bind-9.3.0 and fsfs for svnserver

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2850 af4574ff-66df-0310-9fd7-8a98e5e911e0

basicnet/netutils/bind-utils.xml

@@ -6,9 +6,9 @@
 
   <!ENTITY bind-download-http   "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
   <!ENTITY bind-download-ftp    "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
-  <!ENTITY bind-size            "4.4 MB">
+  <!ENTITY bind-size            "4.6 MB">
-  <!ENTITY bind-utils-buildsize "47 MB">
+  <!ENTITY bind-utils-buildsize "67 MB">
-  <!ENTITY bind-utils-time      "0.54 SBU">
+  <!ENTITY bind-utils-time      "0.41 SBU">
 ]>
 
 <sect1 id="bind-utils" xreflabel="BIND Utilities-&bind-version;">
@@ -20,7 +20,8 @@
 <title>BIND Utilities-&bind-version;</title>
 
 <sect2>
-<title>Introduction to <application><acronym>BIND</acronym> Utilities</application></title>
+<title>Introduction to <application><acronym>BIND</acronym> 
+Utilities</application></title>
 
 <para><application><acronym>BIND</acronym> Utilities</application> is not a 
 separate package, it is a collection of the client side programs that are 
@@ -49,14 +50,19 @@ url="&bind-download-ftp;"/></para></listitem>
 </sect2>
 
 <sect2>
-<title>Installation of <application><acronym>BIND</acronym> Utilities</application></title>
+<title>Installation of <application><acronym>BIND</acronym> 
+Utilities</application></title>
 
-<para>Install <application><acronym>BIND</acronym> Utilities</application> by 
+<para>Install 
+<application><acronym>BIND</acronym> Utilities</application> by 
 running the following commands:</para>
 
 <screen><userinput>./configure --prefix=/usr &amp;&amp;
 make -C lib/dns &amp;&amp;
 make -C lib/isc &amp;&amp;
+make -C lib/bind9 &amp;&amp;
+make -C lib/isccfg &amp;&amp;
+make -C lib/lwres &amp;&amp;
 make -C bin/dig &amp;&amp;
 make -C bin/dig install</userinput></screen>
 
@@ -65,9 +71,11 @@ make -C bin/dig install</userinput></screen>
 <sect2>
 <title>Command explanations</title>
 
-<para><command>make -C lib/...</command>: This command  builds the libraries that are needed for the client programs.</para>
+<para><command>make -C lib/...</command>: These commands build the 
+libraries that are needed for the client programs.</para>
 
-<para><command>make -C bin/dig</command>: This command  builds the client programs.</para>
+<para><command>make -C bin/dig</command>: This command  builds the 
+client programs.</para>
 
 </sect2>
 

general.ent

@@ -182,7 +182,7 @@
 <!ENTITY traceroute-version           "1.4a12"> 
 <!ENTITY nmap-version                 "3.70">  
 <!ENTITY whois-version                "4.6.21">
-<!ENTITY bind-version                 "9.2.3"> 
+<!ENTITY bind-version                 "9.3.0"> 
 <!ENTITY ethereal-version             "0.10.6"> 
                                   
 <!-- Chapter 20 -->               

introduction/welcome/changelog.xml

@@ -22,6 +22,9 @@ who wrote what.</para>
 
 <itemizedlist>
 
+<listitem><para>October 20th, 2004 [dj]: Updated to bind-9.3.0 and
+moved subversion to use FSFS backend.</para></listitem>
+
 <listitem><para>October 20th, 2004 [randy]: Updated to
 libtiff-3.7.0.</para></listitem>
 

server/other/bind.xml

@@ -6,9 +6,9 @@
 
 <!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
-<!ENTITY bind-size "4.4 MB">
+<!ENTITY bind-size "4.6 MB">
-<!ENTITY bind-buildsize "88 MB">
+<!ENTITY bind-buildsize "138 MB">
-<!ENTITY bind-time "0.89 SBU">
+<!ENTITY bind-time "0.67 SBU">
 
 ]>
 
@@ -71,18 +71,17 @@ make install</command></userinput></screen>
 
 <sect3><title>Configuration Information</title>
 
-<para>We will configure
+<para><application><acronym>BIND</acronym></application> will configured
-<application><acronym>BIND</acronym></application> to run in a chroot
+to run in a chroot jail as an unprivileged user (named). This configuration 
-jail as an unprivileged user (named). This configuration is more secure
+is more secure in that a <acronym>DNS</acronym> compromise can only affect 
-in that a <acronym>DNS</acronym> compromise can only affect a few files
+a few files in the named user's <envar>HOME</envar> directory.</para> 
-in the named user's <envar>HOME</envar> directory.</para> 
 
-<para>First we create the unprivileged user and group named:</para>
+<para>Create the unprivileged user and group named:</para>
 
 <screen><userinput><command>groupadd named &amp;&amp;
 useradd -m -g named -s /bin/false named</command></userinput></screen>
 
-<para>Then we set up some files, directories and devices needed by
+<para>Set up some files, directories and devices needed by
 <application><acronym>BIND</acronym></application>:</para>
 
 <screen><userinput><command>cd /home/named &amp;&amp;
@@ -93,6 +92,12 @@ chmod 666 /home/named/dev/{null,random} &amp;&amp;
 mkdir /home/named/etc/namedb/pz &amp;&amp;
 cp /etc/localtime /home/named/etc</command></userinput></screen>
 
+<para>Then, generate a key for use in the <filename>named.conf</filename> 
+and <filename>rdnc.conf</filename> files using the 
+<command>rndc-confgen</command> command:</para>
+
+<screen><userinput><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>
+
 <para>Create the <filename>named.conf</filename> file from which named
 will read the location of zone files, root name servers and secure
 <acronym>DNS</acronym> keys:</para>
@@ -109,7 +114,7 @@ will read the location of zone files, root name servers and secure
  };
  key "rndc_key" {
      algorithm hmac-md5;
-     secret "<replaceable>[c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";
+     secret "<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>";
  };
  zone "." {
      type hint;
@@ -121,6 +126,24 @@ will read the location of zone files, root name servers and secure
  };
 <command>EOF</command></userinput></screen>
 
+<para>Create the <filename>rndc.conf</filename> with the following commands:</para>
+                                                                                                                     
+<screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
+key rndc_key {
+algorithm "hmac-md5";
+    secret
+    "<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>";
+    };
+options {
+    default-server localhost;
+    default-key    rndc_key;
+};
+<command>EOF</command></userinput></screen>
+                                                                                                                     
+<para>The <filename>rndc.conf</filename> file contains information for
+controlling named operations with the <command>rndc</command>
+utility.</para>
+
 <para>Create a zone file with the following contents:</para>
 
 <screen><userinput><command>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"</command>
@@ -176,24 +199,6 @@ servers. This file must be updated periodically with the
 Consult the <ulink url="http://www.bind9.net/Bv9ARM.html"><application><acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> for
 details.</para>
 
-<para>Create the <filename>rndc.conf</filename> with the following commands:</para>
-
-<screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
-key rndc_key {
-algorithm "hmac-md5";
-    secret
-    "<replaceable>[c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";
-    };
-options {
-    default-server localhost;
-    default-key    rndc_key;
-};
-<command>EOF</command></userinput></screen>
-
-<para>The <filename>rndc.conf</filename> file contains information for
-controlling named operations with the <command>rndc</command>
-utility.</para>
-
 <para>Create or modify <filename>resolv.conf</filename> to use the new
 name server with the following commands:</para>
 

server/other/svnserver.xml

@@ -82,12 +82,24 @@ script.</para></note>
 
 <sect3><title>2. Create a <application>Subversion</application>
 repository.</title>
+
+<para>With subversion-1.1.0 and greater, a new type of repository 
+data-store is availible, <acronym>FSFS</acronym>.  There is a tradeoff 
+for speed with the new backend, however, the repository can now be 
+placed on a network mount, and any corruption does not require an
+admin to recover the repository.  For more information and comparison 
+between <acronym>FSFS</acronym> and <acronym>BDB</acronym>, plese see 
+<ulink url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>. 
+Optionally you can pass <parameter>bdb</parameter> in place of 
+<parameter>fsfs</parameter> in the following command to create a 
+BerkelyDB data-store.</para>
+
 <para>Create a new <application>Subversion</application> repository with
 the following commands:</para>
 
 <screen><userinput><command>install -d -m0755 /srv &amp;&amp;
 install -d -m0755 -o svn -g svn /srv/svn/repositories &amp;&amp;
-svnadmin create /srv/svn/repositories/svntest</command></userinput></screen>
+svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</command></userinput></screen>
 
 <para>Now that the repository is created, we need to populate it with
 something useful. You'll need to have a predefined directory layout 
@@ -208,7 +220,7 @@ service svn
 }
 <command>EOF</command></userinput></screen>
 
-<para>Finally, if you wish to simply start the sever in daemon mode at
+<para>Finally, if you wish to simply start the sever at
 startup, install the svn bootscript included in the 
 <xref linkend="intro-important-bootscripts"/> package.</para>