Subject: | |
From: | |
Reply To: | |
Date: | Tue, 5 Jul 2011 17:36:16 -0500 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
On Tue, 5 Jul 2011, Mike Peterson wrote:
> The rpm files installed via yum via the command line for bind and bind-chroot
> are
> bind-9.7.3-2.el6_1.P1.1.i686
> bind-chroot-9.7.3-2.el6_1.P1.1.i686
> The command used to get the info you requested is rpm -qa | egrep bind
>
>
> On Tue, 5 Jul 2011, Mike Peterson wrote:
>
>> After installing bind and bind-chroot and starting named the
>> /var/log/messages
>> complains that rndc.key is missing.
>> If I run the rpm -ql bind | egrep rndc command it says that is should be
>> part
>> of
>> the bind...rpm file but doing a yum remove and yum install of bind does not
>> create the file.
>>
>> When I run rndc-confgen -a to create the files it never comes back with the
>> #
>> prompt without CTRL-C ing the program.
>>
>
> What are the rpm version numbers of the bind and bind-chroot that you have
> installed?
>
> -Connie Sieh
>
>>
>>
>>> Does DNS with bind on Scientific Linux work different than bind on RHEL and
>>> CentOS?
Still no. So how are you comparing this to CentOS?
>>
>> No.
>>
>>>
>>> If not, will bind be fixed with the release of Scientific Linux 6.1?
Based on the research below TUV will have to fix this.
>>>
>>> I feel it is broken because files that are listed as being in the bind rpm
A> are
>>> missing on Scientific Linux 6.0.
Note the /etc/rndc.key file is listest as %ghost in the bind.spec file. It is
up the rpm to "build" it on the fly.
In bind-9.7.0... spec file
------------------------------------------------------------------------
%post
/sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then
if [ ! -e /etc/rndc.key ]; then
/usr/sbin/rndc-confgen -a > /dev/null 2>&1
fi
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*
> /dev/null 2>&1 ;
# rndc.key has to have correct perms and ownership, CVE-2007-6283
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;
and in bind-9.7.3... spec file
------------------------------------------------------------------------
%post
/sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.*
> /dev/null 2>&1 ;
# rndc.key has to have correct perms and ownership, CVE-2007-6283
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;
----------------------------------------------------------------------
So you can see that the 9.7.3 versions do not do the
/usr/sbin/rndc-confgen -a > /dev/null 2>&1
So thus no /etc/rndc.key file .
-Connie Sieh
|
|
|