BIND/iX for HP 3000 MPE
http://www.cccd.edu/~markb/bindix.html
DNS server and clients for MPE
Last updated June 27, 1997 @ 2230 UTC
---------------------------------------------------------------------------
What's New
* June 27, 1997
o Updated to the 8.1.1-REL production release which includes
various fixes and enhancements. A particularly evil security bug
has been fixed which will prevent malicious sites from corrupting
your cache with bogus entries.
o An MPE-only workaround has been implemented in res_send() so that
connect()-ing to a datagram socket (which is not supported by
MPE) is no longer attempted.
o Dynamic Update has been tested and works if an external machine
is trying to update BIND/iX; see Known Bugs.
o MPE's recvfrom() still returns 127.0.0.1 for packets received
from the local host; see the Known Bugs section below for a long
explanation of the ramifications. Despite this issue, BIND/iX
should be usable in a production environment as long as you
follow good DNS practices by always mirroring your data to one or
more secondary name servers.
* June 12, 1997
o Updated to the 8.1.1-T2B public beta release which includes
various fixes and enhancements. No new MPE-only changes.
o The MPE diffs have been submitted to the BIND developers, but
there wasn't time to include them in the official T2B source
distribution.
* June 6, 1997
o Updated to 8.1.1-T1A (a set of patches only made available to
official bind-workers and applied on top of the 8.1 general
public release). For details see src-mpe/CHANGES. Includes a
fixed bin/dnsquery, new configuration options, bin/ndc relocated
to sbin/ndc, and various bug fixes.
o Compiles with no integer pointer cast warnings.
---------------------------------------------------------------------------
Welcome
This is the official home page for the HP 3000 MPE port of the ISC BIND DNS
server . Check here for the latest news, implemented functionality, known
bugs, to-do list, etc. Status reports about major milestones will also be
posted to the HP3000-L mailing list and its associated gatewayed newsgroup
comp.sys.hp.mpe.
I'm doing this port because it is the foundation for other important
packages such as sendmail.
Please send your comments, questions, and bug reports directly to me, Mark
Bixby, by e-mailing to [log in to unmask] Or just post them to HP3000-L. You
can also telephone me at +1 714 438-4647 Monday-Friday 0815-1745 PDT
(1515-0045 UTC).
The platform I'm using to do this port is an HP 3000 969KS200 running
MPE/iX 5.5 and using the gcc compiler from
http://jazz.external.hp.com/src/gnu/gnu_tools/gnutools.html. This is my
only HP 3000, so I'm very interested to hear from people running MPE/iX 5.0
and using the HP c compiler.
I would like to extend my sincere thanks to HP CSY for providing me with
the resources and encouragement to do this port and others soon to come.
What is BIND and why should I care?
BIND is the most commonly used DNS server on the Internet. BIND makes your
domain names visible to the Internet, as well as handling client requests
to resolve domain names other than your own.
Prior to BIND/iX, an HP 3000 shop had to rely on some other machine to host
their organization DNS information. Now you can host it locally.
BIND/iX was intially ported from BIND 8.1 released in May 1997.
---------------------------------------------------------------------------
How to Obtain BIND/iX
1. Obtain and install Syslog/iX if you haven't already done so.
2. Create the BIND account
3. Download BIND using either FTP.ARPA.SYS or some other client
4. Uncompress and extract
Create the BIND account on your HP 3000
:HELLO MANAGER.SYS
:NEWACCT BIND,MGR;CAP=AL,ND,SF,IA,BA,PH,PM;PASS=somethingsecure
:ALTGROUP PUB.BIND;ACCESS=(R,L,X:AC;W,A,S:AL)
Download BIND using FTP.ARPA.SYS from your HP 3000 (the preferred
method).....
:HELLO MGR.BIND
:FTP.ARPA.SYS
open ftp.cccd.edu
anonymous
[log in to unmask]
bytestream
cd /pub/mpe
get mover55.prvxl.telesup mover55;code=nmprg;rec=128
get BIND.mover.Z /tmp/BIND.mover.Z
exit
.....Or download using some other generic web or ftp client (the alternate
method)
Download the following files (make sure that you use "binary mode" or
whatever client feature that is 8-bit clean):
* mover55 from http://www.cccd.edu/ftp/pub/mpe/mover55.prvxl.telesup or
ftp://ftp.cccd.edu/pub/mpe/mover55.prvxl.telesup
* BIND from http://www.cccd.edu/ftp/pub/mpe/BIND.mover.Z or
ftp://ftp.cccd.edu/pub/mpe/BIND.mover.Z
Upload those files to your HP 3000 in an 8-bit clean bytestream manner to:
* /tmp/mover55
* /tmp/BIND.mover.Z
Convert mover into something that is executable:
:HELLO MGR.BIND
:FILE MOVER55;CODE=NMPRG
:FROMBYTE.HPBIN.SYS '-b /tmp/mover55 *MOVER55'
Then uncompress and extract the distribution (after both download methods)
:UNCOMPRE.HPBIN.SYS '/tmp/BIND.mover.Z'
:MOVER55.PUB.BIND '-x /tmp/BIND.mover'
---------------------------------------------------------------------------
Distribution Highlights
README
what you're reading now
JNAMED
:STREAM this to start the server
NAMED
The server binary linked with CAP=PM.
bin/
User clients such as nslookup, etc.
contrib/
Contributed odds and ends. Completely untried on MPE.
doc/
Massive quantities of documentation. Some current, some outdated.
html/
Current documentation about the new config file format.
man/
Current man page documentation.
etc/
Configuration file and zone files.
named.conf
The main configuration file. You *MUST* edit this file before
running the server.
include/
Compile-time header files required if you're calling the BIND resolver
library. Specify -I/BIND/PUB/include on your compiles.
lib/
The BIND resolver library. Specify -L/BIND/PUB/lib -lbind on your
compiles.
sbin/
"System" binaries. Ignore the named that lives here. The named-xfer
that lives here is the right one.
src-mpe/
Source tree.
---------------------------------------------------------------------------
How to Compile BIND
1. cd src-mpe
2. make
3. take a long coffee break
4. make install
5. Execute /BIND/PUB/mdbcopy to move sbin/named to /BIND/PUB/NAMED
---------------------------------------------------------------------------
How to Run BIND
1. :STREAM JSYSLOGD.PUB.SYSLOG
2. Examine etc/named.conf and customize for your own environment.
3. Add your server's IP address as the first nameserver entry in
/etc/resolv.conf for all MPE and HPUX hosts that you wish to use this
server for resolution queries. On MPE hosts, make sure that
/etc/resolv.cnf is actually a symlink pointing to the real data at
RESLVCNF.NET.SYS. Also modify any PC and/or Mac DNS configurations.
4. :STREAM JNAMED.PUB.BIND
5. Stop BIND either by :ABORTJOB or "sbin/ndc stop".
---------------------------------------------------------------------------
MPE/iX Implementation Considerations
There some minor functionality issues to be aware of when comparing BIND
for Unix (BIND/UX) to BIND/iX:
* BIND/UX must be run as root to bind to ports 53. BIND/iX must call
GETPRIVMODE() to bind to port 53, and thus requires PM capability on
NAMED.
* A bunch of functions in lib/irs/ assume the existence of a POSIX group
password and /etc/group which is not implemented in MPE. The stuff
compiles, but I'm not sure if the "#ifdef MPE" solution is correct.
The casual user is unlikely to use these functions anyway, especially
since POSIX groups aren't very flexible under MPE.
---------------------------------------------------------------------------
Known Bugs Under Investigation
* The impact of sfcntl(F_SETFL) disabling O_NONBLOCK in SR 5003-359554.
This may or may not be a problem, and may or may not be fixed shortly
by HP.
* The fork() of death is now better understood and has been worked
around. BIND/iX will no longer crash MPE with this. Do not call
sfcntl(F_DUPFD) against a socket descriptor and then fork().
* MPE does not support connect()-ing to a datagram socket. This may
result in slowed response times since BIND will be forced to wait for
a timeout in the event of certain network problems that could have
been detected immediately with connect(). An HPRC call will soon be
opened regarding this issue.
* MPE recvfrom() returns 127.0.0.1 as the IP source address for packets
sent by processes on the same host as the recvfrom() listener. This
causes trouble for security code within BIND that checks to see if the
answers received actually came from the IP addresses that the queries
were sent to. An HPRC call will soon be opened regarding this issue.
o For clients linked with libbind.a (i.e. nslookup, etc, plus any
local things you write), if you are trying to resolve a host name
contained within either a master or slave zone served by the
local BIND/iX running on the same machine as the client, the
query to the local BIND/iX will return an answer that will be
ignored because of the IP address mismatch. If one or more
secondary name servers have been defined for the zone that you
are attempting to query, the libbind.a routines will then query
these other servers successfully -- you only pay a slight
performance penalty in querying the local server and then
ignoring the answer. If there are no secondary name servers,
your query will fail completely. Therefore if your BIND/iX is
hosting master zones, make sure some other non-MPE machine is
acting as a secondary server for the same zones -- it's good
practice to do this anyway.
o Don't bother trying to use bin/nsupdate on an MPE system to
Dynamically Update a BIND/iX running on the same system. You
can, however, successfully nsupdate BIND/iX if you run nsupdate
on some other machine.
o Note that if an external machine tries to query BIND/iX, the
queries are *not* affected by this bug and will complete
successfully, returning data from the local BIND/iX zone files or
returning answers from queries forwarded elsewhere.
---------------------------------------------------------------------------
To-Do List
* Encourage HP to deal with the above known bugs. Unfortunately CSY has
all available staff resources committed to other projects for the
remainder of this HP fiscal year (i.e. until November 1997). :-(
---------------------------------------------------------------------------
Change History
* May 28, 1997
o Internal "#ifdef MPE" source cleanup.
o Wrote an mpe_bind() stub that zeros out the IP address and calls
GETPRIVMODE()/GETUSERMODE() if the port is less than 1024.
o Fixed a problem in the lib/irs routines (i.e. gethostbyname()
etc.) that prevented fall-back to flat files (/etc/hosts etc.) if
DNS is unable to locate the requested information. The MPE port
code was doing a global "#define fcntl sfcntl" because sockets
require sfcntl(). The stuff in lib/irs needs to fcntl() against
flat files, so I had to "#undef fcntl" for lib/irs only. DIE,
sfcntl(), DIE!
* May 23, 1997
o Initial public release. Use at your own risk!
* April 1997
o Porting begins.
---------------------------------------------------------------------------
Mark Bixby, [log in to unmask]
--
Mark Bixby E-mail: [log in to unmask]
Coast Community College Dist. Web: http://www.cccd.edu/~markb/
District Information Services 1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)
|