summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-dns/bind/ChangeLog8
-rw-r--r--net-dns/bind/bind-9.9.5-r1.ebuild (renamed from net-dns/bind/bind-9.9.5.ebuild)16
-rw-r--r--net-dns/bind/files/named.conf-r7172
-rw-r--r--net-dns/bind/files/named.init-r13248
4 files changed, 435 insertions, 9 deletions
diff --git a/net-dns/bind/ChangeLog b/net-dns/bind/ChangeLog
index c499b9d71ead..1011247aad41 100644
--- a/net-dns/bind/ChangeLog
+++ b/net-dns/bind/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-dns/bind
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.487 2014/01/31 21:14:24 idl0r Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.488 2014/01/31 21:24:49 idl0r Exp $
+
+*bind-9.9.5-r1 (31 Jan 2014)
+
+ 31 Jan 2014; Christian Ruppert <idl0r@gentoo.org> -bind-9.9.5.ebuild,
+ +bind-9.9.5-r1.ebuild, +files/named.conf-r7, +files/named.init-r13:
+ Fix bug 482590
31 Jan 2014; Christian Ruppert <idl0r@gentoo.org> bind-9.9.5.ebuild:
Fix static-libs
diff --git a/net-dns/bind/bind-9.9.5.ebuild b/net-dns/bind/bind-9.9.5-r1.ebuild
index e453165412f3..a05d2287cf36 100644
--- a/net-dns/bind/bind-9.9.5.ebuild
+++ b/net-dns/bind/bind-9.9.5-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.5.ebuild,v 1.2 2014/01/31 21:14:24 idl0r Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.5-r1.ebuild,v 1.1 2014/01/31 21:24:49 idl0r Exp $
# Re dlz/mysql and threads, needs to be verified..
# MySQL uses thread local storage in its C api. Thus MySQL
@@ -244,7 +244,7 @@ src_install() {
use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r6 named.conf
+ newins "${FILESDIR}"/named.conf-r7 named.conf
# ftp://ftp.rs.internic.net/domain/named.cache:
insinto /var/bind
@@ -254,7 +254,7 @@ src_install() {
newins "${FILESDIR}"/127.zone-r1 127.zone
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
- newinitd "${FILESDIR}"/named.init-r12 named
+ newinitd "${FILESDIR}"/named.init-r13 named
newconfd "${FILESDIR}"/named.confd-r6 named
if use gost; then
@@ -362,11 +362,11 @@ pkg_postinst() {
ewarn
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
ewarn "To fix the permissions do:"
- ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
+ ewarn "chown root:named /{etc,var}/bind /run/named/ /var/log/named /var/bind/{sec,pri,dyn}"
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
ewarn "chmod 0750 /etc/bind /var/bind/pri"
- ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
+ ewarn "chmod 0770 /run/named/ /var/log/named /var/bind/{,sec,dyn}"
ewarn
}
@@ -394,9 +394,9 @@ pkg_config() {
echo; einfo "Setting up the chroot directory..."
mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
# As of bind 9.8.0
if has_version net-dns/bind[gost]; then
if [ "$(get_libdir)" = "lib64" ]; then
@@ -406,7 +406,7 @@ pkg_config() {
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
fi
fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
+ chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
mknod ${CHROOT}/dev/null c 1 3
chmod 0666 ${CHROOT}/dev/null
diff --git a/net-dns/bind/files/named.conf-r7 b/net-dns/bind/files/named.conf-r7
new file mode 100644
index 000000000000..5b9c1cdc209a
--- /dev/null
+++ b/net-dns/bind/files/named.conf-r7
@@ -0,0 +1,172 @@
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+ /* Deny transfers by default except for the listed hosts.
+ * If we have other name servers, place them here.
+ */
+ none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+ 127.0.0.0/8;
+ ::1/128;
+};
+
+options {
+ directory "/var/bind";
+ pid-file "/run/named/named.pid";
+
+ /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+ //bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 { ::1; };
+ listen-on { 127.0.0.1; };
+
+ allow-query {
+ /*
+ * Accept queries from our "trusted" ACL. We will
+ * allow anyone to query our master zones below.
+ * This prevents us from becoming a free DNS server
+ * to the masses.
+ */
+ trusted;
+ };
+
+ allow-query-cache {
+ /* Use the cache for the "trusted" ACL. */
+ trusted;
+ };
+
+ allow-recursion {
+ /* Only trusted addresses are allowed to use recursion. */
+ trusted;
+ };
+
+ allow-transfer {
+ /* Zone tranfers are denied by default. */
+ none;
+ };
+
+ allow-update {
+ /* Don't allow updates, e.g. via nsupdate. */
+ none;
+ };
+
+ /*
+ * If you've got a DNS server around at your upstream provider, enter its
+ * IP address here, and enable the line below. This will make you benefit
+ * from its cache, thus reduce overall DNS traffic in the Internet.
+ *
+ * Uncomment the following lines to turn on DNS forwarding, and change
+ * and/or update the forwarding ip address(es):
+ */
+/*
+ forward first;
+ forwarders {
+ // 123.123.123.123; // Your ISP NS
+ // 124.124.124.124; // Your ISP NS
+ // 4.2.2.1; // Level3 Public DNS
+ // 4.2.2.2; // Level3 Public DNS
+ 8.8.8.8; // Google Open DNS
+ 8.8.4.4; // Google Open DNS
+ };
+
+*/
+
+ //dnssec-enable yes;
+ //dnssec-validation yes;
+
+ /*
+ * As of bind 9.8.0:
+ * "If the root key provided has expired,
+ * named will log the expiration and validation will not work."
+ */
+ //dnssec-validation auto;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
+};
+
+/*
+logging {
+ channel default_log {
+ file "/var/log/named/named.log" versions 5 size 50M;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+
+ category default { default_log; };
+ category general { default_log; };
+};
+*/
+
+include "/etc/bind/rndc.key";
+controls {
+ inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+};
+
+zone "." in {
+ type hint;
+ file "/var/bind/named.cache";
+};
+
+zone "localhost" IN {
+ type master;
+ file "pri/localhost.zone";
+ notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+ type master;
+ file "pri/127.zone";
+ notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+// type master;
+// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+// allow-query { any; };
+// allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+// type slave;
+// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+// masters { <MASTER>; };
+
+ /* Anybody is allowed to query but transfer should be controlled by the master. */
+// allow-query { any; };
+// allow-transfer { none; };
+
+ /* The master should be the only one who notifies the slaves, shouldn't it? */
+// allow-notify { <MASTER>; };
+// notify no;
+//};
diff --git a/net-dns/bind/files/named.init-r13 b/net-dns/bind/files/named.init-r13
new file mode 100644
index 000000000000..7f4955327429
--- /dev/null
+++ b/net-dns/bind/files/named.init-r13
@@ -0,0 +1,248 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r13,v 1.1 2014/01/31 21:24:49 idl0r Exp $
+
+extra_commands="checkconfig checkzones"
+extra_started_commands="reload"
+
+depend() {
+ need net
+ use logger
+ provide dns
+}
+
+NAMED_CONF=${CHROOT}/etc/bind/named.conf
+
+OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
+MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
+
+_mount() {
+ local from
+ local to
+ local opts
+ local ret=0
+
+ if [ "${#}" -lt 3 ]; then
+ eerror "_mount(): to few arguments"
+ return 1
+ fi
+
+ from=$1
+ to=$2
+ shift 2
+
+ opts="${*}"
+ shift $#
+
+ if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
+ einfo "mounting ${from} to ${to}"
+ mount ${from} ${to} ${opts}
+ ret=$?
+
+ eend $ret
+ return $ret
+ fi
+
+ return 0
+}
+
+_umount() {
+ local dir=$1
+ local ret=0
+
+ if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
+ ebegin "umounting ${dir}"
+ umount ${dir}
+ ret=$?
+
+ eend $ret
+ return $ret
+ fi
+
+ return 0
+}
+
+_get_pidfile() {
+ # as suggested in bug #107724, bug 335398#c17
+ [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
+ /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+ [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
+}
+
+check_chroot() {
+ if [ -n "${CHROOT}" ]; then
+ [ ! -d "${CHROOT}" ] && return 1
+ [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
+ [ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
+ [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
+ [ ! -d "${CHROOT}/var/log/named" ] && return 1
+ [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
+ [ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
+ [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
+ if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+ if [ -d "/usr/lib64" ]; then
+ [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
+ elif [ -d "/usr/lib" ]; then
+ [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
+ fi
+ fi
+ fi
+
+ return 0
+}
+
+checkconfig() {
+ ebegin "Checking named configuration"
+
+ if [ ! -f "${NAMED_CONF}" ] ; then
+ eerror "No ${NAMED_CONF} file exists!"
+ return 1
+ fi
+
+ /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
+ eerror "named-checkconf failed! Please fix your config first."
+ return 1
+ }
+
+ eend 0
+ return 0
+}
+
+checkzones() {
+ ebegin "Checking named configuration and zones"
+ /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
+ eend $?
+}
+
+start() {
+ local piddir
+
+ ebegin "Starting ${CHROOT:+chrooted }named"
+
+ if [ -n "${CHROOT}" ]; then
+ if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+ check_chroot || {
+ eend 1
+ eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+ return 1
+ }
+ fi
+
+ if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+ if [ ! -e /usr/lib/engines/libgost.so ]; then
+ eend 1
+ eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
+ return 1
+ fi
+ cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
+ eend 1
+ eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
+ return 1
+ }
+ fi
+ cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
+
+ if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+ einfo "Mounting chroot dirs"
+ _mount /etc/bind ${CHROOT}/etc/bind -o bind
+ _mount /var/bind ${CHROOT}/var/bind -o bind
+ _mount /var/log/named ${CHROOT}/var/log/named -o bind
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
+ fi
+ fi
+ fi
+
+ checkconfig || { eend 1; return 1; }
+
+ # create piddir (usually /run/named) if necessary, bug 334535
+ _get_pidfile
+ piddir="${PIDFILE%/*}"
+ checkpath -q -d -o root:named -m 0770 "${piddir}" || {
+ eend 1
+ return 1
+ }
+
+ # In case someone have $CPU set in /etc/conf.d/named
+ if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
+ CPU="-n ${CPU}"
+ fi
+
+ start-stop-daemon --start --pidfile ${PIDFILE} \
+ --nicelevel ${NAMED_NICELEVEL:-0} \
+ --exec /usr/sbin/named \
+ -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
+ eend $?
+}
+
+stop() {
+ local reported=0
+
+ ebegin "Stopping ${CHROOT:+chrooted }named"
+
+ # Workaround for now, until openrc's restart has been fixed.
+ # openrc doesn't care about a restart() function in init scripts.
+ if [ "${RC_CMD}" = "restart" ]; then
+ if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+ check_chroot || {
+ eend 1
+ eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+ return 1
+ }
+ fi
+
+ checkconfig || { eend 1; return 1; }
+ fi
+
+ # -R 10, bug 335398
+ _get_pidfile
+ start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+ --exec /usr/sbin/named
+
+ if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+ ebegin "Umounting chroot dirs"
+
+ # just to be sure everything gets clean
+ while fuser -s ${CHROOT} 2>/dev/null; do
+ if [ "${reported}" -eq 0 ]; then
+ einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
+ elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
+ eerror "Waiting until all named processes are stopped failed!"
+ eend 1
+ break
+ fi
+ sleep 1
+ reported=$((reported+1))
+ done
+
+ [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
+ _umount ${CHROOT}/etc/bind
+ _umount ${CHROOT}/var/log/named
+ _umount ${CHROOT}/var/bind
+ fi
+
+ eend $?
+}
+
+reload() {
+ local ret
+
+ ebegin "Reloading named.conf and zone files"
+
+ checkconfig || { eend 1; return 1; }
+
+ _get_pidfile
+ if [ -n "${PIDFILE}" ]; then
+ start-stop-daemon --pidfile $PIDFILE --signal HUP
+ ret=$?
+ else
+ ewarn "Unable to determine the pidfile... this is"
+ ewarn "a fallback mode. Please check your installation!"
+
+ $RC_SERVICE restart
+ ret=$?
+ fi
+
+ eend $ret
+}