2. Installation¶
2.1. Hardware Requirements¶
Loop is packaged for a set of supported operating system platforms (see Supported Platforms). Any machine (real or virtual) with one of these platforms can be used to run Loop.
DNS hardware requirements have traditionally been quite modest. For many installations, servers that have been pensioned off from active duty can perform admirably as DNS servers. For serving a handful of static zones with low traffic, even low-performance machines may be sufficient. If the server's operational duties are larger, then a suitably performant machine can be selected.
Loop's nameserver is multi-threaded, allowing utilization of multiprocessor systems for installations that need it.
The memory of the server has to be large enough to fit the cache and zones loaded off disk. The max-cache-size option of named.conf(5) can be used to limit the amount of memory used by the cache, at the expense of reducing cache hit rates and causing more DNS traffic. It is still good practice to have enough memory to load all zone and cache data into memory --- the best way to determine this for a given installation is to watch the nameserver in operation. After a few weeks the nameserver process should reach a relatively stable size where entries are expiring from the cache as fast as they are being inserted.
We aren't able to recommend specifications in this document as it would be outdated quickly. It is best to profile the usage patterns and prepare a hardware configuration accordingly.
Error
TODO: Add a link to Loop support for help with hardware configuration.
Error
TODO: Add a link to a tuning section.
2.2. Supported Platforms¶
Loop is written to run on POSIX operating systems. The following platforms are supported by this release of Loop:
Red Hat Enterprise Linux 8 (x86_64)
Red Hat Enterprise Linux 8 (aarch64)
Red Hat Enterprise Linux 9 (x86_64)
Red Hat Enterprise Linux 9 (aarch64)
Fedora 40 (x86_64)
Fedora 40 (aarch64)
Fedora 41 (x86_64)
Fedora 41 (aarch64)
Users of AlmaLinux, Rocky Linux, and Oracle Linux distributions may use the packages for the corresponding Red Hat Enterprise Linux version. Packages for current versions of FreeBSD, Debian, and Ubuntu will be added in the future.
Installation instructions will be available soon. For now, if you know how to install RPMs using dnf, please look at: https://download.banu.com/packages/loop/1.99/
E.g., to install Loop on Red Hat Enterprise Linux 9 (x86_64), you may
run the following commands as the root
user:
# dnf install https://download.banu.com/packages/loop/1.99/epel/9/x86_64/loop-release-1.99.1.20250102162327.d6e6dd4b1f-1.el9.noarch.rpm
# dnf install loop
# dnf update
Note
For information about Loop's version numbering, see Loop version numbering scheme. For information about Loop's branches and EOL dates, see Loop branches.
2.2.1. Problems with SELinux¶
On some distributions that have SELinux enabled, you may notice errors when running the named service such as:
Aug 10 07:59:06 rpi3 audit[14591]: AVC avc: denied { create } for pid=14591 comm="loop-worker-0" name="tmp-dW3tOeMfdD" scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
Aug 10 07:59:06 rpi3 audit[14591]: AVC avc: denied { read write open } for pid=14591 comm="loop-worker-0" path="/var/lib/loop/tmp-dW3tOeMfdD" dev="mmcblk0p3" ino=258270 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
Aug 10 07:59:07 rpi3 audit[14591]: AVC avc: denied { rename } for pid=14591 comm="loop-worker-0" name="tmp-dW3tOeMfdD" dev="mmcblk0p3" ino=258270 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
Aug 10 07:59:07 rpi3 audit[14591]: AVC avc: denied { unlink } for pid=14591 comm="loop-worker-0" name="managed-keys.loop" dev="mmcblk0p3" ino=258227 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
These errors occur because SELinux, when using the targeted policy,
runs the program with path /usr/sbin/named
confined in the
named_t security context. It limits the directories where the
named process can write to. This can be verified by running
the command:
$ ps axZ | grep named
system_u:system_r:named_t:s0 14591 ? Ssl 0:01 /usr/sbin/named -u loop
The Loop package doesn't (and shouldn't) do anything to solve this issue
automatically as it would be a hack. The SELinux policies for programs
such as /usr/sbin/named
are installed by a different package
called selinux-policy-targeted, and are not handled by the Loop
package.
You can workaround this issue by either configuring SELinux to run in permissive mode, or by editing the targeted policy to remove the Loop programs from it.
We will rename named to loopd in a future build upon which this issue should not occur anymore.
2.3. Upgrading¶
TBD.