Bind 9 questions..little stumped

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Fri May 7 13:40:01 UTC 2004 

tarballed <tarballed at speakeasy.net> wrote:
> Hello everyone.

> I'm a pretty new user to BIND here. In fact, still getting acquainted 
> with DNS all together. Anyways, I started working with BIND in my free 
> time to try and learn the ins and outs of DNS and how to run a DNS server.

> Before I go on, I did order the O'Reilly book, DNS and BIND, 4th edition 
> and expect here early next week. I am very excited to start reading this 
> book.

> In the meantime, just have a question about getting started with BIND 9.

> I'm a *BSD user and use Open and Free mostly. I went ahead and built the 
> BIND 9 port and had it overwrite the exisiting BIND 8 files.

> As im digging in here, I noticed that I get an error when I try and use 
> rndc start. It says to the effect that:

> rndc.key and rndc.conf not found in /etc/named

Be aware that if named is "chroot"-ed you need a copy of the keys in 
<chroot-dir>/etc/


In addition there is no "rncd start" You always start bind "direct", 
either by the sysV start-script of by using the command assembled 
in rc.network ( FreeBSD)

> Digging through some man pages, I see I have to generate a key, which I 
> did using the following:

> rndc-confgen -a -r /etc/named/named.conf (I have not fixed the 
> /dev/random on FreeBSD as I write this, which was suggested).


> After I did that, as well as type: sh make-localhost in /etc/named  I 
> proceeded to try and start bind:

> rndc start
> rndc: connect failed: connection refused

Thats the expected behaviour since rndc cannot start bind and the
socket rndc connects to has noone at the other end.


> The only way I could get around this was by rebooting the box. But 
> that's not a real efficient method to go by.

> So I was hoping to get some help and feedback here on what im missing 
> and why it works if I reboot the book, but if I try and start manually, 
> it flops.

And put your config-copmmands in rc.conf, here is what i have
on one such system ( running dual-cpu, chrooted and chuid to 'named') :
/etc/rc.conf:# named.  It may be possible to run named in a sandbox, man security for
/etc/rc.conf:named_enable="YES"         # Run named, the DNS server (or NO).
/etc/rc.conf:named_program="/usr/sbin/named"    # path to named, if you want a different one.
/etc/rc.conf:named_flags="-t /var/named -c /named.conf -u bind -n 2"    # Flags for named

The above config results in named running as :
bind  88174  0.0 17.3 90940 89848  ??  Ss   25Oct03 118:46.16 named -t /var/named -c /named.conf -u bind -n 2


> I appreciate it.

> T.

See the "arm-bok" that comes with the bind distribution. You can even 
place it on a webserver (as in http://www.ipsec.nu/dns/bind9/Bv9ARM.html )



-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list