updated BIND intro

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1236 af4574ff-66df-0310-9fd7-8a98e5e911e0

server/other/bind.xml

@@ -1,11 +1,10 @@
-<sect1 id="bind" xreflabel="bind-&bind-version;">
+<sect1 id="bind" xreflabel="BIND-&bind-version;">
 <?dbhtml filename="bind.html" dir="server"?>
 <title><acronym>BIND</acronym>-&bind-version;</title>
 
 &bind-intro;
 &bind-inst;
 &bind-config;
-&bind-config-exp;
 &bind-desc;
 
 </sect1>

server/other/bind/bind-config-exp.xml

@@ -1,35 +0,0 @@
-<sect2>
-<title>Configuration command explanations</title>
-<para><screen><userinput>groupadd -g 200 named
-useradd -m -g named -u 200 -s /bin/false named
-cd /home/named
-mkdir -p dev etc/namedb/slave var/run
-mknod /home/named/dev/null c 1 3
-mknod /home/named/dev/random c 1 8
-chmod 666 /home/named/dev/{null,random}
-mkdir /home/named/etc/namedb/pz
-cp /etc/localtime /home/named/etc</userinput></screen>
-Create the unprivileged user and group named, along with device files
-that named will need access to inside the chroot jail.</para>
-
-<para><userinput>cat &gt; /home/named/etc/named.conf &lt;&lt;
-"EOF"</userinput> : Create the BIND configuration file, from which named will read the
-location of zone files, root name servers and secure DNS keys.</para>
-<para><userinput>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"</userinput> : Create a single zone file.</para>
-<para><userinput>cat &gt; /home/named/etc/namedb/root.hints &lt;&lt; "EOF"</userinput> : The root.hints file is a list of root name servers.  This file must be
-updated periodically with the dig utility.  Consult the BIND 9
-Administrator Reference Manual for details.</para>
-<para><userinput>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</userinput> : The rndc.conf file contains information for controlling named
-operations with the rndc utility.</para>
-
-<para><userinput>cat &gt; /etc/resolv.conf &lt;&lt; "EOF"</userinput> : The resolv.conf file will specify the local host(127.0.0.1) as the
-name server.</para>
-
-<para><userinput>cat &gt; /etc/rc.d/init.d/bind &lt;&lt;
-"EOF"</userinput> : Create the boot script for BIND 9, used to start and stop the name
-server daemon, named.</para>
-
-
-
-</sect2>
-

server/other/bind/bind-config.xml

@@ -1,29 +1,41 @@
 <sect2>
-<title>Configuring BIND</title>
+<title>Configuring
-<para>We will configure BIND to run in a chroot jail as an unprivileged
+<application><acronym>BIND</acronym></application></title>
-user(named).  This configuration is more secure in that a DNS
-compromise can only affect a few files in the named user's $HOME
-directory </para> 
 
-<para>First we set up some files and directories needed by
+<sect3><title>Config files</title>
-BIND:</para>
+<para><filename>named.conf</filename>, <filename>root.hints</filename>,
-<para><screen><userinput>groupadd -g 200 named &amp;&amp;
+<filename>127.0.0</filename>, <filename>rndc.conf</filename></para>
-useradd -m -g named -u 200 -s /bin/false named &amp;&amp;
+</sect3>
-cd /home/named &amp;&amp;
+
+<sect3><title>Configuration Information</title>
+
+<para>We will configure
+<application><acronym>BIND</acronym></application> to run in a chroot
+jail as an unprivileged user (named). This configuration is more secure
+in that a <acronym>DNS</acronym> compromise can only affect a few files
+in the named user's <envar>$HOME</envar> directory.</para> 
+
+<para>First we create the unpriviledged user and group named:</para>
+
+<screen><userinput><command>groupadd -g 200 named &amp;&amp;
+useradd -m -g named -u 200 -s /bin/false named</command></userinput></screen>
+
+<para>Then we set up some files, directories and devices needed by
+<application><acronym>BIND</acronym></application>:</para>
+
+<screen><userinput><command>cd /home/named &amp;&amp;
 mkdir -p dev etc/namedb/slave var/run &amp;&amp;
 mknod /home/named/dev/null c 1 3 &amp;&amp;
 mknod /home/named/dev/random c 1 8 &amp;&amp;
 chmod 666 /home/named/dev/{null,random} &amp;&amp;
 mkdir /home/named/etc/namedb/pz &amp;&amp;
-cp /etc/localtime /home/named/etc</userinput></screen></para>
+cp /etc/localtime /home/named/etc</command></userinput></screen>
 
-<sect3><title>Config files</title>
+<para>Create the <filename>named.conf</filename> file from which named
-<para><filename>named.conf</filename>,
+will read the location of zone files, root name servers and secure
-<filename>root.hints</filename>, <filename>127.0.0</filename> and
+<acronym>DNS</acronym> keys:</para>
-<filename>rndc.conf</filename></para>
 
-<para>Create the named.conf file with the following commands:</para>
+<screen><userinput><command>cat &gt; /home/named/etc/named.conf &lt;&lt; "EOF"</command>
-<para><screen><userinput>cat &gt; /home/named/etc/named.conf &lt;&lt; "EOF"</userinput>
  options {
      directory "/etc/namedb";
     pid-file "/var/run/named.pid";
@@ -45,9 +57,11 @@ cp /etc/localtime /home/named/etc</userinput></screen></para>
      type master;
      file "pz/127.0.0";
  };
-<userinput>EOF</userinput></screen></para>
+<command>>EOF</command></userinput></screen>
-<para>Create a zone file with the following contents: </para>
+
-<para><screen><userinput>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"</userinput>
+<para>Create a zone file with the following contents:</para>
+
+<screen><userinput><command>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"</command>
 $TTL 3D
 @      IN      SOA     ns.local.domain. hostmaster.local.domain. (
                         1       ; Serial
@@ -57,12 +71,15 @@ $TTL 3D
                         1D)     ; Minimum TTL
                 NS      ns.local.domain.
 1               PTR     localhost.
-<userinput>EOF</userinput></screen></para>
+<command>EOF</command></userinput></screen>
+
+<para>Create the <filename>root.hints</filename> file with the following
+commands:</para>
 
-<para>Create the root.hints file with the following commands: </para>
 <note><para>Caution must be used to insure no leading spaces in this
 file.</para></note>
-<para><screen><userinput>cat &gt; /home/named/etc/namedb/root.hints &lt;&lt; "EOF"</userinput>
+
+<screen><userinput><command>cat &gt; /home/named/etc/namedb/root.hints &lt;&lt; "EOF"</command>
 .                       6D  IN      NS      A.ROOT-SERVERS.NET.
 .                       6D  IN      NS      B.ROOT-SERVERS.NET.
 .                       6D  IN      NS      C.ROOT-SERVERS.NET.
@@ -89,10 +106,17 @@ J.ROOT-SERVERS.NET.     6D  IN      A       192.58.128.30
 K.ROOT-SERVERS.NET.     6D  IN      A       193.0.14.129
 L.ROOT-SERVERS.NET.     6D  IN      A       198.32.64.12
 M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
-<userinput>EOF</userinput></screen></para>
+<command>>EOF</command></userinput></screen>
+
+<para>The <filename>root.hints</filename> file is a list of root name
+servers. This file must be updated periodically with the
+<command>dig</command> utility.
+Consult the <acronym>BIND</acronym> 9 Administrator Reference Manual for
+details.</para>
 
 <para>Create the <filename>rndc.conf</filename> with the following commands:</para>
-<para><screen><userinput>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</userinput>
+
+<screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
 key rndc_key {
 algorithm "hmac-md5";
     secret
@@ -102,25 +126,33 @@ options {
     default-server localhost;
     default-key    rndc_key;
 };
-<userinput>EOF</userinput></screen></para>
+<command>EOF</command></userinput></screen>
+
+<para>The <filename>rndc.conf</filename> file contains information for
+controlling named operations with the <command>rndc</command>
+utility.</para>
+
+<para>Create or modify <filename>resolv.conf</filename> to use the new
+name server with the following commands:</para>
 
-<para>Create or modify <filename>resolv.conf</filename> to use the new name server with the
-following commands: </para>
 <note><para>Replace yourdomain.com with your own valid domain
 name.</para></note>
 
-<para><screen><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
+<screen><userinput><command>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
-cat &gt; /etc/resolv.conf &lt;&lt; "EOF"</userinput>
+cat &gt; /etc/resolv.conf &lt;&lt; "EOF"</command>
 search yourdomain.com
 nameserver 127.0.0.1
-<userinput>EOF</userinput></screen></para>
+<command>>EOF</command></userinput></screen>
 
 <para>Set permissions on the chroot jail with the following
 command:</para>
-<para><screen><userinput>chown -R named.named /home/named</userinput></screen></para>
 
-<para>Create the BIND boot script:</para>
+<screen><userinput><command>chown -R named.named /home/named</command></userinput></screen>
-<para><screen><userinput>cat &gt; /etc/rc.d/init.d/bind &lt;&lt; "EOF"</userinput>
+
+<para>Create the <application><acronym>BIND</acronym></application>
+boot script:</para>
+
+<screen><userinput><command>cat &gt; /etc/rc.d/init.d/bind &lt;&lt; "EOF"</command>
 #!/bin/bash
 # Begin $rc_base/init.d/bind
 # Based on sysklogd script from LFS-3.1 and earlier.
@@ -156,34 +188,45 @@ case "$1" in
 		;;
 esac
 # End $rc_base/init.d/bind
-<userinput>EOF</userinput></screen></para>
+<command>EOF</command></userinput></screen>
 
 <para>Add the run level symlinks:</para>
-<para><screen><userinput>chmod 754 /etc/rc.d/init.d/bind &amp;&amp;
+
+<screen><userinput><command>chmod 754 /etc/rc.d/init.d/bind &amp;&amp;
 ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc0.d/K49bind &amp;&amp;
 ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc1.d/K49bind &amp;&amp;
 ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc2.d/K49bind &amp;&amp;
 ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc3.d/S22bind &amp;&amp;
 ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc4.d/S22bind &amp;&amp;
 ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc5.d/S22bind &amp;&amp;
-ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc6.d/K49bind</userinput></screen></para>
+ln -s  /etc/rc.d/init.d/bind /etc/rc.d/rc6.d/K49bind</command></userinput></screen>
 
-<para>Now start BIND with the new boot script: </para>
+<para>Now start <application><acronym>BIND</acronym></application> with
-<para><screen><userinput>/etc/rc.d/init.d/bind start</userinput></screen></para></sect3>
+the new boot script:</para>
+
+<screen><userinput><command>/etc/rc.d/init.d/bind start</command></userinput></screen>
+
+</sect3>
+
+<sect3><title>Testing <application><acronym>BIND</acronym></application></title>
+
+<para>Test out the new
+<application><acronym>BIND</acronym></application> 9 installation. First
+query the local host address with <command>dig</command>:</para>
+
+<screen><userinput><command>dig -x 127.0.0.1</command></userinput></screen>
 
-<sect3><title>Testing BIND</title>
-<para>Test out the new BIND 9 installation.  First query the local
-host address with <command>dig</command>:</para>
-<para><screen><userinput>dig -x 127.0.0.1</userinput></screen></para>
 <para>Now try an external name lookup, taking note of the speed
-difference in repeated lookups due to the caching.  Run the dig
+difference in repeated lookups due to the caching. Run the dig command
-command twice on the same address:</para>
+twice on the same address:</para>
-<para><screen><userinput>dig beyond.linuxfromscratch.org &amp;&amp;
-dig beyond.linuxfromscratch.org</userinput></screen>
-You can see almost instantaneous results with the named caching
-lookups.  Consult
-<filename>bind-&bind-version;/doc/arm/Bv9ARM.html</filename>, the BIND
-Administrator Reference Manual for further configuration options.
-</para></sect3>
-</sect2>
 
+<para><screen><userinput><command>dig beyond.linuxfromscratch.org &amp;&amp;
+dig beyond.linuxfromscratch.org</command></userinput></screen>
+You can see almost instantaneous results with the named caching lookups.
+Consult <filename>bind-&bind-version;/doc/arm/Bv9ARM.html</filename>,
+the <application><acronym>BIND</acronym></application> Administrator
+Reference Manual for further configuration options.</para>
+
+</sect3>
+
+</sect2>

server/other/bind/bind-desc.xml

@@ -1,53 +1,73 @@
 <sect2>
 <title>Contents</title>
 
-<para>The BIND package contains
+<para>The <application><acronym>BIND</acronym></application> package contains
-<userinput>dig</userinput>,
+<command>dig</command>,
-<userinput>host</userinput>,
+<command>host</command>,
-<userinput>rndc</userinput>,
+<command>rndc</command>,
-<userinput>rndc-confgen</userinput>,
+<command>rndc-confgen</command>,
-<userinput>named-checkconf</userinput>,
+<command>named-checkconf</command>,
-<userinput>named-checkzone</userinput>,
+<command>named-checkzone</command>,
-<userinput>lwresd</userinput>,
+<command>lwresd</command>,
-<userinput>named</userinput>,
+<command>named</command>,
-<userinput>dnssec-signzone</userinput>,
+<command>dnssec-signzone</command>,
-<userinput>dnssec-signkey</userinput>,
+<command>dnssec-signkey</command>,
-<userinput>dnssec-keygen</userinput>,
+<command>dnssec-keygen</command>,
-<userinput>dnssec-makekeyset</userinput> and
+<command>dnssec-makekeyset</command> and
-<userinput>nsupdate</userinput>.</para>
+<command>nsupdate</command>.</para>
 </sect2>
 
 <sect2><title>Description</title>
 
 <sect3><title>dig</title>
-<para>dig interrogates DNS servers.</para></sect3>
+<para><command>dig</command> interrogates <acronym>DNS</acronym>
-<sect3><title>host</title>
+servers.</para></sect3>
-<para>host is a utility for DNS lookups.</para></sect3>
-<sect3><title>rndc</title>
-<para>rndc controls the operation of BIND.</para></sect3>
-<sect3><title>rndc-confgen</title>
-<para>rndc-confgen generates rndc.conf files.</para></sect3>
-<sect3><title>named-checkconf</title>
-<para>named-checkconf checks the syntax of named.conf
-files.</para></sect3>
-<sect3><title>named-checkzone</title>
-<para>named-checkzone checks zone file validity.</para></sect3>
-<sect3><title>lwresd</title>
-<para>lwresd is a caching-only name server for local process
-use.</para></sect3>
-<sect3><title>named</title>
-<para>named is the name server daemon.</para></sect3>
-<sect3><title>dnssec-signzone</title>
-<para>dnssec-signzone generates signed versions of zone
-files.</para></sect3>
-<sect3><title>dnssec-signkey</title>
-<para>dnssec-signkey signs zone file key sets.</para></sect3>
-<sect3><title>dnssec-keygen</title>
-<para>dnssec-keygen is a key generator for secure DNS.</para></sect3>
-<sect3><title>dnssec-makekeyset</title>
-<para>dnssec-makekeyset generates a key set from one or more keys
-created by dnssec-keygen.</para></sect3>
-<sect3><title>nsupdate</title>
-<para>nsupdate is used to submit DNS update requests.</para></sect3>
-</sect2>
 
+<sect3><title>host</title>
+<para><command>host</command> is a utility for <acronym>DNS</acronym>
+lookups.</para></sect3>
+
+<sect3><title>rndc</title>
+<para><command>rndc</command> controls the operation of
+<application><acronym>BIND</acronym></application>.</para></sect3>
+
+<sect3><title>rndc-confgen</title>
+<para><command>rndc-confgen</command> generates
+<filename>rndc.conf</filename> files.</para></sect3>
+
+<sect3><title>named-checkconf</title>
+<para><command>named-checkconf</command> checks the syntax of
+<filename>named.conf</filename> files.</para></sect3>
+
+<sect3><title>named-checkzone</title>
+<para><command>named-checkzone</command> checks zone file
+validity.</para></sect3>
+
+<sect3><title>lwresd</title>
+<para><command>lwresd</command> is a caching-only name server for local
+process use.</para></sect3>
+
+<sect3><title>named</title>
+<para><command>named</command> is the name server daemon.</para></sect3>
+
+<sect3><title>dnssec-signzone</title>
+<para><command>dnssec-signzone</command> generates signed versions of
+zone files.</para></sect3>
+
+<sect3><title>dnssec-signkey</title>
+<para><command>dnssec-signkey</command> signs zone file key
+sets.</para></sect3>
+
+<sect3><title>dnssec-keygen</title>
+<para><command>dnssec-keygen</command> is a key generator for secure
+<acronym>DNS</acronym>.</para></sect3>
+
+<sect3><title>dnssec-makekeyset</title>
+<para><command>dnssec-makekeyset</command> generates a key set from one
+or more keys created by dnssec-keygen.</para></sect3>
+
+<sect3><title>nsupdate</title>
+<para><command>nsupdate</command> is used to submit
+<acronym>DNS</acronym> update requests.</para></sect3>
+
+</sect2>

server/other/bind/bind-inst.xml

@@ -1,10 +1,11 @@
 <sect2>
-<title>Installation of <application>BIND</application></title>
+<title>Installation of <application><acronym>BIND</acronym></application></title>
 
-<para>Install <application>BIND</application> by running the following commands:</para>
+<para>Install <application><acronym>BIND</acronym></application> by
+running the following commands:</para>
 
 <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
 make &amp;&amp;
 make install</command></userinput></screen>
-</sect2>
 
+</sect2>

server/other/bind/bind-intro.xml

@@ -1,12 +1,16 @@
 <sect2>
-<title>Introduction to BIND &bind-version;</title>
+<title>Introduction to <application><acronym>BIND</acronym></application></title>
 
-<screen>Download location (HTTP):       <ulink url="&bind-download-http;"/>
+<para>The <application><acronym>BIND</acronym></application> package
-Download location (FTP):        <ulink url="&bind-download-ftp;"/>
+provides a <acronym>DNS</acronym> server and client utilities.</para>
-Version used:                   &bind-version;
-Package size:                   &bind-size;
-Estimated Disk space required:  &bind-buildsize;</screen>
 
-<para>The Bind package provides a DNS server and client
+<sect3><title>Package information</title>
-utilities.</para></sect2>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink url="&bind-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink url="&bind-download-ftp;"/></para></listitem>
+<listitem><para>Download size: &bind-size;</para></listitem>
+<listitem><para>Estimated Disk space required: &bind-buildsize;</para></listitem>
+<listitem><para>Estimated build time: &bind-time;</para></listitem></itemizedlist>
+</sect3>
 
+</sect2>

server/other/bind/bind.ent

@@ -1,13 +1,11 @@
 <!ENTITY bind SYSTEM "../bind.xml">
 <!ENTITY bind-intro SYSTEM "bind-intro.xml">
 <!ENTITY bind-inst SYSTEM "bind-inst.xml">
-<!ENTITY bind-exp SYSTEM "bind-exp.xml">
-<!ENTITY bind-config-exp SYSTEM "bind-config-exp.xml">
-<!ENTITY bind-desc SYSTEM "bind-desc.xml">
 <!ENTITY bind-config SYSTEM "bind-config.xml">
-<!ENTITY bind-buildsize "38 MB">
+<!ENTITY bind-desc SYSTEM "bind-desc.xml">
+<!ENTITY bind-buildsize "90 MB">
 <!ENTITY bind-version "9.2.2">
 <!ENTITY bind-download-http "">
 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
 <!ENTITY bind-size "4.8 MB">
-<!ENTITY bind-time "">
+<!ENTITY bind-time "0.89 SBU">