diff options
Diffstat (limited to 'extra/bind')
-rw-r--r-- | extra/bind/01-fix-forgotten-log.patch | 41 | ||||
-rw-r--r-- | extra/bind/127.0.0.zone | 11 | ||||
-rw-r--r-- | extra/bind/PKGBUILD | 87 | ||||
-rw-r--r-- | extra/bind/bind.install | 23 | ||||
-rw-r--r-- | extra/bind/localhost.zone | 10 | ||||
-rw-r--r-- | extra/bind/named.conf | 64 | ||||
-rw-r--r-- | extra/bind/named.logrotate | 6 | ||||
-rw-r--r-- | extra/bind/named.service | 11 | ||||
-rw-r--r-- | extra/bind/tmpfiles.d | 1 |
9 files changed, 254 insertions, 0 deletions
diff --git a/extra/bind/01-fix-forgotten-log.patch b/extra/bind/01-fix-forgotten-log.patch new file mode 100644 index 000000000..a9af283d5 --- /dev/null +++ b/extra/bind/01-fix-forgotten-log.patch @@ -0,0 +1,41 @@ +# https://lists.isc.org/pipermail/bind-users/2014-May/093124.html +From 73a2c0ec42c0915bde0275c81861f57645daf683 Mon Sep 17 00:00:00 2001 +From: Tony Finch <dot@dotat.at> +Date: Thu, 28 Nov 2013 17:23:57 +0000 +Subject: [PATCH] Disable XXXMPA verbose packet logging in EDNS fallback code. + +--- + lib/dns/resolver.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 11c805f..e50071e 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -7339,9 +7339,11 @@ resquery_response(isc_task_t *task, isc_event_t *event) { + sizeof(addrbuf)); + snprintf(buf, sizeof(buf), "received packet from %s " + "(bad edns):\n", addrbuf); ++/* + dns_message_logpacket(message, buf, + DNS_LOGCATEGORY_RESOLVER, DNS_LOGMODULE_RESOLVER, + ISC_LOG_NOTICE, fctx->res->mctx); ++*/ + dns_adb_changeflags(fctx->adb, query->addrinfo, + DNS_FETCHOPT_NOEDNS0, + DNS_FETCHOPT_NOEDNS0); +@@ -7369,9 +7371,11 @@ resquery_response(isc_task_t *task, isc_event_t *event) { + sizeof(addrbuf)); + snprintf(buf, sizeof(buf), "received packet from %s (no opt):\n", + addrbuf); ++/* + dns_message_logpacket(message, buf, + DNS_LOGCATEGORY_RESOLVER, DNS_LOGMODULE_RESOLVER, + ISC_LOG_NOTICE, fctx->res->mctx); ++*/ + dns_adb_changeflags(fctx->adb, query->addrinfo, + DNS_FETCHOPT_NOEDNS0, + DNS_FETCHOPT_NOEDNS0); +-- +1.9.1 + diff --git a/extra/bind/127.0.0.zone b/extra/bind/127.0.0.zone new file mode 100644 index 000000000..509c311f6 --- /dev/null +++ b/extra/bind/127.0.0.zone @@ -0,0 +1,11 @@ +$ORIGIN 0.0.127.in-addr.arpa. + +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS localhost. +1 1D IN PTR localhost. diff --git a/extra/bind/PKGBUILD b/extra/bind/PKGBUILD new file mode 100644 index 000000000..e2216d941 --- /dev/null +++ b/extra/bind/PKGBUILD @@ -0,0 +1,87 @@ +# $Id: PKGBUILD 113060 2014-06-12 10:51:06Z seblu $ +# Maintainer: Sébastien Luttringer +# Contributor: Gaetan Bisson <bisson@archlinux.org> +# Contributor: judd <jvinet@zeroflux.org> +# Contributor: Mario Vazquez <mario_vazq@hotmail.com> + +pkgname=bind +_pkgver=9.10.0-P2 +pkgver=${_pkgver//-/.} +pkgrel=1 +pkgdesc='The ISC BIND nameserver' +url='http://www.isc.org/software/bind/' +license=('custom:ISC') +arch=('i686' 'x86_64') +options=('!makeflags') +depends=('openssl' 'krb5' 'libxml2' 'libcap') +provides=('dns-server') +backup=('etc/logrotate.d/named' + 'etc/named.conf') +install=$pkgname.install +source=("http://ftp.isc.org/isc/bind9/${_pkgver}/bind-${_pkgver}.tar.gz"{,.asc} + '01-fix-forgotten-log.patch' + 'root.hint::http://www.internic.net/zones/named.root' + 'tmpfiles.d' + 'named.conf' + 'named.service' + 'named.logrotate' + 'localhost.zone' + '127.0.0.zone') +sha1sums=('c57b5825e36933119e9fd6f43e3f52262e7ff4ed' + 'SKIP' + '4d96c9b9ef0aebdad7e79c749536858a344779b5' + '029f89c49550c40ec7a95116b6a33f0e5a041094' + 'c5a2bcd9b0f009ae71f3a03fbdbe012196962a11' + 'c71a7fc02d4bf0d55e8e29d1e014607ac1d58726' + 'cb2e81b4cbf9efafb3e81e3752f0154e779cc7ec' + '3fe1f0b5c1a51dc1db9ebe5e173d18c52c97169b' + '76a0d4cd1b913db177a5a375bebc47e5956866ec' + '53be0f1437ebe595240d8dbdd819939582b97fb9') + +prepare() { + # remove dig to avoid conflict with dnsutils + sed -i 's/dig//' $pkgname-$_pkgver/bin/Makefile.in + # https://lists.isc.org/pipermail/bind-users/2014-May/093124.html + patch -p1 -d bind-$_pkgver < 01-fix-forgotten-log.patch +} + +build() { + cd bind-$_pkgver + # for gcc 4.8 rebuild + export CFLAGS="-march=${CARCH/_/-} -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --localstatedir=/var \ + --disable-static \ + --with-openssl \ + --with-libxml2 \ + --with-libtool + make +} + +package() { + cd "bind-$_pkgver" + + install -Dm644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + + make DESTDIR="$pkgdir" install + + rmdir "$pkgdir/var/run" + install -d "$pkgdir/usr/share/doc/$pkgname" + install doc/arm/*.html "$pkgdir/usr/share/doc/$pkgname" + + cd "$srcdir" + install -D -m644 tmpfiles.d "$pkgdir/usr/lib/tmpfiles.d/named.conf" + install -D -m644 named.service "$pkgdir/usr/lib/systemd/system/named.service" + install -D -m600 named.logrotate "$pkgdir/etc/logrotate.d/named" + install -D -m640 -o 0 -g 40 named.conf "$pkgdir/etc/named.conf" + + install -d -m770 -o 0 -g 40 "$pkgdir/var/named" + install -m640 -o 0 -g 40 root.hint "$pkgdir/var/named" + install -m640 -o 0 -g 40 127.0.0.zone "$pkgdir/var/named" + install -m640 -o 0 -g 40 localhost.zone "$pkgdir/var/named" +} + +# vim:set ts=2 sw=2 et: diff --git a/extra/bind/bind.install b/extra/bind/bind.install new file mode 100644 index 000000000..170042111 --- /dev/null +++ b/extra/bind/bind.install @@ -0,0 +1,23 @@ +post_install() { + getent group named &>/dev/null || groupadd -g 40 named + getent passwd named &>/dev/null || useradd -u 40 -c 'BIND DNS Server' -g named -d /var/named -s /bin/false named + passwd -l named &>/dev/null + + touch var/log/named.log + chown named:named var/log/named.log + + # create an rndc.key if it doesn't already exist + if [[ ! -s etc/rndc.key ]]; then + rndc-confgen -r /dev/urandom -b 256 | head -n 5 >>etc/rndc.key + chown root:named etc/rndc.key + chmod 640 etc/rndc.key + fi +} + +pre_remove() { + getent passwd named &>/dev/null && userdel named >/dev/null + getent group named &>/dev/null && groupdel named >/dev/null + return 0 +} + +# vim:set ts=2 sw=2 et: diff --git a/extra/bind/localhost.zone b/extra/bind/localhost.zone new file mode 100644 index 000000000..e3ff9641c --- /dev/null +++ b/extra/bind/localhost.zone @@ -0,0 +1,10 @@ +$ORIGIN localhost. +@ 1D IN SOA @ root ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS @ + 1D IN A 127.0.0.1 diff --git a/extra/bind/named.conf b/extra/bind/named.conf new file mode 100644 index 000000000..4aaf19a49 --- /dev/null +++ b/extra/bind/named.conf @@ -0,0 +1,64 @@ +// +// /etc/named.conf +// + +options { + directory "/var/named"; + pid-file "/run/named/named.pid"; + auth-nxdomain yes; + datasize default; +// Uncomment these to enable IPv6 connections support +// IPv4 will still work: +// listen-on-v6 { any; }; +// Add this for no IPv4: +// listen-on { none; }; + + // Default security settings. + allow-recursion { 127.0.0.1; }; + allow-transfer { none; }; + allow-update { none; }; + version none; + hostname none; + server-id none; +}; + +zone "localhost" IN { + type master; + file "localhost.zone"; + allow-transfer { any; }; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "127.0.0.zone"; + allow-transfer { any; }; +}; + +zone "." IN { + type hint; + file "root.hint"; +}; + +//zone "example.org" IN { +// type slave; +// file "example.zone"; +// masters { +// 192.168.1.100; +// }; +// allow-query { any; }; +// allow-transfer { any; }; +//}; + +logging { + channel xfer-log { + file "/var/log/named.log"; + print-category yes; + print-severity yes; + print-time yes; + severity info; + }; + category xfer-in { xfer-log; }; + category xfer-out { xfer-log; }; + category notify { xfer-log; }; +}; + diff --git a/extra/bind/named.logrotate b/extra/bind/named.logrotate new file mode 100644 index 000000000..5f9a47693 --- /dev/null +++ b/extra/bind/named.logrotate @@ -0,0 +1,6 @@ +/var/log/named.log { + missingok + postrotate + /bin/kill -HUP `cat /run/named/named.pid 2>/dev/null` 2>/dev/null || true + endscript +} diff --git a/extra/bind/named.service b/extra/bind/named.service new file mode 100644 index 000000000..1a7832edc --- /dev/null +++ b/extra/bind/named.service @@ -0,0 +1,11 @@ +[Unit] +Description=Internet domain name server +After=network.target + +[Service] +ExecStart=/usr/bin/named -f -u named +ExecReload=/usr/bin/rndc reload +ExecStop=/usr/bin/rndc stop + +[Install] +WantedBy=multi-user.target diff --git a/extra/bind/tmpfiles.d b/extra/bind/tmpfiles.d new file mode 100644 index 000000000..1cfc82d08 --- /dev/null +++ b/extra/bind/tmpfiles.d @@ -0,0 +1 @@ +d /run/named 0750 named named - |