's configure is good about telling you what you're
> missing - likely things like openssl-devel and such. I did a minimal
> install and added what I needed. Your install choices may already have
> most/all of the required RPMs.
>
> HTH
>
> -- Matt Tesauro
>
> On Wed, 2007-12-05 at 09:07 -0600, isplist at logicore.net wrote:
>>> I'm not sure why you don't use standard distribution scripts and
>>> setup. If you really need this uncommon setup then compile BIND
>>> yourself from source. In other case try:
>>>
>> I'm not sure how I'm ending up with a non standard setup. It's not what
>> I've
>> been wanting. I have no need for anything special, I just wanted to
>> install a
>> new replacement primary to take over from my current primary.
>>
>>> - $yum install bind
>>> - configure /etc/named.conf
>>> - add zones to /var/named{,slaves}
>>> - run restorecon on all modified files if you're using SELinux
>>> - if you want chroot install bind-chroot package
>>> - run $service named start
>>>
>> Maybe I should re-install and start from scratch since this seems to be
>> totally messed up now. Do you feel it might be best to start over before
>> I do
>> the above?
>>
>> Mike
More information about the bind-users
mailing list