[nsd/el6] * Fri Feb 10 2012 Paul Wouters <pwouters at redhat.com> - 3.2.10-1 - Updated to 3.2.10 - Ship our own n
Paul Wouters
pwouters at fedoraproject.org
Mon Mar 5 15:56:04 UTC 2012
commit cc5fe49cde2a7135a7203ad60f6082453a99e6b7
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 08:57:06 2012 -0500
* Fri Feb 10 2012 Paul Wouters <pwouters at redhat.com> - 3.2.10-1
- Updated to 3.2.10
- Ship our own nsd.conf instead of hacking the nsd.conf.sample
- Merge in fixed by Tuomo Soini <tis at foobar.fi>
- Fix %%preun and %%postun to be quiet
- Fix /etc/nsd permissions to be root:nsd mode 0750
- Cleanup /etc/sysconfig/nsd
- Change startup order of nsd so it works with IPv6 on 6to4
- Revert piddir to be owned by user nsd (not root)
- Initscript cleanup
nsd.conf | 102 ++++++++++++++++++++++++++++++++++++++++++
nsd.init | 138 +++++++++++++++++++++++++++++----------------------------
nsd.spec | 47 ++++++++++++-------
nsd.sysconfig | 9 ++--
4 files changed, 207 insertions(+), 89 deletions(-)
---
diff --git a/nsd.conf b/nsd.conf
new file mode 100644
index 0000000..bc4cc9f
--- /dev/null
+++ b/nsd.conf
@@ -0,0 +1,102 @@
+#
+# nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
+#
+# Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
+#
+# See LICENSE for the license.
+#
+
+# This is a comment.
+# Adapted for Fedora/RHEL settings
+
+# options for the nsd server
+server:
+ # uncomment to specify specific interfaces to bind (default wildcard
+ # interface).
+ # ip-address: 1.2.3.4
+ # ip-address: 1.2.3.4 at 5678
+ # ip-address: 12fe::8ef0
+
+ # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries
+ # hide-version: no
+
+ # enable debug mode, does not fork daemon process into the background.
+ # debug-mode: no
+
+ # listen only on IPv4 connections
+ # ip4-only: no
+
+ # listen only on IPv6 connections
+ # ip6-only: no
+
+ # the database to use
+ # database: "/var/lib/nsd/nsd.db"
+
+ # identify the server (CH TXT ID.SERVER entry).
+ # identity: "unidentified server"
+
+ # NSID identity (hex string). default disabled.
+ # nsid: "aabbccdd"
+
+ # log messages to file. Default to stderr and syslog (with facility
+ # LOG_DAEMON).
+ # logfile: "/var/log/nsd.log"
+
+ # Number of NSD servers to fork.
+ # server-count: 1
+
+ # Maximum number of concurrent TCP connections per server.
+ # This option should have a value below 1000.
+ # tcp-count: 10
+
+ # Maximum number of queries served on a single TCP connection.
+ # By default 0, which means no maximum.
+ # tcp-query-count: 0
+
+ # Override the default (120 seconds) TCP timeout.
+ # tcp-timeout: 120
+
+ # Preferred EDNS buffer size for IPv4.
+ # ipv4-edns-size: 4096
+
+ # Preferred EDNS buffer size for IPv6.
+ # ipv6-edns-size: 4096
+
+ # File to store pid for nsd in.
+ # pidfile: "/var/run/nsd/nsd.pid"
+
+ # port to answer queries on. default is 53.
+ # port: 53
+
+ # statistics are produced every number of seconds.
+ # statistics: 3600
+
+ # Run NSD in a chroot-jail.
+ # make sure to have pidfile and database reachable from there.
+ # by default, no chroot-jail is used.
+ # chroot: "/etc/nsd"
+
+ # After binding socket, drop user privileges.
+ # can be a username, id or id.gid.
+ # username: nsd
+
+ # The directory for zonefile: files.
+ # zonesdir: "/etc/nsd"
+
+ # The file where incoming zone transfers are stored.
+ # run nsd-patch to update zone files, then you can safely delete it.
+ # difffile: "/var/lib/nsd/ixfr.db"
+
+ # The file where secondary zone refresh and expire timeouts are kept.
+ # If you delete this file, all secondary zones are forced to be
+ # 'refreshing' (as if nsd got a notify).
+ # xfrdfile: "/var/lib/nsd/ixfr.state"
+
+ # Number of seconds between reloads triggered by xfrd.
+ # xfrd-reload-timeout: 10
+
+ # Verbosity level.
+ # verbosity: 0
+
+database: /var/lib/nsd/nsd.db
+# include: "/etc/nsd/other.conf"
diff --git a/nsd.init b/nsd.init
index 9b42669..d76f58a 100755
--- a/nsd.init
+++ b/nsd.init
@@ -1,30 +1,31 @@
#!/bin/bash
#
-# nsd: Starts the NSD Name Server Daemon
+# nsd Starts the NSD Name Server Daemon
#
-# chkconfig: - 13 87
+# chkconfig: - 23 87
# description: NSD is a complete implementation of an authoritative \
-# DNS name server.
-# processname: /usr/sbin/nsd
-# config: /etc/nsd/nsd.conf
+# DNS name server.
#
### BEGIN INIT INFO
# Provides: nsd
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $network $syslog
-# Default-Stop: 0 11 89
-# Short-Description: start|stop|status|restart|try-restart|reload|force-reload DNS server
-# Description: control NSD implementation of DNS server
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: The NSD Name Server Daemon
+# Description: NSD is a complete implementation of an authoritative
+# DNS name server.
### END INIT INFO
# Init script default settings
NSD_CONF="/etc/nsd/nsd.conf"
-NSD_DB="/var/lib/nsd/nsd.db"
NSD_PROG="/usr/sbin/nsd"
NSD_PIDFILE="/var/run/nsd/nsd.pid"
NSD_XFRDFILE="/var/lib/nsd/xfrd.state"
NSDC_PROG="/usr/sbin/nsdc"
-NSD_PIDDIR=`dirname $NSD_PIDFILE`
+NSD_USER="nsd"
+NSD_PIDDIR="$(dirname ${NSD_PIDFILE})"
+NSD_EXTRA_OPTS=""
# Source function library.
. /etc/rc.d/init.d/functions
@@ -35,82 +36,82 @@ NSD_PIDDIR=`dirname $NSD_PIDFILE`
[ "${NETWORKING}" = "no" ] && exit 0
start() {
- # Source networking configuration.
- [ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
+ # Source networking configuration.
+ [ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
- # Check that networking is up
- [ "${NETWORKING}" = "no" ] && exit 1
+ # Check that networking is up
+ [ "${NETWORKING}" = "no" ] && exit 1
- # Sanity checks.
- [ -f $NSD_CONF ] || exit 5
- [ -x $NSD_PROG ] || exit 5
- # /var/run could (and should) be tmpfs
- [ -d $NSD_PIDDIR ] || mkdir -p $NSD_PIDDIR
+ # Sanity checks.
+ [ -f ${NSD_CONF} ] || exit 5
+ [ -x ${NSD_PROG} ] || exit 5
+ # /var/run could (and should) be tmpfs
+ [ -d ${NSD_PIDDIR} ] || {
+ mkdir -p ${NSD_PIDDIR}
+ chown ${NSD_USER}: ${NSD_PIDDIR}
+ }
- echo -n $"Starting nsd:"
- $NSDC_PROG -c $NSD_CONF rebuild >/dev/null 2>&1
- $NSD_PROG -c $NSD_CONF $OTHER_NSD_OPTS
- RETVAL=$?
- if [ $RETVAL -eq 0 ]; then
- touch /var/lock/subsys/nsd;
- success
- echo
- else
- failure
- echo
- exit 7;
- fi
- return 0;
+ echo -n $"Starting nsd:"
+ ${NSDC_PROG} -c ${NSD_CONF} rebuild >/dev/null 2>&1
+ daemon \
+ --pidfile=${NSD_PIDFILE} \
+ ${NSD_PROG} -c ${NSD_CONF} \
+ ${NSD_EXTRA_OPTS}
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/nsd
+ echo
}
stop() {
- echo -n $"Stopping nsd: "
- # save state to zonefiles
- $NSDC_PROG -c $NSD_CONF patch > /dev/null 2>&1
- $NSDC_PROG -c $NSD_CONF stop
- RETVAL=$?
- # was nsdc successful?
- [ "$RETVAL" -eq 0 ] || killproc $NSD_PROG -TERM >/dev/null 2>&1
- if [ $RETVAL -eq 0 ] ; then
- rm -f $NSD_PIDFILE
- rm -f /var/lock/subsys/nsd
- # ensure notifies are sent at startup
- rm -f $NSD_XFRDFILE
- success
- else
- failure
- fi
- echo
- return $RETVAL
+ echo -n $"Stopping nsd: "
+ # save state to zonefiles
+ ${NSDC_PROG} -c ${NSD_CONF} patch > /dev/null 2>&1
+ ${NSDC_PROG} -c ${NSD_CONF} stop
+ RETVAL=$?
+ # was nsdc successful?
+ if [ "$RETVAL" -gt 0 ]; then
+ killproc -p ${NSD_PIDFILE} ${NSD_PROG}
+ fi
+ if [ $RETVAL -eq 0 ] ; then
+ rm -f ${NSD_PIDFILE}
+ rm -f /var/lock/subsys/nsd
+ # ensure notifies are sent at startup
+ rm -f ${NSD_XFRDFILE}
+ success
+ else
+ failure
+ fi
+ echo
+ return $RETVAL
}
restart() {
- stop
- start
+ stop
+ start
}
RETVAL=0
# See how we were called.
case "$1" in
- start)
+ start)
start
;;
- stop)
+ stop)
stop
;;
- restart)
+ restart)
restart
;;
- condrestart)
+ condrestart|try-restart)
[ -f /var/lock/subsys/nsd ] && restart || :
;;
- status)
- status -p $NSD_PIDFILE $NSD_PROG
+ status)
+ status -p ${NSD_PIDFILE} ${NSD_PROG}
;;
- reload)
+ reload)
echo -n $"Rebuilding zonefiles:"
- $NSDC_PROG -c $NSD_CONF rebuild >/dev/null 2>&1
+ ${NSDC_PROG} -c ${NSD_CONF} rebuild >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
success
@@ -119,7 +120,7 @@ case "$1" in
fi
echo
echo -n $"Reloading nsd:"
- $NSDC_PROG -c $NSD_CONF reload
+ ${NSDC_PROG} -c ${NSD_CONF} reload
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
success
@@ -128,12 +129,13 @@ case "$1" in
fi
echo
;;
- stats|rebuild|running|update|notify)
- $NSDC_PROG -c $NSD_CONF $1
+ stats|rebuild|running|update|notify)
+ ${NSDC_PROG} -c ${NSD_CONF} $1
;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|condrestart|stats|notify|reload|rebuild|running|update}"
- exit 1
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|stats|notify|reload|rebuild|running|update}"
+ exit 2
esac
-exit $?
+exit $RETVAL
+#
diff --git a/nsd.spec b/nsd.spec
index f1f02a4..256ee56 100644
--- a/nsd.spec
+++ b/nsd.spec
@@ -1,6 +1,6 @@
Summary: Fast and lean authoritative DNS Name Server
Name: nsd
-Version: 3.2.8
+Version: 3.2.10
Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
@@ -8,6 +8,7 @@ Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Source1: nsd.init
Source2: nsd.cron
Source3: nsd.sysconfig
+Source4: nsd.conf
Patch0: nsd-install.patch
Patch1: nsd-fixlogfile.patch
Group: System Environment/Daemons
@@ -27,11 +28,16 @@ consult the REQUIREMENTS document which is a part of this distribution
%patch1 -p1
%build
-%configure --enable-bind8-stats --enable-checking --enable-nsec3 --enable-nsid \
- --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid --with-ssl \
- --with-user=nsd --with-difffile=%{_localstatedir}/lib/%{name}/ixfr.db \
- --with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \
- --with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db
+%configure --enable-bind8-stats \
+ --enable-checking \
+ --enable-nsec3 \
+ --enable-nsid \
+ --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \
+ --with-ssl \
+ --with-user=nsd \
+ --with-difffile=%{_localstatedir}/lib/%{name}/ixfr.db \
+ --with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \
+ --with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db
%{__make} %{?_smp_mflags}
#convert to utf8
@@ -53,11 +59,8 @@ install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name}
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
-# change .sample to normal config files
-head -76 %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample > %{buildroot}%{_sysconfdir}/nsd/nsd.conf
rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample
-echo "database: /var/lib/nsd/nsd.db" >> %{buildroot}%{_sysconfdir}/nsd/nsd.conf
-echo "# include: \"/some/path/file\"" >> %{buildroot}%{_sysconfdir}/nsd/nsd.conf
+cp %{SOURCE4} %{buildroot}%{_sysconfdir}/nsd/nsd.conf
%clean
rm -rf ${RPM_BUILD_ROOT}
@@ -66,13 +69,12 @@ rm -rf ${RPM_BUILD_ROOT}
%defattr(-,root,root,-)
%doc doc/*
%doc contrib/nsd.zones2nsd.conf
-%dir %{_sysconfdir}/nsd/
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/nsd.conf
-#%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/nsd.zones
+%attr(0750,root,nsd) %dir %{_sysconfdir}/nsd
+%attr(0644,root,nsd) %config(noreplace) %{_sysconfdir}/nsd/nsd.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/nsd
%attr(0755,root,root) %{_initrddir}/%{name}
%{_sysconfdir}/cron.hourly/nsd
-%ghost %attr(0755,root,root) %dir %{_localstatedir}/run/%{name}
+%ghost %attr(0755,%{name},%{name}) %dir %{_localstatedir}/run/%{name}
%attr(0755,%{name},%{name}) %dir %{_localstatedir}/lib/%{name}
%{_sbindir}/*
%{_mandir}/*/*
@@ -81,7 +83,7 @@ rm -rf ${RPM_BUILD_ROOT}
getent group nsd >/dev/null || groupadd -r nsd
getent passwd nsd >/dev/null || \
useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \
--c "nsd daemon account" nsd
+ -c "nsd daemon account" nsd
exit 0
%post
@@ -89,16 +91,27 @@ exit 0
%preun
if [ $1 -eq 0 ]; then
- /sbin/service %{name} stop
+ /sbin/service %{name} stop >/dev/null 2>&1
/sbin/chkconfig --del %{name}
fi
%postun
if [ "$1" -ge "1" ]; then
- /sbin/service %{name} condrestart
+ /sbin/service %{name} condrestart >/dev/null 2>&1 || :
fi
%changelog
+* Fri Feb 10 2012 Paul Wouters <pwouters at redhat.com> - 3.2.10-1
+- Updated to 3.2.10
+- Ship our own nsd.conf instead of hacking the nsd.conf.sample
+- Merge in fixed by Tuomo Soini <tis at foobar.fi>
+ - Fix %%preun and %%postun to be quiet
+ - Fix /etc/nsd permissions to be root:nsd mode 0750
+ - Cleanup /etc/sysconfig/nsd
+ - Change startup order of nsd so it works with IPv6 on 6to4
+ - Revert piddir to be owned by user nsd
+ - Initscript cleanup
+
* Tue Jun 7 2011 Paul Wouters <paul at xelerance.com> - 3.2.8-1
- updated to 3.2.8
- fix /var/run/nsd to be owned by root, not nsd
diff --git a/nsd.sysconfig b/nsd.sysconfig
index 847eb2a..03e7699 100644
--- a/nsd.sysconfig
+++ b/nsd.sysconfig
@@ -1,7 +1,8 @@
# /etc/sysconfig/nsd
# Configuration for /etc/init.d/nsd
-OTHER_NSD_OPTS=""
+#NSD_EXTRA_OPTS=""
+
#extra verbosity
#ZONEC_VERBOSE=-v
@@ -11,12 +12,12 @@ OTHER_NSD_OPTS=""
# Main configuration file
#NSD_CONF="/etc/nsd/nsd.conf"
-# NSD DB
-#NSD_DB="/var/lib/nsd/nsd.db"
-
# Path to nsdc program
#NSDC_PROG="/usr/sbin/nsdc"
+# User to run NSD as
+#NSD_USER="nsd"
+
# Path to nsd program
#NSD_PROG="/usr/sbin/nsd"
More information about the scm-commits
mailing list