2. Installation

2.1. Hardware Requirements

Loop is packaged for a set of supported operating system platforms (see Supported Platforms). Any machine (real or virtual) with one of these platforms can be used to run Loop.

DNS hardware requirements have traditionally been quite modest. For many installations, servers that have been pensioned off from active duty can perform admirably as DNS servers. For serving a handful of static zones with low traffic, even low-performance machines may be sufficient. If the server's operational duties are larger, then a suitably performant machine can be selected.

Loop's nameserver is multi-threaded, allowing utilization of multiprocessor systems for installations that need it.

The memory of the server has to be large enough to fit the cache and zones loaded off disk. The max-cache-size option of named.conf(5) can be used to limit the amount of memory used by the cache, at the expense of reducing cache hit rates and causing more DNS traffic. It is still good practice to have enough memory to load all zone and cache data into memory --- the best way to determine this for a given installation is to watch the nameserver in operation. After a few weeks the nameserver process should reach a relatively stable size where entries are expiring from the cache as fast as they are being inserted.

We aren't able to recommend specifications in this document as it would be outdated quickly. It is best to profile the usage patterns and prepare a hardware configuration accordingly.

Error

TODO: Add a link to Loop support for help with hardware configuration.

Error

TODO: Add a link to a tuning section.

2.2. Supported Platforms

Loop is written to run on POSIX operating systems. The following platforms are supported by this release of Loop:

  • Red Hat Enterprise Linux 8 (x86_64)

  • Red Hat Enterprise Linux 8 (aarch64)

  • Red Hat Enterprise Linux 9 (x86_64)

  • Red Hat Enterprise Linux 9 (aarch64)

  • Fedora 40 (x86_64)

  • Fedora 40 (aarch64)

  • Fedora 41 (x86_64)

  • Fedora 41 (aarch64)

Users of AlmaLinux, Rocky Linux, and Oracle Linux distributions may use the packages for the corresponding Red Hat Enterprise Linux version. Packages for current versions of FreeBSD, Debian, and Ubuntu will be added in the future.

Installation instructions will be available soon. For now, if you know how to install RPMs using dnf, please look at: https://download.banu.com/packages/loop/1.99/

E.g., to install Loop on Red Hat Enterprise Linux 9 (x86_64), you may run the following commands as the root user:

# dnf install https://download.banu.com/packages/loop/1.99/epel/9/x86_64/loop-release-1.99.1.20250102162327.d6e6dd4b1f-1.el9.noarch.rpm
# dnf install loop
# dnf update

Note

For information about Loop's version numbering, see Loop version numbering scheme. For information about Loop's branches and EOL dates, see Loop branches.

2.2.1. Problems with SELinux

On some distributions that have SELinux enabled, you may notice errors when running the named service such as:

Aug 10 07:59:06 rpi3 audit[14591]: AVC avc:  denied  { create } for  pid=14591 comm="loop-worker-0" name="tmp-dW3tOeMfdD" scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
Aug 10 07:59:06 rpi3 audit[14591]: AVC avc:  denied  { read write open } for  pid=14591 comm="loop-worker-0" path="/var/lib/loop/tmp-dW3tOeMfdD" dev="mmcblk0p3" ino=258270 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
Aug 10 07:59:07 rpi3 audit[14591]: AVC avc:  denied  { rename } for  pid=14591 comm="loop-worker-0" name="tmp-dW3tOeMfdD" dev="mmcblk0p3" ino=258270 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
Aug 10 07:59:07 rpi3 audit[14591]: AVC avc:  denied  { unlink } for  pid=14591 comm="loop-worker-0" name="managed-keys.loop" dev="mmcblk0p3" ino=258227 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0

These errors occur because SELinux, when using the targeted policy, runs the program with path /usr/sbin/named confined in the named_t security context. It limits the directories where the named process can write to. This can be verified by running the command:

$ ps axZ | grep named
system_u:system_r:named_t:s0    14591 ?        Ssl    0:01 /usr/sbin/named -u loop

The Loop package doesn't (and shouldn't) do anything to solve this issue automatically as it would be a hack. The SELinux policies for programs such as /usr/sbin/named are installed by a different package called selinux-policy-targeted, and are not handled by the Loop package.

You can workaround this issue by either configuring SELinux to run in permissive mode, or by editing the targeted policy to remove the Loop programs from it.

We will rename named to loopd in a future build upon which this issue should not occur anymore.

2.3. Upgrading

TBD.