HPE Community
Operating System - HP-UX
1832550 Members
6067 Online
110043 Solutions
New Discussion

Upgrading Bind

 
IRI Unix Support Group
Occasional Contributor

‎10-27-2003 09:57 AM

‎10-27-2003 09:57 AM

Upgrading Bind

Does anyone know the correct procedure to upgrade bind? I need to do this from a 10.20 server with v4.8.3 to 11i 9x.

Thanks
0 Kudos
Reply
9 REPLIES 9
Geoff Wild
Honored Contributor

‎10-28-2003 01:15 AM

‎10-28-2003 01:15 AM

Re: Upgrading Bind

If you are upgrading from BIND 4, read doc/misc/migration-4to9.

Rgds...Geoff

Copyright (C) 2001 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

$Id: migration-4to9,v 1.3 2001/05/19 01:20:16 gson Exp $

BIND 4 to BIND 9 Migration Notes

To transition from BIND 4 to BIND 9 you first need to convert your
configuration file to the new format. There is a conversion tool in
contrib/named-bootconf that allows you to do this.

named-bootconf.sh < /etc/named.boot > /etc/named.conf

BIND 9 uses a system assigned port for the UDP queries it makes rather
than port 53 that BIND 4 uses. This may conflict with some firewalls.
The following directives in /etc/named.conf allows you to specify
a port to use.

query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;

BIND 9 no longer uses the minimum field to specify the TTL of records
without a explicit TTL. Use the $TTL directive to specify a default TTL
before the first record without a explicit TTL.

$TTL 3600
@ IN SOA ns1.example.com. hostmaster.example.com. (
2001021100
7200
1200
3600000
7200 )

BIND 9 does not support multiple CNAMEs with the same owner name.

Illegal:
www.example.com. CNAME host1.example.com.
www.example.com. CNAME host2.example.com.

BIND 9 does not support "CNAMEs with other data" with the same owner name,
ignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support.

Illegal:
www.example.com. CNAME host1.example.com.
www.example.com. MX 10 host2.example.com.

BIND 9 is less tolerant of errors in master files, so check your logs and
fix any errors reported. The named-checkzone program can also be to check
master files.

Outgoing zone transfers now use the "many-answers" format by default.
This format is not understood by certain old versions of BIND 4.
You can work around this problem using the option "transfer-format
one-answer;", but since these old versions all have known security
problems, the correct fix is to upgrade the slave servers.

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Todd Whitcher
Esteemed Contributor

‎10-28-2003 11:55 PM

‎10-28-2003 11:55 PM

Re: Upgrading Bind

Hello,

Check the HP Release notes section called Migrating from Previous Versions of BIND
at docs.hp.com HP Part # 5969-4338. The section From BIND 4.9.7 to BIND 9.2.0
will work for 4.8.3 to 9.2. Get the latest 9.2 version from software.hp.com also, it has fixes for recent CERTS. The big difference is w/ the format of the named.conf as opposed to the named.boot. For BIND 8.X you had to make sure your hostnames didnt break RFC 952 ( check-names statements)for 9.2 it doesnt care. The scripts that are provided to a good job of converting your old zones and named.boot files over to BIND 9.2 formats.

http://www.docs.hp.com/hpux/netcom/index.html

Hope this helps,

Todd
0 Kudos
Reply
IRI Unix Support Group
Occasional Contributor

‎10-29-2003 05:26 AM

‎10-29-2003 05:26 AM

Re: Upgrading Bind

Thanks for the tip. I was able to install and convert the db files. Now when i try to start named (sbin/init.d/named start it won't start. I see errors in sysylog.

starting BIND 9.2.0
using 2 CPUs
loading configuration from '/etc/named.conf'
no IPv6 interfaces found
listening on IPv4 interface lan1, 170.118.36.195#53
listening on IPv4 interface lan0, 170.118.157.103#53
listening on IPv4 interface lo0, 127.0.0.1#53
could not configure root hints from 'named.ca': file not found
loading configuration: file not found
exiting (due to fatal error)

Any idea why?
Thanks

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-29-2003 05:32 AM

‎10-29-2003 05:32 AM

Re: Upgrading Bind

You need the file: named.ca

Or you need to remove that reference from /etc/named.conf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
IRI Unix Support Group
Occasional Contributor

‎10-29-2003 05:43 AM

‎10-29-2003 05:43 AM

Re: Upgrading Bind

named.boot had lot of zone entries, after running this named-bootconf.sh < /etc/named.boot > /etc/named.conf

I see named.conf has nothing but this

zone "." {
type hint;
file "named.ca";
};


Is this correct? What's the perpose of named.ca file?
0 Kudos
Reply
Todd Whitcher
Esteemed Contributor

‎10-29-2003 05:48 AM

‎10-29-2003 05:48 AM

Re: Upgrading Bind

starting BIND 9.2.0
using 2 CPUs
loading configuration from '/etc/named.conf'

*This message is fine, if your not using IPv6:
no IPv6 interfaces found


listening on IPv4 interface lan1, 170.118.36.195#53
listening on IPv4 interface lan0, 170.118.157.103#53
listening on IPv4 interface lo0, 127.0.0.1#53

The root hints is used for a root name server, you need to create a db.root if this is how you are set up.
example:
zone "." {
type master;
file "db.root";
};

Or whatever you want to call it, if your not the root nameserver then you would want a db.cache with the names of your root nameservers or if your connected to the Internet the names of the Internet root nameservers.

zone "." {
type hint;
file "db.cache";
};


could not configure root hints from 'named.ca': file not found
loading configuration: file not found
exiting (due to fatal error)

So the nameserver assumes it's getting the root hints from named.ca, check your named.conf and make sure there arent any errors w/ regards to your "." zone.

0 Kudos
Reply
Todd Whitcher
Esteemed Contributor

‎10-29-2003 05:53 AM

‎10-29-2003 05:53 AM

Re: Upgrading Bind

That looks like a problem, if your named.boot was full of zone statements the script should have converted them into the named.conf file and you should see all your zones listed. I've never personally had an issue w/ using the script to convert a boot to a conf file.

Can you test it again?


# /usr/bin/named-bootconf.sh < /etc/named.boot >
/etc/named.conf

Feel free to attach your named.boot file.

Todd
0 Kudos
Reply
IRI Unix Support Group
Occasional Contributor

‎10-29-2003 06:19 AM

‎10-29-2003 06:19 AM

Re: Upgrading Bind

Todd-

I ran that again same results.
0 Kudos
Reply
Todd Whitcher
Esteemed Contributor

‎10-29-2003 06:51 AM

‎10-29-2003 06:51 AM

Re: Upgrading Bind

Feel free to attach your named.boot file to this post and I'll download it and take a look at it.

I'll be here until 4 pm EST.

Todd
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.