|
System Overview
|
|
|
|
General Public Domain
|
|
|
|
Bind
|
|
|
|
DHCP
|
|
|
|
Emacs
|
|
|
|
ftpd
|
|
|
|
gcc & libg++
|
|
|
|
Ghostscript & Ghostview
|
|
|
|
GNUPLOT
|
|
|
|
GNU Enscript
|
|
|
|
LAPACK & BLAS
|
|
|
|
Logstats
|
|
|
|
Netscape
|
|
|
|
nmh
|
|
|
|
perl
|
|
|
|
samba
|
|
|
|
sendmail
|
|
|
|
ssh Admin
|
|
|
|
ssh Use
|
|
|
|
local ssh Use
|
|
|
|
tcp wrappers
|
|
|
|
tcsh
|
|
|
|
teTeX
|
|
|
|
Xanim
|
|
|
|
Xfig
|
|
|
|
XMgr
|
|
|
|
Xntpd
|
|
|
Bind
Grab the source from www.isc.org
Build and install:
- unpack into the source tree
- cd src
- make distclean
- make depend
- make
- make -n install
- Look to make sure that the install is going where you like
- su
- make install
- Add a user and group "bind" to the local /etc/passwd file
- fix /etc/init.d/inetsvc to check for named.conf and the new named binary.
Here is an excerpt from /etc/init.d/inetsvc on Soalris 2.6:
# If this machine is configured to be an Internet Domain Name
# System (DNS) server, run the name daemon.
# Start named prior to: route add net host, to avoid dns
# gethostbyname timout delay for nameserver during boot.
#
if [ -f /usr/local/sbin/named -a -f /etc/named.conf ]; then
/usr/local/sbin/named -c /etc/named.conf -u bind -g bind
echo "starting internet domain name server."
fi
Here is the complete file for Digital Unix 4.0:
#!/sbin/sh
#
# Control the Internet name service
PATH=/sbin:/usr/sbin:/usr/bin:/usr/lbin
export PATH
[ -f /etc/named.conf ] || exit 0
case "$1" in
'start')
if [ -x /usr/sbin/named ];
then
/usr/sbin/named;
echo "Internet name service started"
fi
;;
'stop')
if [ -r /var/run/named.pid ];
then
Pid=`cat /var/run/named.pid`
kill -9 $Pid
sleep 2
echo "Internet name service stopped"
fi
;;
'restart')
if [ -r /var/run/named.pid ];
then
Pid=`cat /var/run/named.pid`
kill -1 $Pid
sleep 5
echo "Internet name service restarted"
fi
;;
*)
echo "usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
- convert the /etc/named.boot file to a /etc/named.conf file by typing (from the named src directory)
./bin/named/named-bootconf.pl </etc/named.boot >/etc/named.conf
NOTE: on Digital Unix the named.boot is not in the standard place:
./bin/named/named-bootconf.pl </etc/namedb/named.boot >/etc/named.conf
note that named-bootconf.pl may be looking for perl in the wrong dir, check it first
- After the basic named.conf is generated start named up and then check the logs to make sure it is not barfing. If it is working happily then start working on the config file to make it more secure. Here is the standard named.conf file from a secondary server:
// generated by named-bootconf.pl
options {
directory "/var/named";
};
// local
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.rev.0.0.127";
};
// from neptune
zone "phys.ufl.edu" {
type slave;
file "named.phys";
masters {
128.227.64.7;
};
};
zone "24.227.128.in-addr.arpa" {
type slave;
file "named.rev.24.227.128";
masters {
128.227.64.7;
};
};
- In order to make things secure we need to limit the people that can do zone transfers from us. Change the previous listing to something like this:
acl "allowed_to_transfer" {
{ 128.227/16; };
};
options {
directory "/var/named";
allow-transfer { allowed_to_transfer; };
};
// local
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.rev.0.0.127";
};
// from neptune
zone "phys.ufl.edu" {
type slave;
file "named.phys";
masters {
128.227.64.7;
};
};
- If you are behind a filter such as a firewall and need to restrict bind to use a particual udp port then specify this in the options stanza. Example:
options {
directory "/var/named";
allow-transfer { allowed_to_transfer; };
query-source address * port 53;
};
|
