Solaris 9/10/11ではidnkitライブラリが/usr/libにありますが、ヘッダー ファイルが足りないため、あらかじめidnkitをインストールしておきます。
% cd contrib/idn/idnkit-1.0-src
Solaris 10のgethostbyaddrとgethostbyaddr_rのプロトタイプ宣言が異
なるため、/usr/include/netdb.hのプロトタイプ宣言と矛盾が生じます。
よって、とりあえずSolaris 10では--enable-runidnを指定しないようにし
ます。
#!/bin/sh
if [ $# -eq 1 ]; then
. ../../../../setup-pre.sh $1
else
. ../../../../setup-pre.sh
fi
case `uname -r` in
"5.8"|"5.9"|"5.11")
iconvpath=/usr
iconvlib=-lc
RUNIDN="--enable-runidn"
CPPFLAGS="-I/usr/include $CPPFLAGS"; export CPPFLAGS
;;
"5.10")
iconvpath=/usr
iconvlib=-lc
RUNIDN=
CPPFLAGS="-I/usr/include $CPPFLAGS"; export CPPFLAGS
;;
*)
iconvpath=/usr/local
iconvlib=-liconv
RUNIDN=
CPPFLAGS="-I/usr/include $CPPFLAGS"; export CPPFLAGS
;;
esac
% setup.sh [sparcv9|sparcv8plus|i386|amd64] % gmake # gmake install
Solaris 10ではPKCS11 ENGINEを有効にするためにOpenSSLのバージョンチェックを無効にします。
--- lib/dns/openssl_link.c.orig 2009-03-06 17:43:04.418140000 +0900 +++ lib/dns/openssl_link.c 2009-03-06 17:43:41.959606000 +0900 @@ -54,9 +54,9 @@ #include <openssl/conf.h> #include <openssl/crypto.h> -#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x0090707f) +#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x0090704f) #define USE_ENGINE 1 #endif #ifdef USE_ENGINE #include <openssl/engine.h>
以下のようなスクリプトを用意して実行します。
普通にconfigureを起動するとSolaris 10のOpenSSLのバージョンのチェッ クでひっかかってしまうので、Solaris 10ではチェックをしないようにします。
#!/bin/sh
if [ $# -eq 1 ]; then
. ../setup-pre.sh $1
else
. ../setup-pre.sh
fi
if [ ! -f configure.orig ]; then
cp -p configure configure.orig
fi
#
# for sparcv9 and amd64
#
if [ ! -f configure.64 ]; then
cat configure.orig | sed 's/DNS_OPENSSL_LIBS=\"-L\$use_openssl\/lib -R\$use_openssl\/lib -lcrypto\"/DNS_OPENSSL_LIBS=\"-L\$use_openssl\/lib\/64 -R\$use_openssl\/lib\/64 -lcrypto\"/' > configure.64
chmod 755 configure.64
fi
if [ "$ISA" = "sparcv9" -o "$ISA" = "amd64" ]; then
cp -p configure.64 configure
else
cp -p configure.orig configure
fi
case `uname -r` in
"5.8"|"5.9"|"5.10"|"5.11")
iconvpath=/usr
iconvlib=-lc
idnpath=/usr/local
idnlib="-L/usr/local/lib$LIBISA -R/usr/local/lib$LIBISA -lidnkit"
CPPFLAGS="-I/usr/local/include $CPPFLAGS"; export CPPFLAGS
;;
*)
iconvpath=/usr/local
iconvlib=-liconv
idnpath=/usr/local
idnlib="-L/usr/local/lib$LIBISA -R/usr/local/lib$LIBISA -lidnkit"
#idnlib="-lidnkit"
CPPFLAGS="-I/usr/local/include $CPPFLAGS"; export CPPFLAGS
;;
esac
./configure $CONFDIRS \
--sysconfdir=/etc \
--localstatedir=/var \
--enable-threads \
--enable-largefile \
--enable-fixed-rrset \
--with-export-libdir=/usr/local/lib/bind9$LIBISA \
--with-pkcs11 \
--with-openssl=$sslpath $OPENSSL_VERSION_CHECK_OPTION \
--with-gssapi=$krb5path \
--with-idn=$idnpath \
--with-idnlib="$idnlib" \
--with-libiconv=$iconvpath \
--with-iconv=$iconvlib
if [ -f "config.h" ]; then
echo '#define ENGINE_ID "pkcs11"' >> config.h
if [ "$ISA" = "sparcv9" -o "$ISA" = "amd64" ]; then
echo '#define PKCS11_MODULE_PATH "/usr/lib/64/libpkcs11.so"' >> config.h
else
echo '#define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so"' >> config.h
fi
fi
% setup.sh [sparcv9|sparcv8plus|i386|amd64] % gmake # gmake install
ISA自動起動リンクを作るために、以下のスクリプトを実行します。
#!/bin/sh
#
SBINPROG="pkcs11-destroy pkcs11-list pkcs11-keygen ddns-confgen rndc-confgen named-compilezone named-checkzone named-checkconf isc-hmac-fixup genrandom nsec3hash named-journalprint arpaname dnssec-settime dnssec-revoke dnssec-dsfromkey dnssec-keyfromlabel dnssec-signzone dnssec-keygen rndc lwresd named"
BINPROG="nsupdate dig host nslookup idnconv"
if [ "${SBINPROG}" != "" ]; then
cd /usr/local/sbin
for prog in ${SBINPROG}
do
rm -f $prog
ln /usr/lib/isaexec $prog
echo $prog
done
fi
if [ "${BINPROG}" != "" ]; then
cd /usr/local/bin
for prog in ${BINPROG}
do
rm -f $prog
ln /usr/lib/isaexec $prog
echo $prog
done
fi
設定ファイルを用意します。
/etc/named.conf
include "/var/namedb/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc"; };
inet ::1 port 953
allow { ::1; } keys { "rndc"; };
};
/etc/rndc.conf
include "/var/namedb/rndc.key";
options {
default-key "rndc";
default-server 127.0.0.1;
default-port 953;
};
mkdnsseckey.sh
#!/bin/sh
#
# mkdnsseckey.sh
#
if [ $# -lt 1 ]; then
echo "Usage:"
echo " $0 key-name"
echo "Example:"
echo " $0 key-name > key-name.key"
exit 1
fi
keyname=$1
dnssec-keygen -a HMAC-SHA512 -b 512 -n USER ${keyname} > /dev/null
cat K${keyname}.*.private | awk -v keyname=${keyname} 'BEGIN{
printf("key %s {\n", keyname);
printf("\talgorithm HMAC-SHA512;\n");
}
{
if (match(substr($1, 1, 4), "Key:"))
printf("\tsecret \"%s\";\n", $2);
}
END {
printf("};\n");
}'
rm -f K${keyname}.*.*
/var/namedb/rndc.key
# ./mkdnsseckey.sh rndc > rndc.key
起動バイナリパスをインストールしたnamedに変更します。
# svccfg -s svc:/network/dns/server:default setprop options/server=/usr/local/sbin/named
サービスを有効化します。
# svcadm enable svc:/network/dns/server
#!/bin/sh
AWK=awk
if [ -x /usr/local/bin/awk ]; then
AWK=/usr/local/bin/awk
elif [ -x /usr/xpg4/bin/awk ]; then
AWK=/usr/xpg4/bin/awk
fi
segment=$1
date=`date +%Y%m%d`
host="ns.next-hop.net."
hostmaster="hostmaster.next-hop.net."
nameserver1="ns.next-hop.net."
nameserver2="ns2.next-hop.net."
$AWK -v segment=$segment -v date=$date -v host=$host -v hostmaster=$hostmaster -v nameserver1=$nameserver1 -v nameserver2=$nameserver2 '
BEGIN {
split(segment, octet, ".");
printf("$ORIGIN %s.%s.%s.IN-ADDR.ARPA.\n", octet[3], octet[2], octet[1]);
printf("$TTL 86400\n");
printf(".\t\t\tIN SOA\t%s %s (\n", host, hostmaster);
printf("\t\t\t\t%s00 ; serial\n", date);
printf("\t\t\t\t3600 ; refresh (1 hour)\n");
printf("\t\t\t\t900 ; retry (15 minutes)\n");
printf("\t\t\t\t604800 ; expire (1 week)\n");
printf("\t\t\t\t3600 ; minimum (1 hour)\n");
printf("\t\t\t\t)\n");
printf("\t\t\tNS\t%s\n", nameserver1);
printf("\t\t\tNS\t%s\n", nameserver2);
printf("0\t\t\tA\t255.255.255.0\n");
}'
#!/bin/sh
AWK=awk
if [ -x /usr/local/bin/awk ]; then
AWK=/usr/local/bin/awk
elif [ -x /usr/xpg4/bin/awk ]; then
AWK=/usr/xpg4/bin/awk
fi
segment=$1
$AWK -v segment=$segment '
BEGIN {
split(segment, octet, ".");
printf("zone \"%s.%s.%s.in-addr.arpa\" {\n", octet[3], octet[2], octet[1]);
printf("\ttype master;\n");
printf("\tfile \"dynamic/%s.zone\";\n", segment);
printf("\tallow-update { key ddns.key; };\n");
printf("\tallow-transfer {\n");
printf("\t\tdns-server;\n");
printf("\t};\n");
printf("};\n");
}'
| Copyright ©2001-2014 T.Hiraga <hiraga@next-hop.net> All Rights Reserved. Last modified: $Date: 2014/12/11 04:24:56 $ |
|