SCIENTIFIC-LINUX-USERS Archives

July 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: DNS with bind
From:
Connie Sieh <[log in to unmask]>
Reply To:
Connie Sieh <[log in to unmask]>
Date:
Tue, 5 Jul 2011 17:43:03 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (106 lines) 
On Tue, 5 Jul 2011, Connie Sieh wrote:



> On Tue, 5 Jul 2011, Mike Peterson wrote:

>

>> The rpm files installed via yum via the command line for bind and bind-chroot

>> are

>> bind-9.7.3-2.el6_1.P1.1.i686

>> bind-chroot-9.7.3-2.el6_1.P1.1.i686

>> The command used to get the info you requested is rpm -qa | egrep bind

>

>>

>>

>> On Tue, 5 Jul 2011, Mike Peterson wrote:

>>

>>> After installing bind and bind-chroot and starting named the

>>> /var/log/messages

>>> complains that rndc.key is missing.

>>> If I run the rpm -ql bind | egrep rndc command it says that is should be

>>> part

>>> of

>>> the bind...rpm file but doing a yum remove and yum install of bind does not

>>> create the file.

>>>

>>> When I run rndc-confgen -a to create the files it never comes back with the

>>> #

>>> prompt without CTRL-C ing the program.

>>>

>>

>> What are the rpm version numbers of the bind and bind-chroot that you have

>> installed?

>>

>> -Connie Sieh

>>

>>>

>>>

>>>> Does DNS with bind on Scientific Linux work different than bind on RHEL and

>>>> CentOS?

>

> Still no.  So how are you comparing this to CentOS?

>

>>>

>>> No.

>>>

>>>>

>>>> If not, will bind be fixed with the release of Scientific Linux 6.1?

>

> Based on the research below TUV will have to fix this.

>

>>>>

>>>> I feel it is broken because files that are listed as being in the bind rpm

> A> are

>>>> missing on Scientific Linux 6.0.

>

> Note the /etc/rndc.key file is listest as %ghost in the bind.spec file. It is

> up the rpm to "build" it on the fly.

>

>

> In  bind-9.7.0... spec file

> ------------------------------------------------------------------------

> %post

> /sbin/ldconfig

> /sbin/chkconfig --add named

> if [ "$1" -eq 1 ]; then

>   if [ ! -e /etc/rndc.key ]; then

>     /usr/sbin/rndc-confgen -a > /dev/null 2>&1

>   fi

>   [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*

>> /dev/null 2>&1 ;

>   # rndc.key has to have correct perms and ownership, CVE-2007-6283

>   [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key

>   [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key

> fi

> :;

>

> and in  bind-9.7.3... spec file

> ------------------------------------------------------------------------

> %post

> /sbin/ldconfig

> /sbin/chkconfig --add named

> if [ "$1" -eq 1 ]; then

>   [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*

>> /dev/null 2>&1 ;

>   # rndc.key has to have correct perms and ownership, CVE-2007-6283

>   [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key

>   [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key

> fi

> :;

>

> ----------------------------------------------------------------------

> So you can see that the 9.7.3 versions do not do the

>

>     /usr/sbin/rndc-confgen -a > /dev/null 2>&1

>

> So thus no /etc/rndc.key file .

>

> -Connie Sieh

>



But the changelog for 9.7.3 states



   - don't generate rndc.key during installation



So maybe they intended it to be that way .



-Connie Sieh

ATOM RSS1 RSS2