Today, the first RC of BIND 10 was released. There are some new features that will change how you use my previous articles on this subject. Apart from a slew of bug fixes, there are some functionality changes that will affect both the installation and configuration of BIND 10. The BIND 10 Guide has also been updated to reflect these changes.
The major change of note is:
|
1 2 3 4 5 6 7 8 9 10 |
565. [func]* jelte The main initializer script (formerly known as either 'bind10', 'boss', or 'bob'), has been renamed to b10-init (and Init in configuration). Configuring which components are run is henceforth done through '/Init/components', and the sbin/bind10 script is now simply a shellscript that runs b10-init. Existing configuration is automatically updated. NOTE: once configuration with this update has been saved (by committing any new change with bindctl), you cannot run older versions of BIND 10 anymore with this configuration. (Trac #1901, git bae3798603affdb276f370c1ac6b33b011a5ed4f) |
The previous versions of BIND 10 (I was using 1.0.0-beta previously) would have a master process - bind10. This Boss process was responsible for managing the state of other modules, restarting them when they fail, and so on. bind10 is now a shell script that fires up b10-init. This keeps the module names consistent, and we can now address the module as Init. Thus, a Boss shutdown now becomes Init shutdown, Boss show_processlist becomes Init show_processlist, config add /Boss/components b10-auth is now config add /Init/components b10-auth, and so on.
Building the Release Candidate of BIND 10
I have two BIND 10 instances running on two servers in a master/slave configuration. The notable piece above is “Existing configuration is automatically updated”. Time to compile. All prerequisites are already available on both nodes (for a thorough walk-through of the installation process for the previous version - 1.0.0-beta, see my first BIND 10 article):
|
1 2 3 4 5 6 |
# cd /usr/local/src # tar xzf bind10-1.0.0-rc.tar.gz # cd bind10-1.0.0-rc # ./configure --prefix=/usr/local/bind10-1.0.0-rc --with-pythonpath=/usr/local/python3/bin/python3 --with-botan-config=/usr/local/botan/bin/botan-config --with-log4cplus=/usr/local/log4cplus # make # make install |
Compilation was painless - no issues encountered. Next, remove the symlink to the previous version (presuming you don’t have BIND 10 running on either node), and recreate it pointing to the new version:
|
1 2 |
# rm -f /usr/local/bind10 # ln -s /usr/local/bind10-1.0.0-rc /usr/local/bind10 |
Configuring BIND 10
Another change in the release candidate has removed the default root/bind10 management user (this is the default set of credentials we used to log into bindctl previously):
|
1 2 3 4 5 6 |
580. [func]* muks There is no longer a default user account. The old default account with username 'root' has been removed. In a fresh installation of BIND 10, the administrator has to configure a user account using the b10-cmdctl-usermgr program. (Trac #2641, git 54e8f4061f92c2f9e5b8564240937515efa6d934) |
Therefore, I created an administrative user with b10-cmdctl-usermgr as follows:
|
1 2 3 4 5 6 7 8 9 |
# cd /usr/local/bind10/etc/bind10 # /usr/local/bind10/sbin/b10-cmdctl-usermgr Desired Login Name:toki Choose a password: Re-enter password: create new account successfully! continue to create new account by input 'y' or 'Y': |
Next, I copied b10-config.db and zone.sqlite3 across from my previous 1.0.0-beta installation to my new 1.0.0-rc installation:
|
1 |
# cp -p /usr/local/bind10-1.0.0-beta/var/bind10/{b10-config.db,zone.sqlite3} /usr/local/bind10-1.0.0-rc/var/bind10 |
Testing the Upgrade
After starting BIND 10 on the both nodes, I am happy to report that things appear to be working as they should. Checking the logs, you’ll hopefully see something along the following lines:
|
1 2 3 |
2013-02-15 18:00:59.296 INFO [b10-cfgmgr.cfgmgr/48144] CFGMGR_AUTOMATIC_CONFIG_DATABASE_UPDATE Updating configuration database from version 2 to 3 ... 2013-02-15 18:01:01.633 WARN [b10-auth.datasrc/49031] DATASRC_SQLITE_COMPATIBLE_VERSION database schema V2.1 not up to date (expecting V2.2) but is compatible |
So - our configuration has been successfully updated, and our SQLite database, whilst running schema version 2.1, is compatible with the current schema - 2.2.
Connecting via bindctl yielded the following message upon first connect:
|
1 2 3 4 5 6 |
# /usr/local/bind10/bin/bindctl No stored password file found, please see sections "Configuration specification for b10-cmdctl" and "bindctl command-line options" of the BIND 10 guide. Username: toki Password: ["login success "] > |
The file was created after first successful login using the new account. It’s worth noting that this file (stored in ~/.bind10/user_default.csv) contains a username,password pair - with the password in CLEAR TEXT.
Next, I tested adding a record via nsupdate. Notifies were sent from the master, and the transfer logged …
|
1 2 3 |
2013-02-15 18:16:00.730 INFO [b10-xfrout.notify_out/49065] NOTIFY_OUT_SENDING_NOTIFY sending notify to 172.16.18.172#53 2013-02-15 18:16:00.741 INFO [b10-xfrout.xfrout/49065] XFROUT_XFR_TRANSFER_STARTED AXFR client 172.16.18.172:38177: transfer of zone example.com/IN has started 2013-02-15 18:16:00.743 INFO [b10-xfrout.xfrout/49065] XFROUT_XFR_TRANSFER_DONE AXFR client 172.16.18.172:38177: transfer of example.com/IN complete |
… whilst on the slave, we see
|
1 2 3 |
2013-02-15 18:16:00.724 INFO [b10-xfrin.xfrin/48146] XFRIN_XFR_TRANSFER_STARTED AXFR transfer of zone example.com/IN started 2013-02-15 18:16:00.743 WARN [b10-xfrin.datasrc/48146] DATASRC_SQLITE_COMPATIBLE_VERSION database schema V2.1 not up to date (expecting V2.2) but is compatible 2013-02-15 18:16:00.769 INFO [b10-xfrin.xfrin/48146] XFRIN_TRANSFER_SUCCESS full AXFR transfer of zone example.com/IN succeeded (messages: 1, records: 17, bytes: 508, run time: 0.058 seconds, 8757 bytes/second) |
With software as complex and immature as BIND 10, the upgrade process is thankfully rather painless.
Database Compatibility
As you can see, BIND 10 complains on start up that the database has an older version of the schema (although it will still work):
|
1 |
2013-02-15 18:16:00.743 WARN [b10-xfrin.datasrc/48146] DATASRC_SQLITE_COMPATIBLE_VERSION database schema V2.1 not up to date (expecting V2.2) but is compatible |
This is due to:
|
1 2 3 4 5 6 |
577. [func] muks Added an SQLite3 index on records(rname, rdtype). This decreases insert performance by ~28% and adds about ~20% to the file size, but increases zone iteration performance. As it introduces a new index, a database upgrade would be required. (Trac #1756, git 9b3c959af13111af1fa248c5010aa33ee7e307ee) |
We should be able to fix this with b10-dbutil. First, shutdown both instances via bindctl - remembering that it’s no longer the Boss that we shutdown:
|
1 |
> Init shutdown |
Once both instances are shutdown, run b10-dbutil to upgrade the SQlite3 database - AFTER BACKING UP YOUR DATABASE FIRST:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# cd /usr/local/bind10/var/bind10 # cp -p zone.sqlite3 zone.sqlite3-bak # /usr/local/bind10/bin/b10-dbutil --upgrade /usr/local/bind10/var/bind10/zone.sqlite3 2013-02-15 18:28:15.443 INFO [b10-dbutil.dbutil/48270] DBUTIL_FILE Database file: /usr/local/bind10/var/bind10/zone.sqlite3 You have selected the upgrade option. This will upgrade the schema of the selected BIND 10 zone database to the latest version. The utility will take a copy of the zone database file before executing so, in the event of a problem, you will be able to restore the zone database from the backup. To ensure that the integrity of this backup, please ensure that BIND 10 is not running before continuing. Enter 'Yes' to proceed with the upgrade, 'No' to exit the program: Yes 2013-02-15 18:28:17.914 INFO [b10-dbutil.dbutil/48270] DBUTIL_BACKUP created backup of /usr/local/bind10/var/bind10/zone.sqlite3 in /usr/local/bind10/var/bind10/zone.sqlite3.backup 2013-02-15 18:28:17.916 INFO [b10-dbutil.dbutil/48270] DBUTIL_UPGRADING upgrading database from V2.1 to V2.2 2013-02-15 18:28:17.922 INFO [b10-dbutil.dbutil/48270] DBUTIL_UPGRADE_SUCCESFUL database upgrade successfully completed |
Start BIND 10 once again, and check that all is well. For me - it was 
|
1 2 3 4 5 6 7 8 9 10 |
# nsupdate > server localhost > key example.com.key xxxxxxxxxxxxxxxxxxxxx > update add newtest.example.com 86400 A 6.5.4.3 > send > quit # dig A newtest.example.com +short @ns1.example.com 6.5.4.3 # dig A newtest.example.com +short @ns2.example.com 6.5.4.3 |
Conclusion
This article has briefly discussed three of the major changes introduced between BIND 10 1.0.0-beta and BIND 10 1.0.0-rc, and has also shown how to upgrade to the latest release from the beta.
Any questions or comments, please let me know.
Just a quick note about the database upgrade.
We don’t upgrade the database automatically, because with a very large database this could take quite a while. We want to avoid the situation where an administrator goes to upgrade BIND 10 and then has to wait 30 minutes or even a couple of hours while their SQL database changes the schema and rebuilds indexes. So database upgrades are done manually, although we do give as much information in the logs as we can.
Thanks for the blog articles!
Thanks Shane. I agree that a manual update is definitely preferable - and was pleased to see that BIND 10 was happy to operate with the older version of the schema until the update was applied.
I’ll keep digging into BIND 10 over the coming weeks - I want to check out the DHCP side of things next.
Cheers,
Toki