YaK:: Updating NAMED on old Linux distros, in July 2008 [Changes]   [Calendar]   [Search]   [Index]   [PhotoTags]   
[mega_changes]
[photos]

Updating NAMED on old Linux distros, in July 2008

We've done this on Debian Sarge, Red Hat 8, and Fedora Core 5. These were too old for us to find automatic updates. This is not installing with a package manager -- it is overwriting the install with newer version compiled from source, because we give up on finding new packages made for these old Linuces.

Doing the updates is a bit of a pain; here's what we learned.

openssl

First you need openssl; use 0.9.8h or later.

  ./config --prefix=/usr shared
  make
  ls -l libcrypto*.so*  ;# you should see .so files
  make install

bind

Then use bind 9.5.0 or later.

  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  make
  make install

  tail -f /var/log/messages  ;# or /var/log/syslog
  killall named
  /etc/init.d/named start
  # look for errors in the messages or syslog, fix them, retry.
  ### This is a hack, but I actually did
  ###    chmod 1777 /var/run
  ### when it reported
  ###    named[12863]: couldn't open pid file '/var/run/named.pid': Permission denied
  ###    named[12863]: exiting (due to early fatal error)

It's really important to tail the messages and look for errors there.

recursion

The default seems to have changed to recursion off. So if you need it, edit /etc/named.conf (which may be in /var/named/chroot) and add this to the "options" section:

  recursion yes;
  allow-recursion {0.0.0.0/0;};
Or use 192.168.0.0/16; or whatever you need.

Test It!

Change DNSHOST to the host you want to test:
  dig porttest.dns-oarc.net in txt @DNSHOST
You want to see "GOOD" in the TXT answer, or if it is not recursing for you, you will see no TXT answer.

A GOOD answer looks something like this:

;; QUESTION SECTION:
;porttest.dns-oarc.net.                IN        TXT

;; ANSWER SECTION:
porttest.dns-oarc.net.        60        IN        CNAME        z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60        IN TXT "251.252.253.254 is GOOD: 26 queries in 2.2 seconds from 26 ports with std dev 19455.34"

;; AUTHORITY SECTION:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60        IN NS ns.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
(unless otherwise marked) Copyright 2002-2014 YakPeople. All rights reserved.
(last modified 2008-07-26)       [Login]
(No back references.)