BIND

satimis · 10-29-2008, 08:52 PM

Hi folks,

BIND 9.5.0 complied from source
chrooted
Configuration : prefix=/usr/local/bind
OS - Debian Etch

On starting bind;
# /usr/local/bind/sbin/named -u named -t /usr/local/bind -c /etc/named.conf -g

Code:

30-Oct-2008 01:31:18.771 starting BIND 9.5.0 -u named -t /usr/local/bind -c /etc/named.conf -g
30-Oct-2008 01:31:18.830 loading configuration from '/etc/named.conf'
30-Oct-2008 01:31:18.856 listening on IPv4 interface lo, 127.0.0.1#53
30-Oct-2008 01:31:18.858 listening on IPv4 interface eth0, 192.168.0.203#53
30-Oct-2008 01:31:18.868 default max-cache-size (33554432) applies
30-Oct-2008 01:31:18.869 automatic empty zone: 0.IN-ADDR.ARPA
30-Oct-2008 01:31:18.869 automatic empty zone: 127.IN-ADDR.ARPA
30-Oct-2008 01:31:18.869 automatic empty zone: 254.169.IN-ADDR.ARPA
30-Oct-2008 01:31:18.869 automatic empty zone: 2.0.192.IN-ADDR.ARPA
30-Oct-2008 01:31:18.869 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
30-Oct-2008 01:31:18.869 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
30-Oct-2008 01:31:18.870 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
30-Oct-2008 01:31:18.870 automatic empty zone: D.F.IP6.ARPA
30-Oct-2008 01:31:18.870 automatic empty zone: 8.E.F.IP6.ARPA
30-Oct-2008 01:31:18.870 automatic empty zone: 9.E.F.IP6.ARPA
30-Oct-2008 01:31:18.870 automatic empty zone: A.E.F.IP6.ARPA
30-Oct-2008 01:31:18.870 automatic empty zone: B.E.F.IP6.ARPA
30-Oct-2008 01:31:18.871 default max-cache-size (33554432) applies: view _bind
30-Oct-2008 01:31:18.871 none:0: open: /usr/local/bind/etc/rndc.key: file not found
30-Oct-2008 01:31:18.871 couldn't add command channel 127.0.0.1#953: file not found
30-Oct-2008 01:31:18.871 none:0: open: /usr/local/bind/etc/rndc.key: file not found
30-Oct-2008 01:31:18.871 couldn't add command channel ::1#953: file not found
30-Oct-2008 01:31:18.882 ignoring config file logging statement due to -g option
30-Oct-2008 01:31:18.885 running

It is started and running now. But I found rndc.key not created.

# updatedb
# locate rndc.key
no printout

Do I need to create it on this version of BIND?

Which options shall be up on running;

Code:

# rndc-confgen   /usr/local/bind/etc/rndc.key

???

There is no "man" running.

TIA

satimis

bathory · 10-30-2008, 01:21 AM

Read this to see how you can create the rndc key and configure named.conf and rndc.conf

Regards

billymayday · 10-30-2008, 01:35 AM

And satimis, just make sure you get the directories correct - make the config refer to /etc/rndc.conf if your are chrooting to /usr/local/bind

satimis · 10-30-2008, 02:22 AM

Quote:

Originally Posted by billymayday

And satimis, just make sure you get the directories correct - make the config refer to /etc/rndc.conf if your are chrooting to /usr/local/bind

Hi billymayday,

Thanks for your advice.

# find / -name *.conf | grep rndc

Code:

/usr/local/src/bind-9.5.0/bin/rndc/rndc.conf
/usr/local/src/bind-9.5.0/bin/tests/system/dlv/ns5/rndc.conf
/usr/local/src/bind-9.5.0/bin/tests/system/common/rndc.conf

The config file is on the extracted tarball directory.

# cat /usr/local/src/bind-9.5.0/bin/rndc/rndc.conf

Code:

/*
 * Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
 * Copyright (C) 2000, 2001  Internet Software Consortium.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

/* $Id: rndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */

/*
 * Sample rndc configuration file.
 */

options {
        default-server  localhost;
        default-key     "key";
};

server localhost {
        key     "key";
};

key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
        algorithm hmac-md5;
        secret "34f88008d07deabbe65bd01f1d233d47";
};

server "test1" {
        key "cc64b3d1db63fc88d7cb5d2f9f57d258";
        port 5353;
        addresses { 10.53.0.1; };
};

key "key" {
        algorithm       hmac-md5;
        secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
xen03:~# cat /usr/local/src/bind-9.5.0/bin/rndc/rndc.conf
/*
 * Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
 * Copyright (C) 2000, 2001  Internet Software Consortium.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

/* $Id: rndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */

/*
 * Sample rndc configuration file.
 */

options {
        default-server  localhost;
        default-key     "key";
};

server localhost {
        key     "key";
};

key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
        algorithm hmac-md5;
        secret "34f88008d07deabbe65bd01f1d233d47";
};

server "test1" {
        key "cc64b3d1db63fc88d7cb5d2f9f57d258";
        port 5353;
        addresses { 10.53.0.1; };
};

key "key" {
        algorithm       hmac-md5;
        secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

# cat /usr/local/bind/etc/named.conf

Code:

options {
        directory "/namedb";
        version "I do not give any version info";
         pid-file "/var/run/named.pid";
         allow-transfer { none ;};
};

zone "." IN {
        type hint;
        file "/etc/named.root";
};

 zone "satimis.com" {
        type master ;
        file "satimis.com.zone";
        allow-query {any;};
        allow-update { none; };
};

There is no entry for rndc.conf. Can I add another zone

Code:

zone "." IN {
        type hint;
        file "/etc/rndc.conf";
};

under "/etc/named.root" zone ?

and link rndc.conf as;

Code:

# ln - s /usr/local/src/bind-9.5.0/bin/rndc/rndc.conf /etc/local/bind/etc/rndc.conf

???

OR just copy it on the default directory /etc/local/bind/etc ?

TIA

B.R.
satimis

billymayday · 10-30-2008, 03:41 AM

Hi satimis.

Why do you want

Code:

zone "." IN {
        type hint;
        file "/etc/rndc.conf";
};

?

Aside from the fact that zone . should point to root servers, you already have

Code:

zone "." IN {
        type hint;
        file "/etc/named.root";
};

rndc needs a config, but it's a program in itself

satimis · 10-30-2008, 04:41 AM

Quote:

Originally Posted by billymayday

Hi satimis.

Why do you want

Code:

zone "." IN {
        type hint;
        file "/etc/rndc.conf";
};

?

Aside from the fact that zone . should point to root servers, you already have

Code:

zone "." IN {
        type hint;
        file "/etc/named.root";
};

rndc needs a config, but it's a program in itself

Hi billymayday,

On running;

# /usr/local/bind/sbin/named -u named -t /usr/local/bind -c /etc/named.conf -g

Code:

[.....]
30-Oct-2008 01:31:18.870 automatic empty zone: B.E.F.IP6.ARPA
30-Oct-2008 01:31:18.871 default max-cache-size (33554432) applies: view _bind
30-Oct-2008 01:31:18.871 none:0: open: /usr/local/bind/etc/rndc.key: file not found
30-Oct-2008 01:31:18.871 couldn't add command channel 127.0.0.1#953: file not found
30-Oct-2008 01:31:18.871 none:0: open: /usr/local/bind/etc/rndc.key: file not found
30-Oct-2008 01:31:18.871 couldn't add command channel ::1#953: file not found
30-Oct-2008 01:31:18.882 ignoring config file logging statement due to -g option
[....]

it said "open: /usr/local/bind/etc/rndc.key: file not found" I'm trying to fix this problem. Whether it only happens running bind9 on foreground. I can ignore this warning.

B.R.
satimis

billymayday · 10-30-2008, 04:47 AM

See man rndc-confgen

satimis · 10-30-2008, 05:41 AM

Quote:

Originally Posted by billymayday

See man rndc-confgen

Hi billymayday,

I don't have rndc-confgen manual running here b'cos I installed bind from source.

googling brought me following doc;
http://docs.sun.com/app/docs/doc/816...1m?l=en&a=view

# /usr/local/bind/sbin/rndc-confgen

Code:

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "exthpuhHMKik3K3fQv9PPA==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "exthpuhHMKik3K3fQv9PPA==";
# };
#
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

Whether create a the config file on /usr/local/bind/etc/rndc.conf (I run chroot bind). Copy follows on the file;

Code:

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "exthpuhHMKik3K3fQv9PPA==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

???

/usr/local/bind/etc/rbdc.conf is the default path. /etc/rndc.conf is the chroot path

TIA

A side question why I can't start;

# rndc-confgen

must run;
# /usr/local/bind/sbin/rndc-confgen

including the full path.

B.R.
satimis

billymayday · 10-30-2008, 05:48 AM

Do you have rndc installed? rndc is a control program for bind - bind doesn't rely on it, but it requires the key (if setup for it) for rndc to communicate with bind. If you don't have rndc installed, or you don't plan on using it, comment out the references to the key in named.conf.

satimis · 10-30-2008, 06:05 AM

Quote:

Originally Posted by billymayday

Do you have rndc installed? rndc is a control program for bind - bind doesn't rely on it, but it requires the key (if setup for it) for rndc to communicate with bind. If you don't have rndc installed, or you don't plan on using it, comment out the references to the key in named.conf.

$ apt-cache search rndc

Code:

gbindadmin - GTK+ configuration tool for bind9
libisccc0 - Command Channel Library used by BIND
libisccfg1 - Config File Handling Library used by BIND

$ apt-cache policy gbindadmin

Code:

gbindadmin:
  Installed: (none)
  Candidate: 0.1.5-2
  Version table:
     0.1.5-2 0
        500 http://ftp.au.debian.org etch/main Packages

If I don't install "gbindadmin" whether comment out following lines

Code:

key "rndc-key" {
        algorithm hmac-md5;
        secret "exthpuhHMKik3K3fQv9PPA==";
};

only retaining following lines on /usr/local/bind/etc/rndc.conf

Code:

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};

Thanks

satimis

billymayday · 10-30-2008, 10:04 AM

I'm confused. Is it working?

satimis · 10-30-2008, 10:28 AM

Quote:

Originally Posted by billymayday

I'm confused. Is it working?

The DNS server is working. /etc/resolv.conf has been deleted.

# host www.linux.org 127.0.0.1

Code:

www.linux.org           A       198.182.196.56

# host www.yahoo.com 127.0.0.1

Code:

www.yahoo.com           CNAME   www.yahoo-ht3.akadns.net
www.yahoo-ht3.akadns.net        A       209.131.36.158

For such a reason I doubt whether that warning "rndc.key file not found ..." can be ignored. It only popup when I ran the command;

Code:

# /usr/local/bind/sbin/named -u named -t /usr/local/bind -c /etc/named.conf -g

with flag -g up to run bind on foreground. If YES then I can discard the idea of creating rndc.conf file?

B.R.
satimis

billymayday · 10-30-2008, 02:20 PM

Why don't you just install rndc?

satimis · 10-30-2008, 07:16 PM

Quote:

Originally Posted by billymayday

Why don't you just install rndc?

I don't install rndc. It is included in bind9.

$ apt-file search /bin/rndc

Code:

bind9: usr/sbin/rndc
bind9: usr/sbin/rndc-confgen

bind9 was installed from source.

$ apt-file search /bin/gbindadmin

Code:

gbindadmin: usr/sbin/gbindadmin

gbindadmin is NOT included in bind9

satimis.

billymayday · 10-30-2008, 07:33 PM

I thought that may be the case.

Are you sure there isn't a rndc.conf somewhere? Try

find / -type f -name 'rndc.conf*'