mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-20 23:54:38 +01:00
6b6ac9438f
package does have BXA export approval, but the licensing strings on the dnssafe code are a bit unpleasant. The crypto is easy to restore and bind will run without it - just without full dnssec support. Obtained from: The Internet Software Consortium (www.isc.org)
310 lines
9.6 KiB
Plaintext
310 lines
9.6 KiB
Plaintext
Systems it is known to compile and run on:
|
|
|
|
BSD/OS 3.1, 4.0.1
|
|
FreeBSD 3.1, 3.2, 3.3
|
|
RH Linux 5.2 (don't use "make links" when building, though)
|
|
Debian GNU/Linux 2.2.9 ("unreleased")
|
|
Digital UNIX 3.2C, 4.0, 5.0
|
|
NetBSD/i386 1.3.2, 1.4
|
|
SunOS 5.6 (Solaris 2.6), SunOS 5.7 (Solaris 7)
|
|
SCO UnixWare 7.0, 7.0.1, 7.1
|
|
|
|
Systems it has been known in the past to compile and run on:
|
|
|
|
AIX 4.x
|
|
A/UX 3.1.1
|
|
Digital ULTRIX 4.5
|
|
HP MPE
|
|
HP-UX 9.x, 10.20
|
|
IRIX 5.3, 6.2, 6.4
|
|
LynxOS
|
|
NetBSD 1.2, 1.3
|
|
OpenBSD 2.1
|
|
QNX
|
|
SCO UNIX 3.2v4.2, SCO OSE 5.0.4, UnixWare 2.0.x, 2.1.2
|
|
SunOS 4.1.4
|
|
SunOS 5.5 (Solaris 2.5)
|
|
|
|
See port/README for information on porting BIND 8 to other systems.
|
|
|
|
|
|
Building
|
|
|
|
If you do not have an ANSI/ISO C compiler, give up or get GCC. The
|
|
one exception is the ULTRIX compiler, which isn't full ANSI C but it
|
|
has function prototypes and BIND works around the rest. BIND 8 also
|
|
wants a C library that's ANSI/ISO standard, although it can work
|
|
around some common failings.
|
|
|
|
If you do not have yacc, get byacc or GNU bison. If you do not have
|
|
lex, get GNU flex. For information on where to get GNU software, see
|
|
http://www.fsf.org/order/ftp.html.
|
|
|
|
If you want to build outside the source pool, then
|
|
|
|
make DST=/your/destination/here SRC=`pwd` links
|
|
cd /your/destination/here
|
|
|
|
If you want to use DST=/var/obj/bind, you can simply type
|
|
|
|
make stdlinks
|
|
|
|
Next, make sure you have no stale trash laying about
|
|
|
|
make clean
|
|
|
|
Then, update the Makefile dependencies:
|
|
|
|
make depend
|
|
|
|
NOTE: "make depend" is a NO-OP for these platforms: AIX, HPUX and NeXT.
|
|
|
|
Finally,
|
|
|
|
make all
|
|
|
|
|
|
Installation
|
|
|
|
To install, type
|
|
|
|
make install
|
|
|
|
This will copy binaries to the appropriate locations for your system,
|
|
and install the BIND 8 library and header files under /usr/local/bind.
|
|
|
|
The following variables can be used to change where things get
|
|
installed:
|
|
|
|
DESTDIR prefix used in front of all other
|
|
DEST variables. The default is the
|
|
empty prefix. (for non-root installs;
|
|
not equivalent to autoconf's --prefix)
|
|
|
|
DESTLIB libraries
|
|
DESTINC include files
|
|
DESTBIN ordinary binaries (e.g. dig, nslookup)
|
|
DESTSBIN system binaries (e.g. named)
|
|
DESTEXEC helper binaries (e.g. named-xfer)
|
|
DESTHELP place to put nslookup's help file
|
|
DESTMAN man file location
|
|
DESTETC configuration file
|
|
DESTRUN PID file location and "ndc" control
|
|
channel location. This cannot be the
|
|
same directory as DESTSBIN.
|
|
|
|
These variables should be specified in the Makefile.set for your
|
|
port (e.g. if you use Solaris, in src/port/solaris/Makefile.set).
|
|
|
|
Before doing 'make install', you must
|
|
|
|
rm .settings
|
|
|
|
in the top level source directory because the build system caches
|
|
these variables.
|
|
|
|
|
|
Using BIND 8 Library Routines
|
|
|
|
Until a method to update the system's libraries is available,
|
|
applications wishing to use BIND 8 library routines must include
|
|
BIND 8 .h files, and must link with libbind.a. E.g.
|
|
|
|
cc -I/usr/local/bind/include -c sample.c
|
|
cc -o sample -L/usr/local/bind/lib sample.o -lbind
|
|
|
|
The default locations for libbind.a and .h files in BIND 8.1.1
|
|
and BIND 8.1.2 are different from those used in BIND 8.1-REL. If
|
|
you did a 'make install' for BIND 8.1-REL, then you should delete
|
|
the files it installed. They are:
|
|
|
|
/usr/local/lib/libbind.a
|
|
/usr/local/include/arpa/inet.h
|
|
/usr/local/include/arpa/nameser.h
|
|
/usr/local/include/arpa/nameser_compat.h
|
|
/usr/local/include/netdb.h
|
|
/usr/local/include/resolv.h
|
|
/usr/local/include/sys/bitypes.h (if it exists)
|
|
/usr/local/include/sys/cdefs.h (if it exists)
|
|
|
|
|
|
Operating System Notes
|
|
|
|
AIX
|
|
|
|
Build problems have been reported with the AIX "make".
|
|
We recommend using GNU "make" instead.
|
|
|
|
FreeBSD, NetBSD, OpenBSD and BSDI
|
|
The kit should compile even if you have intalled the KAME
|
|
IPv6 kit.
|
|
|
|
Linux
|
|
|
|
"make links" and "make stdlinks" cause problems on
|
|
some Linux kernels because there are too many levels of
|
|
symbolic links.
|
|
|
|
QNX
|
|
|
|
Read src/port/qnx/README before trying to build.
|
|
|
|
SCO 5.0.x
|
|
|
|
To build using gcc, copy "port/sco50/Makefile.set.gcc" to
|
|
"port/sco50/Makefile.set". To go back to using SCO's
|
|
compilers, copy "port/sco50/Makefile.set.sco" to
|
|
"port/sco50/Makefile.set".
|
|
|
|
Solaris
|
|
|
|
We've tested with Sun's compilers, yacc, and lex, and also
|
|
with gcc, byacc, and flex. By default, the build will try
|
|
to use gcc. If you want to use the Sun compilers, simply
|
|
copy "port/solaris/Makefile.set.sun" to
|
|
"port/solaris/Makefile.set". To go back to using gcc, copy
|
|
"port/solaris/Makefile.set.gcc" to "port/solaris/Makefile.set".
|
|
|
|
If you're using a Solaris release earlier than 2.5 and you have
|
|
a large number of interfaces on your system, you many need
|
|
use a script to "limit descriptors N" (where 'N' is a
|
|
suitably large number) before execing "named". On Solaris
|
|
2.5 and later, the server will do this itself.
|
|
|
|
SunOS 4.1.4
|
|
|
|
An ANSI/ISO C compiler is required; we used gcc 2.7.2.1.
|
|
|
|
NeXT
|
|
|
|
Read src/port/next/README.FIRST before trying to build.
|
|
|
|
Certain older versions of FreeBSD, NetBSD and BSD/OS
|
|
|
|
These systems have a /bin/sh based on "ash", which doesn't
|
|
handle POSIX-style quoting correctly. Using "bash" will fix
|
|
the problem. Either run make with "SH=bash" on the command
|
|
line, or edit src/Makefile and change "SH=sh" to "SH=bash".
|
|
|
|
FD_SETSIZE
|
|
|
|
The highest numbered file descriptor that the server and the resolver
|
|
can utilize is determined by the FD_SETSIZE value of the system. Some
|
|
systems set FD_SETSIZE much smaller than the actual number of files
|
|
that can be opened. On such systems, create an "fd_setsize.h" file
|
|
that sets FD_SETSIZE appropriately in the port's include directory.
|
|
|
|
|
|
User and Group ID
|
|
|
|
Specifying "-u" followed by a username or numeric user id on the
|
|
"named" command line will cause the server to give up all
|
|
privileges and become that user after the initial load of the
|
|
configuation file is complete. "-g" may be used similarly to set
|
|
the group id. If "-u" is specified but "-g" is not, the group
|
|
used will be the given user's primary group.
|
|
|
|
Here are some hints:
|
|
|
|
Because the server will have no privileges after changing
|
|
its user id, you must restart the server if you change the
|
|
interfaces and ports that the server is listening on, or if
|
|
you add an interface.
|
|
|
|
If you log to files, you should create all of the log files
|
|
in advance (e.g. with "touch"), and make sure they are owned
|
|
by the user and group "named" will be running as.
|
|
|
|
You'll have to edit "ndc" to get it to start the server
|
|
with the appropriate flags.
|
|
|
|
Note: this feature is still experimental.
|
|
|
|
|
|
Chroot
|
|
|
|
"-t" followed by a directory path on the "named" command line will
|
|
cause the server to chroot() to that directory before it starts
|
|
loading the configuration file.
|
|
|
|
Setting up a chrooted area varies somewhat by operating system. Some
|
|
experimentation may be necessary. Here are some hints:
|
|
|
|
Don't forget to install named-xfer.
|
|
|
|
Either don't use shared libraries when you build, or do
|
|
whatever is required on your OS to allow shared libraries
|
|
to be used after a chroot().
|
|
|
|
syslog() is often troublesome after chrooting. Use the
|
|
"logging" statement and log to a file instead.
|
|
|
|
/dev/null should be in the chroot directory hierarchy. You
|
|
can usually find out the mknod parameters for a null device by
|
|
looking in /dev/MAKEDEV.
|
|
|
|
You'll have to edit "ndc" to get it to start the server
|
|
with the appropriate flags, and to use the right pid file.
|
|
|
|
Note: this feature is still experimental.
|
|
|
|
|
|
Using the Server
|
|
|
|
Note that /etc/named.boot is long gone. You need to make yourself an
|
|
/etc/named.conf (note, that ends in "conf" rather than "boot") file.
|
|
This file looks a lot like a C program or a modern gated.conf file;
|
|
there are lots of {curly braces} and it takes some getting used to.
|
|
You may get a lot more help from the example file (which is
|
|
bin/named/named.conf) than from the documentation (see ../doc/html).
|
|
You can convert your named.boot file to a named.conf file if you have
|
|
Perl; see bin/named/named-bootconf.pl.
|
|
|
|
All the files that used to be created in /var/tmp, e.g. named.run,
|
|
will now be created in the directory specified in the options
|
|
statement. If debugging is turned on using the "-d" flag on server
|
|
startup, then named.run will be created in the current directory.
|
|
|
|
|
|
Known Dynamic DNS Bugs
|
|
|
|
If the server is master for a zone and authoritative for a child of
|
|
that zone, then a dynamic update to the parent will destroy the
|
|
delegation to the child when the parent zone is written to disk.
|
|
This problem will be fixed in a future release. The only workaround
|
|
is to not be authoritative for child zones of a dynamic zone.
|
|
|
|
Slave servers do not forward update requests to the primary master
|
|
correctly. This will be fixed in a future release. In the meantime,
|
|
slaves will refuse dynamic updates.
|
|
|
|
|
|
Shared Libraries
|
|
|
|
Absolutely no support exists for editing the system's shared
|
|
libraries to update the resolver. If you want to do that you
|
|
probably want to look at BIND Version 4 (see http://www.isc.org/isc/)
|
|
or wait a while or help out a lot. This means you probably do not
|
|
want to install the library or include files into /usr/lib or
|
|
/usr/include, and this kit helpfully puts everything into
|
|
/usr/local/lib and /usr/local/include for that reason among others.
|
|
|
|
|
|
Notes about contrib and doc
|
|
|
|
The BIND 8 "doc" package includes HTML documentation as well as all
|
|
the RFC's, Internet Drafts, and "man" pages we can think of. You may
|
|
need to install the doc/tmac files in your nroff/troff support
|
|
directory since we use the newer BSD "mandoc" system for our "man"
|
|
pages.
|
|
|
|
The BIND 8 "contrib" package is full of junk that you may want to
|
|
take a look at. Feel free to send us more junk for future releases.
|
|
|
|
|
|
Bugs
|
|
|
|
Please report bugs to
|
|
|
|
bind-bugs@isc.org
|