title Updating NAMED on old Linux distros, in July 2008
user strick
ip 128.61.105.188
vol 1
lock ********

We've done this on Debian Sarge, Red Hat 8, and Fedora Core 5.
These were too old for us to find automatic updates.
This is not installing with a package manager -- it is overwriting
the install with newer version compiled from source,
because we give up on finding new packages made for these old Linuces.

Doing the updates is a bit of a pain; here's what we learned.


/section openssl

First you need openssl; use 0.9.8h or later.

/pre(
  ./config --prefix=/usr shared
  make
  ls -l libcrypto*.so*  ;# you should see .so files
  make install
/pre)

/section bind

Then use bind 9.5.0 or later.

/pre(
  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  make
  make install

  tail -f /var/log/messages  ;# or /var/log/syslog
  killall named
  /etc/init.d/named start
  # look for errors in the messages or syslog, fix them, retry.
  ### This is a hack, but I actually did
  ###    chmod 1777 /var/run
  ### when it reported
  ###    named[12863]: couldn't open pid file '/var/run/named.pid': Permission denied
  ###    named[12863]: exiting (due to early fatal error)
/pre)

It's really important to tail the messages and look for errors there.

/section recursion

The default seems to have changed to recursion
/b off.
So if you need it, edit /etc/named.conf (which may be in /var/named/chroot)
and add this to the "options" section:
/pre(
  recursion yes;
  allow-recursion {0.0.0.0/0;};
/pre)
Or use 192.168.0.0/16; or whatever you need.

/section Test It!
Change DNSHOST to the host you want to test:
/pre(
  dig porttest.dns-oarc.net in txt @DNSHOST
/pre)
You want to see "GOOD" in the TXT answer, or if it is not recursing for you,
you will see no TXT answer.

A GOOD answer looks something like this:
/pre(
;; QUESTION SECTION:
;porttest.dns-oarc.net.                IN        TXT

;; ANSWER SECTION:
porttest.dns-oarc.net.        60        IN        CNAME        z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60        IN TXT "251.252.253.254 is GOOD: 26 queries in 2.2 seconds from 26 ports with std dev 19455.34"

;; AUTHORITY SECTION:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60        IN NS ns.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net