re: Replacing Bind8x with Bind9
read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9' option to make. make PORT_REPLACES_BASE_BIND9=yes install clean In rc.conf -- named_enable=YES named_program=/usr/local/sbin/named named_flags=-c /usr/local/etc/namedb/named.conf -u bind and you can also put NO_BIND= true in /etc/make.conf so that base BIND isn't build when you make world. Definetly consider chrooting or jailing BIND Michael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Replacing Bind8x with Bind9
The OP could just wait a few weeks and upgrade to one of the 5.3 BETAs -- or wait a month and a half and upgrade to 5.3-RELEASE, where BIND9 will be the default resolver in the system. On Tue, Aug 10, 2004 at 04:14:03AM -0400, Michael Sharp wrote: read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9' option to make. make PORT_REPLACES_BASE_BIND9=yes install clean Ummm... PORT_REPLACES_BASE_BIND9 generally means that the port uses /usr as ${PREFIX} rather than the normal value of /usr/local -- that means it will fight with the base system over which owns those files. The instructions below only apply if you *don't* use PORT_REPLACES_BASE_BIND9. In rc.conf -- named_enable=YES named_program=/usr/local/sbin/named named_flags=-c /usr/local/etc/namedb/named.conf -u bind If you're going to use PORT_REPLACES_BASE_BIND9, then you should certainly set NO_BIND=yes in /etc/make.conf. However, my advice would be /not/ to use PORT_REPLACES_BASE_BIND9: just install the port under /usr/local as usual, and adjust the make.conf settings as above. You can add NO_BIND=yes to make.conf or not, as you like. and you can also put NO_BIND= true in /etc/make.conf so that base BIND isn't build when you make world. Definetly consider chrooting or jailing BIND If you install BIND9, you can run it chrooted without having to install all of the bind executables under the chroot area: just use a rc.conf setting like: named_flags=-c /etc/namedb/named.conf -u bind -t /var/named and set up the chroot area under /var/named as needed. See the instructions at: http://www.losurs.org/docs/howto/Chroot-BIND.html which needs a bit of interpretation as those are instructions for Linux, and FreeBSD does things a little differently. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpWZe3yGxvI4.pgp Description: PGP signature
Re: Replacing Bind8x with Bind9
On Mon, 9 Aug 2004 22:36:54 -0700, Joshua Lewis [EMAIL PROTECTED] wrote: How to I totaly replace Bind8x on my 5.2.1 system? I run BIND 9 chroot on a 5.2.1-RELEASE-p9 system. I installed it from ports (/usr/ports/dns/bind9). Basically, to replace the base BIND 8 installation, you need to append the following to your /etc/make.conf: PORT_REPLACES_BASE_BIND9=YES NO_BIND=true Then, cd to /usr/ports/dns/bind9 and do a make install clean to install it. The PORT_REPLACES_BASE_BIND9 will cause the port installation to overwrite the base version. The NO_BIND will prevent your ports version being overwritten when you next build and install world. I don't believe the chroot startup support in /etc/rc.d/named for 5.2.1 works for BIND 9, as it's designed for BIND 8. Setting up chroot for BIND 9 is a little more involved (from what I recall) than for BIND 8. I do believe there is a small tutorial out there somewhere. (I ran across one when I was setting up my BIND 9.) Of course, you will also need to configure BIND 9. It is stricter than BIND 8, and will fail to startup on certain configuration errors that once were treated as warnings. Is there a command to run to replace bind8 durring install? I don't believe there is. Do I need to make changes to my startup files? Yes---depending on whether you are running chroot or not. You may also need to mount a devfs via /etc/fstab to get certain required devices like /dev/random (again, if you're running chroot). BIND 9 will be the default in 5.3, due out in early October. Cheers, Paul. -- e-mail: [EMAIL PROTECTED] Without music to decorate it, time is just a bunch of boring production deadlines or dates by which bills must be paid. --- Frank Vincent Zappa ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: Replacing Bind8x with Bind9
Definetly consider chrooting or jailing BIND Would you be able to point me at a doc that explains what jailing and or chrooting a program does. Something that shows how and when it is used. I have seen specific examples for individual programs. However I would like to learn how and why it works and understand how to do it for all of my programs. Especially what the difference is between jailing and chrooting Thank you, Joshua Lewis Michael Sharp read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9' option to make. make PORT_REPLACES_BASE_BIND9=yes install clean In rc.conf -- named_enable=YES named_program=/usr/local/sbin/named named_flags=-c /usr/local/etc/namedb/named.conf -u bind and you can also put NO_BIND= true in /etc/make.conf so that base BIND isn't build when you make world. Definetly consider chrooting or jailing BIND Michael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: Replacing Bind8x with Bind9
I received this error when running your instructions. apollo# make PORT_REPLACES_BASE_BIND9=yes install clean Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 I understand that it says a dependancy a problem. But I just ran cvsup no more then an hour ago. Is there something I am missing? Thanks for any help Thank you, Joshua Lewis Michael Sharp read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9' option to make. make PORT_REPLACES_BASE_BIND9=yes install clean In rc.conf -- named_enable=YES named_program=/usr/local/sbin/named named_flags=-c /usr/local/etc/namedb/named.conf -u bind and you can also put NO_BIND= true in /etc/make.conf so that base BIND isn't build when you make world. Definetly consider chrooting or jailing BIND Michael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Replacing Bind8x with Bind9
Joshua Lewis wrote: I received this error when running your instructions. apollo# make PORT_REPLACES_BASE_BIND9=yes install clean Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 I understand that it says a dependancy a problem. But I just ran cvsup no more then an hour ago. Is there something I am missing? Thanks for any help Thank you, Joshua Lewis Michael Sharp read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9' option to make. make PORT_REPLACES_BASE_BIND9=yes install clean In rc.conf -- named_enable=YES named_program=/usr/local/sbin/named named_flags=-c /usr/local/etc/namedb/named.conf -u bind and you can also put NO_BIND= true in /etc/make.conf so that base BIND isn't build when you make world. Definetly consider chrooting or jailing BIND Michael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] make PORT_REPLACES_BASE_BIND9=yes WITH_OPENSSL_PORT=yes install clean Michael -- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Replacing Bind8x with Bind9
BIND 9 requires a good source of randomness to operate. It also requires configuration of rndc, including a secret key. If you are using FreeBSD 4.x, visit http://people.freebsd.org/~dougb/randomness.html for information on how to set up entropy gathering. Users of FreeBSD 5.x do not need to perform this step. If you are running BIND 9 in a chroot environment, make sure that there is a /dev/random device in the chroot. The easiest, and most secure way to configure rndc is to run 'rndc-confgen -a' which will generate the proper conf file, with a new random key, and appropriate file permissions. I guess I really need a bind9 on FreeBSD doc. That can answer all my questions. I can't find anything that suites my needs on ISC.ORG. Has anyone come across a well written bind9 doc? I purchased the Complete FreeBSD book and several others they however don't cover Bind9 nor does the handbook. I bought the BIND9 and DNS from Oriley however that will be a few more weeks of reading. I am in need to get BIND, POSTFIX, MySQL , APACHE, installed quickly. Any sources of well written docs are welcome. Thank you, Joshua Lewis uidzero I Joshua Lewis wrote: I received this error when running your instructions. apollo# make PORT_REPLACES_BASE_BIND9=yes install clean Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 I understand that it says a dependancy a problem. But I just ran cvsup no more then an hour ago. Is there something I am missing? Thanks for any help Thank you, Joshua Lewis Michael Sharp read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9' option to make. make PORT_REPLACES_BASE_BIND9=yes install clean In rc.conf -- named_enable=YES named_program=/usr/local/sbin/named named_flags=-c /usr/local/etc/namedb/named.conf -u bind and you can also put NO_BIND= true in /etc/make.conf so that base BIND isn't build when you make world. Definetly consider chrooting or jailing BIND Michael ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] make PORT_REPLACES_BASE_BIND9=yes WITH_OPENSSL_PORT=yes install clean Michael -- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Replacing Bind8x with Bind9
How to I totaly replace Bind8x on my 5.2.1 system? Is there a command to run to replace bind8 durring install? Do I need to make changes to my startup files? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]