Thanks all to the speedy responses (as usual for this group):
"Michael Matthews" <MichaelMatthews_at_worldnet.att.net>
Paul A Sand <pas_at_unh.edu>
Stuart McKenzie <managers_at_mannet.mcb.net>
"Allen, Mark R (PBD)" <Mark.Allen_at_pbdir.com>
Jim Williams <jim.williams_at_mail.alaska.edu>
Caine the Wanderer <ctflist_at_jane.penn.com>
Niels Kokholm <kokholm_at_math.ku.dk>
> 1) The BIND software currently on the system is the software that comes
> with DU. I have downloaded and installed BIND 8.1.2 into /usr/local/bind.
> I have run the named-bootconf.pl script to convert named.boot to
> named.conf. Do I now simply stop the old named and run the new one? Do
> any other files need to be converted? Does the new named need any options
> at start? Can you provide a sample start/stop script for BIND 8.1.2 for
> /sbin/init.d?
If you use the default settings, the binaries will replace the current
ones. So you can just change the /sbin/init.d/named script to point to the
new named binary. However, I wanted to test the new version before
removing the old, so I put the new version binaries and support files in
/usr/local/bind.
The current named script in /sbin/init.d could be used with a few minor
adjustmensts. Use rcmgr to set a new BIND_SERVERARGS in /etc/rc.config,
for example:
BIND_SERVERARGS="-b /usr/local/bind/named.conf"
And then change two occurrences of /sbin/named to /usr/local/bind/sbin/named
in /sbin/init.d/named.
There is a start/stop script in the distribution called ndc. I decided to
use it. I had to modify it to have the correct paths for named, as I did
not use the default settings. Stop the old name service
(/sbin/init.d/named stop) and run the new one (ndc start). You should also
change the named settings in /etc/rc.config to avoid starting named with
the old /sbin/init.d/named script.
> 2) I am also considering upgrading to the lastest sendmail (8.9.0). I do
> not run sendmail in daemon mode on this system (no smtp connections). But
> users of the system can use sendmail to send mail out. How important
> (security wise) is it to upgrade sendmail if it is not being run in daemon
> mode?
There are security implications, even when not running sendmail in daemon
mode. So, the upgrade is advisable unless you trust your users (which I
don't).
Ellen Davis
Ellen.Davis_at_uc.edu
Received on Mon Jun 01 1998 - 16:38:40 NZST