Date: Tue, 10 Aug 2004 14:44:10 -0700 (PDT) From: "Joshua Lewis" <jmlewis@dslextreme.com> To: "uidzero" <uidzero@one-arm.com> Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: Replacing Bind8x with Bind9 Message-ID: <7170a11148a1adb0a176b0a.20040810144410.wzyrjvf@www.dslextreme.com> In-Reply-To: <41193AE3.9090900@one-arm.com> References: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1> <21840a50be0a7ef40a6eb40a.20040810135240.wzyrjvf@www.dslextreme.com> <41193AE3.9090900@one-arm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
BIND 9 requires a good source of randomness to operate.
It also requires configuration of rndc, including a
"secret" key. If you are using FreeBSD 4.x, visit
http://people.freebsd.org/~dougb/randomness.html for
information on how to set up entropy gathering. Users
of FreeBSD 5.x do not need to perform this step. If
you are running BIND 9 in a chroot environment, make
sure that there is a /dev/random device in the chroot.
The easiest, and most secure way to configure rndc is
to run 'rndc-confgen -a' which will generate the proper
conf file, with a new random key, and appropriate file
permissions.
I guess I really need a bind9 on FreeBSD doc. That can answer all my
questions. I can't find anything that suites my needs on ISC.ORG. Has
anyone come across a well written bind9 doc?
I purchased the Complete FreeBSD book and several others they however
don't cover Bind9 nor does the handbook. I bought the BIND9 and DNS from
Oriley however that will be a few more weeks of reading. I am in need to
get BIND, POSTFIX, MySQL , APACHE, installed quickly. Any sources of well
written docs are welcome.
Thank you,
Joshua Lewis
uidzero I > Joshua Lewis wrote:
>
>>I received this error when running your instructions.
>>
>>apollo# make PORT_REPLACES_BASE_BIND9=yes install clean
>>Dependency warning: used OpenSSL version contains known vulnerabilities
>>Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT
>>*** Error code 1
>>
>>I understand that it says a dependancy a problem. But I just ran cvsup no
>>more then an hour ago. Is there something I am missing?
>>
>>Thanks for any help
>>
>>
>>Thank you,
>>Joshua Lewis
>>
>>
>>
>>Michael Sharp
>>
>>
>>>read the /usr/ports/dns/bind9 Makefile and use the
>>>'PORT_REPLACES_BASE_BIND9'
>>>option to make.
>>>
>>>make PORT_REPLACES_BASE_BIND9=yes install clean
>>>
>>>In rc.conf
>>>----------
>>>named_enable="YES"
>>>named_program="/usr/local/sbin/named"
>>>named_flags="-c /usr/local/etc/namedb/named.conf -u bind"
>>>
>>>
>>>
>>>and you can also put NO_BIND= true in /etc/make.conf so that base BIND
>>>isn't build when you make world.
>>>
>>>Definetly consider chrooting or jailing BIND
>>>
>>>Michael
>>>
>>>
>>>
>>>
>>
>>_______________________________________________
>>freebsd-questions@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe@freebsd.org"
>>
>>
>
> make PORT_REPLACES_BASE_BIND9=yes WITH_OPENSSL_PORT=yes install clean
>
> Michael
>
>
> --
> Michael D. Whities
> uidzero@one-arm.com
> http://www.one-arm.com
>
> --
>
> There are four colors of hats to watch for:
> Black, White, Grey, and Red.
>
> The meanings are:
> Cracker, Hacker, Guru, and Victim.
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7170a11148a1adb0a176b0a.20040810144410.wzyrjvf>