SCIENTIFIC-LINUX-USERS Archives

July 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Connie Sieh <[log in to unmask]>
Reply To:
Connie Sieh <[log in to unmask]>
Date:
Tue, 5 Jul 2011 17:43:03 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (106 lines)
On Tue, 5 Jul 2011, Connie Sieh wrote:

> On Tue, 5 Jul 2011, Mike Peterson wrote:
>
>> The rpm files installed via yum via the command line for bind and bind-chroot
>> are
>> bind-9.7.3-2.el6_1.P1.1.i686
>> bind-chroot-9.7.3-2.el6_1.P1.1.i686
>> The command used to get the info you requested is rpm -qa | egrep bind
>
>>
>>
>> On Tue, 5 Jul 2011, Mike Peterson wrote:
>>
>>> After installing bind and bind-chroot and starting named the
>>> /var/log/messages
>>> complains that rndc.key is missing.
>>> If I run the rpm -ql bind | egrep rndc command it says that is should be
>>> part
>>> of
>>> the bind...rpm file but doing a yum remove and yum install of bind does not
>>> create the file.
>>>
>>> When I run rndc-confgen -a to create the files it never comes back with the
>>> #
>>> prompt without CTRL-C ing the program.
>>>
>>
>> What are the rpm version numbers of the bind and bind-chroot that you have
>> installed?
>>
>> -Connie Sieh
>>
>>>
>>>
>>>> Does DNS with bind on Scientific Linux work different than bind on RHEL and
>>>> CentOS?
>
> Still no. So how are you comparing this to CentOS?
>
>>>
>>> No.
>>>
>>>>
>>>> If not, will bind be fixed with the release of Scientific Linux 6.1?
>
> Based on the research below TUV will have to fix this.
>
>>>>
>>>> I feel it is broken because files that are listed as being in the bind rpm
> A> are
>>>> missing on Scientific Linux 6.0.
>
> Note the /etc/rndc.key file is listest as %ghost in the bind.spec file. It is
> up the rpm to "build" it on the fly.
>
>
> In bind-9.7.0... spec file
> ------------------------------------------------------------------------
> %post
> /sbin/ldconfig
> /sbin/chkconfig --add named
> if [ "$1" -eq 1 ]; then
> if [ ! -e /etc/rndc.key ]; then
> /usr/sbin/rndc-confgen -a > /dev/null 2>&1
> fi
> [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*
>> /dev/null 2>&1 ;
> # rndc.key has to have correct perms and ownership, CVE-2007-6283
> [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
> [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
> fi
> :;
>
> and in bind-9.7.3... spec file
> ------------------------------------------------------------------------
> %post
> /sbin/ldconfig
> /sbin/chkconfig --add named
> if [ "$1" -eq 1 ]; then
> [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*
>> /dev/null 2>&1 ;
> # rndc.key has to have correct perms and ownership, CVE-2007-6283
> [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
> [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
> fi
> :;
>
> ----------------------------------------------------------------------
> So you can see that the 9.7.3 versions do not do the
>
> /usr/sbin/rndc-confgen -a > /dev/null 2>&1
>
> So thus no /etc/rndc.key file .
>
> -Connie Sieh
>

But the changelog for 9.7.3 states

   - don't generate rndc.key during installation

So maybe they intended it to be that way .

-Connie Sieh

ATOM RSS1 RSS2