wiki:Bind9InstallNotes

Ubuntu 12.04 LTS (Precise Pangolin) BIND 9.9 Install Notes

Introduction and System Description

This page describes a setup of BIND 9.9 on Ubuntu 12.04 LTS. The starting point is a text-based installation of Ubuntu Server 64-bit with no additional software packages added. I am running a virtualized environment on VMware vSphere 5.0 with the VMware Tools installed on each virtual machine. The purpose of using BIND 9.9 with a series of BIND 10 servers is to provide support for DNSSEC inline signing and key managment, which are not yet offered by BIND 10.

Ubuntu 12.04 LTS does not provide a packaged version of BIND 9.9, and the available packaged version 9.8.1 does not support DNSSEC inline signing. Apparently Ubuntu 12.10 will continue to offer 9.8.1 as well.

Because this wiki is devoted to BIND 10, I am attaching a setup script to this page and will summarize its operation rather than providing detailed build instructions for BIND 9.9.

Building and Installing

Use the following procedure to download and execute the BIND 9.9 installation script.

$ wget http://bind10.isc.org/attachment/wiki/Bind9InstallNotes/bind9-setup-Precise.tar.gz
$ tar xzf bind9-setup-Precise.tar.gz 
$ cd bind9-setup-Precise/
$ sudo ./setup 9.9.1

...

Full installation complete. To start service: service bind9 start
$ sudo service bind9 start
 * Starting domain name service... bind9                                                                                     [ OK ] 

Notes on Running

Starting the bind9 service out of the box launches a recursive resolver accessible only from localhost. The dig utility can be used to verify that it is working, for example:

$ dig @localhost isc.org +short
149.20.64.42

To set up an authoritative server, it will be necessary to modify /etc/bind/named.conf.options and to populate /etc/bind/named.conf.local. The latter initially contains an empty configuration. Refer to the BIND 9 Documentation for configuration details.

Summary of Installation Procedure

The bind9-setup-Precise directory contains two scripts, setup and upgrade, and an install_files directory. The scripts are intended, respectively, for initial installation and version upgrade of BIND 9. The install_files directory contains certain files ancillary to the installation.

Each script takes two arguments. The first argument, which is required, is the BIND version number in the form 9.i.j.xxx, for example 9.9.1 or 9.9.0rc4. The second argument, which is optional, is the string utils-only. When the script executes, the specified version of BIND 9 is downloaded from the ISC website and installed or upgraded. If the utils-only argument is present, the script installs only the BIND utilities and omits the named service itself.

The setup script first removes the BIND 9.8.1 utility packages that are installed by default in Ubuntu 12.04 LTS. These include bind9-host, dnsutils, libbind9-80, libdns81, libisc83, libisccc80, libisccfg82, and liblwres80. Next the Ubuntu essential software building packages are installed: build-essential, autoconf, libtool, and pkg-config, followed by the BIND 9 prerequisite package libssl-dev.

The next step is to download and extract the BIND 9 installation source from http://ftp.isc.org/isc/bind9. Check this web page for available BIND versions. The scripts have not been tested with versions prior to 9.8.0.

The scripts contain a simple patching mechanism. If the directory install_files/patch contains a subdirectory with the version number being installed, then any files *.patch in that directory are applied. Note that patch is called with the argument -p1 and with the working directory as the BIND installation source directory.

The next steps are to run configure and make. There are several arguments passed to configure. See the script source for details.

For a utils-only installation, make install is executed pointing to several subdirectories including lib/isc, lib/isccc, lib/dns, lib/isccfg, lib/lwres, lib/bind9, bin/check, bin/dig, bin/dnssec, and bin/tools. Otherwise make install is executed to install the entire BIND software package.

For a full installation, which includes the named service, several additional steps are taken. Group bind and user bind are created, and the named service is configured to run as user bind. A number of ancillary directories are created and appropriate permissions set on them. Ancillary files are copied from subdirectories of the install_files directory to these ancillary directories. The point of this is to make the configuration of this BIND installation as similar as possible to what is created by the standard Ubuntu package. See the setup script source for details.

The upgrade script works similarly to the setup script. Only the download, extraction, patching, configure, make, and make install steps are executed by upgrade, however.

Last modified 5 years ago Last modified on May 27, 2012, 5:12:59 PM

Attachments (1)

Download all attachments as: .zip