From owner-freebsd-questions@FreeBSD.ORG Tue Aug 10 21:44:11 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79E8316A4CE for ; Tue, 10 Aug 2004 21:44:11 +0000 (GMT) Received: from mail5.dslextreme.com (mail5.dslextreme.com [66.51.199.81]) by mx1.FreeBSD.org (Postfix) with SMTP id 5C1B343D2D for ; Tue, 10 Aug 2004 21:44:11 +0000 (GMT) (envelope-from jmlewis@dslextreme.com) Received: (qmail 11341 invoked from network); 10 Aug 2004 21:44:10 -0000 Received: from unknown (HELO www.dslextreme.com) (66.51.199.92) by 192.168.8.93 with SMTP; Tue, 10 Aug 2004 21:44:10 +0000 Message-ID: <7170a11148a1adb0a176b0a.20040810144410.wzyrjvf@www.dslextreme.com> In-Reply-To: <41193AE3.9090900@one-arm.com> References: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1> <21840a50be0a7ef40a6eb40a.20040810135240.wzyrjvf@www.dslextreme.com> <41193AE3.9090900@one-arm.com> Date: Tue, 10 Aug 2004 14:44:10 -0700 (PDT) From: "Joshua Lewis" To: "uidzero" User-Agent: DSL Extreme Webmail (www.dslextreme.com) MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/) cc: jmlewis@dslextreme.com cc: FreeBSD-Questions Subject: Re: Replacing Bind8x with Bind9 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jmlewis@dslextreme.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2004 21:44:11 -0000 BIND 9 requires a good source of randomness to operate. It also requires configuration of rndc, including a "secret" key. If you are using FreeBSD 4.x, visit http://people.freebsd.org/~dougb/randomness.html for information on how to set up entropy gathering. Users of FreeBSD 5.x do not need to perform this step. If you are running BIND 9 in a chroot environment, make sure that there is a /dev/random device in the chroot. The easiest, and most secure way to configure rndc is to run 'rndc-confgen -a' which will generate the proper conf file, with a new random key, and appropriate file permissions. I guess I really need a bind9 on FreeBSD doc. That can answer all my questions. I can't find anything that suites my needs on ISC.ORG. Has anyone come across a well written bind9 doc? I purchased the Complete FreeBSD book and several others they however don't cover Bind9 nor does the handbook. I bought the BIND9 and DNS from Oriley however that will be a few more weeks of reading. I am in need to get BIND, POSTFIX, MySQL , APACHE, installed quickly. Any sources of well written docs are welcome. Thank you, Joshua Lewis uidzero I > Joshua Lewis wrote: > >>I received this error when running your instructions. >> >>apollo# make PORT_REPLACES_BASE_BIND9=yes install clean >>Dependency warning: used OpenSSL version contains known vulnerabilities >>Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT >>*** Error code 1 >> >>I understand that it says a dependancy a problem. But I just ran cvsup no >>more then an hour ago. Is there something I am missing? >> >>Thanks for any help >> >> >>Thank you, >>Joshua Lewis >> >> >> >>Michael Sharp >> >> >>>read the /usr/ports/dns/bind9 Makefile and use the >>>'PORT_REPLACES_BASE_BIND9' >>>option to make. >>> >>>make PORT_REPLACES_BASE_BIND9=yes install clean >>> >>>In rc.conf >>>---------- >>>named_enable="YES" >>>named_program="/usr/local/sbin/named" >>>named_flags="-c /usr/local/etc/namedb/named.conf -u bind" >>> >>> >>> >>>and you can also put NO_BIND= true in /etc/make.conf so that base BIND >>>isn't build when you make world. >>> >>>Definetly consider chrooting or jailing BIND >>> >>>Michael >>> >>> >>> >>> >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> >> > > make PORT_REPLACES_BASE_BIND9=yes WITH_OPENSSL_PORT=yes install clean > > Michael > > > -- > Michael D. Whities > uidzero@one-arm.com > http://www.one-arm.com > > -- > > There are four colors of hats to watch for: > Black, White, Grey, and Red. > > The meanings are: > Cracker, Hacker, Guru, and Victim. > >