Topic: Bind Upgrade Mini-Howto (1st draft)

[Kelvin]

Hi Everyone,

Here is a mini how-to on upgrading the bind package that ships with SME 5.1.2 to version 9.2.1. My purpose for needing to upgrade bind was because the bind version that ships with SME 5.1.2 appears to have a bug which causes the SME server to not be able to resolve certain domain names. My thanks to everyone who helped test and confirm that this was the case. Additionally, upgrading bind also solves the identified security issue with bind (no matter how insignificant the issue may seem to some).

There are quite a few SME 5.1.2 servers out there which may be easy (or desirable) to upgrade to a newer SME version. Since we can fix this issue by just upgrading one package, this is probably more practical than just telling everyone to upgrade to a newer SME (besides, I'm hanging out for 5.6 which still have not come off beta for public release yet).

Anyway, here's the mini-howto. Comments and additions welcome.

1. Download bind-9.2.1-0.71.1.i386.rpm and bind-utils-9.2.1-0.71.1.i386.rpm from your favourite rpm repository / search engine.
2. Copy the two packages to a folder on your SME server
3. Install the packages from that folder with rpm -Uvh bind*.rpm
4. Edit the template file /etc/e-smith/templates/etc/inittab/15named
5. Change the last $OUT line to read

     $OUT .= " -u dns -t /home/dns"

(ie. remove the option '-g dns' )

6. Save the file
7. Expand the template with /sbin/e-smith/expand-template /etc/inittab
8. Copy /etc/rndc.key to /home/dns/etc and chown the file to root:dns
9. Copy /usr/sbin/named to /home/dns/usr/sbin and overwrite the old version
10. Create the folder /home/dns/var/run/named and chown the folder to dns:dns
11. Reboot the server

After the server reboots, test to see if you have name resolution by pinging a website.

Please post comments and suggestions here for all to see.

Good luck !

Kelvin

[Shad Lords]

This procedure should work fine for just nameserving but how does it react to adding/changing/removing hosts via the server-manager panel.  I ran into quite a few problems that broke with respect to the server manager panel when I was working on the upgrade ISO that I put out.

-Shad

[Kelvin]

Hi Shad,

You are right about hostnames panel (I did say I was a newbie ! ). The reason for this is because the older bind version uses ndc to reload. Not knowing how to properly use rndc (the replacement of ndc), I took a different course.

A quick (not necessarily elegant) solution was to do this :-

Edit the file /etc/e-smith/events/actions/restart-named

Change the following section by commenting out all the other lines and modify / add the last 2 as follows :-


#    my @cmd = ("/usr/sbin/ndc");
#   my $chroot = db_get_prop(\%conf, 'named', 'chroot') || 'no';
#    if ($chroot eq 'yes')
#    {
#        push(@cmd, '-c', '/home/dns/var/run/ndc');
#    }
#    push(@cmd, "-q", "reload");
#    system(@cmd)
#         and warn("could not run ndc to reload config");

    system("/etc/init.d/named", "reload") == 0
         or warn("could not reload named");

That should take care of the hostnames user panel.

Many thanks for pointing this out Shad. In case anyone reading this have not already found out, I am working off a test system, not the production server for obvious reasons. Once I managed to iron out all the problems, then I'll put in onto the production server.

By the way, reading the messages log, I discovered that there are 2 options being written to the named.conf file that is not supported and just ignored in the new version of bind. As it does not seem to interfere with the operation of named, I'm going to put off looking at it just at the moment and concentrate on possible problems that might stop named working correctly.

Kelvin