diff options
Diffstat (limited to 'dns/bind918/files')
| -rw-r--r-- | dns/bind918/files/BIND.chroot.dist | 24 | ||||
| -rw-r--r-- | dns/bind918/files/BIND.chroot.local.dist | 18 | ||||
| -rw-r--r-- | dns/bind918/files/empty.db | 8 | ||||
| -rw-r--r-- | dns/bind918/files/extrapatch-bind-min-override-ttl | 61 | ||||
| -rw-r--r-- | dns/bind918/files/extrapatch-bind-tools | 28 | ||||
| -rw-r--r-- | dns/bind918/files/extrapatch-no-bind-tools | 22 | ||||
| -rw-r--r-- | dns/bind918/files/localhost-forward.db | 8 | ||||
| -rw-r--r-- | dns/bind918/files/localhost-reverse.db | 10 | ||||
| -rw-r--r-- | dns/bind918/files/named.conf.in | 378 | ||||
| -rw-r--r-- | dns/bind918/files/named.in | 452 | ||||
| -rw-r--r-- | dns/bind918/files/named.root | 92 | ||||
| -rw-r--r-- | dns/bind918/files/patch-bin_named_include_named_globals.h | 13 | ||||
| -rw-r--r-- | dns/bind918/files/patch-configure.ac | 13 | ||||
| -rw-r--r-- | dns/bind918/files/pkg-message.in | 22 |
14 files changed, 1149 insertions, 0 deletions
diff --git a/dns/bind918/files/BIND.chroot.dist b/dns/bind918/files/BIND.chroot.dist new file mode 100644 index 000000000000..5616dd712f6b --- /dev/null +++ b/dns/bind918/files/BIND.chroot.dist @@ -0,0 +1,24 @@ +# mtree -deU -f files/BIND.chroot.dist -p tmp +# mtree -cjnb -k uname,gname,mode -p tmp + +/set type=file uname=root gname=wheel mode=0755 +. type=dir + dev type=dir mode=0555 + .. + etc type=dir + .. + tmp type=dir mode=01777 + .. +/set type=file uname=bind gname=bind mode=0755 + var type=dir uname=root gname=wheel + dump type=dir + .. + log type=dir + .. + run type=dir + named type=dir + .. + .. + stats type=dir + .. + .. diff --git a/dns/bind918/files/BIND.chroot.local.dist b/dns/bind918/files/BIND.chroot.local.dist new file mode 100644 index 000000000000..ba248df5c430 --- /dev/null +++ b/dns/bind918/files/BIND.chroot.local.dist @@ -0,0 +1,18 @@ +# mtree -deU -f files/BIND.etc.dist -p tmp +# mtree -cjnb -k uname,gname,mode -p tmp + +/set type=file uname=root gname=wheel mode=0755 +. type=dir + etc type=dir +/set type=file uname=bind gname=wheel mode=0755 + namedb type=dir uname=root + dynamic type=dir + .. + primary type=dir uname=root + .. + secondary type=dir + .. + working type=dir + .. + .. + .. diff --git a/dns/bind918/files/empty.db b/dns/bind918/files/empty.db new file mode 100644 index 000000000000..30870e74342f --- /dev/null +++ b/dns/bind918/files/empty.db @@ -0,0 +1,8 @@ +$TTL 3h +@ SOA @ nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + +@ NS @ + +; Silence a BIND warning +@ A 127.0.0.1 diff --git a/dns/bind918/files/extrapatch-bind-min-override-ttl b/dns/bind918/files/extrapatch-bind-min-override-ttl new file mode 100644 index 000000000000..e9dd87270a1e --- /dev/null +++ b/dns/bind918/files/extrapatch-bind-min-override-ttl @@ -0,0 +1,61 @@ +Add the override-cache-ttl feature. + +--- bin/named/config.c.orig 2022-01-24 08:28:57 UTC ++++ bin/named/config.c +@@ -172,6 +172,7 @@ options {\n\ + notify-source *;\n\ + notify-source-v6 *;\n\ + nsec3-test-zone no;\n\ ++ override-cache-ttl 0; /* do not override */\n\ + parental-source *;\n\ + parental-source-v6 *;\n\ + provide-ixfr true;\n\ +--- bin/named/server.c.orig 2022-01-24 08:28:57 UTC ++++ bin/named/server.c +@@ -4482,6 +4482,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl + } + + obj = NULL; ++ result = named_config_get(maps, "override-cache-ttl", &obj); ++ INSIST(result == ISC_R_SUCCESS); ++ view->overridecachettl = cfg_obj_asduration(obj); ++ ++ obj = NULL; + result = named_config_get(maps, "max-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->maxcachettl = cfg_obj_asduration(obj); +--- lib/dns/include/dns/view.h.orig 2022-01-24 08:28:57 UTC ++++ lib/dns/include/dns/view.h +@@ -155,6 +155,7 @@ struct dns_view { + bool requestnsid; + bool sendcookie; + dns_ttl_t maxcachettl; ++ dns_ttl_t overridecachettl; + dns_ttl_t maxncachettl; + dns_ttl_t mincachettl; + dns_ttl_t minncachettl; +--- lib/dns/resolver.c.orig 2022-01-24 08:28:57 UTC ++++ lib/dns/resolver.c +@@ -6119,6 +6119,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes + } + + /* ++ * Enforce the configure cache TTL override. ++ */ ++ if (res->view->overridecachettl) ++ rdataset->ttl = res->view->overridecachettl; ++ ++ /* + * Enforce the configure maximum cache TTL. + */ + if (rdataset->ttl > res->view->maxcachettl) { +--- lib/isccfg/namedconf.c.orig 2022-01-24 08:28:57 UTC ++++ lib/isccfg/namedconf.c +@@ -2086,6 +2086,7 @@ static cfg_clausedef_t view_clauses[] = { + #endif /* ifdef HAVE_LMDB */ + { "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "max-cache-size", &cfg_type_sizeorpercent, 0 }, ++ { "override-cache-ttl", &cfg_type_duration, 0 }, + { "max-cache-ttl", &cfg_type_duration, 0 }, + { "max-clients-per-query", &cfg_type_uint32, 0 }, + { "max-ncache-ttl", &cfg_type_duration, 0 }, diff --git a/dns/bind918/files/extrapatch-bind-tools b/dns/bind918/files/extrapatch-bind-tools new file mode 100644 index 000000000000..a38b3bd1fa14 --- /dev/null +++ b/dns/bind918/files/extrapatch-bind-tools @@ -0,0 +1,28 @@ +Only select the "tools" part of bind for building. + +--- Makefile.am.orig 2021-09-24 03:34:18 UTC ++++ Makefile.am +@@ -8,8 +8,6 @@ CLEANFILES = bind.keys.h + bind.keys.h: bind.keys Makefile + ${PERL} ${top_srcdir}/util/bindkeys.pl ${top_srcdir}/bind.keys > $@ + +-dist_sysconf_DATA = bind.keys +- + .PHONY: doc + + EXTRA_DIST = \ +--- bin/Makefile.am.orig 2021-09-24 03:34:18 UTC ++++ bin/Makefile.am +@@ -1 +1 @@ +-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins ++SUBDIRS = dig delv dnssec tools nsupdate +--- bin/tools/Makefile.am.orig 2021-09-24 03:34:18 UTC ++++ bin/tools/Makefile.am +@@ -11,7 +11,6 @@ LDADD += \ + bin_PROGRAMS = \ + arpaname \ + mdig \ +- named-journalprint \ + named-rrchecker \ + nsec3hash + diff --git a/dns/bind918/files/extrapatch-no-bind-tools b/dns/bind918/files/extrapatch-no-bind-tools new file mode 100644 index 000000000000..d53088bec0f4 --- /dev/null +++ b/dns/bind918/files/extrapatch-no-bind-tools @@ -0,0 +1,22 @@ +Exclude the "tools" from building and installing. + +--- bin/Makefile.am.orig 2021-09-17 07:10:48 UTC ++++ bin/Makefile.am +@@ -1 +1 @@ +-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins ++SUBDIRS = named rndc tools check confgen tests plugins +--- bin/tools/Makefile.am.orig 2021-09-17 07:10:48 UTC ++++ bin/tools/Makefile.am +@@ -9,11 +9,7 @@ LDADD += \ + $(LIBISC_LIBS) + + bin_PROGRAMS = \ +- arpaname \ +- mdig \ +- named-journalprint \ +- named-rrchecker \ +- nsec3hash ++ named-journalprint + + arpaname_LDADD = \ + $(LIBISC_LIBS) diff --git a/dns/bind918/files/localhost-forward.db b/dns/bind918/files/localhost-forward.db new file mode 100644 index 000000000000..fdd2e9ce4bee --- /dev/null +++ b/dns/bind918/files/localhost-forward.db @@ -0,0 +1,8 @@ +$TTL 3h +localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + + A 127.0.0.1 + AAAA ::1 diff --git a/dns/bind918/files/localhost-reverse.db b/dns/bind918/files/localhost-reverse.db new file mode 100644 index 000000000000..376e94fa94a8 --- /dev/null +++ b/dns/bind918/files/localhost-reverse.db @@ -0,0 +1,10 @@ +$TTL 3h +@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + +1.0.0 PTR localhost. + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. + diff --git a/dns/bind918/files/named.conf.in b/dns/bind918/files/named.conf.in new file mode 100644 index 000000000000..53704771a136 --- /dev/null +++ b/dns/bind918/files/named.conf.in @@ -0,0 +1,378 @@ +// Refer to the named.conf(5) and named(8) man pages, and the documentation +// in /usr/local/share/doc/bind for more details. +// +// If you are going to set up an authoritative server, make sure you +// understand the hairy details of how DNS works. Even with +// simple mistakes, you can break connectivity for affected parties, +// or cause huge amounts of useless Internet traffic. + +options { + // All file and path names are relative to the chroot directory, + // if any, and should be fully qualified. + directory "%%ETCDIR%%/working"; + pid-file "/var/run/named/pid"; + dump-file "/var/dump/named_dump.db"; + statistics-file "/var/stats/named.stats"; + +// If named is being used only as a local resolver, this is a safe default. +// For named to be accessible to the network, comment this option, specify +// the proper IP address, or delete this option. + listen-on { 127.0.0.1; }; + +// If you have IPv6 enabled on this system, uncomment this option for +// use as a local resolver. To give access to the network, specify +// an IPv6 address, or the keyword "any". +// listen-on-v6 { ::1; }; + +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + +// If you've got a DNS server around at your upstream provider, enter +// its IP address here, and enable the line below. This will make you +// benefit from its cache, thus reduce overall DNS traffic in the Internet. +/* + forwarders { + 127.0.0.1; + }; +*/ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "%%ETCDIR%%/auto_forward.conf"; + + /* + Modern versions of BIND use a random UDP port for each outgoing + query by default in order to dramatically reduce the possibility + of cache poisoning. All users are strongly encouraged to utilize + this feature, and to configure their firewalls to accommodate it. + + AS A LAST RESORT in order to get around a restrictive firewall + policy you can try enabling the option below. Use of this option + will significantly reduce your ability to withstand cache poisoning + attacks, and should be avoided if at all possible. + + Replace NNNNN in the example with a number between 49160 and 65530. + */ + // query-source address * port NNNNN; +}; + +// If you enable a local name server, don't forget to enter 127.0.0.1 +// first in your /etc/resolv.conf so this server will be queried. +// Also, make sure to enable it in /etc/rc.conf. + +// The traditional root hints mechanism. Use this, OR the secondary zones below. +zone "." { type hint; file "%%ETCDIR%%/named.root"; }; + +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + On the other hand, this method requires more monitoring than the + hints file to be sure that an unexpected failure mode has not + incapacitated your server. Name servers that are serving a lot + of clients will benefit more from this approach than individual + hosts. Use with caution. + + To use this mechanism, uncomment the entries below, and comment + the hint zone above. + + As documented at http://dns.icann.org/services/axfr/ these zones: + "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others + are available for AXFR from these servers on IPv4 and IPv6: + xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org +*/ +/* +zone "." { + type secondary; + file "%%ETCDIR%%/secondary/root.secondary"; + primaries { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +zone "arpa" { + type secondary; + file "%%ETCDIR%%/secondary/arpa.secondary"; + primaries { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +zone "in-addr.arpa" { + type secondary; + file "%%ETCDIR%%/secondary/in-addr.arpa.secondary"; + primaries { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +zone "ip6.arpa" { + type secondary; + file "%%ETCDIR%%/secondary/ip6.arpa.secondary"; + primaries { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +*/ + +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) +zone "localhost" { type primary; file "%%ETCDIR%%/primary/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address (RFC 6303) +zone "0.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912, 5735 and 6303) +zone "0.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// Private Use Networks (RFCs 1918, 5735 and 6303) +zone "10.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "16.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "17.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "18.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "19.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "20.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "21.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "22.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "23.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "24.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "25.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "26.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "27.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "28.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "29.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "30.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "31.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "168.192.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// Shared Address Space (RFC 6598) +zone "64.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "65.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "66.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "67.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "68.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "69.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "70.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "71.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "72.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "73.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "74.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "75.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "76.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "77.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "78.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "79.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "80.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "81.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "82.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "83.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "84.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "85.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "86.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "87.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "88.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "89.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "90.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "91.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "92.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "93.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "94.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "95.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "96.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "97.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "98.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "99.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "100.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "101.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "102.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "103.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "104.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "105.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "106.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "107.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "108.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "109.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "110.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "111.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "112.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "113.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "114.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "115.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "116.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "117.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "118.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "119.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "120.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "121.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "122.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "123.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "124.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "125.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "126.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "127.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// Link-local/APIPA (RFCs 3927, 5735 and 6303) +zone "254.169.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IETF protocol assignments (RFCs 5735 and 5736) +zone "0.0.192.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) +zone "2.0.192.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "100.51.198.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "113.0.203.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IPv6 Example Range for Documentation (RFCs 3849 and 6303) +zone "8.b.d.0.1.0.0.2.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// Router Benchmark Testing (RFCs 2544 and 5735) +zone "18.198.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "19.198.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IANA Reserved - Old Class E Space (RFC 5735) +zone "240.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "241.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "242.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "243.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "244.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "245.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "246.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "247.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "248.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "249.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "250.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "251.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "252.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "253.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "254.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "3.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "4.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "5.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "6.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "7.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "8.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "9.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "a.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "b.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "c.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "d.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "e.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "0.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "1.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "2.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "3.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "4.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "5.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "6.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "7.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "8.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "9.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "a.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "b.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "0.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "1.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "2.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "3.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "4.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "5.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "6.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "7.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IPv6 ULA (RFCs 4193 and 6303) +zone "c.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "d.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IPv6 Link Local (RFCs 4291 and 6303) +zone "8.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "9.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "a.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "b.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) +zone "c.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "d.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "e.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; +zone "f.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type primary; file "%%ETCDIR%%/primary/empty.db"; }; + +// NB: Do not use the IP addresses below, they are faked, and only +// serve demonstration/documentation purposes! +// +// Example secondary zone config entries. It can be convenient to become +// a secondary at least for the zone your own domain is in. Ask +// your network administrator for the IP address of the responsible +// primary name server. +// +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. +// +// Before starting to set up a primary zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a secondary zone is usually simpler. +// +// NB: Don't blindly enable the examples below. :-) Use actual names +// and addresses instead. + +/* An example dynamic zone +key "exampleorgkey" { + algorithm hmac-md5; + secret "sf87HJqjkqh8ac87a02lla=="; +}; +zone "example.org" { + type primary; + allow-update { + key "exampleorgkey"; + }; + file "%%ETCDIR%%/dynamic/example.org"; +}; +*/ + +/* Example of a secondary reverse zone +zone "1.168.192.in-addr.arpa" { + type secondary; + file "%%ETCDIR%%/secondary/1.168.192.in-addr.arpa"; + primaries { + 192.168.1.1; + }; +}; +*/ diff --git a/dns/bind918/files/named.in b/dns/bind918/files/named.in new file mode 100644 index 000000000000..0d19435000cc --- /dev/null +++ b/dns/bind918/files/named.in @@ -0,0 +1,452 @@ +#!/bin/sh + +# PROVIDE: named +# REQUIRE: %%NAMED_REQUIRE%% +# BEFORE: %%NAMED_BEFORE%% +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable BIND: +# named_enable (bool): Run named, the DNS server (or NO). +# named_program (str): Path to named, if you want a different one. +# named_conf (str): Path to the configuration file +# named_flags (str): Use this for flags OTHER than -u and -c +# named_uid (str): User to run named as +# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it) +# Historically, was /var/named +# named_chroot_autoupdate (bool): Automatically install/update chrooted +# components of named. +# named_symlink_enable (bool): Symlink the chrooted pid file +# named_wait (bool): Wait for working name service before exiting +# named_wait_host (str): Hostname to check if named_wait is enabled +# named_auto_forward (str): Set up forwarders from /etc/resolv.conf +# named_auto_forward_only (str): Do "forward only" instead of "forward first" +# + +. /etc/rc.subr + +name=named +desc="named BIND startup script" +rcvar=named_enable + +load_rc_config ${name} + +extra_commands=reload + +start_precmd=named_prestart +start_postcmd=named_poststart +reload_cmd=named_reload +stop_cmd=named_stop +stop_postcmd=named_poststop + +named_enable=${named_enable:-"NO"} +named_program=${named_program:-"%%PREFIX%%/sbin/named"} +named_conf=${named_conf:-"%%ETCDIR%%/named.conf"} +named_flags=${named_flags:-""} +named_uid=${named_uid:-"bind"} +named_chrootdir=${named_chrootdir:-""} +named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"} +named_symlink_enable=${named_symlink_enable:-"YES"} +named_wait=${named_wait:-"NO"} +named_wait_host=${named_wait_host:-"localhost"} +named_auto_forward=${named_auto_forward:-"NO"} +named_auto_forward_only=${named_auto_forward_only:-"NO"} + +# Not configuration variables but having them here keeps rclint happy +required_dirs="${named_chrootdir}" +_named_confdirroot="${named_conf%/*}" +_named_confdir="${named_chrootdir}${_named_confdirroot}" +_named_program_root="${named_program%/sbin/named}" +_openssl_engines="%%ENGINES%%" + +# Needed if named.conf and rndc.conf are moved or if rndc.conf is used +rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} +rndc_key=${rndc_key:-"$_named_confdir/rndc.key"} + +# If running in a chroot cage, ensure that the appropriate files +# exist inside the cage, as well as helper symlinks into the cage +# from outside. +# +# As this is called after the is_running and required_dir checks +# are made in run_rc_command(), we can safely assume ${named_chrootdir} +# exists and named isn't running at this point (unless forcestart +# is used). +# +chroot_autoupdate() +{ + local file + + # If it's the first time around, fiddle with things and move the + # current configuration to the chroot. + if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then + warn "named chroot: Moving current configuration in the chroot!" + install -d ${_named_confdir%/*} + mv ${_named_confdirroot} ${_named_confdir} + fi + + # Create (or update) the chroot directory structure + # + if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then + mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \ + -p ${named_chrootdir} + else + warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing," + warn "${named_chrootdir} directory structure not updated" + fi + if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then + mkdir -p ${named_chrootdir}%%PREFIX%% + mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \ + -p ${named_chrootdir}%%PREFIX%% + else + warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing," + warn "${named_chrootdir}%%PREFIX%% directory structure not updated" + fi + + # Create (or update) the configuration directory symlink + # + if [ ! -L "${_named_confdirroot}" ]; then + if [ -d "${_named_confdirroot}" ]; then + warn "named chroot: ${_named_confdirroot} is a directory!" + elif [ -e "${_named_confdirroot}" ]; then + warn "named chroot: ${_named_confdirroot} exists!" + else + ln -s ${_named_confdir} ${_named_confdirroot} + fi + else + # Make sure it points to the right place. + ln -shf ${_named_confdir} ${_named_confdirroot} + fi + + # Mount a devfs in the chroot directory if needed + # + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null + devfs_domount ${named_chrootdir}/dev devfsrules_hide_all + devfs -m ${named_chrootdir}/dev rule apply path null unhide + devfs -m ${named_chrootdir}/dev rule apply path random unhide + else + if [ -c ${named_chrootdir}/dev/null -a \ + -c ${named_chrootdir}/dev/random ]; then + info "named chroot: using pre-mounted devfs." + else + err 1 "named chroot: devfs cannot be mounted from " \ + "within a jail. Thus a chrooted named cannot " \ + "be run from within a jail. Either mount the " \ + "devfs with null and random from the host, or " \ + "run named without chrooting it, set " \ + "named_chrootdir=\"\" in /etc/rc.conf." + fi + fi + + # The OpenSSL engines and BIND9 plugins should be present in the + # chroot, named loads them after chrooting. + null_mount_or_copy ${_openssl_engines} + null_mount_or_copy %%PREFIX%%/lib/named + + # Copy and/or update key files to the chroot /etc + # + for file in localtime protocols services; do + if [ -r /etc/${file} ] && \ + ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then + cp -p /etc/${file} "${named_chrootdir}/etc/${file}" + fi + done +} + +# Make symlinks to the correct pid file +# +make_symlinks() +{ + checkyesno named_symlink_enable && + ln -fs "${named_chrootdir}${pidfile}" ${pidfile} && + ln -fs "${named_chrootdir}${sessionkeyfile}" ${sessionkeyfile} +} + +named_poststart() +{ + make_symlinks + + if checkyesno named_wait; then + until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do + echo " Waiting for nameserver to resolve ${named_wait_host}" + sleep 1 + done + fi +} + +named_reload() +{ + # This is a one line function, but ${named_program} is not defined early + # enough to be there when the reload_cmd variable is defined up there. + rndc reload +} + +find_pidfile() +{ + if get_pidfile_from_conf pid-file ${named_conf}; then + pidfile="${_pidfile_from_conf}" + else + pidfile="/var/run/named/pid" + fi +} + +find_sessionkeyfile() +{ + if get_pidfile_from_conf session-keyfile ${named_conf}; then + sessionkeyfile="${_pidfile_from_conf}" + else + sessionkeyfile="/var/run/named/session.key" + fi +} + +named_stop() +{ + find_pidfile + + # This duplicates an undesirably large amount of code from the stop + # routine in rc.subr in order to use rndc to shut down the process, + # and to give it a second chance in case rndc fails. + rc_pid=$(check_pidfile ${pidfile} ${command}) + if [ -z "${rc_pid}" ]; then + [ -n "${rc_fast}" ] && return 0 + _run_rc_notrunning + return 1 + fi + echo 'Stopping named.' + if rndc stop; then + wait_for_pids ${rc_pid} + else + echo -n 'rndc failed, trying kill: ' + kill -TERM ${rc_pid} + wait_for_pids ${rc_pid} + fi +} + +named_poststop() +{ + if [ -n "${named_chrootdir}" ]; then + null_umount %%PREFIX%%/lib/named + null_umount ${_openssl_engines} + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi + fi + fi +} + +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 +} + +null_mount_or_copy() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + mkdir -p ${named_chrootdir}${dir} + if can_mount nullfs ; then + mount -t nullfs ${dir} ${named_chrootdir}${dir} + else + warn "named chroot: cannot nullfs mount OpenSSL" \ + "engines into the chroot, will copy the shared" \ + "libraries instead." + cp -f ${dir}/*.so ${named_chrootdir}${dir} + fi + fi +} + +null_umount() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${dir} + fi + fi +} + +create_file() +{ + if [ -e "$1" ]; then + unlink $1 + fi + install -o root -g wheel -m 0644 /dev/null $1 +} + +rndc() +{ + if [ -z "${rndc_flags}" ]; then + if [ -s "${rndc_conf}" ] ; then + rndc_flags="-c ${rndc_conf}" + elif [ -s "${rndc_key}" ] ; then + rndc_flags="-k ${rndc_key}" + else + rndc_flags="" + fi + fi + + ${_named_program_root}/sbin/rndc ${rndc_flags} "$@" +} + +named_prestart() +{ + find_pidfile + find_sessionkeyfile + + if [ -n "${named_pidfile}" ]; then + warn 'named_pidfile: now determined from the conf file' + fi + + if [ -n "${named_sessionkeyfile}" ]; then + warn 'named_sessionkeyfile: now determined from the conf file' + fi + + piddir=`/usr/bin/dirname ${pidfile}` + if [ ! -d ${piddir} ]; then + install -d -o ${named_uid} -g ${named_uid} ${piddir} + fi + + sessionkeydir=`/usr/bin/dirname ${sessionkeyfile}` + if [ ! -d ${sessionkeydir} ]; then + install -d -o ${named_uid} -g ${named_uid} ${sessionkeydir} + fi + + command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}" + + local line nsip firstns + + # Is the user using a sandbox? + # + if [ -n "${named_chrootdir}" ]; then + rc_flags="${rc_flags} -t ${named_chrootdir}" + checkyesno named_chroot_autoupdate && chroot_autoupdate + + case "${altlog_proglist}" in + *named*) + ;; + *) + warn 'Using chroot without setting altlog_proglist, logging may not' + warn 'work correctly. Run sysrc altlog_proglist+=named' + ;; + esac + else + named_symlink_enable=NO + fi + + # Create an rndc.key file for the user if none exists + # + confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ + -c ${_named_confdir}/rndc.key" + if [ -s "${_named_confdir}/rndc.conf" ]; then + unset confgen_command + fi + if [ -s "${_named_confdir}/rndc.key" ]; then + case `stat -f%Su ${_named_confdir}/rndc.key` in + root|${named_uid}) ;; + *) ${confgen_command} ;; + esac + else + ${confgen_command} + fi + + local checkconf + + checkconf="${_named_program_root}/bin/named-checkconf" + if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then + checkconf="${checkconf} -t ${named_chrootdir}" + fi + + # Create a forwarder configuration based on /etc/resolv.conf + if checkyesno named_auto_forward; then + if [ ! -s /etc/resolv.conf ]; then + warn "named_auto_forward enabled, but no /etc/resolv.conf" + + # Empty the file in case it is included in named.conf + [ -s "${_named_confdir}/auto_forward.conf" ] && + create_file ${_named_confdir}/auto_forward.conf + + ${checkconf} ${named_conf} || + err 3 'named-checkconf for ${named_conf} failed' + return + fi + + create_file /var/run/naf-resolv.conf + create_file /var/run/auto_forward.conf + + echo ' forwarders {' > /var/run/auto_forward.conf + + while read line; do + case "${line}" in + 'nameserver '*|'nameserver '*) + nsip=${line##nameserver[ ]} + + if [ -z "${firstns}" ]; then + if [ ! "${nsip}" = '127.0.0.1' ]; then + echo 'nameserver 127.0.0.1' + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + + firstns=1 + else + [ "${nsip}" = '127.0.0.1' ] && continue + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + ;; + esac + + echo ${line} + done < /etc/resolv.conf > /var/run/naf-resolv.conf + + echo ' };' >> /var/run/auto_forward.conf + echo '' >> /var/run/auto_forward.conf + if checkyesno named_auto_forward_only; then + echo " forward only;" >> /var/run/auto_forward.conf + else + echo " forward first;" >> /var/run/auto_forward.conf + fi + + if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then + unlink /var/run/naf-resolv.conf + else + [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf + mv /var/run/naf-resolv.conf /etc/resolv.conf + fi + + if cmp -s ${_named_confdir}/auto_forward.conf \ + /var/run/auto_forward.conf; then + unlink /var/run/auto_forward.conf + else + [ -e "${_named_confdir}/auto_forward.conf" ] && + unlink ${_named_confdir}/auto_forward.conf + mv /var/run/auto_forward.conf \ + ${_named_confdir}/auto_forward.conf + fi + else + # Empty the file in case it is included in named.conf + [ -s "${_named_confdir}/auto_forward.conf" ] && + create_file ${_named_confdir}/auto_forward.conf + fi + + ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed" +} + +run_rc_command "$1" diff --git a/dns/bind918/files/named.root b/dns/bind918/files/named.root new file mode 100644 index 000000000000..6f15474277e1 --- /dev/null +++ b/dns/bind918/files/named.root @@ -0,0 +1,92 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: November 16, 2017 +; related version of root zone: 2017111601 +; +; FORMERLY NS.INTERNIC.NET +; +. 3600000 NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file diff --git a/dns/bind918/files/patch-bin_named_include_named_globals.h b/dns/bind918/files/patch-bin_named_include_named_globals.h new file mode 100644 index 000000000000..6b9d61afe30c --- /dev/null +++ b/dns/bind918/files/patch-bin_named_include_named_globals.h @@ -0,0 +1,13 @@ +We reference the pid file as being run/named/pid everywere else. + +--- bin/named/include/named/globals.h.orig 2021-09-17 07:10:48 UTC ++++ bin/named/include/named/globals.h +@@ -133,7 +133,7 @@ EXTERN bool named_g_forcelock INIT(false); + + #if NAMED_RUN_PID_DIR + EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/" +- "named.pid"); ++ "pid"); + #else /* if NAMED_RUN_PID_DIR */ + EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/" + "named.pid"); diff --git a/dns/bind918/files/patch-configure.ac b/dns/bind918/files/patch-configure.ac new file mode 100644 index 000000000000..7ca1502ec151 --- /dev/null +++ b/dns/bind918/files/patch-configure.ac @@ -0,0 +1,13 @@ +automake has warnings, it is ok here. + +--- configure.ac.orig 2022-01-24 20:06:11 UTC ++++ configure.ac +@@ -48,7 +48,7 @@ AC_CANONICAL_HOST + AC_CANONICAL_TARGET + + AC_CONFIG_SRCDIR([bin/named/main.c]) +-AM_INIT_AUTOMAKE([1.9 tar-pax foreign subdir-objects dist-xz no-dist-gzip -Wall -Werror]) ++AM_INIT_AUTOMAKE([1.9 tar-pax foreign subdir-objects dist-xz no-dist-gzip -Wall]) + AM_SILENT_RULES([yes]) + AM_EXTRA_RECURSIVE_TARGETS([test unit doc]) + diff --git a/dns/bind918/files/pkg-message.in b/dns/bind918/files/pkg-message.in new file mode 100644 index 000000000000..1150a96522ff --- /dev/null +++ b/dns/bind918/files/pkg-message.in @@ -0,0 +1,22 @@ +[ +{ +# %!fmt 59 63 + message: <<EOT +BIND requires configuration of rndc, including a "secret" +key. The easiest, and most secure way to configure rndc is +to run 'rndc-confgen -a' to generate the proper conf file, +with a new random key, and appropriate file permissions. + +The %%PREFIX%%/etc/rc.d/named script will do that for you. + +If using syslog to log the BIND9 activity, and using a +chroot'ed installation, you will need to tell syslog to install +a log socket in the BIND9 chroot by running: + + # sysrc altlog_proglist+=named + +And then restarting syslogd with: service syslogd restart +EOT + type: install +} +] |