Next Previous Contents

4. Installing Your Shiny New BIND

I should mention that if you have an existing installation of BIND, such as from an RPM, you should probably remove it before installing the new one. On Red Hat systems, this probably means removing the packages bind and bind-utils, and possibly bind-devel and caching-nameserver, if you have them.

You may want to save a copy of the init script (e.g., /etc/rc.d/init.d/named), if any, before doing so; it'll be useful later on.

4.1 Installing the Tools Outside the Jail

This is the easy part :-). Just run make install and let it take care of it for you. You may want to chmod 000 /usr/local/sbin/named afterwards, to make sure you don't accidentally run the non-chrooted copy of BIND. (This is /usr/sbin/named if you didn't tell it to go in /usr/local/sbin like I suggested.)

4.2 Installing the Binaries in the Jail

Only two parts of the package have to live inside the chroot jail: the main named daemon itself, and named-xfer, which it uses for zone transfers. You can simply copy them in from the source tree:

# cp src/bin/named/named /chroot/named/bin

# cp src/bin/named-xfer/named-xfer /chroot/named/bin

4.3 Setting up the Init Script

If you have an existing init script from your distribution, it would probably be best simply to modify it to run /chroot/named/bin/named, with the appropriate switches. The switches are... (drumroll please...)

The following is the init script I use with my Red Hat 6.0 system. As you can see, it is almost exactly the same as the way it shipped from Red Hat.


#!/bin/sh
#
# named           This shell script takes care of starting and stopping
#                 named (BIND DNS server).
#
# chkconfig: 345 55 45
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -f /chroot/named/bin/named ] || exit 0

[ -f /chroot/named/etc/named.conf ] || exit 0

# See how we were called.
case "$1" in
  start)
        # Start daemons.
        echo -n "Starting named: "
        daemon /chroot/named/bin/named -u named -g named -t /chroot/named
        echo
        touch /var/lock/subsys/named
        ;;
  stop)
        # Stop daemons.
        echo -n "Shutting down named: "
        killproc named
        rm -f /var/lock/subsys/named
        echo
        ;;
  status)
        /usr/local/sbin/ndc status
        exit $?
        ;;
  restart)
        /usr/local/sbin/ndc restart
        exit $?
        ;;
  reload)
        /usr/local/sbin/ndc reload
        exit $?
        ;;
  probe)
        # named knows how to reload intelligently; we don't want linuxconf
        # to offer to restart every time
        /usr/local/sbin/ndc reload >/dev/null 2>&1 || echo start
        exit 0
        ;;
  *)
        echo "Usage: named {start|stop|status|restart}"
        exit 1
esac

exit 0

4.4 Configuration Changes

You will also have to add or change a few options in your named.conf to keep the various directories straight. In particular, you should add (or change, if you already have them) the following directives in the options section:


directory "/etc/namedb";
pid-file "/var/run/named.pid";
named-xfer "/bin/named-xfer";

Since this file is being read by the named daemon, all the paths are of course relative to the chroot jail.


Next Previous Contents