From 81f44978bb267adc63ccd7fd7751318d4ff27c11 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Sun, 9 Oct 2016 15:46:47 +0000 Subject: [PATCH] added extra/bind --- extra/bind/127.0.0.zone | 10 +++ extra/bind/PKGBUILD | 127 ++++++++++++++++++++++++++++++++++ extra/bind/bind.install | 13 ++++ extra/bind/empty.zone | 8 +++ extra/bind/localhost.ip6.zone | 10 +++ extra/bind/localhost.zone | 11 +++ extra/bind/named.conf | 72 +++++++++++++++++++ extra/bind/named.service | 11 +++ extra/bind/sysusers.conf | 1 + extra/bind/tmpfiles.conf | 1 + 10 files changed, 264 insertions(+) create mode 100644 extra/bind/127.0.0.zone create mode 100644 extra/bind/PKGBUILD create mode 100644 extra/bind/bind.install create mode 100644 extra/bind/empty.zone create mode 100644 extra/bind/localhost.ip6.zone create mode 100644 extra/bind/localhost.zone create mode 100644 extra/bind/named.conf create mode 100644 extra/bind/named.service create mode 100644 extra/bind/sysusers.conf create mode 100644 extra/bind/tmpfiles.conf diff --git a/extra/bind/127.0.0.zone b/extra/bind/127.0.0.zone new file mode 100644 index 000000000..3c5c96493 --- /dev/null +++ b/extra/bind/127.0.0.zone @@ -0,0 +1,10 @@ +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS localhost. + +1.0.0.127.in-addr.arpa. 1D IN PTR localhost. diff --git a/extra/bind/PKGBUILD b/extra/bind/PKGBUILD new file mode 100644 index 000000000..e193fdce9 --- /dev/null +++ b/extra/bind/PKGBUILD @@ -0,0 +1,127 @@ +# $Id: PKGBUILD 113060 2014-06-12 10:51:06Z seblu $ +# Maintainer: Sébastien Luttringer +# Contributor: Gaetan Bisson +# Contributor: judd +# Contributor: Mario Vazquez + +# ALARM: Kevin Mihelich +# - !makeflags - bind build doesn't like concurrency +# - --disable-seccomp, not supported for ARM + +pkgbase=bind +pkgname=(bind bind-tools) +_pkgver=9.11.0 +pkgver=${_pkgver//-/.} +pkgrel=1 +url='http://www.isc.org/software/bind/' +license=('custom:ISC') +arch=('i686' 'x86_64') +options=('!emptydirs' '!makeflags') +makedepends=('libcap' 'libxml2' 'zlib' 'krb5' 'e2fsprogs' 'openssl' 'readline' + 'idnkit' 'geoip' 'dnssec-anchors' 'python' 'json-c' 'python-ply' 'libseccomp') +validpgpkeys=('2B48A38AE1CF9886435F89EE45AC7857189CDBC5' + 'ADBE9446286C794905F1E0756FA6EBC9911A4C02') #ISC, Inc +source=("http://ftp.isc.org/isc/bind9/${_pkgver}/bind-${_pkgver}.tar.gz"{,.asc} + 'tmpfiles.conf' + 'sysusers.conf' + 'named.conf' + 'named.service' + 'localhost.zone' + 'localhost.ip6.zone' + '127.0.0.zone' + 'empty.zone') +sha1sums=('6fbb59cc435b79e9cea4747aacbad1314d38ac95' + 'SKIP' + 'c5a2bcd9b0f009ae71f3a03fbdbe012196962a11' + '9537f4835a1f736788d0733c7996a10db2d4eee4' + 'c017aae379c32c7cb1aa1ad84776b83e3a5c139f' + 'cb2e81b4cbf9efafb3e81e3752f0154e779cc7ec' + '6704303a6ed431a29b1d8fe7b12decd4d1f2f50f' + '52da8f1c0247a11b16daa4e03d920e8f09315cbe' + '9c33726088342207ad06d33b2c13408290a0c8ad' + '4f4457b310cbbeadca2272eced062a9c2b2b42fe') + +prepare() { + msg2 'Getting a fresh version of root DNS' + # no more using source array, lack of versioning. + curl -o root.hint http://www.internic.net/zones/named.root + [[ -s root.hint ]] +} + +build() { + cd bind-$_pkgver + export CFLAGS+=' -DDIG_SIGCHASE' + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --localstatedir=/var \ + --disable-static \ + --enable-ipv6 \ + --enable-filter-aaaa \ + --enable-fixed-rrset \ + --disable-seccomp \ + --enable-full-report \ + --with-python=/usr/bin/python \ + --with-geoip \ + --with-idn \ + --with-openssl \ + --with-libjson \ + --with-libxml2 \ + --with-libtool + make +} + +package_bind() { + pkgdesc='The ISC DNS Server' + provides=('dns-server') + depends=('glibc' 'libxml2' 'libcap' 'libseccomp' 'openssl' 'geoip' 'json-c' + 'bind-tools') + backup=('etc/named.conf' + 'var/named/127.0.0.zone' + 'var/named/localhost.zone' + 'var/named/localhost.ip6.zone' + 'var/named/empty.zone') + install=$pkgname.install + + cd "bind-$_pkgver" + install -Dm644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + for _d in bin/{check,confgen,named,rndc}; do + (cd "$_d" && make DESTDIR="$pkgdir" install) + done + + cd "$srcdir" + install -D -m644 tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" + install -D -m644 sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" + + install -D -m644 named.service "$pkgdir/usr/lib/systemd/system/named.service" + install -D -m640 -o 0 -g 40 named.conf "$pkgdir/etc/named.conf" + + install -d -m770 -o 0 -g 40 "$pkgdir/var/named" + install -m640 -o 0 -g 40 root.hint "$pkgdir/var/named" + install -m640 -o 0 -g 40 localhost.zone "$pkgdir/var/named" + install -m640 -o 0 -g 40 localhost.ip6.zone "$pkgdir/var/named" + install -m640 -o 0 -g 40 127.0.0.zone "$pkgdir/var/named" + install -m640 -o 0 -g 40 empty.zone "$pkgdir/var/named" +} + +package_bind-tools() { + pkgdesc='The ISC DNS tools' + depends=('glibc' 'libcap' 'libseccomp' 'libxml2' 'zlib' 'krb5' 'e2fsprogs' + 'openssl' 'readline' 'geoip' 'idnkit' 'dnssec-anchors' 'json-c' + 'python') + optdepends=('python: for python scripts') + conflicts=('dnsutils') + replaces=('dnsutils' 'host') + provides=("dnsutils=$pkgver") + + cd "bind-$_pkgver" + install -Dm644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + make DESTDIR="$pkgdir" SUBDIRS="" install + (cd lib && make DESTDIR="$pkgdir" install) + for _d in bin/{dig,dnssec,delv,nsupdate,python,tools}; do + (cd "$_d" && make DESTDIR="$pkgdir" install) + done +} + +# vim:set ts=2 sw=2 et: diff --git a/extra/bind/bind.install b/extra/bind/bind.install new file mode 100644 index 000000000..a38c41503 --- /dev/null +++ b/extra/bind/bind.install @@ -0,0 +1,13 @@ +post_install() { + systemd-sysusers bind.conf + systemd-tmpfiles --create bind.conf + + # create an rndc.key if it doesn't already exist + if [[ ! -s etc/rndc.key ]]; then + rndc-confgen -r /dev/urandom -b 256 | head -n 5 >>etc/rndc.key + chown root:named etc/rndc.key + chmod 640 etc/rndc.key + fi +} + +# vim:set ts=2 sw=2 et: diff --git a/extra/bind/empty.zone b/extra/bind/empty.zone new file mode 100644 index 000000000..7501c74ed --- /dev/null +++ b/extra/bind/empty.zone @@ -0,0 +1,8 @@ +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS localhost. diff --git a/extra/bind/localhost.ip6.zone b/extra/bind/localhost.ip6.zone new file mode 100644 index 000000000..c021a28ce --- /dev/null +++ b/extra/bind/localhost.ip6.zone @@ -0,0 +1,10 @@ +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS localhost. + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 1D IN PTR localhost. diff --git a/extra/bind/localhost.zone b/extra/bind/localhost.zone new file mode 100644 index 000000000..e87274dab --- /dev/null +++ b/extra/bind/localhost.zone @@ -0,0 +1,11 @@ +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (yyyymmdd##) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum ttl + + 1D IN NS localhost. + +localhost. 1D IN A 127.0.0.1 +localhost. 1D IN AAAA ::1 diff --git a/extra/bind/named.conf b/extra/bind/named.conf new file mode 100644 index 000000000..827445d3b --- /dev/null +++ b/extra/bind/named.conf @@ -0,0 +1,72 @@ +// vim:set ts=4 sw=4 et: + +options { + directory "/var/named"; + pid-file "/run/named/named.pid"; + + // Uncomment these to enable IPv6 connections support + // IPv4 will still work: + // listen-on-v6 { any; }; + // Add this for no IPv4: + // listen-on { none; }; + + allow-recursion { 127.0.0.1; }; + allow-transfer { none; }; + allow-update { none; }; + + version none; + hostname none; + server-id none; +}; + +zone "localhost" IN { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "127.0.0.zone"; +}; + +zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { + type master; + file "localhost.ip6.zone"; +}; + +zone "255.in-addr.arpa" IN { + type master; + file "empty.zone"; +}; + +zone "0.in-addr.arpa" IN { + type master; + file "empty.zone"; +}; + +zone "." IN { + type hint; + file "root.hint"; +}; + +//zone "example.org" IN { +// type slave; +// file "example.zone"; +// masters { +// 192.168.1.100; +// }; +// allow-query { any; }; +// allow-transfer { any; }; +//}; + +//logging { +// channel xfer-log { +// file "/var/log/named.log"; +// print-category yes; +// print-severity yes; +// severity info; +// }; +// category xfer-in { xfer-log; }; +// category xfer-out { xfer-log; }; +// category notify { xfer-log; }; +//}; diff --git a/extra/bind/named.service b/extra/bind/named.service new file mode 100644 index 000000000..1a7832edc --- /dev/null +++ b/extra/bind/named.service @@ -0,0 +1,11 @@ +[Unit] +Description=Internet domain name server +After=network.target + +[Service] +ExecStart=/usr/bin/named -f -u named +ExecReload=/usr/bin/rndc reload +ExecStop=/usr/bin/rndc stop + +[Install] +WantedBy=multi-user.target diff --git a/extra/bind/sysusers.conf b/extra/bind/sysusers.conf new file mode 100644 index 000000000..b02acb172 --- /dev/null +++ b/extra/bind/sysusers.conf @@ -0,0 +1 @@ +u named 40 "BIND DNS Server" - diff --git a/extra/bind/tmpfiles.conf b/extra/bind/tmpfiles.conf new file mode 100644 index 000000000..1cfc82d08 --- /dev/null +++ b/extra/bind/tmpfiles.conf @@ -0,0 +1 @@ +d /run/named 0750 named named -