summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Menšík <pemensik@redhat.com>2017-08-16 22:47:09 +0200
committerPetr Menšík <pemensik@redhat.com>2017-08-16 22:47:09 +0200
commit5d8eb8cf1dd9cedcefd679a00d2ff66153be04b3 (patch)
tree9a8e1fd383ee3eaec1e0e478bfc237f7bb2fd0c1
parente9f0f4543b9d7d9be6f081142bbd1727c6eb09d6 (diff)
downloadbind-5d8eb8cf1dd9cedcefd679a00d2ff66153be04b3.tar.gz
bind-5d8eb8cf1dd9cedcefd679a00d2ff66153be04b3.tar.xz
bind-5d8eb8cf1dd9cedcefd679a00d2ff66153be04b3.zip
Update named.ca, move named.conf out of config archive
-rw-r--r--.gitignore1
-rw-r--r--bind.spec6
-rw-r--r--named.conf57
-rw-r--r--sources2
4 files changed, 63 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore
index 0d58acc..c60a96d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -77,3 +77,4 @@ bind-9.7.2b1.tar.gz
/bind-9.11.1-P3.tar.gz
/bind-9.11.2b1.tar.gz
/bind-9.11.2.tar.gz
+/config-17.tar.bz2
diff --git a/bind.spec b/bind.spec
index 450b032..42aac62 100644
--- a/bind.spec
+++ b/bind.spec
@@ -40,7 +40,8 @@ Source7: bind-9.3.1rc1-sdb_tools-Makefile.in
Source8: dnszone.schema
Source12: README.sdb_pgsql
Source25: named.conf.sample
-Source28: config-16.tar.bz2
+Source26: named.conf
+Source28: config-17.tar.bz2
Source30: ldap2zone.c
Source31: ldap2zone.1
Source32: named-sdb.8
@@ -671,6 +672,7 @@ touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
# configuration files:
tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}
+install -m 640 %{SOURCE26} ${RPM_BUILD_ROOT}/etc/named.conf
touch ${RPM_BUILD_ROOT}/etc/rndc.key
touch ${RPM_BUILD_ROOT}/etc/rndc.conf
mkdir ${RPM_BUILD_ROOT}/etc/named
@@ -681,7 +683,7 @@ install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}/etc/trusted-key.key
mkdir -p sample/etc sample/var/named/{data,slaves}
install -m 644 %{SOURCE25} sample/etc/named.conf
# Copy default configuration to %%doc to make it usable from system-config-bind
-install -m 644 ${RPM_BUILD_ROOT}/etc/named.conf named.conf.default
+install -m 644 %{SOURCE26} named.conf.default
install -m 644 ${RPM_BUILD_ROOT}/etc/named.rfc1912.zones sample/etc/named.rfc1912.zones
install -m 644 ${RPM_BUILD_ROOT}/var/named/{named.ca,named.localhost,named.loopback,named.empty} sample/var/named
for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do
diff --git a/named.conf b/named.conf
new file mode 100644
index 0000000..487007a
--- /dev/null
+++ b/named.conf
@@ -0,0 +1,57 @@
+//
+// named.conf
+//
+// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
+// server as a caching only nameserver (as a localhost DNS resolver only).
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+
+options {
+ listen-on port 53 { 127.0.0.1; };
+ listen-on-v6 port 53 { ::1; };
+ directory "/var/named";
+ dump-file "/var/named/data/cache_dump.db";
+ statistics-file "/var/named/data/named_stats.txt";
+ memstatistics-file "/var/named/data/named_mem_stats.txt";
+ allow-query { localhost; };
+
+ /*
+ - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+ - If you are building a RECURSIVE (caching) DNS server, you need to enable
+ recursion.
+ - If your recursive DNS server has a public IP address, you MUST enable access
+ control to limit queries to your legitimate users. Failing to do so will
+ cause your server to become part of large scale DNS amplification
+ attacks. Implementing BCP38 within your network would greatly
+ reduce such attack surface
+ */
+ recursion yes;
+
+ dnssec-enable yes;
+ dnssec-validation yes;
+
+ managed-keys-directory "/var/named/dynamic";
+
+ pid-file "/run/named/named.pid";
+ session-keyfile "/run/named/session.key";
+
+ /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
+ include "/etc/crypto-policies/back-ends/bind.config";
+};
+
+logging {
+ channel default_debug {
+ file "data/named.run";
+ severity dynamic;
+ };
+};
+
+zone "." IN {
+ type hint;
+ file "named.ca";
+};
+
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";
+
diff --git a/sources b/sources
index e6fb492..270c38c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (bind-9.11.2.tar.gz) = c837c0a360049b0077b155eede9b6a71f63d1caca2ddf20a8ab7860a1033a3750e49cd2804dcf8c43b0aef04bcea99422d1302b4eae1646eb69a5ae6d64625b9
-SHA512 (config-16.tar.bz2) = 983e0a8de3bb0c16fb21331894cc97ea516233796158eb5d1c932608227b31889496d0467c3e43953bf504dbf8b5f19210d2c9f8e0e3742aea2c7609245bf3f7
+SHA512 (config-17.tar.bz2) = 93d864be83a2aeaec3f4e150909bee21b0fc4761562928ee075f09e8fce28bc82735ed7d7a93e8dfff4fcf8e06f2aa9a04046fc3e538a6bf5cb380f2a3528729