add bind with sdb-ldap
git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/mds@2827 6952d904-891a-0410-993b-d76249ca496b
This commit is contained in:
parent
9c2c3c4405
commit
0013c2a416
1441
net-dns/bind/ChangeLog
Normal file
1441
net-dns/bind/ChangeLog
Normal file
File diff suppressed because it is too large
Load Diff
24
net-dns/bind/Manifest
Normal file
24
net-dns/bind/Manifest
Normal file
@ -0,0 +1,24 @@
|
||||
AUX 10bind.env 27 RMD160 872245707b4f72a212cda162c59495744d77a6e3 SHA1 7b8c1abd5910bb7a07c6b7c820c2b34a534b2593 SHA256 5ad6a4402372b43809618051873b63646746f400447bba30dc4dfecd028e3650
|
||||
AUX 127.zone-r1 533 RMD160 2795c6c27912a73ac45582f33de3182382db3a5d SHA1 87fcb2b96db4cef99d25fa87759dd32ea2ac5559 SHA256 0fa4c294640d4191710647d1b18a2099f22ff674b3a35e6e81ff929f921da626
|
||||
AUX bind-dlzmysql5-reconnect.patch 1842 RMD160 687f6128b6511dbeecdfc81b197520b1afd74005 SHA1 7b9b8e1b85f1344e4b5d8566ab868fcb1e87a049 SHA256 7376ac37c2d3fbcf5d8e886008639bdbe642f44c9021f435af370bddd3f03bd4
|
||||
AUX localhost.zone-r3 426 RMD160 b2dfe76923695e6eac49234b7e7f90fef4d1838e SHA1 b84babc535466cacc7001e4c6eb21e22ae11b22d SHA256 3f39e9b5be72435e961cd6f5acdfe396b05640bf370969acf918a939575122bc
|
||||
AUX named.cache 2941 RMD160 c29f47291496e67e72c129db488d07172fe244e6 SHA1 b1575428e8b5f513469a90a32cf163e8db46cab5 SHA256 35f7fcf2b177678cf362af7ac942f7f1a1c102c045dc3844991a411fc4c5d277
|
||||
AUX named.conf-r3 1317 RMD160 dace9861fb15a7ad415b23f2452fca5eb3ef2604 SHA1 02385c388d4ca99f68354c83f9e4cae2c2bcb034 SHA256 f431592c2441a27205e1112dcff7b9b07655007c460a309b7968c97688c8e7f4
|
||||
AUX named.conf-r4 5288 RMD160 d5b56d46370b0e54e42aefbe41e1ff290df30439 SHA1 945ee47a99d37c2160829b2fdfd9ffbd3293b333 SHA256 852fc5f2100c94834b59ee64566b7414f0ec12b17751900bb572ab2375c8ca50
|
||||
AUX named.conf-r5 3952 RMD160 e4554204786565b08eefb9d129c7b8e0b3a55454 SHA1 cd5c48aa966760343a807c107839c82ba5b575a0 SHA256 fd1e2cbb7d2b3d00ae658a431c747a2adb35227bf6bc6996db1fe705cf2da943
|
||||
AUX named.confd-r2 479 RMD160 0a0452bf9bb6f18d4628ee72abe82a52d484a2cb SHA1 d0b0e2f5d72d43862c5aaff9a226fd8599992323 SHA256 bae05257852ecbc7f66bd30e452162f15b6f6e8c3fc170fb6dfdfa7d22361915
|
||||
AUX named.confd-r3 719 RMD160 813e82a611c24a0aa3aca0400f499b68727cc8ef SHA1 d4bc0d753e9ec52fa9091b10eca10aee4462b83c SHA256 b37c19dccf3af6e313b09720c12ef7de107a297d2434c78b7101cd67ba0798f6
|
||||
AUX named.confd-r4 1295 RMD160 aa3a3da754405df0362b7ba67a730b5ed4f7da33 SHA1 23ce37d133bd46561b82874709fe784b4470e243 SHA256 061c6c2ffb72859b46c9e8ad8922000cf397c3f91a3681a8b1bf21493ec13491
|
||||
AUX named.confd-r5 1224 RMD160 b353a2bd8c73cbc1f967d04339d4f07db840a5ee SHA1 181a57e1b2c0371ad2704bb61f621498e2bfddff SHA256 00f06f96dc0cc7855bd15d31449b492e3a2502938e8038081c9f09e0d0ce7a08
|
||||
AUX named.init-r5 1798 RMD160 a4cf8a2d19c79c40f7121559a5b0252204ede75b SHA1 0a131aa6b42050c6173c144d26a927f2fe5d3a1b SHA256 71153fce5461d4d85853218371599f5c909c625bacd9894b8a0ff16636773e05
|
||||
AUX named.init-r7 3622 RMD160 4ed3c76403bf5ddc545b0d681b176fbe5f7f8484 SHA1 dfe2e1a0925b23584581f8dd243bc15a9833bbe0 SHA256 9999609ce9ecb7fcafac50174713e72c2af80137f2c7c06fc5cfee26620a3e7e
|
||||
AUX named.init-r8 4417 RMD160 6aac0609b04e8cb3a1a91bf0532506be151a0e01 SHA1 5754951e9163cb0e7cfc2323c8d759c404ac8a27 SHA256 720880c274f14df595370e3fab257e32f08a0df0f3495a212cff86b6933b83d3
|
||||
AUX named.init-r9 4946 RMD160 48cce5a99a8da1eff3492c4896fbae4c1343a675 SHA1 944ed08d22e70ba93625814695535f58feed2083 SHA256 77fd6b4ecb0f7f4baa872d1be1b18d2ea9a913a15f30f63ab904a62ad4325748
|
||||
DIST bind-9.8.0b1.tar.gz 7695239 RMD160 da507be635904bd2c8712d6a372ef14367d1e981 SHA1 0a9b07516ac0610c050743ba1870ea02f9c628ee SHA256 257c14d68759c4ff14fe3cfc34ea4ec7a5b454961b10618d9bec9e24286396eb
|
||||
DIST bind-geoip-1.3-9.7.2-P2.patch 54084 RMD160 fcc2308bd2832df821f76aeb1ea1c5740fadb6f3 SHA1 786c2fd8dde40f235e292f5bd883094863976580 SHA256 c12c03fc25a679d8d4296142597c698ab934e18cc761113553062a66be2875dd
|
||||
DIST bind-geoip-1.3-readme.txt 10040 RMD160 073956324ed4780e0e0cdbf40ae259f85ebef9d2 SHA1 e13ea2f458adfed3f1a20f9fe3eb2bfd484fc0b0 SHA256 380ce89f1a614f46571ad59bddf0f268275691aa2d7a7a7bf1c2a3ef4d26e845
|
||||
DIST bind-sdb-ldap-1.1.0-fc14.patch.bz2 9479 RMD160 e612fd43c10f3ed889a37b1f8ced0d6bee686e73 SHA1 f4d119a9721f53d9a24804ef466c9341c8bad77c SHA256 9b7bf115dd7f767a8bdfc8f1559fe9b3ce25258a0cb34ee1128d4e43d216f970
|
||||
DIST dyndns-samples.tbz2 22866 RMD160 27d5b2d0edb8e1ff16b3f980c38d7af33ccf0c7d SHA1 0a62e9458d0e16b67a3a2f63ea485ce969f1fb4d SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8
|
||||
EBUILD bind-9.8.0_beta1.ebuild 11666 RMD160 39b3100c78260bf1c5a0fbb8ed89e1e40af18127 SHA1 cd7ab5eb91d51835d3cd20a9c5c474f5a299718b SHA256 6df4511a584fb3f24ef1aca987b3e50e648fbd5546e678cb98ef9dd644f7d58f
|
||||
MISC ChangeLog 52977 RMD160 45d7d876663d2e1f51a7dbdfdfb9b0829bafabf4 SHA1 96f759fa5cf0abd647c669ed15b259ac79b31b5e SHA256 65602e78b8cbe32d36e7ab504e00c6aa09ba05bfb821bb0dbb96b4723b189614
|
||||
MISC metadata.xml 687 RMD160 5fd264ad649f713cca1786a3bbeabf2f45acc05b SHA1 b0f68a06a898ef80202d3827f2ecb3f1df33b27a SHA256 3c72d140cb8dc2f418ab79b1a939c192a5fee691e97db425b489a0feb1f99263
|
367
net-dns/bind/bind-9.8.0_beta1.ebuild
Normal file
367
net-dns/bind/bind-9.8.0_beta1.ebuild
Normal file
@ -0,0 +1,367 @@
|
||||
# Copyright 1999-2011 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.7.2_p3-r3.ebuild,v 1.1 2011/01/07 23:37:37 robbat2 Exp $
|
||||
|
||||
EAPI="3"
|
||||
|
||||
inherit eutils autotools toolchain-funcs flag-o-matic
|
||||
|
||||
MY_PV="${PV/_beta/b}"
|
||||
MY_P="${PN}-${MY_PV}"
|
||||
|
||||
SDB_LDAP_VER="1.1.0-fc14"
|
||||
|
||||
GEOIP_PV=1.3
|
||||
#GEOIP_PV_AGAINST="${MY_PV}"
|
||||
GEOIP_PV_AGAINST="9.7.2-P2"
|
||||
GEOIP_P="bind-geoip-${GEOIP_PV}"
|
||||
GEOIP_PATCH_A="${GEOIP_P}-${GEOIP_PV_AGAINST}.patch"
|
||||
GEOIP_DOC_A="${GEOIP_P}-readme.txt"
|
||||
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
|
||||
|
||||
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
|
||||
HOMEPAGE="http://www.isc.org/software/bind"
|
||||
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
|
||||
doc? ( mirror://gentoo/dyndns-samples.tbz2 )
|
||||
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
|
||||
${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
|
||||
sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )"
|
||||
|
||||
LICENSE="as-is"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
IUSE="ssl ipv6 doc dlz postgres berkdb mysql odbc ldap selinux idn threads
|
||||
resolvconf urandom xml geoip gssapi sdb-ldap"
|
||||
|
||||
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
|
||||
mysql? ( >=virtual/mysql-4.0 )
|
||||
odbc? ( >=dev-db/unixODBC-2.2.6 )
|
||||
ldap? ( net-nds/openldap )
|
||||
sdb-ldap? ( net-nds/openldap )
|
||||
idn? ( net-dns/idnkit )
|
||||
postgres? ( dev-db/postgresql-base )
|
||||
threads? ( >=sys-libs/libcap-2.1.0 )
|
||||
xml? ( dev-libs/libxml2 )
|
||||
geoip? ( >=dev-libs/geoip-1.4.6 )
|
||||
gssapi? ( virtual/krb5 )"
|
||||
|
||||
RDEPEND="${DEPEND}
|
||||
selinux? ( sec-policy/selinux-bind )
|
||||
resolvconf? ( net-dns/openresolv )
|
||||
sys-process/psmisc"
|
||||
|
||||
S="${WORKDIR}/${MY_P}"
|
||||
|
||||
pkg_setup() {
|
||||
use threads && {
|
||||
ewarn
|
||||
ewarn "If you're in vserver enviroment, you're probably want to"
|
||||
ewarn "disable threads support because of linux capabilities dependency"
|
||||
ewarn
|
||||
}
|
||||
|
||||
ebegin "Creating named group and user"
|
||||
enewgroup named 40
|
||||
enewuser named 40 -1 /etc/bind named
|
||||
eend ${?}
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
# Adjusting PATHs in manpages
|
||||
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
|
||||
sed -i \
|
||||
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \
|
||||
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
|
||||
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
|
||||
"${i}" || die "sed failed, ${i} doesn't exist"
|
||||
done
|
||||
|
||||
if use dlz; then
|
||||
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
|
||||
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
|
||||
if use mysql && has_version ">=dev-db/mysql-5"; then
|
||||
epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
|
||||
fi
|
||||
fi
|
||||
|
||||
# should be installed by bind-tools
|
||||
sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die
|
||||
|
||||
# sdb-ldap patch as per bug #160567
|
||||
# Upstream URL: http://bind9-ldap.bayour.com/
|
||||
if use sdb-ldap; then
|
||||
# epatch "${FILESDIR}"/bind-9.8.0b1-sdb-ldap-1.patch
|
||||
epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
|
||||
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named
|
||||
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools
|
||||
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools
|
||||
fi
|
||||
|
||||
if use geoip; then
|
||||
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
|
||||
sed -i -e 's/ MINORVER=7/ MINORVER=8/' \
|
||||
-e 's/ PATCHVER=2/ PATCHVER=0/' \
|
||||
-e 's/ RELEASETYPE=-P/ RELEASETYPE=b/' \
|
||||
-e 's/-RELEASEVER=2/-RELEASEVER=1/' \
|
||||
-e 's/+RELEASEVER=2-geoip-1.3/+RELEASEVER=1-geoip-1.3/' \
|
||||
${GEOIP_PATCH_A} || die
|
||||
epatch ${GEOIP_PATCH_A}
|
||||
fi
|
||||
|
||||
# bug #220361
|
||||
rm {aclocal,libtool}.m4
|
||||
WANT_AUTOCONF=2.5 AT_NO_RECURSIVE=1 eautoreconf
|
||||
|
||||
# remove useless c++ checks
|
||||
epunt_cxx
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
local myconf=""
|
||||
|
||||
use dlz && {
|
||||
myconf="${myconf} --with-dlz-filesystem --with-dlz-stub"
|
||||
use postgres && myconf="${myconf} --with-dlz-postgres"
|
||||
use mysql && myconf="${myconf} --with-dlz-mysql"
|
||||
use berkdb && myconf="${myconf} --with-dlz-bdb"
|
||||
use ldap && myconf="${myconf} --with-dlz-ldap"
|
||||
use odbc && myconf="${myconf} --with-dlz-odbc"
|
||||
}
|
||||
|
||||
if use threads; then
|
||||
if use dlz && use mysql; then
|
||||
ewarn
|
||||
ewarn "MySQL uses thread local storage in its C api. Thus MySQL"
|
||||
ewarn "requires that each thread of an application execute a MySQL"
|
||||
ewarn "\"thread initialization\" to setup the thread local storage."
|
||||
ewarn "This is impossible to do safely while staying within the DLZ"
|
||||
ewarn "driver API. This is a limitation caused by MySQL, and not"
|
||||
ewarn "the DLZ API."
|
||||
ewarn "Because of this BIND MUST only run with a single thread when"
|
||||
ewarn "using the MySQL driver."
|
||||
ewarn
|
||||
myconf="${myconf} --disable-linux-caps --disable-threads"
|
||||
ewarn "Threading support disabled"
|
||||
else
|
||||
myconf="${myconf} --enable-linux-caps --enable-threads"
|
||||
einfo "Threading support enabled"
|
||||
fi
|
||||
else
|
||||
myconf="${myconf} --disable-linux-caps --disable-threads"
|
||||
fi
|
||||
|
||||
if use urandom; then
|
||||
myconf="${myconf} --with-randomdev=/dev/urandom"
|
||||
else
|
||||
myconf="${myconf} --with-randomdev=/dev/random"
|
||||
fi
|
||||
|
||||
use geoip && myconf="${myconf} --with-geoip"
|
||||
|
||||
# bug #158664
|
||||
gcc-specs-ssp && replace-flags -O[23s] -O
|
||||
|
||||
export BUILD_CC=$(tc-getBUILD_CC)
|
||||
econf \
|
||||
--sysconfdir=/etc/bind \
|
||||
--localstatedir=/var \
|
||||
--with-libtool \
|
||||
$(use_with ssl openssl) \
|
||||
$(use_with idn) \
|
||||
$(use_enable ipv6) \
|
||||
$(use_with xml libxml2) \
|
||||
$(use_with gssapi) \
|
||||
${myconf}
|
||||
|
||||
# bug #151839
|
||||
echo '#undef SO_BSDCOMPAT' >> config.h
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
emake -j1 || die
|
||||
}
|
||||
|
||||
src_install() {
|
||||
emake DESTDIR="${D}" install || die
|
||||
|
||||
dodoc CHANGES FAQ README
|
||||
|
||||
if use idn; then
|
||||
dodoc contrib/idn/README.idnkit || die
|
||||
fi
|
||||
|
||||
if use doc; then
|
||||
dodoc doc/arm/Bv9ARM.pdf || die
|
||||
|
||||
docinto misc
|
||||
dodoc doc/misc/* || die
|
||||
|
||||
# might a 'html' useflag make sense?
|
||||
docinto html
|
||||
dohtml -r doc/arm/* || die
|
||||
|
||||
docinto draft
|
||||
dodoc doc/draft/* || die
|
||||
|
||||
docinto rfc
|
||||
dodoc doc/rfc/* || die
|
||||
|
||||
docinto contrib
|
||||
dodoc contrib/named-bootconf/named-bootconf.sh \
|
||||
contrib/nanny/nanny.pl || die
|
||||
|
||||
# some handy-dandy dynamic dns examples
|
||||
cd "${D}"/usr/share/doc/${PF}
|
||||
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
|
||||
fi
|
||||
|
||||
use geoip && dodoc "${DISTDIR}"/${GEOIP_P}-readme.txt
|
||||
|
||||
insinto /etc/bind
|
||||
newins "${FILESDIR}"/named.conf-r5 named.conf || die
|
||||
|
||||
# ftp://ftp.rs.internic.net/domain/named.cache:
|
||||
insinto /var/bind
|
||||
doins "${FILESDIR}"/named.cache || die
|
||||
|
||||
insinto /var/bind/pri
|
||||
newins "${FILESDIR}"/127.zone-r1 127.zone || die
|
||||
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone || die
|
||||
|
||||
newinitd "${FILESDIR}"/named.init-r9 named || die
|
||||
newconfd "${FILESDIR}"/named.confd-r5 named || die
|
||||
|
||||
newenvd "${FILESDIR}"/10bind.env 10bind || die
|
||||
|
||||
# Let's get rid of those tools and their manpages since they're provided by bind-tools
|
||||
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
|
||||
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
|
||||
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
|
||||
rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
|
||||
|
||||
dosym /var/bind/named.cache /var/bind/root.cache || die
|
||||
dosym /var/bind/pri /etc/bind/pri || die
|
||||
dosym /var/bind/sec /etc/bind/sec || die
|
||||
keepdir /var/bind/sec
|
||||
|
||||
dodir /var/{run,log}/named || die
|
||||
|
||||
fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri}
|
||||
fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
|
||||
fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
|
||||
fperms 0750 /etc/bind /var/bind/pri
|
||||
fperms 0770 /var/{run,log}/named /var/bind/{,sec}
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
if [ ! -f '/etc/bind/rndc.key' ]; then
|
||||
if use urandom; then
|
||||
einfo "Using /dev/urandom for generating rndc.key"
|
||||
/usr/sbin/rndc-confgen -r /dev/urandom -a
|
||||
echo
|
||||
else
|
||||
einfo "Using /dev/random for generating rndc.key"
|
||||
/usr/sbin/rndc-confgen -a
|
||||
echo
|
||||
fi
|
||||
chown root:named /etc/bind/rndc.key
|
||||
chmod 0640 /etc/bind/rndc.key
|
||||
fi
|
||||
|
||||
einfo
|
||||
einfo "You can edit /etc/conf.d/named to customize named settings"
|
||||
einfo
|
||||
use mysql || use postgres || use ldap && {
|
||||
elog "If your named depends on MySQL/PostgreSQL or LDAP,"
|
||||
elog "uncomment the specified rc_named_* lines in your"
|
||||
elog "/etc/conf.d/named config to ensure they'll start before bind"
|
||||
einfo
|
||||
}
|
||||
einfo "If you'd like to run bind in a chroot AND this is a new"
|
||||
einfo "install OR your bind doesn't already run in a chroot:"
|
||||
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
|
||||
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
|
||||
einfo
|
||||
|
||||
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
|
||||
if [[ -n ${CHROOT} ]]; then
|
||||
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
|
||||
elog "To enable the old behaviour (without using mount) uncomment the"
|
||||
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
|
||||
elog "If you decide to use the new/default method, ensure to make backup"
|
||||
elog "first and merge your existing configs/zones to /etc/bind and"
|
||||
elog "/var/bind because bind will now mount the needed directories into"
|
||||
elog "the chroot dir."
|
||||
fi
|
||||
|
||||
ewarn
|
||||
ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
|
||||
ewarn "you may need to fix your named.conf!"
|
||||
ewarn
|
||||
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
|
||||
ewarn "To fix the permissions do:"
|
||||
ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri}"
|
||||
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
|
||||
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
|
||||
ewarn "chmod 0750 /etc/bind /var/bind/pri"
|
||||
ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec}"
|
||||
ewarn
|
||||
}
|
||||
|
||||
pkg_config() {
|
||||
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
|
||||
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
|
||||
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
|
||||
|
||||
if [[ -z "${CHROOT}" ]]; then
|
||||
eerror "This config script is designed to automate setting up"
|
||||
eerror "a chrooted bind/named. To do so, please first uncomment"
|
||||
eerror "and set the CHROOT variable in '/etc/conf.d/named'."
|
||||
die "Unset CHROOT"
|
||||
fi
|
||||
if [[ -d "${CHROOT}" ]]; then
|
||||
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
|
||||
ewarn "To enable the old behaviour (without using mount) uncomment the"
|
||||
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
|
||||
ewarn
|
||||
ewarn "${CHROOT} already exists... some things might become overridden"
|
||||
ewarn "press CTRL+C if you don't want to continue"
|
||||
sleep 10
|
||||
fi
|
||||
|
||||
echo; einfo "Setting up the chroot directory..."
|
||||
|
||||
mkdir -m 0750 -p ${CHROOT}
|
||||
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
|
||||
mkdir -m 0750 -p ${CHROOT}/etc/bind
|
||||
mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
|
||||
chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
|
||||
|
||||
cp /etc/localtime ${CHROOT}/etc/localtime
|
||||
|
||||
mknod ${CHROOT}/dev/null c 1 3
|
||||
chmod 0666 ${CHROOT}/dev/null
|
||||
|
||||
mknod ${CHROOT}/dev/zero c 1 5
|
||||
chmod 0666 ${CHROOT}/dev/zero
|
||||
|
||||
if use urandom; then
|
||||
mknod ${CHROOT}/dev/urandom c 1 9
|
||||
chmod 0666 ${CHROOT}/dev/urandom
|
||||
else
|
||||
mknod ${CHROOT}/dev/random c 1 8
|
||||
chmod 0666 ${CHROOT}/dev/random
|
||||
fi
|
||||
|
||||
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
|
||||
cp -a /etc/bind ${CHROOT}/etc/
|
||||
cp -a /var/bind ${CHROOT}/var/
|
||||
fi
|
||||
|
||||
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
|
||||
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
|
||||
fi
|
||||
|
||||
elog "You may need to add the following line to your syslog-ng.conf:"
|
||||
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
|
||||
}
|
83
net-dns/bind/bind-ebuild-sdb-ldap.patch
Normal file
83
net-dns/bind/bind-ebuild-sdb-ldap.patch
Normal file
@ -0,0 +1,83 @@
|
||||
--- /usr/portage/net-dns/bind/bind-9.7.2_p3-r3.ebuild 2011-01-08 00:37:37.000000000 +0100
|
||||
+++ bind-9.8.0_beta1.ebuild 2011-02-02 07:07:36.000000000 +0100
|
||||
@@ -6,10 +6,10 @@
|
||||
|
||||
inherit eutils autotools toolchain-funcs flag-o-matic
|
||||
|
||||
-MY_PV="${PV/_p/-P}"
|
||||
+MY_PV="${PV/_beta/b}"
|
||||
MY_P="${PN}-${MY_PV}"
|
||||
|
||||
-SDB_LDAP_VER="1.1.0"
|
||||
+SDB_LDAP_VER="1.1.0-fc14"
|
||||
|
||||
GEOIP_PV=1.3
|
||||
#GEOIP_PV_AGAINST="${MY_PV}"
|
||||
@@ -24,26 +24,26 @@
|
||||
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
|
||||
doc? ( mirror://gentoo/dyndns-samples.tbz2 )
|
||||
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
|
||||
- ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )"
|
||||
-# sdb-ldap? ( mirror://gentoo/bind-sdb-ldap-${SDB_LDAP_VER}.tar.bz2 )
|
||||
+ ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
|
||||
+ sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )"
|
||||
|
||||
LICENSE="as-is"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
IUSE="ssl ipv6 doc dlz postgres berkdb mysql odbc ldap selinux idn threads
|
||||
- resolvconf urandom xml geoip gssapi" # sdb-ldap
|
||||
+ resolvconf urandom xml geoip gssapi sdb-ldap"
|
||||
|
||||
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
|
||||
mysql? ( >=virtual/mysql-4.0 )
|
||||
odbc? ( >=dev-db/unixODBC-2.2.6 )
|
||||
ldap? ( net-nds/openldap )
|
||||
+ sdb-ldap? ( net-nds/openldap )
|
||||
idn? ( net-dns/idnkit )
|
||||
postgres? ( dev-db/postgresql-base )
|
||||
threads? ( >=sys-libs/libcap-2.1.0 )
|
||||
xml? ( dev-libs/libxml2 )
|
||||
geoip? ( >=dev-libs/geoip-1.4.6 )
|
||||
gssapi? ( virtual/krb5 )"
|
||||
-# sdb-ldap? ( net-nds/openldap )
|
||||
|
||||
RDEPEND="${DEPEND}
|
||||
selinux? ( sec-policy/selinux-bind )
|
||||
@@ -89,13 +89,21 @@
|
||||
|
||||
# sdb-ldap patch as per bug #160567
|
||||
# Upstream URL: http://bind9-ldap.bayour.com/
|
||||
- # FIXME: bug 302735
|
||||
-# use sdb-ldap && epatch "${WORKDIR}"/sdb-ldap/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
|
||||
+ if use sdb-ldap; then
|
||||
+ # epatch "${FILESDIR}"/bind-9.8.0b1-sdb-ldap-1.patch
|
||||
+ epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
|
||||
+ cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named
|
||||
+ cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools
|
||||
+ cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools
|
||||
+ fi
|
||||
|
||||
if use geoip; then
|
||||
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
|
||||
- sed -i -e 's/-RELEASEVER=2/-RELEASEVER=3/' \
|
||||
- -e 's/+RELEASEVER=2-geoip-1.3/+RELEASEVER=3-geoip-1.3/' \
|
||||
+ sed -i -e 's/ MINORVER=7/ MINORVER=8/' \
|
||||
+ -e 's/ PATCHVER=2/ PATCHVER=0/' \
|
||||
+ -e 's/ RELEASETYPE=-P/ RELEASETYPE=b/' \
|
||||
+ -e 's/-RELEASEVER=2/-RELEASEVER=1/' \
|
||||
+ -e 's/+RELEASEVER=2-geoip-1.3/+RELEASEVER=1-geoip-1.3/' \
|
||||
${GEOIP_PATCH_A} || die
|
||||
epatch ${GEOIP_PATCH_A}
|
||||
fi
|
||||
@@ -169,6 +177,10 @@
|
||||
echo '#undef SO_BSDCOMPAT' >> config.h
|
||||
}
|
||||
|
||||
+src_compile() {
|
||||
+ emake -j1 || die
|
||||
+}
|
||||
+
|
||||
src_install() {
|
||||
emake DESTDIR="${D}" install || die
|
||||
|
1
net-dns/bind/files/10bind.env
Normal file
1
net-dns/bind/files/10bind.env
Normal file
@ -0,0 +1 @@
|
||||
CONFIG_PROTECT="/var/bind"
|
12
net-dns/bind/files/127.zone-r1
Normal file
12
net-dns/bind/files/127.zone-r1
Normal file
@ -0,0 +1,12 @@
|
||||
$ORIGIN 127.in-addr.arpa.
|
||||
$TTL 1W
|
||||
@ 1D IN SOA localhost. root.localhost. (
|
||||
2008122601 ; serial
|
||||
3H ; refresh
|
||||
15M ; retry
|
||||
1W ; expiry
|
||||
1D ) ; minimum
|
||||
|
||||
@ 1D IN NS localhost.
|
||||
1.0.0 1D IN PTR localhost.
|
||||
|
59
net-dns/bind/files/bind-dlzmysql5-reconnect.patch
Normal file
59
net-dns/bind/files/bind-dlzmysql5-reconnect.patch
Normal file
@ -0,0 +1,59 @@
|
||||
--- bind-9.5.0a6.orig/contrib/dlz/drivers/dlz_mysql_driver.c 2007-02-06 06:44:26.000000000 +0100
|
||||
+++ bind-9.5.0a6/contrib/dlz/drivers/dlz_mysql_driver.c 2007-09-04 23:57:57.000000000 +0200
|
||||
@@ -92,6 +92,25 @@
|
||||
*/
|
||||
|
||||
/*%
|
||||
+ * Factorize the mysql_ping for adding a log error message
|
||||
+ */
|
||||
+static isc_result_t
|
||||
+mysqldrv_ping(dbinstance_t *dbi) {
|
||||
+ int pres = 0;
|
||||
+
|
||||
+ pres = mysql_ping(dbi->dbconn);
|
||||
+ if ( pres != 0 ) {
|
||||
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
|
||||
+ DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(1),
|
||||
+ "\nMySQL Ping Error : %s (%i)\n",
|
||||
+ mysql_error(dbi->dbconn),
|
||||
+ mysql_errno(dbi->dbconn));
|
||||
+ return (ISC_R_FAILURE);
|
||||
+ }
|
||||
+ return (ISC_R_SUCCESS);
|
||||
+}
|
||||
+
|
||||
+/*%
|
||||
* Allocates memory for a new string, and then constructs the new
|
||||
* string by "escaping" the input string. The new string is
|
||||
* safe to be used in queries. This is necessary because we cannot
|
||||
@@ -225,6 +244,8 @@
|
||||
}
|
||||
|
||||
|
||||
+ mysqldrv_ping(dbi);
|
||||
+
|
||||
/*
|
||||
* was a zone string passed? If so, make it safe for use in
|
||||
* queries.
|
||||
@@ -324,7 +345,7 @@
|
||||
qres = mysql_query((MYSQL *) dbi->dbconn, querystring);
|
||||
if (qres == 0)
|
||||
break;
|
||||
- for (j=0; mysql_ping((MYSQL *) dbi->dbconn) != 0 && j < 4; j++)
|
||||
+ for (j=0; mysqldrv_ping(dbi) != 0 && j < 4; j++)
|
||||
;
|
||||
}
|
||||
|
||||
@@ -923,6 +944,12 @@
|
||||
pass = getParameterValue(argv[1], "pass=");
|
||||
socket = getParameterValue(argv[1], "socket=");
|
||||
|
||||
+ if(mysql_options((MYSQL *) dbi->dbconn, MYSQL_OPT_RECONNECT, "1")) {
|
||||
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
|
||||
+ DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
|
||||
+ "Could not set database reconnect option");
|
||||
+ }
|
||||
+
|
||||
for (j=0; dbc == NULL && j < 4; j++)
|
||||
dbc = mysql_real_connect((MYSQL *) dbi->dbconn, host,
|
||||
user, pass, dbname, port, socket,
|
11
net-dns/bind/files/localhost.zone-r3
Normal file
11
net-dns/bind/files/localhost.zone-r3
Normal file
@ -0,0 +1,11 @@
|
||||
$TTL 1W
|
||||
@ IN SOA localhost. root.localhost. (
|
||||
2008122601 ; Serial
|
||||
28800 ; Refresh
|
||||
14400 ; Retry
|
||||
604800 ; Expire - 1 week
|
||||
86400 ) ; Minimum
|
||||
@ IN NS localhost.
|
||||
@ IN A 127.0.0.1
|
||||
|
||||
@ IN AAAA ::1
|
86
net-dns/bind/files/named.cache
Normal file
86
net-dns/bind/files/named.cache
Normal file
@ -0,0 +1,86 @@
|
||||
; This file holds the information on root name servers needed to
|
||||
; initialize cache of Internet domain name servers
|
||||
; (e.g. reference this file in the "cache . <file>"
|
||||
; configuration file of BIND domain name servers).
|
||||
;
|
||||
; This file is made available by InterNIC
|
||||
; under anonymous FTP as
|
||||
; file /domain/named.cache
|
||||
; on server FTP.INTERNIC.NET
|
||||
; -OR- RS.INTERNIC.NET
|
||||
;
|
||||
; last update: Dec 12, 2008
|
||||
; related version of root zone: 2008121200
|
||||
;
|
||||
; formerly NS.INTERNIC.NET
|
||||
;
|
||||
. 3600000 IN NS A.ROOT-SERVERS.NET.
|
||||
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
|
||||
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
|
||||
;
|
||||
; FORMERLY NS1.ISI.EDU
|
||||
;
|
||||
. 3600000 NS B.ROOT-SERVERS.NET.
|
||||
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
|
||||
;
|
||||
; FORMERLY C.PSI.NET
|
||||
;
|
||||
. 3600000 NS C.ROOT-SERVERS.NET.
|
||||
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
|
||||
;
|
||||
; FORMERLY TERP.UMD.EDU
|
||||
;
|
||||
. 3600000 NS D.ROOT-SERVERS.NET.
|
||||
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
|
||||
;
|
||||
; FORMERLY NS.NASA.GOV
|
||||
;
|
||||
. 3600000 NS E.ROOT-SERVERS.NET.
|
||||
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
|
||||
;
|
||||
; FORMERLY NS.ISC.ORG
|
||||
;
|
||||
. 3600000 NS F.ROOT-SERVERS.NET.
|
||||
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
|
||||
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
|
||||
;
|
||||
; FORMERLY NS.NIC.DDN.MIL
|
||||
;
|
||||
. 3600000 NS G.ROOT-SERVERS.NET.
|
||||
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
|
||||
;
|
||||
; FORMERLY AOS.ARL.ARMY.MIL
|
||||
;
|
||||
. 3600000 NS H.ROOT-SERVERS.NET.
|
||||
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
|
||||
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
|
||||
;
|
||||
; FORMERLY NIC.NORDU.NET
|
||||
;
|
||||
. 3600000 NS I.ROOT-SERVERS.NET.
|
||||
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
|
||||
;
|
||||
; OPERATED BY VERISIGN, INC.
|
||||
;
|
||||
. 3600000 NS J.ROOT-SERVERS.NET.
|
||||
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
|
||||
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
|
||||
;
|
||||
; OPERATED BY RIPE NCC
|
||||
;
|
||||
. 3600000 NS K.ROOT-SERVERS.NET.
|
||||
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
|
||||
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
|
||||
;
|
||||
; OPERATED BY ICANN
|
||||
;
|
||||
. 3600000 NS L.ROOT-SERVERS.NET.
|
||||
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
|
||||
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
|
||||
;
|
||||
; OPERATED BY WIDE
|
||||
;
|
||||
. 3600000 NS M.ROOT-SERVERS.NET.
|
||||
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
|
||||
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
|
||||
; End of File
|
53
net-dns/bind/files/named.conf-r3
Normal file
53
net-dns/bind/files/named.conf-r3
Normal file
@ -0,0 +1,53 @@
|
||||
options {
|
||||
directory "/var/bind";
|
||||
|
||||
// uncomment the following lines to turn on DNS forwarding,
|
||||
// and change the forwarding ip address(es) :
|
||||
//forward first;
|
||||
//forwarders {
|
||||
// 123.123.123.123;
|
||||
// 123.123.123.123;
|
||||
//};
|
||||
|
||||
listen-on-v6 { none; };
|
||||
listen-on { 127.0.0.1; };
|
||||
|
||||
// to allow only specific hosts to use the DNS server:
|
||||
//allow-query {
|
||||
// 127.0.0.1;
|
||||
//};
|
||||
|
||||
// if you have problems and are behind a firewall:
|
||||
//query-source address * port 53;
|
||||
pid-file "/var/run/named/named.pid";
|
||||
};
|
||||
|
||||
// Briefly, a zone which has been declared delegation-only will be effectively
|
||||
// limited to containing NS RRs for subdomains, but no actual data beyond its
|
||||
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
|
||||
// filter out "wildcard" or "synthesized" data from NAT boxes or from
|
||||
// authoritative name servers whose undelegated (in-zone) data is of no
|
||||
// interest.
|
||||
// See http://www.isc.org/products/BIND/delegation-only.html for more info
|
||||
|
||||
//zone "COM" { type delegation-only; };
|
||||
//zone "NET" { type delegation-only; };
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "named.cache";
|
||||
};
|
||||
|
||||
zone "localhost" IN {
|
||||
type master;
|
||||
file "pri/localhost.zone";
|
||||
allow-update { none; };
|
||||
notify no;
|
||||
};
|
||||
|
||||
zone "127.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "pri/127.zone";
|
||||
allow-update { none; };
|
||||
notify no;
|
||||
};
|
216
net-dns/bind/files/named.conf-r4
Normal file
216
net-dns/bind/files/named.conf-r4
Normal file
@ -0,0 +1,216 @@
|
||||
/*
|
||||
* Refer to the named.conf(5) and named(8) man pages, and the documentation
|
||||
* in /usr/share/doc/bind-9 for more details.
|
||||
* Online versions of the documentation can be found here:
|
||||
* http://www.isc.org/software/bind/documentation
|
||||
*
|
||||
* If you are going to set up an authoritative server, make sure you
|
||||
* understand the hairy details of how DNS works. Even with simple mistakes,
|
||||
* you can break connectivity for affected parties, or cause huge amounts of
|
||||
* useless Internet traffic.
|
||||
*/
|
||||
|
||||
acl "xfer" {
|
||||
/* Allow no transfers. If we have other name servers, place them here. */
|
||||
//127.0.0.1/32;
|
||||
//::1/128;
|
||||
"none";
|
||||
};
|
||||
|
||||
/*
|
||||
* You might put in here some ips which are allowed to use the cache or
|
||||
* recursive queries
|
||||
*/
|
||||
acl "trusted" {
|
||||
127.0.0.0/8;
|
||||
::1/128;
|
||||
};
|
||||
|
||||
options {
|
||||
directory "/var/bind";
|
||||
pid-file "/var/run/named/named.pid";
|
||||
|
||||
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
|
||||
// bindkeys-file "/etc/bind/bind.keys";
|
||||
|
||||
listen-on-v6 { ::1; };
|
||||
listen-on { 127.0.0.1; };
|
||||
|
||||
allow-query {
|
||||
/*
|
||||
* Accept queries from our "trusted" ACL. We will
|
||||
* allow anyone to query our master zones below.
|
||||
* This prevents us from becoming a free DNS server
|
||||
* to the masses.
|
||||
*/
|
||||
trusted;
|
||||
};
|
||||
|
||||
allow-query-cache {
|
||||
/* Use the cache for the "trusted" ACL. */
|
||||
trusted;
|
||||
};
|
||||
|
||||
allow-transfer {
|
||||
/*
|
||||
* Zone tranfers limited to members of the
|
||||
* "xfer" ACL (e.g. secondary nameserver).
|
||||
*/
|
||||
xfer;
|
||||
};
|
||||
|
||||
/*
|
||||
* If you've got a DNS server around at your upstream provider, enter its
|
||||
* IP address here, and enable the line below. This will make you benefit
|
||||
* from its cache, thus reduce overall DNS traffic in the Internet.
|
||||
*
|
||||
* Uncomment the following lines to turn on DNS forwarding, and change
|
||||
* and/or update the forwarding ip address(es):
|
||||
*/
|
||||
/*
|
||||
forward first;
|
||||
forwarders {
|
||||
// 123.123.123.123; // Your ISP NS
|
||||
// 124.124.124.124; // Your ISP NS
|
||||
4.2.2.1; // Level3 Public DNS
|
||||
4.2.2.2; // Level3 Public DNS
|
||||
8.8.8.8; // Google Open DNS
|
||||
8.8.4.4; // Google Open DNS
|
||||
};
|
||||
|
||||
*/
|
||||
|
||||
// dnssec-enable yes;
|
||||
// dnssec-validation yes;
|
||||
|
||||
/* if you have problems and are behind a firewall: */
|
||||
//query-source address * port 53;
|
||||
};
|
||||
|
||||
logging {
|
||||
channel default_log {
|
||||
file "/var/log/named/named.log" versions 5 size 50M;
|
||||
print-time yes;
|
||||
print-severity yes;
|
||||
print-category yes;
|
||||
};
|
||||
|
||||
category default { default_log; };
|
||||
category general { default_log; };
|
||||
};
|
||||
|
||||
include "/etc/bind/rndc.key";
|
||||
controls {
|
||||
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
|
||||
};
|
||||
|
||||
|
||||
view "internal" in {
|
||||
/*
|
||||
* Our internal (trusted) view. We permit the internal networks
|
||||
* to freely access this view. We perform recursion for our
|
||||
* internal hosts, and retrieve data from the cache for them.
|
||||
*/
|
||||
|
||||
match-clients { trusted; };
|
||||
recursion yes;
|
||||
additional-from-auth yes;
|
||||
additional-from-cache yes;
|
||||
|
||||
zone "." in {
|
||||
type hint;
|
||||
file "/var/bind/root.cache";
|
||||
};
|
||||
|
||||
zone "localhost" IN {
|
||||
type master;
|
||||
file "pri/localhost.zone";
|
||||
allow-update { none; };
|
||||
notify no;
|
||||
allow-query { any; };
|
||||
allow-transfer { none; };
|
||||
};
|
||||
|
||||
zone "127.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "pri/127.zone";
|
||||
allow-update { none; };
|
||||
notify no;
|
||||
allow-query { any; };
|
||||
allow-transfer { none; };
|
||||
};
|
||||
|
||||
/*
|
||||
* NOTE: All zone blocks for "public" view should be listed here in "internal"
|
||||
* too! Otherwise you'll have trouble to resolv the public zones properly.
|
||||
* That affects all hosts from the "trusted" ACL.
|
||||
* A separate config, which contains all zone blocks, might be better in
|
||||
* this case. Then you can simply add:
|
||||
* include "/etc/bind/zones.cfg";
|
||||
* for "internal" and "public" view.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Briefly, a zone which has been declared delegation-only will be effectively
|
||||
* limited to containing NS RRs for subdomains, but no actual data beyond its
|
||||
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
|
||||
* filter out "wildcard" or "synthesized" data from NAT boxes or from
|
||||
* authoritative name servers whose undelegated (in-zone) data is of no
|
||||
* interest.
|
||||
* See http://www.isc.org/software/bind/delegation-only for more info
|
||||
*/
|
||||
|
||||
//zone "COM" { type delegation-only; };
|
||||
//zone "NET" { type delegation-only; };
|
||||
};
|
||||
|
||||
view "public" in {
|
||||
/*
|
||||
* Our external (untrusted) view. We permit any client to access
|
||||
* portions of this view. We do not perform recursion or cache
|
||||
* access for hosts using this view.
|
||||
*/
|
||||
|
||||
match-clients { any; };
|
||||
recursion no;
|
||||
additional-from-auth no;
|
||||
additional-from-cache no;
|
||||
|
||||
zone "." in {
|
||||
type hint;
|
||||
file "/var/bind/root.cache";
|
||||
};
|
||||
|
||||
//zone "YOUR-DOMAIN.TLD" {
|
||||
// type master;
|
||||
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
|
||||
// allow-query { any; };
|
||||
// allow-transfer { xfer; };
|
||||
//};
|
||||
|
||||
//zone "YOUR-SLAVE.TLD" {
|
||||
// type slave;
|
||||
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
|
||||
// masters { <MASTER>; };
|
||||
|
||||
// /* Anybody is allowed to query but transfer should be controlled by the master. */
|
||||
// allow-query { any; };
|
||||
// allow-transfer { none; };
|
||||
|
||||
// /* The master should be the only one who notifies the slaves, shouldn't it? */
|
||||
// allow-notify { <MASTER>; };
|
||||
// notify no;
|
||||
//};
|
||||
};
|
||||
|
||||
/* Hide the bind version */
|
||||
/*
|
||||
view "chaos" chaos {
|
||||
match-clients { any; };
|
||||
allow-query { none; };
|
||||
zone "." {
|
||||
type hint;
|
||||
file "/dev/null"; // or any empty file
|
||||
};
|
||||
};
|
||||
*/
|
165
net-dns/bind/files/named.conf-r5
Normal file
165
net-dns/bind/files/named.conf-r5
Normal file
@ -0,0 +1,165 @@
|
||||
/*
|
||||
* Refer to the named.conf(5) and named(8) man pages, and the documentation
|
||||
* in /usr/share/doc/bind-9 for more details.
|
||||
* Online versions of the documentation can be found here:
|
||||
* http://www.isc.org/software/bind/documentation
|
||||
*
|
||||
* If you are going to set up an authoritative server, make sure you
|
||||
* understand the hairy details of how DNS works. Even with simple mistakes,
|
||||
* you can break connectivity for affected parties, or cause huge amounts of
|
||||
* useless Internet traffic.
|
||||
*/
|
||||
|
||||
acl "xfer" {
|
||||
/* Deny transfers by default except for the listed hosts.
|
||||
* If we have other name servers, place them here.
|
||||
*/
|
||||
none;
|
||||
};
|
||||
|
||||
/*
|
||||
* You might put in here some ips which are allowed to use the cache or
|
||||
* recursive queries
|
||||
*/
|
||||
acl "trusted" {
|
||||
127.0.0.0/8;
|
||||
::1/128;
|
||||
};
|
||||
|
||||
options {
|
||||
directory "/var/bind";
|
||||
pid-file "/var/run/named/named.pid";
|
||||
|
||||
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
|
||||
//bindkeys-file "/etc/bind/bind.keys";
|
||||
|
||||
listen-on-v6 { ::1; };
|
||||
listen-on { 127.0.0.1; };
|
||||
|
||||
allow-query {
|
||||
/*
|
||||
* Accept queries from our "trusted" ACL. We will
|
||||
* allow anyone to query our master zones below.
|
||||
* This prevents us from becoming a free DNS server
|
||||
* to the masses.
|
||||
*/
|
||||
trusted;
|
||||
};
|
||||
|
||||
allow-query-cache {
|
||||
/* Use the cache for the "trusted" ACL. */
|
||||
trusted;
|
||||
};
|
||||
|
||||
allow-recursion {
|
||||
/* Only trusted addresses are allowed to use recursion. */
|
||||
trusted;
|
||||
};
|
||||
|
||||
allow-transfer {
|
||||
/* Zone tranfers are denied by default. */
|
||||
none;
|
||||
};
|
||||
|
||||
allow-update {
|
||||
/* Don't allow updates, e.g. via nsupdate. */
|
||||
none;
|
||||
};
|
||||
|
||||
/*
|
||||
* If you've got a DNS server around at your upstream provider, enter its
|
||||
* IP address here, and enable the line below. This will make you benefit
|
||||
* from its cache, thus reduce overall DNS traffic in the Internet.
|
||||
*
|
||||
* Uncomment the following lines to turn on DNS forwarding, and change
|
||||
* and/or update the forwarding ip address(es):
|
||||
*/
|
||||
/*
|
||||
forward first;
|
||||
forwarders {
|
||||
// 123.123.123.123; // Your ISP NS
|
||||
// 124.124.124.124; // Your ISP NS
|
||||
// 4.2.2.1; // Level3 Public DNS
|
||||
// 4.2.2.2; // Level3 Public DNS
|
||||
8.8.8.8; // Google Open DNS
|
||||
8.8.4.4; // Google Open DNS
|
||||
};
|
||||
|
||||
*/
|
||||
|
||||
//dnssec-enable yes;
|
||||
//dnssec-validation yes;
|
||||
|
||||
/* if you have problems and are behind a firewall: */
|
||||
//query-source address * port 53;
|
||||
};
|
||||
|
||||
/*
|
||||
logging {
|
||||
channel default_log {
|
||||
file "/var/log/named/named.log" versions 5 size 50M;
|
||||
print-time yes;
|
||||
print-severity yes;
|
||||
print-category yes;
|
||||
};
|
||||
|
||||
category default { default_log; };
|
||||
category general { default_log; };
|
||||
};
|
||||
*/
|
||||
|
||||
include "/etc/bind/rndc.key";
|
||||
controls {
|
||||
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
|
||||
};
|
||||
|
||||
zone "." in {
|
||||
type hint;
|
||||
file "/var/bind/root.cache";
|
||||
};
|
||||
|
||||
zone "localhost" IN {
|
||||
type master;
|
||||
file "pri/localhost.zone";
|
||||
notify no;
|
||||
};
|
||||
|
||||
zone "127.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "pri/127.zone";
|
||||
notify no;
|
||||
};
|
||||
|
||||
/*
|
||||
* Briefly, a zone which has been declared delegation-only will be effectively
|
||||
* limited to containing NS RRs for subdomains, but no actual data beyond its
|
||||
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
|
||||
* filter out "wildcard" or "synthesized" data from NAT boxes or from
|
||||
* authoritative name servers whose undelegated (in-zone) data is of no
|
||||
* interest.
|
||||
* See http://www.isc.org/software/bind/delegation-only for more info
|
||||
*/
|
||||
|
||||
//zone "COM" { type delegation-only; };
|
||||
//zone "NET" { type delegation-only; };
|
||||
|
||||
//zone "YOUR-DOMAIN.TLD" {
|
||||
// type master;
|
||||
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
|
||||
// allow-query { any; };
|
||||
// allow-transfer { xfer; };
|
||||
//};
|
||||
|
||||
//zone "YOUR-SLAVE.TLD" {
|
||||
// type slave;
|
||||
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
|
||||
// masters { <MASTER>; };
|
||||
|
||||
/* Anybody is allowed to query but transfer should be controlled by the master. */
|
||||
// allow-query { any; };
|
||||
// allow-transfer { none; };
|
||||
|
||||
/* The master should be the only one who notifies the slaves, shouldn't it? */
|
||||
// allow-notify { <MASTER>; };
|
||||
// notify no;
|
||||
//};
|
20
net-dns/bind/files/named.confd-r2
Normal file
20
net-dns/bind/files/named.confd-r2
Normal file
@ -0,0 +1,20 @@
|
||||
# Set various named options here.
|
||||
#
|
||||
OPTIONS=""
|
||||
|
||||
# Set this to the number of processors you have.
|
||||
#
|
||||
CPU="1"
|
||||
|
||||
# If you wish to run bind in a chroot, run:
|
||||
# emerge --config =<bind-version>
|
||||
# and un-comment the following line.
|
||||
# You can specify a different chroot directory but MAKE SURE it's empty.
|
||||
# CHROOT="/chroot/dns"
|
||||
|
||||
# Default pid file location
|
||||
PIDFILE="${CHROOT}/var/run/named/named.pid"
|
||||
|
||||
# Scheduling priority: 19 is the lowest and -20 is the highest.
|
||||
#
|
||||
NAMED_NICELEVEL="0"
|
26
net-dns/bind/files/named.confd-r3
Normal file
26
net-dns/bind/files/named.confd-r3
Normal file
@ -0,0 +1,26 @@
|
||||
# Set various named options here.
|
||||
#
|
||||
OPTIONS=""
|
||||
|
||||
# Set this to the number of processors you want bind to use.
|
||||
# Leave this unchanged if you want bind to automatically detect the number
|
||||
#CPU="1"
|
||||
|
||||
# If you wish to run bind in a chroot:
|
||||
# 1) un-comment the CHROOT= assignment, below. You may use
|
||||
# a different chroot directory but MAKE SURE it's empty.
|
||||
# 2) run: emerge --config =<bind-version>
|
||||
#
|
||||
# CHROOT="/chroot/dns"
|
||||
|
||||
# RNDC needs to be told what server we're using sometimes.
|
||||
#SERVER="-s 127.0.0.1"
|
||||
# rndc key to use
|
||||
RNDC_KEY="${CHROOT}/etc/bind/rndc.key"
|
||||
|
||||
# Default pid file location
|
||||
PIDFILE="${CHROOT}/var/run/named/named.pid"
|
||||
|
||||
# Scheduling priority: 19 is the lowest and -20 is the highest.
|
||||
#
|
||||
NAMED_NICELEVEL="0"
|
46
net-dns/bind/files/named.confd-r4
Normal file
46
net-dns/bind/files/named.confd-r4
Normal file
@ -0,0 +1,46 @@
|
||||
# Set various named options here.
|
||||
#
|
||||
#OPTIONS=""
|
||||
|
||||
# Set this to the number of processors you want bind to use.
|
||||
# Leave this unchanged if you want bind to automatically detect the number
|
||||
#CPU="1"
|
||||
|
||||
# If you wish to run bind in a chroot:
|
||||
# 1) un-comment the CHROOT= assignment, below. You may use
|
||||
# a different chroot directory but MAKE SURE it's empty.
|
||||
# 2) run: emerge --config =<bind-version>
|
||||
#
|
||||
#CHROOT="/chroot/dns"
|
||||
|
||||
# Uncomment the line below to avoid that the init script mounts the needed paths
|
||||
# into the chroot directory.
|
||||
# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
|
||||
#CHROOT_NOMOUNT="1"
|
||||
|
||||
# RNDC needs to be told what server we're using sometimes.
|
||||
#SERVER="-s 127.0.0.1"
|
||||
# rndc key to use
|
||||
#RNDC_KEY="${CHROOT}/etc/bind/rndc.key"
|
||||
|
||||
# Default pid file location
|
||||
PIDFILE="${CHROOT}/var/run/named/named.pid"
|
||||
|
||||
# Scheduling priority: 19 is the lowest and -20 is the highest.
|
||||
# Default: 0
|
||||
#NAMED_NICELEVEL="0"
|
||||
|
||||
# Uncomment rc_named_use/rc_named_after for the database you need.
|
||||
# Its necessary to ensure the database backend will be started before named.
|
||||
|
||||
# MySQL
|
||||
#rc_named_use="mysql"
|
||||
#rc_named_after="mysql"
|
||||
|
||||
# PostgreSQL
|
||||
#rc_named_use="pg_autovacuum postgresql"
|
||||
#rc_named_after="pg_autovacuum postgresql"
|
||||
|
||||
# LDAP
|
||||
#rc_named_use="ldap"
|
||||
#rc_named_after="ldap"
|
44
net-dns/bind/files/named.confd-r5
Normal file
44
net-dns/bind/files/named.confd-r5
Normal file
@ -0,0 +1,44 @@
|
||||
# Set various named options here.
|
||||
#
|
||||
#OPTIONS=""
|
||||
|
||||
# Set this to the number of processors you want bind to use.
|
||||
# Leave this unchanged if you want bind to automatically detect the number
|
||||
#CPU="1"
|
||||
|
||||
# If you wish to run bind in a chroot:
|
||||
# 1) un-comment the CHROOT= assignment, below. You may use
|
||||
# a different chroot directory but MAKE SURE it's empty.
|
||||
# 2) run: emerge --config =<bind-version>
|
||||
#
|
||||
#CHROOT="/chroot/dns"
|
||||
|
||||
# Uncomment to enable binmount of /usr/share/GeoIP
|
||||
#CHROOT_GEOIP="1"
|
||||
|
||||
# Uncomment the line below to avoid that the init script mounts the needed paths
|
||||
# into the chroot directory.
|
||||
# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
|
||||
#CHROOT_NOMOUNT="1"
|
||||
|
||||
# Default pid file location
|
||||
PIDFILE="${CHROOT}/var/run/named/named.pid"
|
||||
|
||||
# Scheduling priority: 19 is the lowest and -20 is the highest.
|
||||
# Default: 0
|
||||
#NAMED_NICELEVEL="0"
|
||||
|
||||
# Uncomment rc_named_use/rc_named_after for the database you need.
|
||||
# Its necessary to ensure the database backend will be started before named.
|
||||
|
||||
# MySQL
|
||||
#rc_named_use="mysql"
|
||||
#rc_named_after="mysql"
|
||||
|
||||
# PostgreSQL
|
||||
#rc_named_use="pg_autovacuum postgresql"
|
||||
#rc_named_after="pg_autovacuum postgresql"
|
||||
|
||||
# LDAP
|
||||
#rc_named_use="ldap"
|
||||
#rc_named_after="ldap"
|
77
net-dns/bind/files/named.init-r5
Executable file
77
net-dns/bind/files/named.init-r5
Executable file
@ -0,0 +1,77 @@
|
||||
#!/sbin/runscript
|
||||
# Copyright 1999-2010 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r5,v 1.3 2010/09/03 17:52:01 idl0r Exp $
|
||||
|
||||
opts="start stop reload restart"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
use logger
|
||||
provide dns
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
if [ ! -f ${CHROOT}/etc/bind/named.conf ] ; then
|
||||
eerror "No ${CHROOT}/etc/bind/named.conf file exists!"
|
||||
fi
|
||||
|
||||
# In case someone doesn't have $CPU set from /etc/conf.d/named
|
||||
if [ ! ${CPU} ] ; then
|
||||
CPU="1"
|
||||
fi
|
||||
|
||||
# as suggested in bug #107724
|
||||
[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
|
||||
egrep -v \
|
||||
"^([[:cntrl:] ]+(#|//|/\*)|(#|//|/\*))" \
|
||||
${CHROOT}/etc/bind/named.conf \
|
||||
| egrep -o -m1 "pid\-file +\".+\" *;" \
|
||||
| cut -d\" -f2
|
||||
)
|
||||
|
||||
KEY="${CHROOT}/etc/bind/rndc.key"
|
||||
|
||||
# create piddir (usually /var/run/named) if necessary
|
||||
local piddir="${PIDFILE%/*}"
|
||||
if [ ! -d "${piddir}" ] ; then
|
||||
checkpath -q -d -o root:named -m 0770 "${piddir}" || return 1
|
||||
fi
|
||||
}
|
||||
|
||||
start() {
|
||||
ebegin "Starting ${CHROOT:+chrooted }named"
|
||||
checkconfig || return 1
|
||||
start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
|
||||
--nicelevel ${NAMED_NICELEVEL:-0} \
|
||||
--exec /usr/sbin/named \
|
||||
-- -u named -n ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
ebegin "Stopping ${CHROOT:+chrooted }named"
|
||||
checkconfig || return 2
|
||||
if [ -f $KEY ] ; then
|
||||
rndc -k $KEY stop &>/dev/null
|
||||
else
|
||||
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
|
||||
--exec /usr/sbin/named
|
||||
fi
|
||||
eend $?
|
||||
}
|
||||
|
||||
reload() {
|
||||
checkconfig || return 3
|
||||
if [ ! -f $PIDFILE ] ; then
|
||||
/etc/init.d/named start &>/dev/null
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ -f $KEY ] ; then
|
||||
ebegin "Reloading named.conf and zone files"
|
||||
rndc -k $KEY reload &>/dev/null
|
||||
eend $?
|
||||
else /etc/init.d/named restart &>/dev/null
|
||||
fi
|
||||
}
|
164
net-dns/bind/files/named.init-r7
Normal file
164
net-dns/bind/files/named.init-r7
Normal file
@ -0,0 +1,164 @@
|
||||
#!/sbin/runscript
|
||||
# Copyright 1999-2010 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r7,v 1.6 2010/09/03 17:52:01 idl0r Exp $
|
||||
|
||||
opts="start stop reload restart"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
use logger
|
||||
after pg_autovacuum postgresql mysql ldap
|
||||
provide dns
|
||||
}
|
||||
|
||||
_mount() {
|
||||
local from
|
||||
local to
|
||||
local opts
|
||||
|
||||
if [[ $# -lt 3 ]];
|
||||
then
|
||||
eerror "_mount(): to few arguments"
|
||||
return 1
|
||||
fi
|
||||
|
||||
from=$1
|
||||
to=$2
|
||||
shift 2
|
||||
|
||||
opts="${*}"
|
||||
shift $#
|
||||
|
||||
if [[ -z $(grep "${to}" /proc/mounts) ]];
|
||||
then
|
||||
einfo "mounting ${from} to ${to}"
|
||||
mount ${from} ${to} ${opts} || return 1
|
||||
fi
|
||||
}
|
||||
|
||||
_umount() {
|
||||
local dir=$1
|
||||
|
||||
if [[ -n $(grep "${dir}" /proc/mounts) ]];
|
||||
then
|
||||
einfo "umount ${dir}"
|
||||
umount ${dir}
|
||||
fi
|
||||
}
|
||||
|
||||
check_chroot() {
|
||||
if [[ -n ${CHROOT} ]]; then
|
||||
[[ ! -d ${CHROOT} ]] && return 1
|
||||
[[ ! -d ${CHROOT}/dev || ! -d ${CHROOT}/etc || ! -d ${CHROOT}/var ]] && return 1
|
||||
[[ ! -d ${CHROOT}/var/run || ! -d ${CHROOT}/var/log ]] && return 1
|
||||
[[ ! -d ${CHROOT}/etc/bind || ! -d ${CHROOT}/var/bind ]] && return 1
|
||||
[[ ! -d ${CHROOT}/var/log/named ]] && return 1
|
||||
[[ ! -e ${CHROOT}/etc/localtime ]] && return 1
|
||||
[[ ! -c ${CHROOT}/dev/null || ! -c ${CHROOT}/dev/zero ]] && return 1
|
||||
[[ ! -c ${CHROOT}/dev/random && ! -c ${CHROOT}/dev/urandom ]] && return 1
|
||||
fi
|
||||
|
||||
# create piddir (usually /var/run/named) if necessary
|
||||
local piddir="${PIDFILE%/*}"
|
||||
if [ ! -d "${piddir}" ] ; then
|
||||
checkpath -q -d -o root:named -m 0770 "${piddir}" || return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
if [ ! -f ${CHROOT}/etc/bind/named.conf ] ; then
|
||||
eerror "No ${CHROOT}/etc/bind/named.conf file exists!"
|
||||
fi
|
||||
|
||||
# In case someone have $CPU set in /etc/conf.d/named
|
||||
if [ ${CPU} ] ; then
|
||||
CPU="-n ${CPU}"
|
||||
fi
|
||||
|
||||
# as suggested in bug #107724
|
||||
[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
|
||||
egrep -v \
|
||||
"^([[:cntrl:] ]+(#|//|/\*)|(#|//|/\*))" \
|
||||
${CHROOT}/etc/bind/named.conf \
|
||||
| egrep -o -m1 "pid\-file +\".+\" *;" \
|
||||
| cut -d\" -f2
|
||||
)
|
||||
}
|
||||
|
||||
start() {
|
||||
ebegin "Starting ${CHROOT:+chrooted }named"
|
||||
|
||||
if [[ -n ${CHROOT} ]];
|
||||
then
|
||||
check_chroot || {
|
||||
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
|
||||
return 1
|
||||
}
|
||||
einfo "Mounting chroot dirs"
|
||||
_mount /etc/bind ${CHROOT}/etc/bind -o bind
|
||||
_mount /var/bind ${CHROOT}/var/bind -o bind
|
||||
_mount /var/log/named ${CHROOT}/var/log/named -o bind
|
||||
fi
|
||||
|
||||
checkconfig || return 1
|
||||
|
||||
start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
|
||||
--nicelevel ${NAMED_NICELEVEL:-0} \
|
||||
--exec /usr/sbin/named \
|
||||
-- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
local reported=0
|
||||
|
||||
ebegin "Stopping ${CHROOT:+chrooted }named"
|
||||
checkconfig || return 2
|
||||
if [[ -n "${RNDC_KEY}" && -f "${RNDC_KEY}" ]] ; then
|
||||
rndc $SERVER -k $RNDC_KEY stop &>/dev/null
|
||||
else
|
||||
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
|
||||
--exec /usr/sbin/named
|
||||
fi
|
||||
|
||||
if [[ -n ${CHROOT} ]];
|
||||
then
|
||||
einfo "Umounting chroot dirs"
|
||||
|
||||
# just to be sure everything gets clean
|
||||
while [[ -n $(fuser ${CHROOT} 2>&1) ]]
|
||||
do
|
||||
if [[ ${reported} -eq 0 ]];
|
||||
then
|
||||
einfo "Waiting until all named processes are stopped"
|
||||
reported=1
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
_umount ${CHROOT}/etc/bind
|
||||
_umount ${CHROOT}/var/log/named
|
||||
_umount ${CHROOT}/var/bind
|
||||
fi
|
||||
|
||||
eend $?
|
||||
}
|
||||
|
||||
reload() {
|
||||
checkconfig || return 3
|
||||
if [ ! -f $PIDFILE ] ; then
|
||||
/etc/init.d/named start &>/dev/null
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ -f $RNDC_KEY ] ; then
|
||||
ebegin "Reloading named.conf and zone files"
|
||||
rndc $SERVER -k $RNDC_KEY reload &>/dev/null
|
||||
eend $?
|
||||
else
|
||||
/etc/init.d/named restart &>/dev/null
|
||||
fi
|
||||
}
|
188
net-dns/bind/files/named.init-r8
Normal file
188
net-dns/bind/files/named.init-r8
Normal file
@ -0,0 +1,188 @@
|
||||
#!/sbin/runscript
|
||||
# Copyright 1999-2010 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r8,v 1.3 2010/10/24 20:47:17 idl0r Exp $
|
||||
|
||||
opts="start stop reload restart"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
use logger
|
||||
provide dns
|
||||
}
|
||||
|
||||
NAMED_CONF=${CHROOT}/etc/bind/named.conf
|
||||
|
||||
_mount() {
|
||||
local from
|
||||
local to
|
||||
local opts
|
||||
|
||||
if [ "${#}" -lt 3 ]; then
|
||||
eerror "_mount(): to few arguments"
|
||||
return 1
|
||||
fi
|
||||
|
||||
from=$1
|
||||
to=$2
|
||||
shift 2
|
||||
|
||||
opts="${*}"
|
||||
shift $#
|
||||
|
||||
if [ -z "$(grep ${to} /proc/mounts)" ]; then
|
||||
einfo "mounting ${from} to ${to}"
|
||||
mount ${from} ${to} ${opts} || return 1
|
||||
fi
|
||||
}
|
||||
|
||||
_umount() {
|
||||
local dir=$1
|
||||
|
||||
if [ -n "$(grep ${dir} /proc/mounts)" ]; then
|
||||
einfo "umount ${dir}"
|
||||
umount ${dir}
|
||||
fi
|
||||
}
|
||||
|
||||
check_chroot() {
|
||||
if [ -n "${CHROOT}" ]; then
|
||||
[ ! -d "${CHROOT}" ] && return 1
|
||||
[ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
|
||||
[ ! -d "${CHROOT}/var/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
|
||||
[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
|
||||
[ ! -d "${CHROOT}/var/log/named" ] && return 1
|
||||
[ ! -e "${CHROOT}/etc/localtime" ] && return 1
|
||||
[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
|
||||
[ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
if [ ! -f "${NAMED_CONF}" ] ; then
|
||||
eerror "No ${NAMED_CONF} file exists!"
|
||||
fi
|
||||
|
||||
named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}} 1>/dev/null || {
|
||||
eerror "named-checkconf failed! Please fix your config first."
|
||||
return 1
|
||||
}
|
||||
|
||||
# as suggested in bug #107724
|
||||
[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
|
||||
egrep -v \
|
||||
"^([[:cntrl:] ]+(#|//|/\*)|(#|//|/\*))" \
|
||||
${CHROOT}/etc/bind/named.conf \
|
||||
| egrep -o -m1 "pid\-file +\".+\" *;" \
|
||||
| cut -d\" -f2
|
||||
)
|
||||
[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/var/run/named/named.pid
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
start() {
|
||||
local piddir
|
||||
|
||||
ebegin "Starting ${CHROOT:+chrooted }named"
|
||||
|
||||
if [ -n "${CHROOT}" ]; then
|
||||
check_chroot || {
|
||||
eend 1
|
||||
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
|
||||
return 1
|
||||
}
|
||||
|
||||
if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
|
||||
einfo "Mounting chroot dirs"
|
||||
_mount /etc/bind ${CHROOT}/etc/bind -o bind
|
||||
_mount /var/bind ${CHROOT}/var/bind -o bind
|
||||
_mount /var/log/named ${CHROOT}/var/log/named -o bind
|
||||
fi
|
||||
fi
|
||||
|
||||
checkconfig || {
|
||||
eend 1
|
||||
return 1
|
||||
}
|
||||
|
||||
# create piddir (usually /var/run/named) if necessary
|
||||
piddir="${PIDFILE%/*}"
|
||||
if [ ! -d "${piddir}" ]; then
|
||||
checkpath -q -d -o root:named -m 0770 "${piddir}" || {
|
||||
eend 1
|
||||
return 1
|
||||
}
|
||||
fi
|
||||
|
||||
# In case someone have $CPU set in /etc/conf.d/named
|
||||
if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
|
||||
CPU="-n ${CPU}"
|
||||
fi
|
||||
|
||||
start-stop-daemon --start --pidfile ${PIDFILE} \
|
||||
--nicelevel ${NAMED_NICELEVEL:-0} \
|
||||
--exec /usr/sbin/named \
|
||||
-- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
local reported=0
|
||||
|
||||
ebegin "Stopping ${CHROOT:+chrooted }named"
|
||||
checkconfig || return 2
|
||||
if [ -n "${RNDC_KEY}" ] && [ -f "${RNDC_KEY}" ]; then
|
||||
rndc $SERVER -k $RNDC_KEY stop 1>/dev/null
|
||||
else
|
||||
# -R 10, bug 335398
|
||||
start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
|
||||
--exec /usr/sbin/named
|
||||
fi
|
||||
|
||||
if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
|
||||
einfo "Umounting chroot dirs"
|
||||
|
||||
# just to be sure everything gets clean
|
||||
while [ -n "$(fuser ${CHROOT} 2>/dev/null)" ]; do
|
||||
if [ "${reported}" -eq 0 ]; then
|
||||
einfo "Waiting until all named processes are stopped"
|
||||
reported=1
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
_umount ${CHROOT}/etc/bind
|
||||
_umount ${CHROOT}/var/log/named
|
||||
_umount ${CHROOT}/var/bind
|
||||
fi
|
||||
|
||||
eend $?
|
||||
}
|
||||
|
||||
reload() {
|
||||
local ret
|
||||
|
||||
# checkconf also gives us the pidfile.
|
||||
checkconfig || return 3
|
||||
|
||||
ebegin "Reloading named.conf and zone files"
|
||||
if [ -n "${RNDC_KEY}" ] && [ -f "${RNDC_KEY}" ] ; then
|
||||
rndc $SERVER -k $RNDC_KEY reload 1>/dev/null
|
||||
ret=$?
|
||||
elif [ -n "${PIDFILE}" ]; then
|
||||
# FIXME: Remove --stop and --oknodo as soon as baselayout-1 has been removed... finally...
|
||||
start-stop-daemon --stop --oknodo --pidfile $PIDFILE --signal HUP --exec /usr/sbin/named
|
||||
ret=$?
|
||||
else
|
||||
ewarn "Neither an rndc key has been specified nor a pidfile... this is"
|
||||
ewarn "a fallback mode. Please check your installation!"
|
||||
|
||||
$RC_SERVICE restart
|
||||
ret=$?
|
||||
fi
|
||||
|
||||
eend $ret
|
||||
}
|
203
net-dns/bind/files/named.init-r9
Normal file
203
net-dns/bind/files/named.init-r9
Normal file
@ -0,0 +1,203 @@
|
||||
#!/sbin/runscript
|
||||
# Copyright 1999-2010 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r9,v 1.2 2010/12/15 23:35:09 idl0r Exp $
|
||||
|
||||
opts="start stop reload restart checkconfig checkzones"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
use logger
|
||||
provide dns
|
||||
}
|
||||
|
||||
NAMED_CONF=${CHROOT}/etc/bind/named.conf
|
||||
|
||||
_mount() {
|
||||
local from
|
||||
local to
|
||||
local opts
|
||||
|
||||
if [ "${#}" -lt 3 ]; then
|
||||
eerror "_mount(): to few arguments"
|
||||
return 1
|
||||
fi
|
||||
|
||||
from=$1
|
||||
to=$2
|
||||
shift 2
|
||||
|
||||
opts="${*}"
|
||||
shift $#
|
||||
|
||||
if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
|
||||
einfo "mounting ${from} to ${to}"
|
||||
mount ${from} ${to} ${opts} || return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
_umount() {
|
||||
local dir=$1
|
||||
|
||||
if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
|
||||
einfo "umount ${dir}"
|
||||
umount ${dir} || return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
_get_pidfile() {
|
||||
# as suggested in bug #107724, bug 335398#c17
|
||||
[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
|
||||
/usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
|
||||
[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/var/run/named/named.pid
|
||||
}
|
||||
|
||||
check_chroot() {
|
||||
if [ -n "${CHROOT}" ]; then
|
||||
[ ! -d "${CHROOT}" ] && return 1
|
||||
[ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
|
||||
[ ! -d "${CHROOT}/var/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
|
||||
[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
|
||||
[ ! -d "${CHROOT}/var/log/named" ] && return 1
|
||||
[ ! -e "${CHROOT}/etc/localtime" ] && return 1
|
||||
[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
|
||||
[ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
|
||||
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
ebegin "Checking named configuration"
|
||||
|
||||
if [ ! -f "${NAMED_CONF}" ] ; then
|
||||
eerror "No ${NAMED_CONF} file exists!"
|
||||
return 1
|
||||
fi
|
||||
|
||||
/usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}} || {
|
||||
eerror "named-checkconf failed! Please fix your config first."
|
||||
return 1
|
||||
}
|
||||
|
||||
eend 0
|
||||
return 0
|
||||
}
|
||||
|
||||
checkzones() {
|
||||
ebegin "Checking named configuration and zones"
|
||||
/usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF/${CHROOT}}
|
||||
eend $?
|
||||
}
|
||||
|
||||
start() {
|
||||
local piddir
|
||||
|
||||
ebegin "Starting ${CHROOT:+chrooted }named"
|
||||
|
||||
if [ -n "${CHROOT}" ]; then
|
||||
check_chroot || {
|
||||
eend 1
|
||||
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
|
||||
return 1
|
||||
}
|
||||
|
||||
if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
|
||||
einfo "Mounting chroot dirs"
|
||||
_mount /etc/bind ${CHROOT}/etc/bind -o bind
|
||||
_mount /var/bind ${CHROOT}/var/bind -o bind
|
||||
_mount /var/log/named ${CHROOT}/var/log/named -o bind
|
||||
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
|
||||
_mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
checkconfig || { eend 1; return 1; }
|
||||
|
||||
# create piddir (usually /var/run/named) if necessary, bug 334535
|
||||
_get_pidfile
|
||||
piddir="${PIDFILE%/*}"
|
||||
if [ ! -d "${piddir}" ]; then
|
||||
checkpath -q -d -o root:named -m 0770 "${piddir}" || {
|
||||
eend 1
|
||||
return 1
|
||||
}
|
||||
fi
|
||||
|
||||
# In case someone have $CPU set in /etc/conf.d/named
|
||||
if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
|
||||
CPU="-n ${CPU}"
|
||||
fi
|
||||
|
||||
start-stop-daemon --start --pidfile ${PIDFILE} \
|
||||
--nicelevel ${NAMED_NICELEVEL:-0} \
|
||||
--exec /usr/sbin/named \
|
||||
-- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
local reported=0
|
||||
|
||||
ebegin "Stopping ${CHROOT:+chrooted }named"
|
||||
|
||||
# Workaround for now, until openrc's restart has been fixed.
|
||||
# openrc doesn't care about a restart() function in init scripts.
|
||||
if [ "${RC_CMD}" = "restart" ]; then
|
||||
checkconfig || { eend 1; return 1; }
|
||||
fi
|
||||
|
||||
# -R 10, bug 335398
|
||||
_get_pidfile
|
||||
start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
|
||||
--exec /usr/sbin/named
|
||||
|
||||
if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
|
||||
ebegin "Umounting chroot dirs"
|
||||
|
||||
# just to be sure everything gets clean
|
||||
while fuser -s ${CHROOT} 2>/dev/null; do
|
||||
if [ "${reported}" -eq 0 ]; then
|
||||
einfo "Waiting until all named processes are stopped"
|
||||
reported=1
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
|
||||
_umount ${CHROOT}/etc/bind
|
||||
_umount ${CHROOT}/var/log/named
|
||||
_umount ${CHROOT}/var/bind
|
||||
fi
|
||||
|
||||
eend $?
|
||||
}
|
||||
|
||||
reload() {
|
||||
local ret
|
||||
|
||||
ebegin "Reloading named.conf and zone files"
|
||||
|
||||
checkconfig || { eend 1; return 1; }
|
||||
|
||||
_get_pidfile
|
||||
if [ -n "${PIDFILE}" ]; then
|
||||
# FIXME: Remove --stop and --oknodo as soon as baselayout-1 has been removed... finally...
|
||||
start-stop-daemon --stop --oknodo --pidfile $PIDFILE --signal HUP --exec /usr/sbin/named
|
||||
ret=$?
|
||||
else
|
||||
ewarn "Unable to determine the pidfile... this is"
|
||||
ewarn "a fallback mode. Please check your installation!"
|
||||
|
||||
$RC_SERVICE restart
|
||||
ret=$?
|
||||
fi
|
||||
|
||||
eend $ret
|
||||
}
|
17
net-dns/bind/metadata.xml
Normal file
17
net-dns/bind/metadata.xml
Normal file
@ -0,0 +1,17 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
||||
<pkgmetadata>
|
||||
<herd>bind</herd>
|
||||
<maintainer>
|
||||
<email>idl0r@gentoo.org</email>
|
||||
<name>Christian Ruppert</name>
|
||||
</maintainer>
|
||||
<longdescription>ISC's bind dns server, used the world 'round.</longdescription>
|
||||
<use>
|
||||
<flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag>
|
||||
<flag name="gssapi">Enable gssapi support</flag>
|
||||
<flag name="resolvconf">Enable support for <pkg>net-dns/openresolv</pkg></flag>
|
||||
<flag name="sdb-ldap">Enables ldap-sdb backend</flag>
|
||||
<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
|
||||
</use>
|
||||
</pkgmetadata>
|
Loading…
Reference in New Issue
Block a user