Date: Saturday, September 27, 2014 @ 00:44:34 Author: seblu Revision: 223367
upgpkg: bind 9.10.1-2 - implement FS#41808 - implement FS#41809 - fix: FS#41810 - use named default logging setting (=> user journoul, drop logrotate) - setup user via systemd-sysusers - run tmpfiles.d after setup - remove html doc - remove gcc 4.8 compilation tricks, remove !makeflags - remove default option from named.conf and cleanup Added: bind/trunk/empty.zone bind/trunk/sysusers.conf bind/trunk/tmpfiles.conf (from rev 223184, bind/trunk/tmpfiles.d) Modified: bind/trunk/PKGBUILD bind/trunk/bind.install bind/trunk/named.conf Deleted: bind/trunk/01-fix-forgotten-log.patch bind/trunk/named.logrotate bind/trunk/tmpfiles.d ----------------------------+ 01-fix-forgotten-log.patch | 41 ------------------- PKGBUILD | 45 +++++++++++---------- bind.install | 14 ------ empty.zone | 8 +++ named.conf | 91 ++++++++++++++++++++++--------------------- named.logrotate | 6 -- sysusers.conf | 1 tmpfiles.conf | 1 tmpfiles.d | 1 9 files changed, 84 insertions(+), 124 deletions(-) Deleted: 01-fix-forgotten-log.patch =================================================================== --- 01-fix-forgotten-log.patch 2014-09-26 19:45:39 UTC (rev 223366) +++ 01-fix-forgotten-log.patch 2014-09-26 22:44:34 UTC (rev 223367) @@ -1,41 +0,0 @@ -# https://lists.isc.org/pipermail/bind-users/2014-May/093124.html -From 73a2c0ec42c0915bde0275c81861f57645daf683 Mon Sep 17 00:00:00 2001 -From: Tony Finch <d...@dotat.at> -Date: Thu, 28 Nov 2013 17:23:57 +0000 -Subject: [PATCH] Disable XXXMPA verbose packet logging in EDNS fallback code. - ---- - lib/dns/resolver.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 11c805f..e50071e 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -7339,9 +7339,11 @@ resquery_response(isc_task_t *task, isc_event_t *event) { - sizeof(addrbuf)); - snprintf(buf, sizeof(buf), "received packet from %s " - "(bad edns):\n", addrbuf); -+/* - dns_message_logpacket(message, buf, - DNS_LOGCATEGORY_RESOLVER, DNS_LOGMODULE_RESOLVER, - ISC_LOG_NOTICE, fctx->res->mctx); -+*/ - dns_adb_changeflags(fctx->adb, query->addrinfo, - DNS_FETCHOPT_NOEDNS0, - DNS_FETCHOPT_NOEDNS0); -@@ -7369,9 +7371,11 @@ resquery_response(isc_task_t *task, isc_event_t *event) { - sizeof(addrbuf)); - snprintf(buf, sizeof(buf), "received packet from %s (no opt):\n", - addrbuf); -+/* - dns_message_logpacket(message, buf, - DNS_LOGCATEGORY_RESOLVER, DNS_LOGMODULE_RESOLVER, - ISC_LOG_NOTICE, fctx->res->mctx); -+*/ - dns_adb_changeflags(fctx->adb, query->addrinfo, - DNS_FETCHOPT_NOEDNS0, - DNS_FETCHOPT_NOEDNS0); --- -1.9.1 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-09-26 19:45:39 UTC (rev 223366) +++ PKGBUILD 2014-09-26 22:44:34 UTC (rev 223367) @@ -7,44 +7,53 @@ pkgname=bind _pkgver=9.10.1 pkgver=${_pkgver//-/.} -pkgrel=1 +pkgrel=2 pkgdesc='The ISC BIND nameserver' url='http://www.isc.org/software/bind/' license=('custom:ISC') arch=('i686' 'x86_64') -options=('!makeflags') +options=('!emptydirs') depends=('openssl' 'krb5' 'libxml2' 'libcap') provides=('dns-server') -backup=('etc/logrotate.d/named' - 'etc/named.conf') +backup=('etc/named.conf' + 'var/named/127.0.0.zone' + 'var/named/localhost.zone' + 'var/named/empty.zone') install=$pkgname.install source=("http://ftp.isc.org/isc/bind9/${_pkgver}/bind-${_pkgver}.tar.gz"{,.asc} - 'root.hint::http://www.internic.net/zones/named.root' - 'tmpfiles.d' + 'tmpfiles.conf' + 'sysusers.conf' 'named.conf' 'named.service' 'named.logrotate' 'localhost.zone' - '127.0.0.zone') + '127.0.0.zone' + 'empty.zone') sha1sums=('96aa28c6112c6a8c33a19efeac98c715f03b35ca' 'SKIP' - '029f89c49550c40ec7a95116b6a33f0e5a041094' 'c5a2bcd9b0f009ae71f3a03fbdbe012196962a11' - 'c71a7fc02d4bf0d55e8e29d1e014607ac1d58726' + '6bebf4ff8ca4482a83f4d3dbf176d9bffd89eefa' + '71e30a3648d695911352c9d663ca216ae3a7d5d6' 'cb2e81b4cbf9efafb3e81e3752f0154e779cc7ec' '3fe1f0b5c1a51dc1db9ebe5e173d18c52c97169b' '76a0d4cd1b913db177a5a375bebc47e5956866ec' - '53be0f1437ebe595240d8dbdd819939582b97fb9') + '53be0f1437ebe595240d8dbdd819939582b97fb9' + '792bde1bcc95b30e36970eeb97f5bf02ea37b37c') prepare() { # remove dig to avoid conflict with dnsutils sed -i 's/dig//' $pkgname-$_pkgver/bin/Makefile.in + + msg2 'Getting a fresh version of root DNS' + # no more using source array, lack of versioning. + curl -o root.hint http://www.internic.net/zones/named.root + [[ -s root.hint ]] } build() { cd bind-$_pkgver # for gcc 4.8 rebuild - export CFLAGS="-march=${CARCH/_/-} -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4" + #export CFLAGS="-march=${CARCH/_/-} -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ @@ -58,20 +67,15 @@ } package() { - cd "bind-$_pkgver" - + pushd "bind-$_pkgver" install -Dm644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE" - make DESTDIR="$pkgdir" install + popd - rmdir "$pkgdir/var/run" - install -d "$pkgdir/usr/share/doc/$pkgname" - install doc/arm/*.html "$pkgdir/usr/share/doc/$pkgname" + install -D -m644 tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" + install -D -m644 sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" - cd "$srcdir" - install -D -m644 tmpfiles.d "$pkgdir/usr/lib/tmpfiles.d/named.conf" install -D -m644 named.service "$pkgdir/usr/lib/systemd/system/named.service" - install -D -m600 named.logrotate "$pkgdir/etc/logrotate.d/named" install -D -m640 -o 0 -g 40 named.conf "$pkgdir/etc/named.conf" install -d -m770 -o 0 -g 40 "$pkgdir/var/named" @@ -78,6 +82,7 @@ install -m640 -o 0 -g 40 root.hint "$pkgdir/var/named" install -m640 -o 0 -g 40 127.0.0.zone "$pkgdir/var/named" install -m640 -o 0 -g 40 localhost.zone "$pkgdir/var/named" + install -m640 -o 0 -g 40 empty.zone "$pkgdir/var/named" } # vim:set ts=2 sw=2 et: Modified: bind.install =================================================================== --- bind.install 2014-09-26 19:45:39 UTC (rev 223366) +++ bind.install 2014-09-26 22:44:34 UTC (rev 223367) @@ -1,11 +1,7 @@ post_install() { - getent group named &>/dev/null || groupadd -g 40 named - getent passwd named &>/dev/null || useradd -u 40 -c 'BIND DNS Server' -g named -d /var/named -s /bin/false named - passwd -l named &>/dev/null + systemd-sysusers bind.conf + systemd-tmpfiles --create bind.conf - touch var/log/named.log - chown named:named var/log/named.log - # create an rndc.key if it doesn't already exist if [[ ! -s etc/rndc.key ]]; then rndc-confgen -r /dev/urandom -b 256 | head -n 5 >>etc/rndc.key @@ -14,10 +10,4 @@ fi } -pre_remove() { - getent passwd named &>/dev/null && userdel named >/dev/null - getent group named &>/dev/null && groupdel named >/dev/null - return 0 -} - # vim:set ts=2 sw=2 et: Added: empty.zone =================================================================== --- empty.zone (rev 0) +++ empty.zone 2014-09-26 22:44:34 UTC (rev 223367) @@ -0,0 +1,8 @@ +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS localhost. Modified: named.conf =================================================================== --- named.conf 2014-09-26 19:45:39 UTC (rev 223366) +++ named.conf 2014-09-26 22:44:34 UTC (rev 223367) @@ -1,22 +1,19 @@ -// -// /etc/named.conf -// +// vim:set ts=4 sw=4 et: options { - directory "/var/named"; - pid-file "/run/named/named.pid"; - auth-nxdomain yes; - datasize default; -// Uncomment these to enable IPv6 connections support -// IPv4 will still work: -// listen-on-v6 { any; }; -// Add this for no IPv4: -// listen-on { none; }; + directory "/var/named"; + pid-file "/run/named/named.pid"; - // Default security settings. - allow-recursion { 127.0.0.1; }; - allow-transfer { none; }; - allow-update { none; }; + // Uncomment these to enable IPv6 connections support + // IPv4 will still work: + // listen-on-v6 { any; }; + // Add this for no IPv4: + // listen-on { none; }; + + allow-recursion { 127.0.0.1; }; + allow-transfer { none; }; + allow-update { none; }; + version none; hostname none; server-id none; @@ -23,42 +20,48 @@ }; zone "localhost" IN { - type master; - file "localhost.zone"; - allow-transfer { any; }; + type master; + file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { - type master; - file "127.0.0.zone"; - allow-transfer { any; }; + type master; + file "127.0.0.zone"; }; +zone "255.in-addr.arpa" IN { + type master; + file "empty.zone"; +}; + +zone "0.in-addr.arpa" IN { + type master; + file "empty.zone"; +}; + zone "." IN { - type hint; - file "root.hint"; + type hint; + file "root.hint"; }; //zone "example.org" IN { -// type slave; -// file "example.zone"; -// masters { -// 192.168.1.100; -// }; -// allow-query { any; }; -// allow-transfer { any; }; +// type slave; +// file "example.zone"; +// masters { +// 192.168.1.100; +// }; +// allow-query { any; }; +// allow-transfer { any; }; //}; -logging { - channel xfer-log { - file "/var/log/named.log"; - print-category yes; - print-severity yes; - print-time yes; - severity info; - }; - category xfer-in { xfer-log; }; - category xfer-out { xfer-log; }; - category notify { xfer-log; }; -}; - +//logging { +// channel xfer-log { +// file "/var/log/named.log"; +// print-category yes; +// print-severity yes; +// severity info; +// }; +// category xfer-in { xfer-log; }; +// category xfer-out { xfer-log; }; +// category notify { xfer-log; }; +//}; Deleted: named.logrotate =================================================================== --- named.logrotate 2014-09-26 19:45:39 UTC (rev 223366) +++ named.logrotate 2014-09-26 22:44:34 UTC (rev 223367) @@ -1,6 +0,0 @@ -/var/log/named.log { - missingok - postrotate - /bin/kill -HUP `cat /run/named/named.pid 2>/dev/null` 2>/dev/null || true - endscript -} Added: sysusers.conf =================================================================== --- sysusers.conf (rev 0) +++ sysusers.conf 2014-09-26 22:44:34 UTC (rev 223367) @@ -0,0 +1 @@ +u named 40 "BIND DNS Server" /var/named Copied: bind/trunk/tmpfiles.conf (from rev 223184, bind/trunk/tmpfiles.d) =================================================================== --- tmpfiles.conf (rev 0) +++ tmpfiles.conf 2014-09-26 22:44:34 UTC (rev 223367) @@ -0,0 +1 @@ +d /run/named 0750 named named - Deleted: tmpfiles.d =================================================================== --- tmpfiles.d 2014-09-26 19:45:39 UTC (rev 223366) +++ tmpfiles.d 2014-09-26 22:44:34 UTC (rev 223367) @@ -1 +0,0 @@ -d /run/named 0750 named named -