On 12/30/2015 3:29 PM, Rowland penny wrote:> On 30/12/15 19:48, James wrote: >> Hello, >> >> I'm attempting to switch from the internal DNS to Bind. This is >> for my Samba test environment on a VM running Samba 4.3.1 on Ubuntu >> server 12.04.1. Installed Samba using all the defaults. >> >> ./configure >> make >> make install >> >> Pulled up the wiki link >> >> https://wiki.samba.org/index.php/Changing_the_DNS_backend#Changing_from_Samba_Internal_DNS_to_BIND_DLZ >> >> >> Not sure if this is the correct start page. After the introduction I >> see the link "Setup Bind". I figure I need to start there? So I click >> the link and in the introduction I see another link for >> "Setup_a_basic_BIND_installation". Maybe this is where I should >> begin? I install BIND via. the repository. >> >> apt-get install bind9 >> >> The wiki then says "*make sure that it was compiled with the >> '--with-gssapi' and '--with-dlopen' options*". I check by using >> >> named -V | grep "gssapi" >> >> '--with-gssapi=/usr' >> >> Is this sufficient or do I need the absolute path to >> --with-gssapi=/usr/include/gssapi? >> >> named -V | grep "dlopen" >> >> Returns nothing. Can I add these options after the fact or do I need >> to uninstall and compile on my own before proceeding any further? >> Thanks. >> >> >> >> > > What version of bind9 ? > later versions have dlopen builtin, but I seem to remember (from when > I used 12.04) having to build bind9. Could you upgrade to 14.04, this > will definitely give you a working bind9 > > Rowland > >It's 9.8.1. I decided to compile myself seeing as this is just a test environment. I'll make note of possibly needing a newer distro in order to avoid building in the future. Thanks. -- -James
On 30/12/15 20:42, James wrote:> On 12/30/2015 3:29 PM, Rowland penny wrote: >> On 30/12/15 19:48, James wrote: >>> Hello, >>> >>> I'm attempting to switch from the internal DNS to Bind. This is >>> for my Samba test environment on a VM running Samba 4.3.1 on Ubuntu >>> server 12.04.1. Installed Samba using all the defaults. >>> >>> ./configure >>> make >>> make install >>> >>> Pulled up the wiki link >>> >>> https://wiki.samba.org/index.php/Changing_the_DNS_backend#Changing_from_Samba_Internal_DNS_to_BIND_DLZ >>> >>> >>> Not sure if this is the correct start page. After the introduction I >>> see the link "Setup Bind". I figure I need to start there? So I >>> click the link and in the introduction I see another link for >>> "Setup_a_basic_BIND_installation". Maybe this is where I should >>> begin? I install BIND via. the repository. >>> >>> apt-get install bind9 >>> >>> The wiki then says "*make sure that it was compiled with the >>> '--with-gssapi' and '--with-dlopen' options*". I check by using >>> >>> named -V | grep "gssapi" >>> >>> '--with-gssapi=/usr' >>> >>> Is this sufficient or do I need the absolute path to >>> --with-gssapi=/usr/include/gssapi? >>> >>> named -V | grep "dlopen" >>> >>> Returns nothing. Can I add these options after the fact or do I >>> need to uninstall and compile on my own before proceeding any >>> further? Thanks. >>> >>> >>> >>> >> >> What version of bind9 ? >> later versions have dlopen builtin, but I seem to remember (from when >> I used 12.04) having to build bind9. Could you upgrade to 14.04, this >> will definitely give you a working bind9 >> >> Rowland >> >> > It's 9.8.1. > > I decided to compile myself seeing as this is just a test environment. > I'll make note of possibly needing a newer distro in order to avoid > building in the future. Thanks. >You need a later version, this is what I used to do: apt-get -y remove bind9 &> /dev/null # <-- this was only installed to get all the required configuration files! wget ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gz tar zxf bind-9.9.2-P2.tar.gz cd bind-9.9.2-P2 ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --with-openssl=/usr --with-gssapi=/usr --with-dlopen=yes --with-gnu-ld --enable-ipv6 CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' CPPFLAGS='-D_FORTIFY_SOURCE=2' make make install NOTE: this was some time ago, there are newer versions available, if you do go with a newer version and it throws an error about dlopen, just remove '--with-dlopen=yes' Rowland
On 12/30/2015 4:14 PM, Rowland penny wrote:> On 30/12/15 20:42, James wrote: >> On 12/30/2015 3:29 PM, Rowland penny wrote: >>> On 30/12/15 19:48, James wrote: >>>> Hello, >>>> >>>> I'm attempting to switch from the internal DNS to Bind. This is >>>> for my Samba test environment on a VM running Samba 4.3.1 on Ubuntu >>>> server 12.04.1. Installed Samba using all the defaults. >>>> >>>> ./configure >>>> make >>>> make install >>>> >>>> Pulled up the wiki link >>>> >>>> https://wiki.samba.org/index.php/Changing_the_DNS_backend#Changing_from_Samba_Internal_DNS_to_BIND_DLZ >>>> >>>> >>>> Not sure if this is the correct start page. After the introduction >>>> I see the link "Setup Bind". I figure I need to start there? So I >>>> click the link and in the introduction I see another link for >>>> "Setup_a_basic_BIND_installation". Maybe this is where I should >>>> begin? I install BIND via. the repository. >>>> >>>> apt-get install bind9 >>>> >>>> The wiki then says "*make sure that it was compiled with the >>>> '--with-gssapi' and '--with-dlopen' options*". I check by using >>>> >>>> named -V | grep "gssapi" >>>> >>>> '--with-gssapi=/usr' >>>> >>>> Is this sufficient or do I need the absolute path to >>>> --with-gssapi=/usr/include/gssapi? >>>> >>>> named -V | grep "dlopen" >>>> >>>> Returns nothing. Can I add these options after the fact or do I >>>> need to uninstall and compile on my own before proceeding any >>>> further? Thanks. >>>> >>>> >>>> >>>> >>> >>> What version of bind9 ? >>> later versions have dlopen builtin, but I seem to remember (from >>> when I used 12.04) having to build bind9. Could you upgrade to >>> 14.04, this will definitely give you a working bind9 >>> >>> Rowland >>> >>> >> It's 9.8.1. >> >> I decided to compile myself seeing as this is just a test >> environment. I'll make note of possibly needing a newer distro in >> order to avoid building in the future. Thanks. >> > > You need a later version, this is what I used to do: > > apt-get -y remove bind9 &> /dev/null # <-- this was only installed to > get all the required configuration files! > wget ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gz > tar zxf bind-9.9.2-P2.tar.gz > cd bind-9.9.2-P2 > ./configure --prefix=/usr --mandir=/usr/share/man > --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var > --enable-threads --enable-largefile --with-libtool --enable-shared > --enable-static --with-openssl=/usr --with-gssapi=/usr > --with-dlopen=yes --with-gnu-ld --enable-ipv6 > CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' > LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' > CPPFLAGS='-D_FORTIFY_SOURCE=2' > make > make install > > NOTE: this was some time ago, there are newer versions available, if > you do go with a newer version and it throws an error about dlopen, > just remove '--with-dlopen=yes' > > Rowland > > >Thanks for those compile suggestions. I'll build again using those options. -- -James
On 12/30/2015 4:14 PM, Rowland penny wrote:> ./configure --prefix=/usr --mandir=/usr/share/man > --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var > --enable-threads --enable-largefile --with-libtool --enable-shared > --enable-static --with-openssl=/usr --with-gssapi=/usr > --with-dlopen=yes --with-gnu-ld --enable-ipv6 > CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' > LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' > CPPFLAGS='-D_FORTIFY_SOURCE=2'I seem to have a few errors in my syslog. Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir '/var/run/named': Permission denied Dec 31 09:35:17 VMDC1 named[24025]: generating session key for dynamic DNS Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir '/var/run/named': Permission denied Dec 31 09:35:17 VMDC1 named[24025]: could not create /var/run/named/session.key Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session key for dynamic DNS: permission denied Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based on 3 zones Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone for view _default, file 'managed-keys.bind' Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from '/etc/bind/rndc.key' Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 127.0.0.1#953: file not found Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from '/etc/bind/rndc.key' Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel ::1#953: file not found Dec 31 09:35:17 VMDC1 named[24025]: the working directory is not writable Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded serial 0 Dec 31 09:35:17 VMDC1 named[24025]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2013050101 Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded serial 2013050101 Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded Dec 31 09:35:17 VMDC1 named[24025]: running I compiled using 9.9.8-P2 and your suggested configure options. I see /run is owned by root:root. Should I give group 'named' permission to this folder? It's not documented in the wiki as needed. -- -James