SCIENTIFIC-LINUX-USERS Archives

July 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: DNS with bind
From:
Connie Sieh <[log in to unmask]>
Reply To:
Connie Sieh <[log in to unmask]>
Date:
Tue, 5 Jul 2011 17:36:16 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (95 lines) 
On Tue, 5 Jul 2011, Mike Peterson wrote:

> The rpm files installed via yum via the command line for bind and bind-chroot
> are
> bind-9.7.3-2.el6_1.P1.1.i686
> bind-chroot-9.7.3-2.el6_1.P1.1.i686
> The command used to get the info you requested is rpm -qa | egrep bind

> 
> 
> On Tue, 5 Jul 2011, Mike Peterson wrote:
> 
>> After installing bind and bind-chroot and starting named the 
>> /var/log/messages
>> complains that rndc.key is missing.
>> If I run the rpm -ql bind | egrep rndc command it says that is should be 
>> part
>> of
>> the bind...rpm file but doing a yum remove and yum install of bind does not
>> create the file.
>> 
>> When I run rndc-confgen -a to create the files it never comes back with the 
>> #
>> prompt without CTRL-C ing the program.
>> 
> 
> What are the rpm version numbers of the bind and bind-chroot that you have
> installed?
> 
> -Connie Sieh
> 
>> 
>> 
>>> Does DNS with bind on Scientific Linux work different than bind on RHEL and
>>> CentOS?

Still no.  So how are you comparing this to CentOS?

>> 
>> No.
>> 
>>> 
>>> If not, will bind be fixed with the release of Scientific Linux 6.1?

Based on the research below TUV will have to fix this.

>>> 
>>> I feel it is broken because files that are listed as being in the bind rpm
A> are
>>> missing on Scientific Linux 6.0.

Note the /etc/rndc.key file is listest as %ghost in the bind.spec file. It is 
up the rpm to "build" it on the fly.


In  bind-9.7.0... spec file
------------------------------------------------------------------------
%post
/sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then
   if [ ! -e /etc/rndc.key ]; then
     /usr/sbin/rndc-confgen -a > /dev/null 2>&1
   fi
   [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* 
> /dev/null 2>&1 ;
   # rndc.key has to have correct perms and ownership, CVE-2007-6283
   [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
   [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;

and in  bind-9.7.3... spec file
------------------------------------------------------------------------
%post
/sbin/ldconfig
/sbin/chkconfig --add named
if [ "$1" -eq 1 ]; then
   [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* 
> /dev/null 2>&1 ;
   # rndc.key has to have correct perms and ownership, CVE-2007-6283
   [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
   [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
:;

----------------------------------------------------------------------
So you can see that the 9.7.3 versions do not do the

     /usr/sbin/rndc-confgen -a > /dev/null 2>&1

So thus no /etc/rndc.key file .

-Connie Sieh

ATOM RSS1 RSS2