Freeware BIND/iX for HP e3000 MPE
Freeware DNS server and clients for MPE
Last updated February 4, 2001 @ 2300 UTC
- What's New
- System Requirements
- What is BIND and why should I care?
- How to Obtain BIND/iX
- The New bixby.org Freeware Distribution Architecture
- Distribution Highlights
- How to Compile BIND
- How to Run BIND
- MPE/iX Implementation Considerations
- Known Bugs Under Investigation
- To-Do List
- Change History
This is the official home page for the HP e3000 MPE/iX port of the
ISC BIND DNS server . Check here for the latest news, implemented functionality,
known bugs, to-do list, etc. Status reports about major milestones will
also be posted to the
HP3000-L mailing list and its associated gatewayed newsgroup
- February 4, 2001
- Upgraded to the official 8.2.3 production release which plugs a number
of security holes (http://www.cert.org/advisories/CA-2001-02.html).
While these security holes are quite serious on Unix platforms, they are
less serious on MPE and most likely will only result in denial-of-service
attacks against the NAMED server daemon if the daemon is exposed to the
- The minor modifications required to get 8.2.3 running on MPE will be submitted
back to the official BIND developers for inclusion into a subsequent release
- For improved MPE security, freeware BIND/iX JNAMED runs as the non-PM user
- A new bixby.org freeware distribution architecture makes its debut with
BIND/iX 8.2.3. Even if you don't care about BIND, you should still
read the details on this web page because this new architecture will be
used for future distributions of other bixby.org software and perhaps also
for HP CSY Internet & Interoperability products.
- This release now installs into the BINDFW account in order to not conflict
with the HP-supplied software in the BIND account.
- November 15, 1999
- Upgraded to the official 8.2.2-P5 production release which compiles "straight
out of the box" on MPE. This version addresses the following issues:
- Bug in named-xfer (from patchlevel 4).
- Portability to IPv6 versions of FreeBSD, OpenBSD, NetBSD.
- Portability improvements (A/UX, AIX, IRIX, NetBSD, SCO, MPE/IX, NT).
- "also-notify" option could cause memory allocation errors.
- IXFR improvements (though client-side is still disabled).
- Contributed software upgraded (including TIS's "dns_signer").
- Several latent denial-of-service bugs fixed (from audits, not abuse).
- New "make noesw" top-level target for removing encumbered components.
- November 11, 1999
- Upgraded to the official 8.2.2p3 production release (plus Patch 4) which
compiles "straight out of the box" on MPE. This version fixes the
vulnerabilities documented in
CERT Advisory CA-99-14.
- The sample configuration files in /BIND/PUB/etc have all been renamed to
xxx-sample in order to avoid stomping on existing files if you're upgrading
from a previous release of BIND/iX.
- Man pages are now supplied in /BIND/PUB/man. You'll need to add /BIND/PUB/man
to the MANPATH environment variable if you want the man command to be able
to find the BIND/iX man pages.
- The INSTALL script has been enhanced to work around a number of tar bugs
that could complicate upgrading a previous version of BIND/iX..
I did this port because it is the foundation for other important packages
such as sendmail.
Please send your comments, questions, and bug reports directly to me,
Mark Bixby, by e-mailing to firstname.lastname@example.org.
Or just post them to HP3000-L.
The platform I'm using to do this port is an HP 3000 957RX running MPE/iX
6.0 and using the GNU
gcc C compiler.
I would like to extend my sincere thanks to HP CSY for providing me
with the resources and encouragement to do this port.
Please note that HP now bundles BIND/iX with MPE/iX 6.0 or later.
The version of BIND/iX currently shipping with MPE/iX 6.0 is 8.1.1.
HP provides official support for the bundled version of BIND/iX only and
will properly disavow any knowledge of the unsupported freeware version
you're reading about on this web page.
BIND is the most commonly used DNS server on the Internet. BIND makes your
domain names visible to the Internet, as well as handling client requests
to resolve domain names other than your own. A nice suite of command-line
utility programs is available for interrogating and debugging DNS servers,
and a client library and associated C header files are also included for
writing your own programs that need to look up DNS information.
- Requires MPE/iX 5.5 or later.
- Requires Syslog/iX
(or the Syslog/iX that comes bundled with MPE/iX 6.0 or later).
Prior to BIND/iX, an HP e3000 shop had to rely on some other machine
to host their organization DNS information. Now you can host it locally
on your HP e3000.
BIND/iX was intially ported from BIND 8.1 released in May 1997.
- Obtain and install Syslog/iX if you haven't
already done so, or use the Syslog/iX that comes bundled with MPE/iX 6.0
- Download BIND using either FTP.ARPA.SYS or some other client
- Extract the installation script
- Edit the installation script
- Run the installation script
Download BIND using FTP.ARPA.SYS from your HP e3000 (the preferred method).....
get bind-8.2.3-mpe.tar.Z /tmp/bind.tar.Z
.....Or download using some other generic web or ftp client (the alternate method)
Download the following files (make sure that you use "binary mode" or whatever
client feature that is 8-bit clean):
Upload those files to your HP 3000 in an 8-bit clean bytestream manner
Then extract the installation script (after both download methods)
:XEQ TAR.HPBIN.SYS 'xvfopz /tmp/bind.tar.Z INSTALL'
Edit the installation script
Examine the accounting structure creation commands and modify if necessary
(adding additional capabilities, choosing a non-system volume set, etc).
:XEQ VI.HPBIN.SYS /tmp/INSTALL
Run the installation script
The BINDFW accounting structure will be created and then all files will
be extracted from the archive.
:XEQ SH.HPBIN.SYS /tmp/INSTALL
The Old Scheme
An MPE account and a PUB group would be created if they did not already
exist; existing objects will have their attributes altered. All files
in the tar archive would be extract below this PUB group.
Users would need to customize various files such as job streams and
configuration files residing in the same directories as unmodified bixby.org
files. Segregating your own local modifications was sometimes difficult.
New releases would overlay the files from previous releases. If
you had a problem and wanted to revert back to the previous version of
the software, you would have to restore the entire account.
The New Scheme
An MPE account, a PUB group, and a version-specific group Vvvuuffp (version,
update, fix, patchlevel) are created if they do not already exist; existing
objects will have their attributes altered. All files in the tar
archive will be extracted below the version-specific group.
The installation script will create a current version symlink named
CURRENT that points to the active version-specific group, i.e.:
ln -s Vvvuuffp CURRENT
Next, the installation script will create possibly multiple symlinks below
the PUB group that point indirectly via the CURRENT symlink into the version-specific
ln -s ../CURRENT/bin bin
These indirect symlinks allow old-scheme filename references to continue
to work, and should always be used when referring to objects in the version-specific
group in order to permit easy upgrading or backdating. For example,
instead of referring to /ACCOUNT/Vvvuuffp/bin/someprogram, use /ACCOUNT/PUB/bin/someprogram.
When you upgrade or backdate, the symlink-based filenames will point to
files of the proper version as determined by the single CURRENT symlink.
The installation script is conservative when creating symlinks.
If the intended name already exists as a symlink, the old symlink is removed,
and the new symlink is created. If the intended name already exists
as a non-symlink, the old object is renamed with a .bak extension, and
the new symlink is created.
Finally, the installation script will create various files and directories
below the PUB group that are intended for user customization. You
should only modify or add files below the PUB group, and NEVER below the
version-specific group! The version-specific group is intended to
contain only unmodified files and directories as distributed by bixby.org.
The PUB group is the proper place for user-customizations.
If you are performing an upgrade, the previous version-specific group
IS NOT PURGED. If you encounter problems with the new version and
want to backdate, simply purge the CURRENT symlink and recreate it so that
it points to the previous version-specific group. If you are satisified
with the new version, you will want to manually do a :PURGEGROUP on the
previous version-specific group to remove it from your machine.
Key Benefits of the New Scheme
Please let me know what you think about this new scheme because I plan
to use it for other bixby.org software releases. If this scheme is
well-received, it may even show up in HP CSY Internet & Interoperability
- Multiple versions can exist on the same machine in the same account,
allowing for worry-free upgrading and backdating.
- User-customized data is kept segregated in the PUB group away from the
bixby.org data in the version-specific group.
- The MPE account for the freeware version of BIND/iX.
- Symlink pointing to the V0802030/ version-specific group.
- MPE group containing user-customizable stuff.
- Symlink to ../CURRENT/NAMED.
- Symlink to ../CURRENT/bin/.
- Directory to contain your customized configuration and zone files.
- Symlink to ../CURRENT/include/.
- Symlink to ../CURRENT/lib/.
- Symlink to ../CURRENT/man/.
- Symlink to ../CURRENT/doc/html/. If you have Apache running and configured
to allow user directories and symlinks, you can access this documentation
by browsing to http://your.host.name/~MGR.BINDFW/.
- Symlink to ../CURRENT/sbin/.
- MPE group containing files and directories distributed by bixby.org.
DO NOT MODIFY ANYTHING IN THIS DIRECTORY TREE!
- the one-time installation script you ran above
- Sample job stream for starting the NAMED server daemon.
- The server binary linked with CAP=PM.
- what you're reading now
- User clients such as nslookup, etc.
- Contributed odds and ends. Completely untried on MPE.
- Massive quantities of documentation. Some current, some outdated.
- Current documentation about the new config file format.
- Current man page source files.
- Sample configuration and zone files. You must copy these to /BINDFW/PUB/etc
and perform various customizations.
- The main configuration file. You *MUST* copy this to
/BINDFW/PUB/etc/named.conf and then edit before running the server.
- Various zone files. You *MUST* copy these files to /BINDFW/PUB/etc
and then edit before running the server.
- Compile-time header files required if you're calling the BIND resolver
library. Specify -I/BINDFW/PUB/include on your compiles.
- The BIND resolver library. Specify -L/BINDFW/PUB/lib -lbind on your
- Man page documentation, suitable for adding to your MANPATH environment
variable via /BINDFW/PUB/man.
- Various scripts used to build BIND/iX from source on MPE.
- "System" binaries. Ignore the named that lives here. The named-xfer that
lives here is the right one.
- Source tree.
- :HELLO MGR.BINDFW,V0802030
- :XEQ SH.HPBIN.SYS -L
- cd /BINDFW/CURRENT/src-mpe
- make depend
- take a short coffee break
- take a long coffee break
- make install
- Execute /BINDFW/CURRENT/mpebin/relink to move /BINDFW/CURRENT/sbin/named
to /BINDFW/CURRENT/NAMED and relink with CAP=PM.
There some minor functionality issues to be aware of when comparing BIND
for Unix (BIND/UX) to BIND/iX:
- :STREAM JSYSLOGD.PUB.SYSLOG
- Copy /BINDFW/CURRENT/etc/*-sample to /BINDFW/PUB/etc and customize for
your own environment.
- Copy /BINDFW/CURRENT/JNAMED.sample to /BINDFW/PUB/JNAMED and customize
for your own environment.
- Add your server's IP address as the first nameserver entry in /etc/resolv.conf
for all MPE and HPUX hosts that you wish to use this server for resolution
queries. On MPE hosts, make sure that /etc/resolv.conf is actually a symlink
pointing to the real data at RESLVCNF.NET.SYS. Also modify any PC and/or
Mac DNS configurations.
- :STREAM JNAMED.PUB.BINDFW
- Stop BIND either by :ABORTJOB or "/BINDFW/PUB/sbin/ndc -p /BINDFW/PUB/etc/named.pid
- BIND/UX must be run as root to bind to ports 53. BIND/iX must call GETPRIVMODE()
to bind to port 53, and thus requires PM capability on NAMED.
- The IRS library functions to manipulate /etc/passwd and /etc/group are
unavailable because MPE lacks /etc/passwd and /etc/group.
- The NAMED -u and -g options to change the user and group identity that
NAMED runs as are not supported on MPE. Edit JNAMED and alter the
JOB statement instead.
- The NAMED -t option is not functional on MPE because MPE lacks chroot().
- September 17, 1999
- Migrated from cccd.edu to bixby.org.
- July 1, 1999
- Upgraded to the official 8.2.1 production release which compiles "straight
out of the box" on MPE. Please note that I never released the 8.2
version due to a number of serious non-MPE bugs. A summary of the
changes since 8.1.2 from src/README:
- SECURITY NOTE:
- Solaris and other pre-4.4BSD kernels do not respect ownership or protections
on UNIX-domain sockets. This means that the default path for the NDC control
socket (/BIND/PUB/etc/ndc) is such that any user (root or other) on such
systems can issue any NDC command except "start" and "restart". The short
term fix for this is to override the default path and put such control
sockets into root- owned directories which do not permit non-root to r/w/x
through them. The medium term fix is for BIND to enforce this requirement
internally. The long term fix is for all kernels to upgrade to 4.4BSD semantics.
- BIND 8.2.1 Highlights
- Bug fixes, especially to DNSSEC, TSIG, IXFR, and selective forwarding.
- Portability improvements and lint removal.
- Use best SOA rather than first-better when selecting an AXFR master.
- $TTL now accepts symbolic time values (such as "$TTL 1h30m").
- "ndc reload" now accepts a zone argument, for single-zone reloads.
- ndc is better behaved; is verbose or quiet when appropriate.
- event and error reporting improvements.
- BIND 8.2 Highlights
- RFC 2308 (Negative Caching)
- RFC 2181 (DNS Clarifications)
- RFC 2065 (DNS Security)
- TSIG (Transaction SIGnatures)
- support for multiple virtual name servers
- NDC uses a "control channel" now (no more signals)
- "Split DNS" via zone type "forward".
- Many bug fixes
- Documentation improvements
- Performance enhancements
- Tar is now used instead of MOVER to package the BIND/iX distribution.
DEATH TO MOVER IN ALL OF ITS EVIL INCARNATIONS!!!
- May 14, 1998
- Upgraded to the official 8.1.2 production release which includes the MPE
port and thus will compile "straight out of the box" on MPE.
- April 9, 1998
- Upgraded to 8.1.2-T3B. While this is technically a beta release,
it is a production candidate, and I've been running 8.1.2 internally for
a couple of months now without any problems. This release fixes a
number of security bugs, so if you're running something earlier, you want
to install 8.1.2-T3B (or else wait a week or two for the production release
- The MPE port has finally been incorporated into the official BIND source
distribution. 8.1.2-T3B will compile "straight out of the box" on
- March 23, 1998
- Minor web page typo corrected for /etc/resolv.conf.
- March 12, 1998
- Fixed a bug in the INSTALL script where it was unconditionally using /TELESUP/PRVXL/MOVER
to extract the archive. Now INSTALL will first try to use /tmp/mover55,
and if that doesn't exist as an executable, then /TELESUP/PRVXL/MOVER will
- HP announces support for BIND DNS/iX; beta testers wanted. See below.
- March 8, 1998
- Repackaged the distribution using my new standard installer script.
- January 8, 1998
- The previous release accidently contained an older version of BIND.
This new fixer release contains the latest & greatest BIND 8.1.1.
- December 31, 1997
- Cleaned up various files in port/mpe/include to reflect compiling with
a newer, cleaner GNU environment.
- Now compiled with -O instead of -g, resulting in much smaller binaries.
- Added files to /BIND/PUB/include to permit compiling external programs
such as sendmail against -I/BIND/PUB/include and then linking with -L/BIND/PUB/lib
- October 3, 1997
- Updated the BIND/iX home page gcc compiler link to point to the Interex
Freeware tape. Added the System Requirements section.
- June 27, 1997
- Updated to the 8.1.1-REL production release which includes various fixes
and enhancements. A particularly evil security bug has been fixed
which will prevent malicious sites from corrupting your cache with bogus
- An MPE-only workaround has been implemented in res_send() so that connect()-ing
to a datagram socket (which is not supported by MPE) is no longer attempted.
- Dynamic Update has been tested and works if an external machine is trying
to update BIND/iX; see Known Bugs.
- MPE's recvfrom() still returns 127.0.0.1 for packets received from the
local host; see the Known Bugs section below for a
long explanation of the ramifications. Despite this issue, BIND/iX should
be usable in a production environment as long as you follow good DNS practices
by always mirroring your data to one or more secondary name servers.
- June 12, 1997
- Updated to the 8.1.1-T2B public beta release which includes various fixes
and enhancements. No new MPE-only changes.
- The MPE diffs have been submitted to the BIND developers, but there wasn't
time to include them in the official T2B source distribution.
- June 6, 1997
- Updated to 8.1.1-T1A (a set of patches only made available to official
bind-workers and applied on top of the 8.1 general public release).
For details see src-mpe/CHANGES. Includes a fixed bin/dnsquery, new
configuration options, bin/ndc relocated to sbin/ndc, and various bug fixes.
- Compiles with no integer pointer cast warnings.
- May 28, 1997
- Internal "#ifdef MPE" source cleanup.
- Wrote an mpe_bind() stub that zeros out the IP address and calls
GETPRIVMODE()/GETUSERMODE() if the port is less than 1024.
- Fixed a problem in the lib/irs routines (i.e. gethostbyname() etc.) that
prevented fall-back to flat files (/etc/hosts etc.) if DNS is unable to
locate the requested information. The MPE port code was doing a global "#define
fcntl sfcntl" because sockets require sfcntl(). The stuff in lib/irs needs
to fcntl() against flat files, so I had to "#undef fcntl" for lib/irs only.
DIE, sfcntl(), DIE!
- May 23, 1997
- Initial public release. Use at your own risk!
- April 1997
Hosted by 3kRanger.com