You are not logged in.
This is an updated version of the bind-9.3.0-1 found on current repository. It brings the following:1. Runs as named user/group instead of root.
2. Automatically generate rndc.key at installation, if none is present.
3. Automatically create user and group when installed and remove them when package is uninstalled.
4. Zones organized as primary/secondary (pri,sec)
Important, while it runs as an unpriviledge user, still it isn´t chrooted. I will release another package with chrooting out of the box (maybe with name bind-chroot).
PKGBUILD
pkgname=bind
pkgver=9.3.0
pkgrel=2
pkgdesc="Berkeley Internet Name Domain - A DNS server with host and dig utilities"
backup=(etc/named.conf etc/logrotate.d/named etc/rndc.key)
depends=('openssl')
provides=('dns-server')
conflicts=('dns-server')
source=(ftp://ftp.isc.org/isc/bind9/$pkgver/$pkgname-$pkgver.tar.gz
named.conf localhost.zone 127.0.0.zone named root.hint named.logrotate)
md5sums=('fdb42fff7e345372ac52a4493b77b694' 'eab2f297cccc32d89ec841832e9dc9c3'
'ab5beef0b41eb6376c7f1f4ee233172b' 'bdbdfe4990b0903984306dd14f98b951'
'e13658e2143ad323845b6d73ddd110b1' 'c7202ed4c5afa91b0a25f05e93b33ba6'
'2ba26270bf2078a2d259977ea7d222df')
install="bind.install"
build() {
# Add group and user
if [ ! `egrep '^named' /etc/passwd` ]; then
groupadd -g 40 named
useradd -c "Bind Nameserver" -g named -u 40 -d /var/named named -s /bin/false
cleanup=1
else
cleanup=0
fi
cd $startdir/src/$pkgname-$pkgver
./configure --prefix=/usr --sysconfdir=/etc
--localstatedir=/var --with-libtool --enable-shared
--enable-threads --with-openssl=yes --enable-ipv6
make || return 1
make DESTDIR=$startdir/pkg install
# make directories
mkdir -p $startdir/pkg/var/named/{pri,sec}
mkdir -p $startdir/pkg/var/run/named
# install Arch specific config files
install -D -m755 ../named $startdir/pkg/etc/rc.d/named
install -D -m644 ../named.conf $startdir/pkg/etc/named.conf
install -D -m644 ../127.0.0.zone $startdir/pkg/var/named/pri/127.0.0.zone
install -D -m644 ../localhost.zone $startdir/pkg/var/named/pri/localhost.zone
install -D -m644 ../root.hint $startdir/pkg/var/named/root.hint
install -D -m644 ../named.logrotate $startdir/pkg/etc/logrotate.d/named
# generate new key if it is missing
if [ ! -f '$startdir/pkg/etc/rndc.key' ]; then
if [ ! -f '/usr/lib/libisc.so.9' ]; then
# no bind libs installed, use compiled ones temporary
cp -p $startdir/pkg/usr/lib/libisc.so.9 /usr/lib
cp -p $startdir/pkg/usr/lib/libdns.so.20 /usr/lib
# and generate rndc config
$startdir/pkg/usr/sbin/rndc-confgen > $startdir/pkg/etc/named.tmp
rm -f /usr/lib/libisc.so.9 /usr/lib/libdns.so.20
else
# bind libs found, generate rndc config
$startdir/pkg/usr/sbin/rndc-confgen > $startdir/pkg/etc/named.tmp
fi
# append new key to where it belongs
cat $startdir/pkg/etc/named.tmp | head -n 11
>> $startdir/pkg/etc/rndc.key
cat $startdir/pkg/etc/named.tmp | tail -n 10 | head -n 9 | cut -c 3-
>> $startdir/pkg/etc/named.conf
rm -f $startdir/pkg/etc/named.tmp
fi
# adjust permisions
chown -R named:named $startdir/pkg/var/named
chown named:root $startdir/pkg/etc/rndc.key
chown named:named $startdir/pkg/var/run/named
chmod 744 $startdir/pkg/var/run/named
# remove user & group if added by build
if [ $cleanup -eq 1 ]; then
echo "==> Removing user/group named"
userdel named
fi
}
bind.install
# This is a default template for a post-install scriptlet. You can
# remove any functions you don't need (and this header).
post_install() {
echo "Adding user/group named"
groupadd -g 40 named
useradd -c "Bind Nameserver" -g named -u 40 -d /var/named named -s /bin/false
/bin/true
}
post_remove() {
echo "Removing user/group named"
userdel named
/bin/true
}
op=$1
shift
$op $*
named
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
PID=`pidof -o %PPID /usr/sbin/named`
case "$1" in
start)
stat_busy "Starting DNS"
[ -z "$PID" ] && /usr/sbin/named -u named
if [ $? -gt 0 ]; then
stat_fail
else
add_daemon named
stat_done
fi
;;
stop)
stat_busy "Stopping DNS"
[ ! -z "$PID" ] && kill $PID &> /dev/null
if [ $? -gt 0 ]; then
stat_fail
else
rm_daemon named
stat_done
fi
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "usage: $0 {start|stop|restart}"
esac
exit 0
named.conf
//
// /etc/named.conf
//
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
auth-nxdomain yes;
datasize default;
// Uncoment these to enable IPv6 connections support
// IPv4 will still work
// listen-on { none; };
// listen-on-v6 { any; };
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
allow-transfer { any; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "pri/127.0.0.zone";
allow-update { none; };
allow-transfer { any; };
};
zone "." IN {
type hint;
file "root.hint";
};
//zone "example.org" IN {
// type slave;
// file "example.zone";
// masters {
// 192.168.1.100;
// };
// allow-query { any; };
// allow-transfer { any; };
//};
logging {
channel xfer-log {
file "/var/log/named.log";
print-category yes;
print-severity yes;
print-time yes;
severity info;
};
category xfer-in { xfer-log; };
category xfer-out { xfer-log; };
category notify { xfer-log; };
};
Also, if a developer read this, I recommend adding a dns-server to the provide/conflict list since right now a person can install more than one DNS server (Bind, PowerDNS for example).
Offline
you know it would have been far more practical to submit your "changes" to the bind maintainer than have several versions of one package floating around. it is also far more prudent and effective if you make a feature request through the bug tracker than through the forum where the maintainer may never see it (this is with respect to your dns-server provides/conflicts suggestion)
AKA uknowme
I am not your friend
Offline
thanks, right now finish submiting to the bugs site.
Offline