If you have enabled SELinux and the package uses selinux policy to
restrict file access of named, I think named-chroot is not necessary. It
just complicates the usage and maintenance. But I think packages of ISC
do not have similar SELinux protection as Red Hat supported bind or
bind9.16 packages. ISC packages to not offer chroot helpers either. You
would have to prepare it yourself.
On 4/13/23 18:17, David Carvalho via bind-users wrote:
Hello and thank you for the reply.
I can confirm my current dns servers have already EPEL repo enabled and
jemalloc package is available.
I'll setup my test machine accordingly to be able to install BIND 9.18. Will it
also provide named-chroot (is it really necessary?)
Thanks!
David
-----Original Message-----
From: Anand Buddhdev <ana...@ripe.net>
Sent: 13 April 2023 16:48
To: David Carvalho <da...@di.ubi.pt>
Cc: 'Bind Users Mailing List' <bind-users@lists.isc.org>
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires isc-bind-bind, but none
of the providers can be installed
- package isc-bind-bind-9.18.13-1.1.el8.x86_64 requires
libbind9-9.18.13.so()(64bit), but none of the providers can be installed
- package isc-bind-bind-9.18.13-1.1.el8.x86_64 requires
libdns-9.18.13.so()(64bit), but none of the providers can be installed
- package isc-bind-bind-9.18.13-1.1.el8.x86_64 requires
libisc-9.18.13.so()(64bit), but none of the providers can be installed
- package isc-bind-bind-9.18.13-1.1.el8.x86_64 requires
libisccc-9.18.13.so()(64bit), but none of the providers can be installed
- package isc-bind-bind-9.18.13-1.1.el8.x86_64 requires
libisccfg-9.18.13.so()(64bit), but none of the providers can be installed
- package isc-bind-bind-9.18.13-1.1.el8.x86_64 requires
libns-9.18.13.so()(64bit), but none of the providers can be installed
- package isc-bind-bind-9.18.13-1.1.el8.x86_64 requires isc-bind-bind-libs
= 9.18.13, but none of the providers can be installed
- conflicting requests
- nothing provides libjemalloc.so.2()(64bit) needed by
isc-bind-bind-libs-9.18.13-1.1.el8.x86_64
(try to add '--skip-broken' to skip uninstallable packages or
'--nobest' to use not only best candidate packages)
BIND 9.18 and newer require jemalloc, but this package isn't part of Redhat
base. You also need to enable the EPEL repository for this.
I think it is not required by all 9.18 builds. It is recommended, but
can be omitted. It has to be configured at the build time however.
configure --without-jemalloc is still supported. It is still possible to
build even 9.18 without jemalloc.
With Oracle Linux, there are 2 different EPELs available. Oracle's own rebuild
of EPEL packages, and the Fedora EPEL. My personal preference is the Fedora
EPEL repo, which you can install with:
dnf -y install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Then you should be able to install the ISC BIND packages.
Regards,
Anand
Interesting. I did not know Oracle rebuilds also EPEL packages. Are they
also 100% compatible rebuilds like RHEL packages? Do they at least
document how to contribute to EPEL anywhere?
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
