From RHEL to CentOS BIND 9

Wed Dec 5 18:28:46 UTC 2007

Nice detailed info Matt, thanks. I'm going to give this a try if I can't get 
this working using RPM's.

Mike

On Wed, 05 Dec 2007 09:45:07 -0600, Matt Tesauro wrote:
> I've got several CentOS 5 boxen running the source install of BIND.
> 
> Here's a quick and dirty recipe of how I made it work for me:
> 
> (1) Install the bind-chroot rpm ("yum install bind-chroot") then remove
> it (rpm -e bind bind-chroot).  This is a quick way to get the chroot
> environment setup for you without a bunch of mkdir -p's - I'm lazy.
> 
> (2)  Get the latest source from ISC.  Download into a joe user's home
> directory
> 
> (3)  Untar and then configure bind with the following script:
> # cat bind_configure
> CFLAGS="-O2 -march=i686 -funroll-loops";  export CFLAGS
> ./configure \
> --prefix=/usr/ \
> --sysconfdir=/etc \
> --localstatedir=/var \
> --mandir=/usr/share/man \
> --with-openssl \
> --with-libtool \
> --disable-ipv6 \
> --enable-threads \
> --disable-openssl-version-check
> (You can copy and paste this into vi or the editor of your choice - make
> sure to chmod u+x the script)
> 
> (4)  Run make as your joe user
> 
> (5)  su - to root and return to the source directory of BIND then run
> the following commands:
> find / > ~/pre_bind
> make install
> strip /usr/sbin/named
> install -c \
> -m0600 /home/[user]/bind-[version]/bin/rndc/rndc.conf /var/named/chroot/etc/
> chown named.named /var/named/chroot/etc/rndc.conf
> find / > post_bind
> diff pre_bind post_bind > bind_install
> vi bind_install [to remove extra cruft like /proc entries)
> rm pre_bind
> rm post_bind
> 
> (6)  Configure BIND - if your existing BIND install is sane and working,
> you can use that named.conf as a starting point.  Don't forget about
> your friends for getting your setup right:
> /usr/sbin/named-checkzone
> /usr/sbin/named-checkconf
> /usr/sbin/rndc-confgen
> 
> (7) I setup TSIG and rndc.  Some good info can be had from the BIND
> chapter in this:
> Securing & Optimizing Linux: The Ultimate Solution
> version:         2.0
> author:         Gerhard Mourani
> http://www.tldp.org/guides.html
> (most of this is modifications of stuff I learned from that great
> resource)
> 
> (8)  If/when a new version of BIND comes out, use the list of installed
> files as a means to remove the source installed BIND by vi'ing the file
> doing :1,$s/>/rm -f/ after making sure you _want_ to delete all entries
> in that file.  Save it and chmod u+x and execute ./bind_install to
> remove the install.  You can use your configure script to get the new
> source configured the same and follow the steps above for the new
> version.
> 
> Note:  The above assumes you have gcc and the necessary libraries
> installed.  BIND's configure is good about telling you what you're
> missing - likely things like openssl-devel and such.  I did a minimal
> install and added what I needed.  Your install choices may already have
> most/all of the required RPMs.
> 
> HTH
> 
> -- Matt Tesauro
> 
> On Wed, 2007-12-05 at 09:07 -0600, isplist at logicore.net wrote:
>>> I'm not sure why you don't use standard distribution scripts and
>>> setup. If you really need this uncommon setup then compile BIND
>>> yourself from source. In other case try:
>>> 
>> I'm not sure how I'm ending up with a non standard setup. It's not what
>> I've
>> been wanting. I have no need for anything special, I just wanted to
>> install a
>> new replacement primary to take over from my current primary.
>> 
>>> - $yum install bind
>>> - configure /etc/named.conf
>>> - add zones to /var/named{,slaves}
>>> - run restorecon on all modified files if you're using SELinux
>>> - if you want chroot install bind-chroot package
>>> - run $service named start
>>> 
>> Maybe I should re-install and start from scratch since this seems to be
>> totally messed up now. Do you feel it might be best to start over before
>> I do
>> the above?
>> 
>> Mike