Skip to end of metadata
Go to start of metadata

Symptom:

Upgrading from BIND 8 to BIND 9 requires some (usually minimal) configuration changes. But Men & Mice DNS Server Controller explicitly writes out statements for logging and control, rather than relying on defaults, and so these settings must be altered.

Problem:

If you upgrade the named binary itself by compiling from source code, there won't be any automatic changes to your configuration. You must make these changes manually.

Hopefully, your operating system vendor's upgrade package is smart enough to recognize that the default configuration has been altered, and thus not try to alter the configuration for you. In such cases, you must make the necessary changes manually. The alternative is to have to undo the changes made by your operating system vendor's installation package, and then go about making the necessary changes manually.

Solution

To follow these instructions, you'll need to figure out where your named data directory is, which we'll refer to as $NAMED. This can be done by examining named.conf. If you're not sure where named.conf is, examine your DNS Server Controller (''mmremoted'') command line (in the output of the appropriate 'ps' command) - it should show the location of named.conf after '-c'; if there's a '-t' option as well, the named.conf location will be relative to this chroot jail path. If you don't see either of these options, the location is /etc/named.conf. (And if this sounds like gibberish to you, please contact us for help.)

named.conf contains a set of 5 ''include'' statements, referring to the absolute path of files in $NAMED/conf/. So if your $NAMED directory is /var/named, the include statements will look like this:
include "/var/named/conf/logging";
include "/var/named/conf/user_before";
include "/var/named/conf/options";
include "/var/named/conf/user_after";
include "/var/named/conf/zones";
Install the new binaries. You'll need ''named'' and ''rndc-confgen'' at a minimum, and you'll probably want ''rndc''. Version 9 of ''dig'' is quite nice, and the new utilities named-checkconf and named-checkzone can really come in handy. Complete instructions for upgrading from source code are available here.

Next, if you don't already have a key (hmac-md5 algorithm) in ''$NAMED/conf/user_before'', you'll need to generate a new key for use by ''rndc''. You should be able to use this command (but correct the path - it's usually either ''/usr/sbin'' or ''/usr/ local/sbin''):
/path/to/rndc-confgen -a
This will create your new key in ''/etc/rndc.key'', which is one place the ''rndc'' command expects to find it. This key needs to be the first key listed in ''$NAMED/conf/user_before'' - if there are no other keys in the file, simply append ''/etc/rndc.key'' to ''$NAMED/user_before''. If there are other keys present, copy the key statement from ''/etc/rndc.key'' and paste it into ''$NAMED/conf/user_before'' before all other keys.

The next step is to configure the controls statement to use this rndc key. Open ''$NAMED/conf/user_after'' in a text editor. There should be a ''controls'' block already present, with one or more ''unix'' statements (and maybe one or more named ''inet''). Remove these existing statements and create a new ''inet'' statement; the resulting ''controls'' block should look like this:
controls {
        inet * allow { 127.0.0.1; } keys { "rndc-key"; };
};
If your first key in ''$NAMED/conf/user_before'' is not named "rndc-key", change this ''inet'' statement appropriately.

Next up is the logging configuration in ''$NAMED/conf/logging''. There are several logging categories used by BIND 8 that are not recognized by BIND 9 - this can cause a fatal error on newer BIND9 versions, and it will (a) cause error messages in your log files and (b) cause Men & Mice Management Console to display an erroneous list of categories in the server's Options window.

For a complete description of BIND logging categories, go Logging using Men & Mice Suite and BIND.

Open the file ''$NAMED/conf/logging'' in a text editor (e.g. ''vi'' or ''nano''). Remove the following categories, if present:
  • parser
  • statistics
  • panic
  • ncache
  • eventlib
  • packet
  • cname
  • os
  • insist
  • maintenance
  • load
  • response-checks
  • db

Then save the file. You'll want to go over the logging settings in the server's Options window later, since BIND 9 introduces several new categories.

That should do it. (Re)start named and Men & Mice DNS Server Controller using their init scripts (usually ''named'' and ''mmremote'', respectively).

If you still have problems, there's another article in the Knowledge Base to help you troubleshoot the problem.