summaryrefslogtreecommitdiff
path: root/extra/bind
diff options
context:
space:
mode:
Diffstat (limited to 'extra/bind')
-rw-r--r--extra/bind/127.0.0.zone11
-rw-r--r--extra/bind/ChangeLog15
-rw-r--r--extra/bind/PKGBUILD79
-rw-r--r--extra/bind/install21
-rw-r--r--extra/bind/localhost.zone10
-rwxr-xr-xextra/bind/named48
-rw-r--r--extra/bind/named.conf64
-rw-r--r--extra/bind/named.conf.d4
-rw-r--r--extra/bind/named.logrotate6
-rw-r--r--extra/bind/notools.patch11
-rw-r--r--extra/bind/so_bsdcompat.patch13
11 files changed, 282 insertions, 0 deletions
diff --git a/extra/bind/127.0.0.zone b/extra/bind/127.0.0.zone
new file mode 100644
index 000000000..509c311f6
--- /dev/null
+++ b/extra/bind/127.0.0.zone
@@ -0,0 +1,11 @@
+$ORIGIN 0.0.127.in-addr.arpa.
+
+@ 1D IN SOA localhost. root.localhost. (
+ 42 ; serial (yyyymmdd##)
+ 3H ; refresh
+ 15M ; retry
+ 1W ; expiry
+ 1D ) ; minimum ttl
+
+ 1D IN NS localhost.
+1 1D IN PTR localhost.
diff --git a/extra/bind/ChangeLog b/extra/bind/ChangeLog
new file mode 100644
index 000000000..fac736994
--- /dev/null
+++ b/extra/bind/ChangeLog
@@ -0,0 +1,15 @@
+
+2010-03-27 kevin <kevin@archlinux.org>
+
+ * bind 9.7.0.P1-1
+ - Patch addresses excessive query traffic generated when there is a break
+ in the DNSSEC trust chain as a result of a configuration error
+
+2010-01-22 kevin <kevin@archlinux.org>
+
+ * bind 9.6.1.P3-1
+ - Fix for CVE-2010-0097, VU#360341, BIND 9 DNSSEC validation code could
+ cause bogus NXDOMAIN responses
+ - Updated fix for CVE-2009-4022, VU#418861, BIND 9 Cache Update from
+ Additional Section
+
diff --git a/extra/bind/PKGBUILD b/extra/bind/PKGBUILD
new file mode 100644
index 000000000..851c25f4e
--- /dev/null
+++ b/extra/bind/PKGBUILD
@@ -0,0 +1,79 @@
+# $Id: PKGBUILD 112958 2011-03-08 00:19:22Z bisson $
+# Maintainer: judd <jvinet@zeroflux.org>
+# Contributor: Mario Vazquez <mario_vazq@hotmail.com>
+
+pkgname=bind
+
+# Use a period and not a hyphen before the patch level for proper versioning.
+pkgver=9.8.0
+_pkgver=9.8.0
+pkgrel=1
+
+pkgdesc='Berkeley Internet Name Daemon (BIND) is the reference implementation of the Domain Name System (DNS) protocols'
+arch=('i686' 'x86_64')
+url='http://www.isc.org/software/bind/'
+license=('custom:ISC')
+provides=('dns-server')
+backup=('etc/logrotate.d/named'
+ 'etc/conf.d/named'
+ 'etc/named.conf'
+ 'etc/rndc.key')
+depends=('openssl' 'libxml2')
+options=('!makeflags' '!libtool')
+source=("http://ftp.isc.org/isc/bind9/${_pkgver}/${pkgname}-${_pkgver}.tar.gz"
+ 'ftp://ftp.rs.internic.net/domain/db.cache'
+ 'so_bsdcompat.patch'
+ 'notools.patch'
+ 'named'
+ 'named.conf'
+ 'named.conf.d'
+ 'named.logrotate'
+ 'localhost.zone'
+ '127.0.0.zone')
+sha1sums=('33019694ef3119d9daa1e8ff5117a6688e188528'
+ 'ee52947062c1582858187716b776afa3613608fb'
+ '2f737f4e81186447ac2ef370fa8dcea0b3abec31'
+ '5277cf4d6fbc5728c55b51c77c9347d28393fb7c'
+ '02b0e20a542663d27af4faa4d2e397ae2764276e'
+ '5ca7a5f2a132548a090a045a2df3acea6b35d9eb'
+ '7848edbfb9a848843f57c11c02b0289eefd42d00'
+ '9ffb5c3f72390a517aeae557e32349d5d278cb63'
+ '76a0d4cd1b913db177a5a375bebc47e5956866ec'
+ '53be0f1437ebe595240d8dbdd819939582b97fb9')
+
+install=install
+
+build() {
+ cd "${srcdir}/${pkgname}-${_pkgver}"
+
+ patch -p1 -i "${srcdir}"/so_bsdcompat.patch
+ patch -p1 -i "${srcdir}"/notools.patch
+
+ ./configure \
+ --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
+ --with-libtool --enable-static=no --disable-linux-caps \
+ --with-openssl=yes --with-libxml2=yes
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${_pkgver}"
+
+ make DESTDIR="${pkgdir}" install
+
+ install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+
+ install -d "${pkgdir}"/usr/share/doc/bind
+ install ./doc/arm/*.html "${pkgdir}"/usr/share/doc/bind/
+
+ install -D -m755 ../named "${pkgdir}"/etc/rc.d/named
+ install -D -m644 ../named.conf.d "${pkgdir}"/etc/conf.d/named
+ install -D -m600 ../named.logrotate "${pkgdir}"/etc/logrotate.d/named
+ install -D -m640 -o 0 -g 40 ../named.conf "${pkgdir}"/etc/named.conf
+
+ install -d -m750 -o 0 -g 40 "${pkgdir}"/var/named
+ install -d -m755 -o 40 -g 40 "${pkgdir}"/var/run/named
+ install -m640 -o 0 -g 40 ../db.cache "${pkgdir}"/var/named/root.hint
+ install -m640 -o 0 -g 40 ../127.0.0.zone "${pkgdir}"/var/named/
+ install -m640 -o 0 -g 40 ../localhost.zone "${pkgdir}"/var/named/
+}
diff --git a/extra/bind/install b/extra/bind/install
new file mode 100644
index 000000000..e3a1397cb
--- /dev/null
+++ b/extra/bind/install
@@ -0,0 +1,21 @@
+post_install() {
+ getent group named >/dev/null || groupadd -g 40 named
+ getent passwd named >/dev/null || useradd -u 40 -c "BIND DNS Server" -g named -d /var/named -s /bin/false named
+ passwd -l named &>/dev/null
+
+ touch var/log/named.log
+ chown named:named var/log/named.log
+
+ # create an rndc.key if it doesn't already exist
+ if [ ! -s etc/rndc.key ]; then
+ usr/sbin/rndc-confgen -r /dev/urandom -b 256 | head -n 5 >>etc/rndc.key
+ chown root:named etc/rndc.key
+ chmod 640 etc/rndc.key
+ fi
+}
+
+pre_remove() {
+ getent passwd named &>/dev/null && userdel named >/dev/null
+ getent group named &>/dev/null && groupdel named >/dev/null
+ return 0
+}
diff --git a/extra/bind/localhost.zone b/extra/bind/localhost.zone
new file mode 100644
index 000000000..e3ff9641c
--- /dev/null
+++ b/extra/bind/localhost.zone
@@ -0,0 +1,10 @@
+$ORIGIN localhost.
+@ 1D IN SOA @ root (
+ 42 ; serial (yyyymmdd##)
+ 3H ; refresh
+ 15M ; retry
+ 1W ; expiry
+ 1D ) ; minimum ttl
+
+ 1D IN NS @
+ 1D IN A 127.0.0.1
diff --git a/extra/bind/named b/extra/bind/named
new file mode 100755
index 000000000..3be558f27
--- /dev/null
+++ b/extra/bind/named
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+NAMED_ARGS=
+[ -f /etc/conf.d/named ] && . /etc/conf.d/named
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/named`
+case "$1" in
+ start)
+ stat_busy "Starting BIND"
+ [ -z "$PID" ] && /usr/sbin/named ${NAMED_ARGS}
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon named
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping BIND"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon named
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ reload)
+ stat_busy "Reloading BIND"
+ [ ! -z "$PID" ] && rndc reload &>/dev/null || kill -HUP $PID &>/dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ ;;
+ *)
+ echo "usage: $0 {start|stop|reload|restart}"
+esac
+exit 0
diff --git a/extra/bind/named.conf b/extra/bind/named.conf
new file mode 100644
index 000000000..38fb12cbe
--- /dev/null
+++ b/extra/bind/named.conf
@@ -0,0 +1,64 @@
+//
+// /etc/named.conf
+//
+
+options {
+ directory "/var/named";
+ pid-file "/var/run/named/named.pid";
+ auth-nxdomain yes;
+ datasize default;
+// Uncomment these to enable IPv6 connections support
+// IPv4 will still work:
+// listen-on-v6 { any; };
+// Add this for no IPv4:
+// listen-on { none; };
+
+ // Default security settings.
+ allow-recursion { 127.0.0.1; };
+ allow-transfer { none; };
+ allow-update { none; };
+ version none;
+ hostname none;
+ server-id none;
+};
+
+zone "localhost" IN {
+ type master;
+ file "localhost.zone";
+ allow-transfer { any; };
+};
+
+zone "0.0.127.in-addr.arpa" IN {
+ type master;
+ file "127.0.0.zone";
+ allow-transfer { any; };
+};
+
+zone "." IN {
+ type hint;
+ file "root.hint";
+};
+
+//zone "example.org" IN {
+// type slave;
+// file "example.zone";
+// masters {
+// 192.168.1.100;
+// };
+// allow-query { any; };
+// allow-transfer { any; };
+//};
+
+logging {
+ channel xfer-log {
+ file "/var/log/named.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity info;
+ };
+ category xfer-in { xfer-log; };
+ category xfer-out { xfer-log; };
+ category notify { xfer-log; };
+};
+
diff --git a/extra/bind/named.conf.d b/extra/bind/named.conf.d
new file mode 100644
index 000000000..aecbd2307
--- /dev/null
+++ b/extra/bind/named.conf.d
@@ -0,0 +1,4 @@
+#
+# Parameters to be passed to BIND
+#
+NAMED_ARGS="-u named"
diff --git a/extra/bind/named.logrotate b/extra/bind/named.logrotate
new file mode 100644
index 000000000..ef1a2d032
--- /dev/null
+++ b/extra/bind/named.logrotate
@@ -0,0 +1,6 @@
+/var/log/named.log {
+ missingok
+ postrotate
+ /bin/kill -HUP `cat /var/run/named/named.pid 2>/dev/null` 2>/dev/null || true
+ endscript
+}
diff --git a/extra/bind/notools.patch b/extra/bind/notools.patch
new file mode 100644
index 000000000..2d16fdcd5
--- /dev/null
+++ b/extra/bind/notools.patch
@@ -0,0 +1,11 @@
+--- bind-9.7.0/bin/Makefile.in.orig 2010-03-14 21:19:23.000000000 -0400
++++ bind-9.7.0/bin/Makefile.in 2010-03-14 21:19:37.000000000 -0400
+@@ -19,7 +19,7 @@
+ VPATH = @srcdir@
+ top_srcdir = @top_srcdir@
+
+-SUBDIRS = named rndc dig dnssec tests tools nsupdate \
++SUBDIRS = named rndc dnssec tests tools \
+ check confgen @PKCS11_TOOLS@
+ TARGETS =
+
diff --git a/extra/bind/so_bsdcompat.patch b/extra/bind/so_bsdcompat.patch
new file mode 100644
index 000000000..cae2b835c
--- /dev/null
+++ b/extra/bind/so_bsdcompat.patch
@@ -0,0 +1,13 @@
+diff -aur old/lib/isc/unix/socket.c new/lib/isc/unix/socket.c
+--- old/lib/isc/unix/socket.c 2010-03-12 04:25:20.000000000 +0100
++++ new/lib/isc/unix/socket.c 2011-01-22 21:07:52.410000038 +0100
+@@ -681,6 +681,8 @@
+ isc_sockstatscounter_fdwatchrecvfail
+ };
+
++#undef SO_BSDCOMPAT
++
+ static void
+ manager_log(isc__socketmgr_t *sockmgr,
+ isc_logcategory_t *category, isc_logmodule_t *module, int level,
+Only in new/lib/isc/unix: socket.c.orig