Adding Bind Version 9 to FreeBSD 4.x John Kozubik - john@kozubik.com - http://www.kozubik.com December 18, 2001 This document gives step by step instructions on compiling and installing the Bind version 9 domain name system server on a FreeBSD 4.x system in such a fashion that the previous Bind version 8 is replaced/overwritten. Overview The base install of FreeBSD 4.x includes Bind 8.x, which can be enabled at any time by adding the line: named_enable="YES" to the /etc/rc.conf file. If the Bind 9 source tarball is compiled and installed, the default locations will be different than the locations that the included Bind 8 already exist in. This is a problem because it means that not only will you have two versions of Bind on the same system, but also that the standard startup management in /etc/rc.conf shown above will interact with the included Bind 8. By altering the configuration of the Bind 9 source, we can instruct it to overwrite the existing Bind 8, thus mitigating the problems mentioned above. Downloading and Unpacking Download the latest Bind 9 source tarball from ftp.isc.org. At the time of this writing the latest version was (UPDATED, 2002-10-14, latest version is 9.2.1, which can be found at: ftp://ftp.isc.org/isc/bind9/9.2.1/bind-9.2.1.tar.gz ). I usually just place this file in /tmp, then I `gunzip filename.tar.gz`, then `tar xvf filename.tar`. Configure Bind 9 After unpacking the source tarball, `cd` to the directory that was untarred and run this configure line: ./configure --sbindir=/usr/sbin --bindir=/usr/bin --sysconfdir=/etc/namedb These directives for ./configure are different from the defaults that are used if you simply run `./configure` with no arguments. The reason we choose these explicitly instead of using the defaults is because these explicit choices are the same locations as the existing Bind 8, which means we will overwrite it. This is our goal. Compiling Bind 9 Now that you have run the custom ./configure line, simply run: `make` and then: `make install` Post Compile Configuration Presumably you want Bind to run at system start. Simply place this line into /etc/rc.conf: named_enable="YES" Next, we want a more secure directory for our zone files to live in: `mkdir /etc/namedb/s` `chown bind:bind /etc/namedb/s` `chmod 750 /etc/namedb/s` Running Bind 9 Now all you need to do is edit your /etc/namedb/named.conf to your liking, pointing all zone files to the /etc/named/s directory. When you are ready to run Bind for the first time, simply run: `/usr/sbin/named` Because of the line in /etc/rc.conf, subsequent system boots will start Bind automatically. Troubleshooting Bind 9 First, always check to see if bind is actually running: `ps auxw | grep named` If you tried to start it and it is not running, look in the /var/log/messages file for errors relating to named. Special Note for `jail` Users If you are running Bind in a FreeBSD jail, and you see this error in /var/log/messages : Sep 8 12:48:37 www named[7199]: couldn't add command channel 127.0.0.1#953: file not found Sep 8 12:48:37 www named[7199]: none:0: open: /etc/namedb/rndc.key: file not found it is because your command channel is trying to use 127.0.0.1, which does not exist inside of a FreeBSD jail. You can make this error stop occurring by running the following command in the /etc/namedb directory, and restarting Bind: `rndc-confgen -a -s (your_ip)` Where (your_ip) is your actual, REAL IP, not the loopback address. If you run this `rndc-confgen` syntax and it just hangs forever, you may not be getting a proper random seed for the command to run. You can solve this by adding a -r switch followed by the name of a large, random file. Be sure to choose a file that exists only on your system, preferably one you will delete, and most certainly not a standard file in the operating system: `rndc-confgen -a -s (your_ip) -r /some/garbage/file`