--- admin/PlamoBuild-template-20180815 2018-08-15 16:18:50.000000000 +0900 +++ plamo/01_minimum/network.txz/bind/PlamoBuild.bind-9.12.4_P2 2019-06-21 21:37:50.000000000 +0900 @@ -1,19 +1,21 @@ #!/bin/sh ###################################################################### -url="" +url="http://ftp.isc.org/isc/bind/9.12.4-P2/bind-9.12.4-P2.tar.gz + https://gitlab.isc.org/isc-projects/bind9/merge_requests/1879.patch + http://www.internic.net/domain/named.root" verify= digest= branch= commitid= -pkgbase= -vers= +pkgbase=bind +vers=9.12.4_P2 arch=`uname -m` -build=P1 -src=$pkgbase-$vers -patchfiles="" -OPT_CONFIG="" -DOCS="README" +build=P2 +src=$pkgbase-9.12.4-P2 +patchfiles="1879.patch" +OPT_CONFIG="--without-python --with-libtool --without-libxml2" +DOCS="HISTORY LICENSE CONTRIBUTING CHANGES OPTIONS README COPYRIGHT" template=20180815 tmplurl=ftp://plamo.linet.gr.jp/pub/Plamo-src/admin ###################################################################### @@ -65,6 +67,102 @@ make install DESTDIR=$P fi done + cat <<- "EOF" > $P/etc/named.conf.new + // CACHING NAME SERVER + options { + directory "/var/named"; + // version statement - inhibited for security + // (avoids hacking any known weaknesses) + version "not currently available"; + // disables all zone transfer requests + allow-transfer { + "none"; + }; + // Closed DNS - permits only local IPs to issue queries + // remove if an Open DNS required to support all users + // or add additional IP ranges + // in this case either allow-query or allow-recursion can be used + allow-query { + 192.168.1.0/24; + }; + }; + + // log to /var/log/named.log events + // from info UP in severity (no debug) + // defaults to use 3 files in rotation + // BIND 8.x logging MUST COME FIRST in this file + // BIND 9.x parses the whole file before using the log + // failure messages up to this point are in (syslog) + // typically /var/log/messages + logging { + channel example_log { + file "/var/log/named.log" versions 3 size 2m; + severity info; + print-severity yes; + print-time yes; + print-category yes; + }; + category default { + example_log; + }; + }; + + // required zone for recursive queries + zone "." { + type hint; + file "named.root"; + }; + + // required local host domain + zone "localhost" in { + type master; + file "master.localhost"; + allow-update { + none; + }; + }; + + // localhost reverse map + zone "0.0.127.in-addr.arpa" in { + type master; + file "localhost.rev"; + allow-update { + none; + }; + }; + EOF + install -d $P/var/named + cat <<- "EOF" | sed 's/^|//' > $P/var/named/master.localhost.new + |$TTL 86400 ; 24 hours could have been written as 24h + |$ORIGIN localhost. + |; line below = localhost 1D IN SOA localhost root.localhost + |@ 1D IN SOA @ root ( + | 2009073001 ; serial + | 3h ; refresh + | 15 ; retry + | 1w ; expire + | 3h ; minimum + | ) + |@ 1D IN NS @ + | 1D IN A 127.0.0.1 + EOF + chmod 600 $P/var/named/master.localhost.new + cat <<- "EOF" | sed 's/^|//' > $P/var/named/localhost.rev.new + |$TTL 86400 + |; could use $ORIGIN 0.0.127.IN-ADDR.ARPA. + |@ IN SOA localhost. root.localhost. ( + | 1997022700 ; serial + | 3h ; refresh + | 15 ; retry + | 1w ; expire + | 3h ; minimum + | ) + | IN NS localhost. + |1 IN PTR localhost. + EOF + chmod 600 $P/var/named/localhost.rev.new + cp -p $W/named.root $P/var/named/named.root.new + chown root.root $P/var/named/named.root.new touch $W/i.et cd $W TZ=UTC find $P ! -type l -newer i.st ! -newer i.et \ @@ -72,9 +170,58 @@ compress setup_docdir convert_links - tar cvpf $pkg.tar -C $P `cd $P ; find usr/bin | tail -n+2` + cat <<- "EOF" >> $P/install/doinst.sh + + named_config() { + mv var/named/$1.new /tmp + if [ -f var/named/$1 ] ; then + mv /tmp/$1.new var/named/$1.dist + else + mv /tmp/$1.new var/named/$1 + fi + } + + mv etc/named.conf.new /tmp + if [ -f etc/named.conf ] ; then + mv /tmp/named.conf.new etc/named.conf.dist + else + mv /tmp/named.conf.new etc/named.conf + fi + for i in master.localhost localhost.rev ; do + named_config $i + done + mv var/named/named.root.new /tmp + if [ -f var/named/named.root ] ; then + if diff -q var/named/named.root.internic var/named/named.root \ + > /dev/null 2>&1 ; then + mv var/named/named.root var/named/named.root.old + mv /tmp/named.root.new var/named/named.root + cp -p var/named/named.root var/named/named.root.internic + echo "New root hint file has been installed." + echo "Old one has been moved to /var/named/named.root.old." + else + mv /tmp/named.root.new var/named/named.root.internic + echo "You might have to update your root hint file." + echo "New one has been installed to /var/named/named.root.internic." + fi + else + mv /tmp/named.root.new var/named/named.root + cp -p var/named/named.root var/named/named.root.internic + echo "New root hint file has been installed." + fi + EOF + TZ=UTC touch -t `date -u '+%m%d0000'` $P/install/doinst.sh + tar cvpf $pkg.tar -C $P `cd $P ; find usr/sbin | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/bin | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/$libdir | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/include -maxdepth 1 | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find etc | tail -n+2` + tar rvpf $pkg.tar -C $P var/named tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/man/man1 | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/man/man5 | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/man/man8 | tail -n+2` tar rvpf $pkg.tar -C $P usr/share/doc/$src + tar rvpf $pkg.tar -C $P install/doinst.sh TZ=UTC touch -t `date -u '+%m%d0000'` $pkg.tar xz $pkg.tar ; touch $pkg.tar.xz ; mv $pkg.tar.xz $pkg.txz cleanup