Bind 9 questions..little stumped
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Fri May 7 13:40:01 UTC 2004
tarballed <tarballed at speakeasy.net> wrote:
> Hello everyone.
> I'm a pretty new user to BIND here. In fact, still getting acquainted
> with DNS all together. Anyways, I started working with BIND in my free
> time to try and learn the ins and outs of DNS and how to run a DNS server.
> Before I go on, I did order the O'Reilly book, DNS and BIND, 4th edition
> and expect here early next week. I am very excited to start reading this
> book.
> In the meantime, just have a question about getting started with BIND 9.
> I'm a *BSD user and use Open and Free mostly. I went ahead and built the
> BIND 9 port and had it overwrite the exisiting BIND 8 files.
> As im digging in here, I noticed that I get an error when I try and use
> rndc start. It says to the effect that:
> rndc.key and rndc.conf not found in /etc/named
Be aware that if named is "chroot"-ed you need a copy of the keys in
<chroot-dir>/etc/
In addition there is no "rncd start" You always start bind "direct",
either by the sysV start-script of by using the command assembled
in rc.network ( FreeBSD)
> Digging through some man pages, I see I have to generate a key, which I
> did using the following:
> rndc-confgen -a -r /etc/named/named.conf (I have not fixed the
> /dev/random on FreeBSD as I write this, which was suggested).
> After I did that, as well as type: sh make-localhost in /etc/named I
> proceeded to try and start bind:
> rndc start
> rndc: connect failed: connection refused
Thats the expected behaviour since rndc cannot start bind and the
socket rndc connects to has noone at the other end.
> The only way I could get around this was by rebooting the box. But
> that's not a real efficient method to go by.
> So I was hoping to get some help and feedback here on what im missing
> and why it works if I reboot the book, but if I try and start manually,
> it flops.
And put your config-copmmands in rc.conf, here is what i have
on one such system ( running dual-cpu, chrooted and chuid to 'named') :
/etc/rc.conf:# named. It may be possible to run named in a sandbox, man security for
/etc/rc.conf:named_enable="YES" # Run named, the DNS server (or NO).
/etc/rc.conf:named_program="/usr/sbin/named" # path to named, if you want a different one.
/etc/rc.conf:named_flags="-t /var/named -c /named.conf -u bind -n 2" # Flags for named
The above config results in named running as :
bind 88174 0.0 17.3 90940 89848 ?? Ss 25Oct03 118:46.16 named -t /var/named -c /named.conf -u bind -n 2
> I appreciate it.
> T.
See the "arm-bok" that comes with the bind distribution. You can even
place it on a webserver (as in http://www.ipsec.nu/dns/bind9/Bv9ARM.html )
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list