Re: How to cleanly remove bind before using bind9
On Thu, Jan 23, 2003 at 08:50:08PM -0600, Stephen Hilton wrote: On Thu, 23 Jan 2003 18:29:22 -0500 stan [EMAIL PROTECTED] wrote: I want to use bind 9 from the ports tree. I see how to prevent the bundled bind from being built the next time I make world, and I see how to change the init files et all to use the ports bind9. What I _don't_ see (and I'm certain it's just my lack of knowledge here), is a clean way to remove all teh traces of the existing bersion of bind which was built the last time I did a make world. Could someone enlighten me? Stan, These files would be the most important ones to rename/remove: /usr/bin/dig /usr/bin/dnsquery /usr/bin/host /usr/bin/dnskeygen /usr/libexec/named-xfer /usr/sbin/named /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nsupdate Thanks, that's helpful. I was hopin thta I would be able to go somewhere in the source tree, and do something like make deinstll. But this list will let me do it by hand. Thanks, again. -- They that would give up essential liberty for temporary safety deserve neither liberty nor safety. -- Benjamin Franklin To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to cleanly remove bind before using bind9
On Fri, 24 Jan 2003 05:26:44 -0500 stan [EMAIL PROTECTED] wrote: On Thu, Jan 23, 2003 at 08:50:08PM -0600, Stephen Hilton wrote: On Thu, 23 Jan 2003 18:29:22 -0500 stan [EMAIL PROTECTED] wrote: I want to use bind 9 from the ports tree. I see how to prevent the bundled bind from being built the next time I make world, and I see how to change the init files et all to use the ports bind9. What I _don't_ see (and I'm certain it's just my lack of knowledge here), is a clean way to remove all teh traces of the existing bersion of bind which was built the last time I did a make world. Could someone enlighten me? Stan, These files would be the most important ones to rename/remove: /usr/bin/dig /usr/bin/dnsquery /usr/bin/host /usr/bin/dnskeygen /usr/libexec/named-xfer /usr/sbin/named /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nsupdate Thanks, that's helpful. I was hopin thta I would be able to go somewhere in the source tree, and do something like make deinstll. But this list will let me do it by hand. Thanks, again. Stan, Thanks for the thank you, :-) One thing that I have not resolved is the issue with man pages. The Bind 9 docs are in HTML so that should be your main reference. /usr/local/share/doc/bind9/arm/Bv9ARM.html Also a very good idea is to run Bind 9 chroot , my /etc/rc.conf entry looks like this: named_flags=-u bind -t /var/chroot/named # Flags for chrooted named And then this link should help with basic setup (the file list I provided is more up2date, the email is old so some files locations to rename/remove have changed for FreeBSD 4.7) http://groups.google.com/groups?q=chroot+bind+group:mailing.freebsd.*start=10hl=enlr=ie=UTF-8oe=UTF-8selm=aadvma%24ngg%241%40FreeBSD.csie.NCTU.edu.twrnum=12 ---snip--- CHROOT OVERVIEW What chroot essentially does is to create a fake root directory - from the perspective of the daemon, the whole file system is rooted at this chroot directory. Therefore the only files/directories the daemon can see, are those located within this directory. (In some ways this is not unlike the view of the filesystem given to ftp users when the default ftp root of an ftp server is set to something other than the real root directory.) FREEBSD DETAILS On FreeBSD, the default location for Bind's configuration files is /etc/namedb. Sometimes we also use a subdirectory /etc/namedb/s, this is used to create a sandbox, which limits some of the access the named daemon has but not nearly as securely as using chroot. Bind9 now has a special feature which makes it a little easier to chroot, among other things eliminating the need to place shared libraries and other executables in the chroot jail. Since Bind already exists in the base FreeBSD system, for thoroughness we should consider renaming the existing files in order to minimize confusion and mixed versions. Here is a list of files to consider renaming or removing: /usr/bin/dig /usr/bin/dnsquery /usr/bin/host /usr/libexec/dnskeygen /usr/libexec/named-xfer /usr/sbin/named /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nsupdate For those who regularly rebuild their system from source, once you've installed an independent version of Bind it's best to configure your system to no longer build the version in the base system. This is done by adding the following entry to /etc/make.conf (if this file doesn't exist, just create it and add the following line - like rc.conf it only contains items which override default settings): NO_BIND=true We will move our configuration and other necessary files to /var/chroot/named, which will allow us to create logfiles within the chroot jail without filling up ie the / filesystem. Create the necessary directories and permissions: mkdir /var/chroot mkdir /var/chroot/named chown bind.bind /var/chroot/named chmod 750 /var/chroot/named cd /var/chroot/named mkdir etc mkdir etc/namedb mkdir var mkdir dev Create the special files and set permissions: cp -p /etc/localtime /var/chroot/named/etc cp -p /etc/syslog.conf /var/chroot/named/etc cd /var/chroot/named/dev mknod zero c 2 12 chmod 666 zero mknod random c 2 4 chmod 644 random mknod null c 2 2 chmod 666 null Create a chrooted syslog socket by adding or editing syslog parameters in /etc/rc.conf thusly: syslogd_flags=-s -l /var/chroot/named/dev/log Build the distribution: - Extract the distribution into a suitable directory (I use /usr/local/src) - run ./configure and customize the destination paths if necessary. ./configure --sysconfdir=/etc/namedb Bear in mind that the sysconfdir is from the perspective of the chrooted daemon - thus
Re: How to cleanly remove bind before using bind9
On Thu, Jan 23, 2003 at 06:29:22PM -0500, stan wrote: I want to use bind 9 from the ports tree. I see how to prevent the bundled bind from being built the next time I make world, and I see how to change the init files et all to use the ports bind9. What I _don't_ see (and I'm certain it's just my lack of knowledge here), is a clean way to remove all teh traces of the existing bersion of bind which was built the last time I did a make world. I have always found this to be a problem with FreeBSD: why can't sendmail, bind and the other contributed software be made optional at install time, so that the base system is not cluttered with old software when we install new versions? The tight coupling of contributed software into the base system is in my opinion not a good idea. -- Anand Buddhdev http://anand.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to cleanly remove bind before using bind9
On Fri, Jan 24, 2003 at 02:39:51PM +0100, Anand Buddhdev typed: On Thu, Jan 23, 2003 at 06:29:22PM -0500, stan wrote: I want to use bind 9 from the ports tree. I see how to prevent the bundled bind from being built the next time I make world, and I see how to change the init files et all to use the ports bind9. What I _don't_ see (and I'm certain it's just my lack of knowledge here), is a clean way to remove all teh traces of the existing bersion of bind which was built the last time I did a make world. I have always found this to be a problem with FreeBSD: why can't sendmail, bind and the other contributed software be made optional at install time, so that the base system is not cluttered with old software when we install new versions? The tight coupling of contributed software into the base system is in my opinion not a good idea. This question has been asked and answered numerous times on this list. Yes, it can be done (I believe there's a project libh or something working on it amongst other things), but it's a lot of work. Are you volunteering to help? -- Anand Buddhdev http://anand.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to cleanly remove bind before using bind9
On Fri, Jan 24, 2003 at 03:05:19PM +0100, Ruben de Groot wrote: I have always found this to be a problem with FreeBSD: why can't sendmail, bind and the other contributed software be made optional at install time, so that the base system is not cluttered with old software when we install new versions? The tight coupling of contributed software into the base system is in my opinion not a good idea. This question has been asked and answered numerous times on this list. Yes, it can be done (I believe there's a project libh or something working on it amongst other things), but it's a lot of work. Are you volunteering to help? Yes, I'd like to, where/if I can. How do I get involved in the project? -- Anand Buddhdev http://anand.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to cleanly remove bind before using bind9
On Fri, Jan 24, 2003 at 03:38:02PM +0100, Anand Buddhdev typed: On Fri, Jan 24, 2003 at 03:05:19PM +0100, Ruben de Groot wrote: I have always found this to be a problem with FreeBSD: why can't sendmail, bind and the other contributed software be made optional at install time, so that the base system is not cluttered with old software when we install new versions? The tight coupling of contributed software into the base system is in my opinion not a good idea. This question has been asked and answered numerous times on this list. Yes, it can be done (I believe there's a project libh or something working on it amongst other things), but it's a lot of work. Are you volunteering to help? Yes, I'd like to, where/if I can. How do I get involved in the project? Not sure, but there's a dedicated mailing list (freebsd-libh), so maybe you could ask there. -- Anand Buddhdev http://anand.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to cleanly remove bind before using bind9
On Thu, Jan 23, 2003 at 06:29:22PM -0500, stan wrote: I want to use bind 9 from the ports tree. I see how to prevent the bundled bind from being built the next time I make world, and I see how to change the init files et all to use the ports bind9. What I _don't_ see (and I'm certain it's just my lack of knowledge here), is a clean way to remove all teh traces of the existing bersion of bind which was built the last time I did a make world. Could someone enlighten me? You don't remove the bundle BIND. All you do is add the following lines into your /etc/rc.conf to run the port-installed Bind9. named_enable=YES # Run named, the DNS server (or NO). named_program=/usr/local/sbin/named -- Jonathan Chen [EMAIL PROTECTED] --- I love deadlines. I like the whooshing sound they make as they fly by - Douglas Adams To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to cleanly remove bind before using bind9
On Fri, 24 Jan 2003, at 14:54 [=GMT+1300], Jonathan Chen wrote: On Thu, Jan 23, 2003 at 06:29:22PM -0500, stan wrote: I want to use bind 9 from the ports tree. I see how to prevent the bundled bind from being built the next time I make world, and I see how to change the init files et all to use the ports bind9. What I _don't_ see (and I'm certain it's just my lack of knowledge here), is a clean way to remove all teh traces of the existing bersion of bind which was built the last time I did a make world. Could someone enlighten me? You don't remove the bundle BIND. All you do is add the following lines into your /etc/rc.conf to run the port-installed Bind9. named_enable=YES # Run named, the DNS server (or NO). named_program=/usr/local/sbin/named But would this also make the system use the dig that comes with bind9, which is put in /usr/local/bin by the port? Would it not be easiest to tell the port to install in /usr and not in /usr/local? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to cleanly remove bind before using bind9
On Thu, 23 Jan 2003 18:29:22 -0500 stan [EMAIL PROTECTED] wrote: I want to use bind 9 from the ports tree. I see how to prevent the bundled bind from being built the next time I make world, and I see how to change the init files et all to use the ports bind9. What I _don't_ see (and I'm certain it's just my lack of knowledge here), is a clean way to remove all teh traces of the existing bersion of bind which was built the last time I did a make world. Could someone enlighten me? Stan, These files would be the most important ones to rename/remove: /usr/bin/dig /usr/bin/dnsquery /usr/bin/host /usr/bin/dnskeygen /usr/libexec/named-xfer /usr/sbin/named /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nsupdate Regards, Stephen Hilton [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message