"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/win32utils/readme1st.txt" (4 Sep 2020, 6260 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "readme1st.txt" see the Fossies "Dox" file reference documentation.

    1 KIT INSTALLATION:
    2 
    3 Unpack the kit into any convenient directory and run the BINDInstall
    4 program.  This will install the named and associated programs into
    5 the correct directories and set up the required registry keys.
    6 
    7 Usually BINDInstall must be run by/as Administrator or it can fail
    8 to operate on the filesystem or the registry or even return messages
    9 like "A referral was returned from the server". The best way to
   10 avoid this kind of problems on Windows 7 or newer is:
   11  - open a "Windows Explorer" window
   12  - go where the distribution was extracted
   13  - click right on the BINDInstall application
   14  - open "Properties" (last) menu
   15  - open "Compatibility" (second) tab
   16  - check the (last) "Run this program as an administrator" box
   17 Unfortunately this is not saved by zip (or any archiver?) as
   18 it is a property saved in the Registry.
   19 
   20 BINDInstall requires that you install it under an account with
   21 restricted privileges. The installer will prompt you for an account
   22 name (the default is "named") and a password for that account. It
   23 will also check for the existence of that account.  If it does not
   24 exist is will create it with only the privileges required to run
   25 BIND 9. If the account does exist it will check that it has only the
   26 one privilege required: "Log on as a service".  If it has too many
   27 privileges it will prompt you if you want to continue.
   28 
   29 With BIND 9 running under an account name, it is necessary for all
   30 files and directories that BIND 9 uses to have permissions set up for
   31 the named account if the files are on an NTFS disk. BIND 9 requires
   32 that the account have read and write access to the directory for
   33 the pid file, any files that are maintained either for slave zones
   34 or for master zones supporting dynamic updates. The account will
   35 also need read access to the named.conf and any other file that it
   36 needs to read.
   37 
   38 "NT AUTHORITY\LocalService" is also an acceptable account
   39 (and the only acceptable on some recent versions of Windows).
   40 This account is built into Windows and no password is required.
   41 Appropriate file permissions will also need to be set for "NT
   42 AUTHORITY\LocalService" similar to those that would have been
   43 required for the "named" account.
   44 
   45 It is important that on Windows the directory directive is used in
   46 the options section to tell BIND 9 where to find the files used in
   47 named.conf (default "%ProgramFiles%\ISC BIND 9\etc\named.conf"). For
   48 example:
   49 
   50 	options {
   51 		directory "C:\Program Files (x86)\ISC BIND 9\etc";
   52 	};
   53 
   54 for a 32 bit BIND 9 on a 64 bit US Domestic Windows system.
   55 Messages are logged to the Application log in the EventViewer.
   56 
   57 CONTROLLING BIND 9:
   58 
   59 Windows uses the same rndc program as is used on Unix systems.  The
   60 rndc.conf file must be configured for your system in order to work.
   61 You will need to generate a key for this. To do this use the
   62 rndc-confgen program. The program will be installed in the same
   63 directory as named: "%ProgramFiles%\ISC BIND 9\bin".  From the DOS
   64 prompt, use the command this way:
   65 
   66 rndc-confgen -a
   67 
   68 which will create a rndc.key file in the "%ProgramFiles%\ISC BIND 9\etc"
   69 directory. This will allow you to run rndc without an explicit
   70 rndc.conf file or key and control entry in named.conf file. See
   71 the ARM for details of this. An rndc.conf can also be generated by
   72 running:
   73 
   74 rndc-confgen > rndc.conf
   75 
   76 which will create the rndc.conf file in the current directory, but
   77 not copy it to the "%ProgramFiles%\ISC BIND 9\etc" directory where
   78 it needs to reside. If you create rndc.conf this way you will need
   79 to copy the same key statement into named.conf.
   80 
   81 The additions look like the following:
   82 
   83 key "rndc-key" { algorithm hmac-sha256; secret "xxxxxxxxx=="; };
   84 
   85 controls {
   86 	inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };
   87 };
   88 
   89 Note that the value of the secret must come from the key generated
   90 above for rndc and must be the same key value for both. Details of
   91 this may be found in the ARM. If you have rndc on a Unix box you can
   92 use it to control BIND 9 on the Windows box as well as using the Windows
   93 version of rndc to control a BIND 9 daemon on a Unix box. However you
   94 must have key statements valid for the servers you wish to control,
   95 specifically the IP address and key in both named.conf and rndc.conf.
   96 Again see the ARM for details.
   97 
   98 In order to run rndc from a different system it is important to
   99 ensure that the clocks are synchronized. The clocks must be kept
  100 within 5 minutes of each other or the rndc commands will fail
  101 authentication. Use NTP or other time synchronization software to
  102 keep your clocks accurate. NTP can be found at http://www.ntp.org/.
  103 
  104 In addition BIND 9 is installed as a win32 system service, can be
  105 started and stopped in the same way as any other service and
  106 automatically starts whenever the system is booted. Signals are not
  107 supported and are in fact ignored.
  108 
  109 Note: Unlike most Windows applications, named does not change its
  110 working directory when started as a service.  If you wish to use
  111 relative files in named.conf you will need to specify a working
  112 directory using the directory directive options.
  113 
  114 DOCUMENTATION:
  115 
  116 This kit includes Documentation in HTML format.  The documentation
  117 is not copied during the installation process so you should move
  118 it to any convenient location for later reference. Of particular
  119 importance is the BIND 9 Administrator's Reference Manual (Bv9ARM*.html)
  120 which provides detailed information on BIND 9. In addition, there
  121 are HTML pages for each of the BIND 9 applications.
  122 
  123 IMPORTANT NOTE ON USING BIND 9 TOOLS:
  124 
  125 It is no longer necessary to create a resolv.conf file on Windows
  126 as BIND 9 tools will look in the registry for the required name server
  127 information. However, if you do create a resolv.conf file as follows,
  128 the tools will use it in preference to the registry name server
  129 entries.
  130 
  131 Place resolv.conf the "%ProgramFiles%\ISC BIND 9\etc" directory.
  132 It must contain a list of recursive server addresses.  The format
  133 of this file is:
  134 
  135 nameserver 1.2.3.4
  136 nameserver 5.6.7.8
  137 
  138 Replace the above IP addresses with the real name server addresses.
  139 127.0.0.1 is a valid address if you are running a recursive name
  140 server on the localhost.
  141 
  142 PROBLEMS:
  143 
  144 Please report bugs at https://gitlab.isc.org/isc-projects/bind9.
  145 Other questions can go to the bind-users@isc.org mailing list.