Re: DNS with bind

[Connie Sieh]

On Tue, 5 Jul 2011, Connie Sieh wrote:

On Tue, 5 Jul 2011, Mike Peterson wrote:

The rpm files installed via yum via the command line for bind and bind-chroot
are
bind-9.7.3-2.el6_1.P1.1.i686
bind-chroot-9.7.3-2.el6_1.P1.1.i686
The command used to get the info you requested is rpm -qa | egrep bind

On Tue, 5 Jul 2011, Mike Peterson wrote:

After installing bind and bind-chroot and starting named the
/var/log/messages
complains that rndc.key is missing.
If I run the rpm -ql bind | egrep rndc command it says that is should be
part
of
the bind...rpm file but doing a yum remove and yum install of bind does not
create the file.

When I run rndc-confgen -a to create the files it never comes back with the
#
prompt without CTRL-C ing the program.

What are the rpm version numbers of the bind and bind-chroot that you have
installed?

-Connie Sieh

Does DNS with bind on Scientific Linux work different than bind on RHEL and
CentOS?

Still no.  So how are you comparing this to CentOS?

No.

If not, will bind be fixed with the release of Scientific Linux 6.1?

Based on the research below TUV will have to fix this.

I feel it is broken because files that are listed as being in the bind rpm

A> are

missing on Scientific Linux 6.0.

Note the /etc/rndc.key file is listest as %ghost in the bind.spec file. It is
up the rpm to "build" it on the fly.


In  bind-9.7.0... spec file
------------------------------------------------------------------------
%post
/sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then
  if [ ! -e /etc/rndc.key ]; then
    /usr/sbin/rndc-confgen -a > /dev/null 2>&1
  fi
  [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*

/dev/null 2>&1 ;

  # rndc.key has to have correct perms and ownership, CVE-2007-6283
  [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
  [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;

and in  bind-9.7.3... spec file
------------------------------------------------------------------------
%post
/sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then
  [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*

/dev/null 2>&1 ;

  # rndc.key has to have correct perms and ownership, CVE-2007-6283
  [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
  [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;

----------------------------------------------------------------------
So you can see that the 9.7.3 versions do not do the

    /usr/sbin/rndc-confgen -a > /dev/null 2>&1

So thus no /etc/rndc.key file .

-Connie Sieh

But the changelog for 9.7.3 states

  - don't generate rndc.key during installation

So maybe they intended it to be that way .

-Connie Sieh