Currently my DNS server was running on Solaris 8, so when we upgraded our environment to Solaris 10, there was a need to migrate existing DNS setup to new version of Solaris, i.e Solaris 10, along with new version of BIND 9. As Solaris 10 has changed a lot in comparison to Solaris 8, so we have to do some adjustments in order to get DNS start/stop procedure under SMF utility.

So here we go:

Default DNS Configuration file : /etc/named.conf
Default Zone files location       : /var/named

Now,

Download desired BIND version package from “sunfreeware.com” or any other source you prefer.

Install it using “pkgadd” command.

NOTE: By default Solaris 10 has “SUNWbind” package shipped with it. Use “pkginfo” command with grep to get a list of installed BIND packages on your system.Optionally, you can remove that.

Step 1: Create group and user.

# groupadd named
# useradd -g named -d /var/named -c "DNS User" -s /bin/false named

Step 2: Create Directory structure for chroot environment.

# mkdir -p /dns/{etc,var}
# mkdir -p /dns/var/{named,run,log}

(-p option to mkdir command will create the paths automatically)

Step 3: Create named.conf and Populate it.

# cd /dns/etc
# touch named.conf

(NOTE : Do NOT forget to include “directory” tag inside named.conf, this will be used to place ZONE files under that location. In our case it will be “/var/named”)

Step 4: Change user and group ownership of /dns directory.

# chown -R named:named /dns

Step 5: Block other users access to this directory.

# chmod 750 /dns

Step 6: Take backup of default DNS file.

# cd /var/svc/manifest/network/dns
# cp server.xml server-chroot.xml

Edit the new file.

# vi server-chroot.xml

Add the following entry:

name='config'
grouping='require_all'
restart_on='none'
type='path'>

This will add a new dependency for DNS service ( use –d option with svcs, to list all dependencies for a service)

Edit the following lines:

<propval name='server' type='astring' value='' />
to
<propval name='server' type='astring' value='/usr/local/sbin/named' />

<propval name='configuration_file' type='astring' value='' />
to
<propval name='configuration_file' type='astring' value='/etc/named.conf' />

<propval name='chroot_dir' type='astring' value='' />
to
<propval name='chroot_dir' type='astring' value='/dns' />

Save and exit the file.

Step 7: Validate the changes made in file before importing it into SMF. There should be no errors.

# svccfg validate server-chroot.xml

Step 8: Now we are ready to import “server-chroot.xml” into SMF, using svccfg.

# svccfg import server-chroot.xml

Step 9: Use “svcs” to list all DNS services in your system.

#  svcs -a | grep -i dns
disabled       Dec_04   svc:/network/dns/server:default        ----------- This one is default
online         Dec_04   svc:/network/dns/client:default
online         Dec_31   svc:/network/dns/server:chroot          ------------ This one with chroot environment

Step 10: Disable the default DNS service, if running.

# svcadm disable dns/server

Step 11: Enable the new chroot DNS service.

# svcadm enable dns/server:chroot

NOTE : If your system has default BIND package from SUN, i.e SUNWbind. After installing new version of BIND, your system will be having TWO named binaries installed and all the related packages like “dig” etc. It means whenever you will try to figure out the version of your packages, it will be the binaries from the SUNWbind package.
So do a search on your system in that case using “find” command.

But, if you have removed the default package from SUN, then you need to set the PATH in /etc/profile file for the new installed package

If you enjoyed this post, make sure you subscribe to my RSS feed!!!!

No related content found.