Installing Bind 9.8.1-P1
Posted: Tue Feb 21, 2012 2:50 pm
1. Download the source code
2. Uncompress and untar the source code
3. Configure with GNU libtool
Decide to download OpenSSL 1.0.0g
http://www.openssl.org/source/openssl-1.0.0g.tar.gz
Separate post on Installing OpenSSL 1.0.0g.
Restart the configure process. It took a long time to compile the code and finally came back happily.
4. Compile
5. Test
6. Install by "root"
Codes are installed in /usr/local/bin and /usr/local/sbin.
7. Startup script (/etc/init.d/named or /etc/rc3.d/S53named)
8. Create and or modify necessary directories and files before named can even start
9. Start / stop named
10. Make sure each master zones allows transfer from this new name server.
IMPORTANT: this new server MUST be one of the name servers for each domain name.
Ex. hsiao.net must assign one of its name servers (ns1, ns3 or ns5) with this new server's IP address (71.189.165.164). Otherwise, the transfer will be denied!!
Code: Select all
wget ftp://ftp.isc.org/isc/bind9/9.8.1-P1/bind-9.8.1-P1.tar.gz
Code: Select all
gzcat bind-9.8.1-P1.tar.gz | tar xf -
cd bind-9.8.1-P1
Code: Select all
configure --with-libtool
...
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING
WARNING Your OpenSSL crypto library may be vulnerable to WARNING
WARNING one or more of the the following known security WARNING
WARNING flaws: WARNING
WARNING WARNING
WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and WARNING
WARNING CVE-2006-2940. WARNING
WARNING WARNING
WARNING It is recommended that you upgrade to OpenSSL WARNING
WARNING version 0.9.8d/0.9.7l (or greater). WARNING
WARNING WARNING
WARNING You can disable this warning by specifying: WARNING
WARNING WARNING
WARNING --disable-openssl-version-check WARNING
WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
http://www.openssl.org/source/openssl-1.0.0g.tar.gz
Separate post on Installing OpenSSL 1.0.0g.
Restart the configure process. It took a long time to compile the code and finally came back happily.
4. Compile
Code: Select all
make
Code: Select all
make test
Code: Select all
make install
7. Startup script (/etc/init.d/named or /etc/rc3.d/S53named)
Code: Select all
#!/sbin/sh
#
# This service is managed by smf(5). Thus, this script provides
# compatibility with previously documented init.d script behaviour.
case "$1" in
'restart')
# The previous init.d/sendmail restart behaviour matches
# the smf(5) 'refresh' semantics.
svcadm refresh dns/server:default
;;
'start')
svcadm enable -t dns/server:default
;;
'stop')
svcadm disable -t dns/server:default
;;
*)
echo "Usage: $0 { start | stop | restart }"
exit 1
;;
esac
Code: Select all
/var/named/s/
/var/named/named.ca
/etc/named.conf
/lib/svc/method/dns-server (server="/usr/sbin/named" --> server="/usr/local/sbin/named")
Code: Select all
/etc/init.d/named start
/etc/init.d/named stop
Code: Select all
/etc/named.conf
allow-transfer { 108.210.247.200/29; 71.189.165.164 };
Ex. hsiao.net must assign one of its name servers (ns1, ns3 or ns5) with this new server's IP address (71.189.165.164). Otherwise, the transfer will be denied!!