BIND/iX for HP 3000 MPE

http://www.cccd.edu/~markb/bindix.html
DNS server and clients for MPE
Last updated June 27, 1997 @ 2230 UTC

---------------------------------------------------------------------------

What's New

   * June 27, 1997
        o Updated to the 8.1.1-REL production release which includes
          various fixes and enhancements.  A particularly evil security bug
          has been fixed which will prevent malicious sites from corrupting
          your cache with bogus entries.
        o An MPE-only workaround has been implemented in res_send() so that
          connect()-ing to a datagram socket (which is not supported by
          MPE) is no longer attempted.
        o Dynamic Update has been tested and works if an external machine
          is trying to update BIND/iX; see Known Bugs.
        o MPE's recvfrom() still returns 127.0.0.1 for packets received
          from the local host; see the Known Bugs section below for a long
          explanation of the ramifications. Despite this issue, BIND/iX
          should be usable in a production environment as long as you
          follow good DNS practices by always mirroring your data to one or
          more secondary name servers.
   * June 12, 1997
        o Updated to the 8.1.1-T2B public beta release which includes
          various fixes and enhancements. No new MPE-only changes.
        o The MPE diffs have been submitted to the BIND developers, but
          there wasn't time to include them in the official T2B source
          distribution.
   * June 6, 1997
        o Updated to 8.1.1-T1A (a set of patches only made available to
          official bind-workers and applied on top of the 8.1 general
          public release).  For details see src-mpe/CHANGES.  Includes a
          fixed bin/dnsquery, new configuration options, bin/ndc relocated
          to sbin/ndc, and various bug fixes.
        o Compiles with no integer pointer cast warnings.

---------------------------------------------------------------------------

Welcome

This is the official home page for the HP 3000 MPE port of the ISC BIND DNS
server . Check here for the latest news, implemented functionality, known
bugs, to-do list, etc. Status reports about major milestones will also be
posted to the HP3000-L mailing list and its associated gatewayed newsgroup
comp.sys.hp.mpe.

I'm doing this port because it is the foundation for other important
packages such as sendmail.

Please send your comments, questions, and bug reports directly to me, Mark
Bixby, by e-mailing to [log in to unmask] Or just post them to HP3000-L. You
can also telephone me at +1 714 438-4647 Monday-Friday 0815-1745 PDT
(1515-0045 UTC).

The platform I'm using to do this port is an HP 3000 969KS200 running
MPE/iX 5.5 and using the gcc compiler from
http://jazz.external.hp.com/src/gnu/gnu_tools/gnutools.html. This is my
only HP 3000, so I'm very interested to hear from people running MPE/iX 5.0
and using the HP c compiler.

I would like to extend my sincere thanks to HP CSY for providing me with
the resources and encouragement to do this port and others soon to come.

What is BIND and why should I care?

BIND is the most commonly used DNS server on the Internet. BIND makes your
domain names visible to the Internet, as well as handling client requests
to resolve domain names other than your own.

Prior to BIND/iX, an HP 3000 shop had to rely on some other machine to host
their organization DNS information. Now you can host it locally.

BIND/iX was intially ported from BIND 8.1 released in May 1997.

---------------------------------------------------------------------------

How to Obtain BIND/iX

  1. Obtain and install Syslog/iX if you haven't already done so.
  2. Create the BIND account
  3. Download BIND using either FTP.ARPA.SYS or some other client
  4. Uncompress and extract

Create the BIND account on your HP 3000

:HELLO MANAGER.SYS
:NEWACCT BIND,MGR;CAP=AL,ND,SF,IA,BA,PH,PM;PASS=somethingsecure
:ALTGROUP PUB.BIND;ACCESS=(R,L,X:AC;W,A,S:AL)

Download BIND using FTP.ARPA.SYS from your HP 3000 (the preferred
method).....

:HELLO MGR.BIND
:FTP.ARPA.SYS
open ftp.cccd.edu
anonymous
[log in to unmask]
bytestream
cd /pub/mpe
get mover55.prvxl.telesup mover55;code=nmprg;rec=128
get BIND.mover.Z /tmp/BIND.mover.Z
exit

.....Or download using some other generic web or ftp client (the alternate
method)

Download the following files (make sure that you use "binary mode" or
whatever client feature that is 8-bit clean):

   * mover55 from http://www.cccd.edu/ftp/pub/mpe/mover55.prvxl.telesup or
     ftp://ftp.cccd.edu/pub/mpe/mover55.prvxl.telesup
   * BIND from http://www.cccd.edu/ftp/pub/mpe/BIND.mover.Z or
     ftp://ftp.cccd.edu/pub/mpe/BIND.mover.Z

Upload those files to your HP 3000 in an 8-bit clean bytestream manner to:

   * /tmp/mover55
   * /tmp/BIND.mover.Z

Convert mover into something that is executable:

:HELLO MGR.BIND
:FILE MOVER55;CODE=NMPRG
:FROMBYTE.HPBIN.SYS '-b /tmp/mover55 *MOVER55'

Then uncompress and extract the distribution (after both download methods)

:UNCOMPRE.HPBIN.SYS '/tmp/BIND.mover.Z'
:MOVER55.PUB.BIND '-x /tmp/BIND.mover'

---------------------------------------------------------------------------

Distribution Highlights

README
     what you're reading now
JNAMED
     :STREAM this to start the server
NAMED
     The server binary linked with CAP=PM.
bin/
     User clients such as nslookup, etc.
contrib/
     Contributed odds and ends. Completely untried on MPE.
doc/
     Massive quantities of documentation. Some current, some outdated.
     html/
          Current documentation about the new config file format.
     man/
          Current man page documentation.

etc/
     Configuration file and zone files.

     named.conf
          The main configuration file. You *MUST* edit this file before
     running the server.

include/
     Compile-time header files required if you're calling the BIND resolver
library.  Specify -I/BIND/PUB/include on your compiles.
lib/
     The BIND resolver library.  Specify -L/BIND/PUB/lib -lbind on your
compiles.
sbin/
     "System" binaries. Ignore the named that lives here. The named-xfer
that lives here is the right one.
src-mpe/
     Source tree.

---------------------------------------------------------------------------

How to Compile BIND

  1. cd src-mpe
  2. make
  3. take a long coffee break
  4. make install
  5. Execute /BIND/PUB/mdbcopy to move sbin/named to /BIND/PUB/NAMED

---------------------------------------------------------------------------

How to Run BIND

  1. :STREAM JSYSLOGD.PUB.SYSLOG
  2. Examine etc/named.conf and customize for your own environment.
  3. Add your server's IP address as the first nameserver entry in
     /etc/resolv.conf for all MPE and HPUX hosts that you wish to use this
     server for resolution queries. On MPE hosts, make sure that
     /etc/resolv.cnf is actually a symlink pointing to the real data at
     RESLVCNF.NET.SYS. Also modify any PC and/or Mac DNS configurations.
  4. :STREAM JNAMED.PUB.BIND
  5. Stop BIND either by :ABORTJOB or "sbin/ndc stop".

---------------------------------------------------------------------------

MPE/iX Implementation Considerations

There some minor functionality issues to be aware of when comparing BIND
for Unix (BIND/UX) to BIND/iX:

   * BIND/UX must be run as root to bind to ports 53. BIND/iX must call
     GETPRIVMODE() to bind to port 53, and thus requires PM capability on
     NAMED.
   * A bunch of functions in lib/irs/ assume the existence of a POSIX group
     password and /etc/group which is not implemented in MPE. The stuff
     compiles, but I'm not sure if the "#ifdef MPE" solution is correct.
     The casual user is unlikely to use these functions anyway, especially
     since POSIX groups aren't very flexible under MPE.

---------------------------------------------------------------------------

Known Bugs Under Investigation

   * The impact of sfcntl(F_SETFL) disabling O_NONBLOCK in SR 5003-359554.
     This may or may not be a problem, and may or may not be fixed shortly
     by HP.
   * The fork() of death is now better understood and has been worked
     around.  BIND/iX will no longer crash MPE with this.  Do not call
     sfcntl(F_DUPFD) against a socket descriptor and then fork().
   * MPE does not support connect()-ing to a datagram socket.  This may
     result in slowed response times since BIND will be forced to wait for
     a timeout in the event of certain network problems that could have
     been detected immediately with connect().  An HPRC call will soon be
     opened regarding this issue.
   * MPE recvfrom() returns 127.0.0.1 as the IP source address for packets
     sent by processes on the same host as the recvfrom() listener.  This
     causes trouble for security code within BIND that checks to see if the
     answers received actually came from the IP addresses that the queries
     were sent to.  An HPRC call will soon be opened regarding this issue.
        o For clients linked with libbind.a (i.e. nslookup, etc, plus any
          local things you write), if you are trying to resolve a host name
          contained within either a master or slave zone served by the
          local BIND/iX running on the same machine as the client, the
          query to the local BIND/iX will return an answer that will be
          ignored because of the IP address mismatch.  If one or more
          secondary name servers have been defined for the zone that you
          are attempting to query, the libbind.a routines will then query
          these other servers successfully -- you only pay a slight
          performance penalty in querying the local server and then
          ignoring the answer.  If there are no secondary name servers,
          your query will fail completely.  Therefore if your BIND/iX is
          hosting master zones, make sure some other non-MPE machine is
          acting as a secondary server for the same zones -- it's good
          practice to do this anyway.
        o Don't bother trying to use bin/nsupdate on an MPE system to
          Dynamically Update a BIND/iX running on the same system.  You
          can, however, successfully nsupdate BIND/iX if you run nsupdate
          on some other machine.
        o Note that if an external machine tries to query BIND/iX, the
          queries are *not* affected by this bug and will complete
          successfully, returning data from the local BIND/iX zone files or
          returning answers from queries forwarded elsewhere.

---------------------------------------------------------------------------

To-Do List

   * Encourage HP to deal with the above known bugs.  Unfortunately CSY has
     all available staff resources committed to other projects for the
     remainder of this HP fiscal year (i.e. until November 1997).  :-(

---------------------------------------------------------------------------

Change History

   * May 28, 1997
        o Internal "#ifdef MPE" source cleanup.
        o Wrote an mpe_bind() stub that zeros out the IP address and calls
          GETPRIVMODE()/GETUSERMODE() if the port is less than 1024.
        o Fixed a problem in the lib/irs routines (i.e. gethostbyname()
          etc.) that prevented fall-back to flat files (/etc/hosts etc.) if
          DNS is unable to locate the requested information. The MPE port
          code was doing a global "#define fcntl sfcntl" because sockets
          require sfcntl(). The stuff in lib/irs needs to fcntl() against
          flat files, so I had to "#undef fcntl" for lib/irs only. DIE,
          sfcntl(), DIE!
   * May 23, 1997
        o Initial public release. Use at your own risk!
   * April 1997
        o Porting begins.

---------------------------------------------------------------------------
Mark Bixby, [log in to unmask]
--
Mark Bixby                      E-mail: [log in to unmask]
Coast Community College Dist.   Web: http://www.cccd.edu/~markb/
District Information Services   1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support               +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)