ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Update Windows-specific documentation

Browse Source 
Bring the files describing Windows-specific aspects of building and
installing BIND up to date.  Remove the parts which are either outdated
(e.g. 32-bit build instructions), already included elsewhere (e.g. the
list of Windows systems BIND is known to run on), or inconvenient to
keep up to date in the long run (e.g. ARM chapter numbers).
This commit is contained in:
Michał Kępień
2019-09-26 15:11:15 +02:00
parent ca36405a3d
commit 646fcb733e
4 changed files with 74 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
win32utils/build.txt
View File

@@ -1,6 +1,4 @@
BIND 9.10 for Win32 Source Build Instructions. 17-Apr-2015
Building BIND 9.10 on Windows has the following prerequisites:
Building BIND 9 on Windows has the following prerequisites:
1) You need to install Perl for Windows. ActivePerl
(http://www.activestate.com/) and Strawberry Perl
@@ -8,101 +6,65 @@ Building BIND 9.10 on Windows has the following prerequisites:
to work.
2) OpenSSL (http://www.openssl.org) must be downloaded and built on
the system on which you are building BIND.
the system on which you are building BIND 9.
3) If you wish to use the statistics channel, LibXML2
(ftp://xmlsoft.org/libxml2) must be downloaded and built on
the system on which you are building BIND.
the system on which you are building BIND 9.
4) Optional external packages (not used by default)
If you wish to use IP geolocation, GeoIP API and database must be
downloaded, patched and built on the system on which you are building
BIND.
BIND 9.
If you wish to use zlib/deflate on the statistics channel, zlib
must be downloaded and built on the system on which you are building
BIND.
BIND 9.
If you wish to use python tools, you need a python (version 2 or 3)
interpreter with its standard libraries.
If you wish to use readline, the readline library must be downloaded
and built on the system on which you are building BIND.
and built on the system on which you are building BIND 9.
5) The BIND Installer (BINDInstall) includes a copy of the
5) The BIND 9 Installer (BINDInstall) includes a copy of the
redistributable runtime object vcredist_x86.exe (or vcredist_x64.exe),
which is included with Visual Studio and can be downloaded from
Microsoft. This file must be in place prior to running Configure.
6) BIND is known to run on the following versions of Windows:
Windows 7, 8, 8.1, 10, Server 2008R2, Server 2012 and newer.
Step 1: Download and build OpenSSL
OpenSSL is required for DNSSEC. If you wish to build BIND 9 without
DNSSEC support, skip to step 2.
Download and untar the OpenSSL sources from http://www.openssl.org/.
Extract them at in the same directory in which you extracted the BIND 9
source: If BIND 9 is in \build\bind-9.10.2, for instance, OpenSSL should
be in \build\openssl-1.0.2a (subject to version number changes).
source: If BIND 9 is in \build\bind-9.14.6, for instance, OpenSSL should
be in \build\openssl-1.1.1d (subject to version number changes).
Note: Building OpenSSL requires that you install Perl as it uses it
during its build process. The following commands work as of
openssl-1.0.2a, but you should check the OpenSSL distribution to see
if the build instructions in the INSTALL.W32 (or INSTALL.W64) file
have changed, in particular for the assembler options:
Note: Building OpenSSL requires that you install Perl and NASM as it
uses these during its build process. The following commands work as of
openssl-1.1.1d, but you should check the OpenSSL distribution to see
if the build instructions in the INSTALL file have changed:
32-bit builds:
(In an x86 Visual Studio Command Prompt window)
cd openssl-1.0.2a
perl Configure --prefix=c:\openssl enable-static-engine VC-WIN32
ms\do_ms
nmake /f ms\ntdll.mak
64-bit builds:
(In an x64 Visual Studio Command Prompt window)
cd openssl-1.0.2a
perl Configure --prefix=c:\openssl64 enable-static-engine VC-WIN64A
ms\do_win64a
nmake /f ms\ntdll.mak
The "enable-static-engine" option is needed when an OpenSSL engine
will be used -- for example, when using OpenSSL-based PKCS#11 support.
If you wish to use OpenSSL-based PKCS#11 to control a cryptographic
hardware service module, please see "PKCS#11 (Cryptoki) support" in
chapter 4 of the BIND 9 Administrator Reference Guide. You will need to
apply the patch in bind9\bin\pkcs11\openssl-1.0.2a-patch (this can be
done using the Cygwin 'patch' utility) and add --pk11-libname and
--pk11-flavor to the Configure command above.
If you don't have the required assembler (nasm), just add 'no-asm'
to the configure arguments.
cd openssl-1.1.1d
perl Configure VC-WIN64A
nmake
Step 2: Download and build LibXML2
LibXML2 is required to use the statistics channel. If you wish to
build BIND 9 without support for this feature, skip to step 4.
build BIND 9 without support for this feature, skip to step 3.
Download and untar the libxml2 sources from ftp://xmlsoft.org/libxml2.
Extract them in the same directory in which you extracted the BIND 9
source: If BIND 9 is in \build\bind-9.10.2, for instance, libxml2 should
source: If BIND 9 is in \build\bind-9.14.6, for instance, libxml2 should
be in \build\libxml2-2.9.2 (subject to version number changes).
Now build libxml2, and copy the resulting files into the include and lib
directories:
Now build libxml2:
cd libxml2-2.9.2\win32
cscript configure.js compiler=msvc vcmanifest=yes static=yes \
debug=no iconv=no
nmake /f Makefile.msvc libxml
Note some recent distributions show 2 bugs: some files are extracted
with no writable rights, cscript tries to open the configure.in file
(in the libxml2-2.9.2 directory) when the correct file is configure.ac
so raises a 'not found' error.
cscript configure.js iconv=no
nmake /f Makefile.msvc
Step 3: Download and build zlib
@@ -142,19 +104,19 @@ Step 5: Enable python tools
Note when the python interpreter is in the command path and
the required packages available the Configure script will detect
them and add python tools to the BIND build.
them and add python tools to the BIND 9 build.
To be used a python tool must be invoked with python (e.g.,
python dnssec-checkds.py <args>) as the shebang doesn't work
on Windows. The isc package should be installed too, cf step 11.
At the opposite of Unix this isc package uses the Registry to
learn where BIND was installed in step 10.
learn where BIND 9 was installed in step 10.
Step 6: Download and build Readline
The readline library adds command-line editing in nslookup and nsupdate.
If you wish to build BIND 9 without support for this feature, skip to
step 6.
step 7.
Because the original GNU source for the readline library has no WIN32
support, it will be necessary to download a version of the static
@@ -171,26 +133,22 @@ Step 7: Make the redistributable runtime object available
Check that the Microsoft redistributable object (vcredist_x86.exe or
vcredist_x64.exe) is available to the build. The file may be placed
in the directory in which the BIND 9 source was extracted (for
instance, if BIND 9 is in \build\bind-9.10.2, the redistributable
instance, if BIND 9 is in \build\bind-9.14.6, the redistributable
may be placed in \build\vcredist_x86.exe). Or, the path to the file
can be specified via the VCREDIST_PATH environment variable, or via
the "with-vcredist=PATH" option to the configuration script (see
step 7). If none of these options is used, Configure will attempt to
step 8). If none of these options is used, Configure will attempt to
find the redistributable based on clues in the build environment.
Step 8: Configuring the BIND build
Step 8: Configuring the BIND 9 build
From the command prompt, cd to the win32utils directory under
the BIND 9 root:
cd bind-9.10.2\win32utils
cd bind-9.14.6\win32utils
In this directory, you can prepare the Windows build by running:
perl Configure <options> win32
For 64 bit:
perl Configure <options> x64
This will set up all the files needed for building BIND 9 according
@@ -202,10 +160,25 @@ Step 8: Configuring the BIND build
perl Configure clean
Step 9: Building BIND
Step 9: Building BIND 9
To build using 'nmake' or older versions of Visual Studio (e.g.
VS 2005 or VS 2008) is no longer supported.
Building using 'nmake' or older versions of Visual Studio
(e.g. VS 2005 or VS 2008) is no longer supported.
Building with a version of Visual Studio newer than VS 2010
requires the solution to first be upgraded by running:
devenv bind9.sln /upgrade
If the build host only has Visual Studio Build Tools available
and not a full Visual Studio installation, devenv.exe will not
be present. In that case, the Configure invocation from step 8
must be extended with the following parameters set to values
matching the Visual Studio Build Tools version used:
with-tools-version
with-platform-version
with-platform-toolset
To build using the Visual Studio GUI in VS 2010 or newer:
open the bind9.sln solution file; this will load the project
@@ -248,7 +221,7 @@ Step 10: Install
Step 11: Python package install
When BIND was built with python support, the isc python package
When BIND 9 was built with python support, the isc python package
must be installed locally by:
cd <top-bind9-directory>
@@ -257,7 +230,7 @@ Step 11: Python package install
(replace 'python' by the path of your python interpreter if needed.)
BIND python tools should work with version 2 or 3, 32 or 64 bits.
BIND 9 python tools should work with version 2 or 3, 32 or 64 bits.
Please report bugs, whether in the process of building the application
or in BIND 9 itself, at https://gitlab.isc.org/isc-projects/bind9.

64
win32utils/readme1st.txt
View File

@@ -1,8 +1,3 @@
NOTES ON BIND 9.10 FOR WINDOWS:
BIND 9.10 is known to run on Windows XP, Vista, Windows 7,
and Windows Server 2003 and higher.
KIT INSTALLATION:
Unpack the kit into any convenient directory and run the BINDInstall
@@ -10,15 +5,15 @@ program. This will install the named and associated programs into
the correct directories and set up the required registry keys.
Usually BINDInstall must be run by/as Administrator or it can fail
to operate on the filesystem or the registery or even return messages
like 'A referral was returned from the server". The best way to
to operate on the filesystem or the registry or even return messages
like "A referral was returned from the server". The best way to
avoid this kind of problems on Windows 7 or newer is:
- open a "file explorer" aka finder windows
- goes where the distribution was expanded
- open a "Windows Explorer" window
- go where the distribution was extracted
- click right on the BINDInstall application
- open "Properties" (last) menu
- open "Compatibility" (second) tab
- check on the (last) "Run this program as an administrator"
- check the (last) "Run this program as an administrator" box
Unfortunately this is not saved by zip (or any archiver?) as
it is a property saved in the Registry.
@@ -27,13 +22,13 @@ restricted privileges. The installer will prompt you for an account
name (the default is "named") and a password for that account. It
will also check for the existence of that account. If it does not
exist is will create it with only the privileges required to run
BIND. If the account does exist it will check that it has only the
BIND 9. If the account does exist it will check that it has only the
one privilege required: "Log on as a service". If it has too many
privileges it will prompt you if you want to continue.
With BIND running under an account name, it is necessary for all
files and directories that BIND uses to have permissions set up for
the named account if the files are on an NTFS disk. BIND requires
With BIND 9 running under an account name, it is necessary for all
files and directories that BIND 9 uses to have permissions set up for
the named account if the files are on an NTFS disk. BIND 9 requires
that the account have read and write access to the directory for
the pid file, any files that are maintained either for slave zones
or for master zones supporting dynamic updates. The account will
@@ -48,7 +43,7 @@ AUTHORITY\LocalService" similar to those that would have been
required for the "named" account.
It is important that on Windows the directory directive is used in
the options section to tell BIND where to find the files used in
the options section to tell BIND 9 where to find the files used in
named.conf (default "%ProgramFiles%\ISC BIND 9\etc\named.conf"). For
example:
@@ -56,10 +51,10 @@ example:
directory "C:\Program Files (x86)\ISC BIND 9\etc";
};
for a 32 bit BIND on a 64 bit US Domestic Windows system.
for a 32 bit BIND 9 on a 64 bit US Domestic Windows system.
Messages are logged to the Application log in the EventViewer.
CONTROLLING BIND:
CONTROLLING BIND 9:
Windows uses the same rndc program as is used on Unix systems. The
rndc.conf file must be configured for your system in order to work.
@@ -73,8 +68,8 @@ rndc-confgen -a
which will create a rndc.key file in the "%ProgramFiles%\ISC BIND 9\etc"
directory. This will allow you to run rndc without an explicit
rndc.conf file or key and control entry in named.conf file. See
section 3.4.1.2 of the ARM for details of this. An rndc.conf can
also be generated by running:
the ARM for details of this. An rndc.conf can also be generated by
running:
rndc-confgen > rndc.conf
@@ -93,13 +88,12 @@ controls {
Note that the value of the secret must come from the key generated
above for rndc and must be the same key value for both. Details of
this may be found in section 3.4.1.2 of the ARM. If you have rndc
on a Unix box you can use it to control BIND on the Windows box as
well as using the Windows version of rndc to control a BIND 9 daemon
on a Unix box. However you must have key statements valid for the
servers you wish to control, specifically the IP address and key
in both named.conf and rndc.conf. Again see section 3.4.1.2 of the
ARM for details.
this may be found in the ARM. If you have rndc on a Unix box you can
use it to control BIND 9 on the Windows box as well as using the Windows
version of rndc to control a BIND 9 daemon on a Unix box. However you
must have key statements valid for the servers you wish to control,
specifically the IP address and key in both named.conf and rndc.conf.
Again see the ARM for details.
In order to run rndc from a different system it is important to
ensure that the clocks are synchronized. The clocks must be kept
@@ -107,12 +101,12 @@ within 5 minutes of each other or the rndc commands will fail
authentication. Use NTP or other time synchronization software to
keep your clocks accurate. NTP can be found at http://www.ntp.org/.
In addition BIND is installed as a win32 system service, can be
In addition BIND 9 is installed as a win32 system service, can be
started and stopped in the same way as any other service and
automatically starts whenever the system is booted. Signals are not
supported and are in fact ignored.
Note: Unlike most Windows applications, named does not, change its
Note: Unlike most Windows applications, named does not change its
working directory when started as a service. If you wish to use
relative files in named.conf you will need to specify a working
directory using the directory directive options.
@@ -126,20 +120,10 @@ importance is the BIND 9 Administrator's Reference Manual (Bv9ARM*.html)
which provides detailed information on BIND 9. In addition, there
are HTML pages for each of the BIND 9 applications.
INCLUDED TOOLS:
The following tools have been built for Windows: dig, nslookup,
host, nsupdate, ddns-confgen, rndc, rndc-confgen, delv, mdig,
named-checkconf, named-checkzone, named-compilezone, named-journalprint,
named-rrchecker, dnssec-importkey, dnssec-keygen, dnssec-signzone,
dnssec-dsfromkey, dnssec-keyfromlabel, dnssec-revoke, dnssec-settime
and dnssec-verify. The latter tools are for use with DNSSEC. All tools
are installed in the "%ProgramFiles%\ISC BIND 9\bin" directory.
IMPORTANT NOTE ON USING THE TOOLS:
IMPORTANT NOTE ON USING BIND 9 TOOLS:
It is no longer necessary to create a resolv.conf file on Windows
as the tools will look in the registry for the required name server
as BIND 9 tools will look in the registry for the required name server
information. However, if you do create a resolv.conf file as follows,
the tools will use it in preference to the registry name server
entries.