diff options
author | Parabola <dev@list.parabolagnulinux.org> | 2011-04-05 14:26:38 +0000 |
---|---|---|
committer | Parabola <dev@list.parabolagnulinux.org> | 2011-04-05 14:26:38 +0000 |
commit | 415856bdd4f48ab4f2732996f0bae58595092bbe (patch) | |
tree | ede2018b591f6dfb477fe9341ba17b9bc000fab9 /extra/bind |
Tue Apr 5 14:26:38 UTC 2011
Diffstat (limited to 'extra/bind')
-rw-r--r-- | extra/bind/127.0.0.zone | 11 | ||||
-rw-r--r-- | extra/bind/ChangeLog | 15 | ||||
-rw-r--r-- | extra/bind/PKGBUILD | 79 | ||||
-rw-r--r-- | extra/bind/install | 21 | ||||
-rw-r--r-- | extra/bind/localhost.zone | 10 | ||||
-rwxr-xr-x | extra/bind/named | 48 | ||||
-rw-r--r-- | extra/bind/named.conf | 64 | ||||
-rw-r--r-- | extra/bind/named.conf.d | 4 | ||||
-rw-r--r-- | extra/bind/named.logrotate | 6 | ||||
-rw-r--r-- | extra/bind/notools.patch | 11 | ||||
-rw-r--r-- | extra/bind/so_bsdcompat.patch | 13 |
11 files changed, 282 insertions, 0 deletions
diff --git a/extra/bind/127.0.0.zone b/extra/bind/127.0.0.zone new file mode 100644 index 000000000..509c311f6 --- /dev/null +++ b/extra/bind/127.0.0.zone @@ -0,0 +1,11 @@ +$ORIGIN 0.0.127.in-addr.arpa. + +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS localhost. +1 1D IN PTR localhost. diff --git a/extra/bind/ChangeLog b/extra/bind/ChangeLog new file mode 100644 index 000000000..fac736994 --- /dev/null +++ b/extra/bind/ChangeLog @@ -0,0 +1,15 @@ + +2010-03-27 kevin <kevin@archlinux.org> + + * bind 9.7.0.P1-1 + - Patch addresses excessive query traffic generated when there is a break + in the DNSSEC trust chain as a result of a configuration error + +2010-01-22 kevin <kevin@archlinux.org> + + * bind 9.6.1.P3-1 + - Fix for CVE-2010-0097, VU#360341, BIND 9 DNSSEC validation code could + cause bogus NXDOMAIN responses + - Updated fix for CVE-2009-4022, VU#418861, BIND 9 Cache Update from + Additional Section + diff --git a/extra/bind/PKGBUILD b/extra/bind/PKGBUILD new file mode 100644 index 000000000..851c25f4e --- /dev/null +++ b/extra/bind/PKGBUILD @@ -0,0 +1,79 @@ +# $Id: PKGBUILD 112958 2011-03-08 00:19:22Z bisson $ +# Maintainer: judd <jvinet@zeroflux.org> +# Contributor: Mario Vazquez <mario_vazq@hotmail.com> + +pkgname=bind + +# Use a period and not a hyphen before the patch level for proper versioning. +pkgver=9.8.0 +_pkgver=9.8.0 +pkgrel=1 + +pkgdesc='Berkeley Internet Name Daemon (BIND) is the reference implementation of the Domain Name System (DNS) protocols' +arch=('i686' 'x86_64') +url='http://www.isc.org/software/bind/' +license=('custom:ISC') +provides=('dns-server') +backup=('etc/logrotate.d/named' + 'etc/conf.d/named' + 'etc/named.conf' + 'etc/rndc.key') +depends=('openssl' 'libxml2') +options=('!makeflags' '!libtool') +source=("http://ftp.isc.org/isc/bind9/${_pkgver}/${pkgname}-${_pkgver}.tar.gz" + 'ftp://ftp.rs.internic.net/domain/db.cache' + 'so_bsdcompat.patch' + 'notools.patch' + 'named' + 'named.conf' + 'named.conf.d' + 'named.logrotate' + 'localhost.zone' + '127.0.0.zone') +sha1sums=('33019694ef3119d9daa1e8ff5117a6688e188528' + 'ee52947062c1582858187716b776afa3613608fb' + '2f737f4e81186447ac2ef370fa8dcea0b3abec31' + '5277cf4d6fbc5728c55b51c77c9347d28393fb7c' + '02b0e20a542663d27af4faa4d2e397ae2764276e' + '5ca7a5f2a132548a090a045a2df3acea6b35d9eb' + '7848edbfb9a848843f57c11c02b0289eefd42d00' + '9ffb5c3f72390a517aeae557e32349d5d278cb63' + '76a0d4cd1b913db177a5a375bebc47e5956866ec' + '53be0f1437ebe595240d8dbdd819939582b97fb9') + +install=install + +build() { + cd "${srcdir}/${pkgname}-${_pkgver}" + + patch -p1 -i "${srcdir}"/so_bsdcompat.patch + patch -p1 -i "${srcdir}"/notools.patch + + ./configure \ + --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ + --with-libtool --enable-static=no --disable-linux-caps \ + --with-openssl=yes --with-libxml2=yes + make +} + +package() { + cd "${srcdir}/${pkgname}-${_pkgver}" + + make DESTDIR="${pkgdir}" install + + install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + + install -d "${pkgdir}"/usr/share/doc/bind + install ./doc/arm/*.html "${pkgdir}"/usr/share/doc/bind/ + + install -D -m755 ../named "${pkgdir}"/etc/rc.d/named + install -D -m644 ../named.conf.d "${pkgdir}"/etc/conf.d/named + install -D -m600 ../named.logrotate "${pkgdir}"/etc/logrotate.d/named + install -D -m640 -o 0 -g 40 ../named.conf "${pkgdir}"/etc/named.conf + + install -d -m750 -o 0 -g 40 "${pkgdir}"/var/named + install -d -m755 -o 40 -g 40 "${pkgdir}"/var/run/named + install -m640 -o 0 -g 40 ../db.cache "${pkgdir}"/var/named/root.hint + install -m640 -o 0 -g 40 ../127.0.0.zone "${pkgdir}"/var/named/ + install -m640 -o 0 -g 40 ../localhost.zone "${pkgdir}"/var/named/ +} diff --git a/extra/bind/install b/extra/bind/install new file mode 100644 index 000000000..e3a1397cb --- /dev/null +++ b/extra/bind/install @@ -0,0 +1,21 @@ +post_install() { + getent group named >/dev/null || groupadd -g 40 named + getent passwd named >/dev/null || useradd -u 40 -c "BIND DNS Server" -g named -d /var/named -s /bin/false named + passwd -l named &>/dev/null + + touch var/log/named.log + chown named:named var/log/named.log + + # create an rndc.key if it doesn't already exist + if [ ! -s etc/rndc.key ]; then + usr/sbin/rndc-confgen -r /dev/urandom -b 256 | head -n 5 >>etc/rndc.key + chown root:named etc/rndc.key + chmod 640 etc/rndc.key + fi +} + +pre_remove() { + getent passwd named &>/dev/null && userdel named >/dev/null + getent group named &>/dev/null && groupdel named >/dev/null + return 0 +} diff --git a/extra/bind/localhost.zone b/extra/bind/localhost.zone new file mode 100644 index 000000000..e3ff9641c --- /dev/null +++ b/extra/bind/localhost.zone @@ -0,0 +1,10 @@ +$ORIGIN localhost. +@ 1D IN SOA @ root ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS @ + 1D IN A 127.0.0.1 diff --git a/extra/bind/named b/extra/bind/named new file mode 100755 index 000000000..3be558f27 --- /dev/null +++ b/extra/bind/named @@ -0,0 +1,48 @@ +#!/bin/bash + +NAMED_ARGS= +[ -f /etc/conf.d/named ] && . /etc/conf.d/named + +. /etc/rc.conf +. /etc/rc.d/functions + +PID=`pidof -o %PPID /usr/sbin/named` +case "$1" in + start) + stat_busy "Starting BIND" + [ -z "$PID" ] && /usr/sbin/named ${NAMED_ARGS} + if [ $? -gt 0 ]; then + stat_fail + else + add_daemon named + stat_done + fi + ;; + stop) + stat_busy "Stopping BIND" + [ ! -z "$PID" ] && kill $PID &> /dev/null + if [ $? -gt 0 ]; then + stat_fail + else + rm_daemon named + stat_done + fi + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + reload) + stat_busy "Reloading BIND" + [ ! -z "$PID" ] && rndc reload &>/dev/null || kill -HUP $PID &>/dev/null + if [ $? -gt 0 ]; then + stat_fail + else + stat_done + fi + ;; + *) + echo "usage: $0 {start|stop|reload|restart}" +esac +exit 0 diff --git a/extra/bind/named.conf b/extra/bind/named.conf new file mode 100644 index 000000000..38fb12cbe --- /dev/null +++ b/extra/bind/named.conf @@ -0,0 +1,64 @@ +// +// /etc/named.conf +// + +options { + directory "/var/named"; + pid-file "/var/run/named/named.pid"; + auth-nxdomain yes; + datasize default; +// Uncomment these to enable IPv6 connections support +// IPv4 will still work: +// listen-on-v6 { any; }; +// Add this for no IPv4: +// listen-on { none; }; + + // Default security settings. + allow-recursion { 127.0.0.1; }; + allow-transfer { none; }; + allow-update { none; }; + version none; + hostname none; + server-id none; +}; + +zone "localhost" IN { + type master; + file "localhost.zone"; + allow-transfer { any; }; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "127.0.0.zone"; + allow-transfer { any; }; +}; + +zone "." IN { + type hint; + file "root.hint"; +}; + +//zone "example.org" IN { +// type slave; +// file "example.zone"; +// masters { +// 192.168.1.100; +// }; +// allow-query { any; }; +// allow-transfer { any; }; +//}; + +logging { + channel xfer-log { + file "/var/log/named.log"; + print-category yes; + print-severity yes; + print-time yes; + severity info; + }; + category xfer-in { xfer-log; }; + category xfer-out { xfer-log; }; + category notify { xfer-log; }; +}; + diff --git a/extra/bind/named.conf.d b/extra/bind/named.conf.d new file mode 100644 index 000000000..aecbd2307 --- /dev/null +++ b/extra/bind/named.conf.d @@ -0,0 +1,4 @@ +# +# Parameters to be passed to BIND +# +NAMED_ARGS="-u named" diff --git a/extra/bind/named.logrotate b/extra/bind/named.logrotate new file mode 100644 index 000000000..ef1a2d032 --- /dev/null +++ b/extra/bind/named.logrotate @@ -0,0 +1,6 @@ +/var/log/named.log { + missingok + postrotate + /bin/kill -HUP `cat /var/run/named/named.pid 2>/dev/null` 2>/dev/null || true + endscript +} diff --git a/extra/bind/notools.patch b/extra/bind/notools.patch new file mode 100644 index 000000000..2d16fdcd5 --- /dev/null +++ b/extra/bind/notools.patch @@ -0,0 +1,11 @@ +--- bind-9.7.0/bin/Makefile.in.orig 2010-03-14 21:19:23.000000000 -0400 ++++ bind-9.7.0/bin/Makefile.in 2010-03-14 21:19:37.000000000 -0400 +@@ -19,7 +19,7 @@ + VPATH = @srcdir@ + top_srcdir = @top_srcdir@ + +-SUBDIRS = named rndc dig dnssec tests tools nsupdate \ ++SUBDIRS = named rndc dnssec tests tools \ + check confgen @PKCS11_TOOLS@ + TARGETS = + diff --git a/extra/bind/so_bsdcompat.patch b/extra/bind/so_bsdcompat.patch new file mode 100644 index 000000000..cae2b835c --- /dev/null +++ b/extra/bind/so_bsdcompat.patch @@ -0,0 +1,13 @@ +diff -aur old/lib/isc/unix/socket.c new/lib/isc/unix/socket.c +--- old/lib/isc/unix/socket.c 2010-03-12 04:25:20.000000000 +0100 ++++ new/lib/isc/unix/socket.c 2011-01-22 21:07:52.410000038 +0100 +@@ -681,6 +681,8 @@ + isc_sockstatscounter_fdwatchrecvfail + }; + ++#undef SO_BSDCOMPAT ++ + static void + manager_log(isc__socketmgr_t *sockmgr, + isc_logcategory_t *category, isc_logmodule_t *module, int level, +Only in new/lib/isc/unix: socket.c.orig |