diff options
author | Adam Tkac <atkac@fedoraproject.org> | 2009-03-09 20:35:34 +0000 |
---|---|---|
committer | Adam Tkac <atkac@fedoraproject.org> | 2009-03-09 20:35:34 +0000 |
commit | 8f3a7935d831907f7c93e683a8d163516c77335d (patch) | |
tree | 9fef85779cd42845ddf82704ae6949c0448be9cb | |
parent | 9b3f9635eae5cef66c9c45e8981def643723d654 (diff) | |
download | bind-9_6_0-9_P1_fc11.tar.gz bind-9_6_0-9_P1_fc11.tar.xz bind-9_6_0-9_P1_fc11.zip |
- add DNSSEC support to initscript, enabled it per defaultbind-9_6_0-9_P1_fc11
- add requires dnssec-conf
-rw-r--r-- | bind.spec | 11 | ||||
-rwxr-xr-x | named.init | 5 |
2 files changed, 14 insertions, 2 deletions
@@ -20,7 +20,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.6.0 -Release: 8.%{PATCHVER}%{?dist} +Release: 9.%{PATCHVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -36,7 +36,6 @@ Source7: bind-9.3.1rc1-sdb_tools-Makefile.in Source8: dnszone.schema Source12: README.sdb_pgsql Source21: Copyright.caching-nameserver -Source24: libbind.pc Source25: named.conf.sample Source28: config-4.tar.bz2 Source30: ldap2zone.c @@ -77,6 +76,7 @@ Requires: mktemp Requires(post): grep, chkconfig Requires(pre): shadow-utils Requires(preun):chkconfig +Requires: dnssec-conf Obsoletes: bind-config < 30:9.3.2-34.fc6, caching-nameserver < 31:9.4.1-7.fc8 Provides: bind-config = 30:9.3.2-34.fc6, caching-nameserver = 31:9.4.1-7.fc8 BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel @@ -377,6 +377,9 @@ if [ "$1" -eq 1 ]; then # rndc.key has to have correct perms and ownership, CVE-2007-6283 [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key + # Enable DNSSEC per default + [ -x /usr/sbin/dnssec-configure ] && \ + dnssec-configure -b --norestart --dnssec=on --dlv=off > /dev/null 2>&1 fi :; @@ -561,6 +564,10 @@ rm -rf ${RPM_BUILD_ROOT} %ghost %{chroot_prefix}/etc/localtime %changelog +* Mon Mar 09 2009 Adam Tkac <atkac redhat com> 32:9.6.0-9.P1 +- add DNSSEC support to initscript, enabled it per default +- add requires dnssec-conf + * Mon Mar 09 2009 Adam Tkac <atkac redhat com> 32:9.6.0-8.P1 - fire away libbind, it is now separate package @@ -22,6 +22,7 @@ . /etc/rc.d/init.d/functions [ -r /etc/sysconfig/named ] && . /etc/sysconfig/named +[ -r /etc/sysconfig/dnssec ] && . /etc/sysconfig/dnssec RETVAL=0 export KRB5_KTNAME=${KEYTAB_FILE:-/etc/named.keytab} @@ -42,6 +43,10 @@ if [ -n "$ROOTDIR" ]; then fi; fi +[ -x /usr/sbin/dnssec-configure ] && [ -r /etc/named.conf ] && \ + [ /etc/sysconfig/dnssec -nt /etc/named.conf ] && \ + /usr/sbin/dnssec-configure -b --norestart --dnssec="$DNSSEC" --dlv="$DLV" + # Check if all what named needs running start() { |