#global prever rc1
%if 0%{?fedora} || 0%{?rhel} >= 7
%bcond_without systemd # enabled systemd
%else
%bcond_with systemd # disabled systemd
%endif
Summary: Fast and lean authoritative DNS Name Server
Name: nsd
Version: 4.1.7
Release: 2%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/nsd/
Group: System Environment/Daemons
Source0: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?prever}.tar.gz
Source1: nsd.conf
Source2: nsd.service
Source3: nsd-keygen.service
Source4: nsd-write.service
Source5: nsd-write.timer
Source6: tmpfiles-nsd.conf
Source10: nsd.init
Source11: nsd.cron
Source12: nsd.sysconfig
BuildRequires: flex
BuildRequires: openssl-devel
BuildRequires: libevent-devel
Requires(pre): shadow-utils
%if %{with systemd}
BuildRequires: systemd-units
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
%else
Group: System Environment/Daemons
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/service
Requires(preun): /sbin/chkconfig
Requires(postun): /sbin/service
%endif
%global _hardened_build 1
%description
NSD is a complete implementation of an authoritative DNS name server.
For further information about what NSD is and what NSD is not please
consult the REQUIREMENTS document which is a part of this distribution.
%prep
%setup -q -n %{name}-%{version}%{?prever}
%build
CFLAGS="%{optflags} -fPIE -pie"
LDFLAGS="-Wl,-z,relro,-z,now"
export CFLAGS LDFLAGS
%configure \
--enable-bind8-stats \
--enable-checking \
--enable-nsec3 \
--with-pidfile=%{_localstatedir}/run/nsd/nsd.pid \
--with-ssl \
--with-user=nsd \
--with-xfrdfile=%{_sharedstatedir}/nsd/ixfr.state \
--with-dbfile=%{_sharedstatedir}/nsd/nsd.db \
--enable-ratelimit \
--with-max-ips=1024
make %{?_smp_mflags}
iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8
iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8
mv -f doc/RELNOTES.utf8 doc/RELNOTES
mv -f doc/CREDITS.utf8 doc/CREDITS
%install
make DESTDIR=%{buildroot} install
%if %{with systemd}
mkdir -p %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} \
%{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{_tmpfilesdir}
install -m 0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/nsd.conf
%else
mkdir -p %{buildroot}%{_initddir}
install -m 0755 %{SOURCE10} %{buildroot}%{_initddir}/nsd
mkdir -p %{buildroot}%{_sysconfdir}/cron.hourly
install -m 0755 %{SOURCE11} %{buildroot}%{_sysconfdir}/cron.hourly/nsd
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
install -m 0755 %{SOURCE12} %{buildroot}%{_sysconfdir}/sysconfig/nsd
%endif
mkdir -p %{buildroot}%{_localstatedir}/run/nsd
mkdir -p %{buildroot}%{_sharedstatedir}/nsd
# Install ghost files
for name in control server; do
for extension in key pem; do
touch %{buildroot}%{_sysconfdir}/nsd/nsd_${name}.${extension}
done
done
# Take care of the configuration
mkdir -p %{buildroot}%{_sysconfdir}/nsd/conf.d
mkdir -p %{buildroot}%{_sysconfdir}/nsd/server.d
install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/nsd/nsd.conf
rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample
%files
%doc doc/*
%doc contrib/nsd.zones2nsd.conf
%dir %{_sysconfdir}/nsd
%config(noreplace) %{_sysconfdir}/nsd/nsd.conf
%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_server.key
%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_server.pem
%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_control.key
%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_control.pem
%dir %{_sysconfdir}/nsd/conf.d
%dir %{_sysconfdir}/nsd/server.d
%if %{with systemd}
%attr(0644,root,root) %{_unitdir}/nsd.service
%attr(0644,root,root) %{_unitdir}/nsd-keygen.service
%attr(0644,root,root) %{_unitdir}/nsd-write.service
%attr(0644,root,root) %{_unitdir}/nsd-write.timer
%attr(0644,root,root) %{_tmpfilesdir}/nsd.conf
%else
%{_sysconfdir}/cron.hourly/nsd
%attr(0755,root,root) %{_initddir}/nsd
%config(noreplace) %{_sysconfdir}/sysconfig/nsd
%endif
%attr(0755,nsd,nsd) %dir %{_localstatedir}/run/nsd
%attr(0750,nsd,nsd) %dir %{_sharedstatedir}/nsd
%{_sbindir}/*
%{_mandir}/*/*
%pre
getent group nsd >/dev/null || groupadd -r nsd
getent passwd nsd >/dev/null || \
useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \
-c "nsd daemon account" nsd
exit 0
%post
%if %{with systemd}
%systemd_post nsd.service
%systemd_post nsd-keygen.serivce
%else
/sbin/chkconfig --add nsd
%endif
%preun
%if %{with systemd}
%systemd_preun nsd.service
%systemd_preun nsd-keygen.serivce
%else
if [ "$1" -eq 0 ]; then
/sbin/service nsd stop >/dev/null 2>&1
/sbin/chkconfig --del nsd
fi
%endif
%postun
%if %{with systemd}
%systemd_postun_with_restart nsd.service
%systemd_postun nsd-keygen.service
%else
if [ "$1" -ge 1 ]; then
/sbin/service nsd condrestart >/dev/null 2>&1 || :
fi
%endif
%triggerin -- nsd < 4.0.0-0
chown nsd:nsd %{_sharedstatedir}/nsd/* 2>&1 || :
%changelog
* Sun Dec 27 2015 Tuomo Soini <tis@foobar.fi> - 4.1.7-2
- Enable PrivateTmp for nsd.service
- Rename /etc/nsd/local.d/ to /etc/nsd/server.d/
- Add /etc/nsd/local.d for local server config
- Add ghost entries for nsd_control and nsd_server key and certificate
- Fix sysv init script by removing nsd3 specific NSDC_PROG options
- Use signals whenever possible instead of using nsd-control
- Use cron script on sysvinit systems only
- Add nsd-write.service and nsd-write.timer (not enabled by default)
- Remove old options from /etc/sysconfig/nsd
- Install /etc/sysconfig/nsd on sysvinit systems only
- Remove all example files from /etc/nsd/conf.d/ - don't belong to package
- Add nsd-keygen.service to generate nsd-control keys
- Add creation of nsd_control.key to nsd.init
- nsd.service depends on nsd-keygen.service
- Change nsd.service to use KillMode=mixed
- Add triggerin for older nsd package to chown /var/lib/nsd/*
- Update nsd.conf from upstream and add nsd-control section
- Removed Mass rebuild changelogs causing chronological order error [Paul]
* Sun Dec 20 2015 Fabio Alessandro Locati <fabio@locati.cc> - 4.1.7-1
- Update to last upstream
- Multiple tests and fixes
* Sat Apr 11 2015 Paul Wouters <pwouters@redhat.com> - 4.1.1-1
- Updated to 4.1.1
- Updated cron job for new nsd-control
- Updated nsd.conf
- Updated nsd init script for use of nsd-control
- Renamed --max_interfaces to --max-ips
- Added BuildRequires for libevent-devel
- Fix buglet in nsd user creation's exit command
- Create nsd4 remote-control pem files for nsd-control
- chown /var/lib/nsd/nsd.db to the nsd user required for nsd4
- Add logrotate support
* Mon Jul 28 2014 Paul Wouters <pwouters@redhat.com> - 3.2.18-1
- Updated to 3.2.18 - improved TXT parsing, new NSID option
- Fix nsd.service daemonize option (rhbz#1089505)
* Sun Mar 30 2014 Paul Wouters <pwouters@redhat.com> - 3.2.17-1
- Updated to 3.2.17
- Added --with-max-ips=1024
- Removed merged in patch
* Thu Apr 18 2013 Paul Wouters <pwouters@redhat.com> - 3.2.15-4
- Enable hardened build
- rhbz#850231 - Introduce new systemd-rpm macros in nsd spec file
- Added -D option to nsd to allow us to use systemd service Type=simple
- Switch from Fork to Simple systemd service
- Use /run and not /var/run for pid
- The cronjon now uses systemctl reload, which also triggers notifies
(should speed up notifications to secondaries)
* Mon Mar 25 2013 Peter Robinson <pbrobinson@fedoraproject.org> 3.2.15-3
- Bump so rawhide/F19 has bigger NVR that older releases
* Mon Feb 04 2013 Paul Wouters <pwouters@redhat.com> - 3.2.15-1
- Updates to 3.2.15 which contains rate limit code
(fixes rhbz#842036 - nsd fails to start in fips mode)
* Fri Nov 23 2012 Paul Wouters <pwouters@redhat.com> - 3.2.14-2
- Updated to 3.2.14 with minor bugfixes and TCP writev support
- Only run nsdc rebuild hourly cronjob when nsd service is running
* Fri Jul 27 2012 Paul Wouters <pwouters@redhat.com> - 3.2.13-1
- Updated to 3.2.13, addresses VU#517036 CVE-2012-2979
(note Fedora/EPEL packages are not vulnerable to this)
* Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 3.2.12-2
- Add /var/run/nsd via tmpfiles (rhbz#842021)
* Thu Jul 19 2012 Paul Wouters <pwouters@redhat.com> - 3.2.12-1
- Upgraded to 3.2.12 which fixes CVE-2012-2978 (rhbz#841268)
* Mon Jul 16 2012 Paul Wouters <pwouters@redhat.com> - 3.2.11-1
- Updated to 3.2.11
- Remove execute perm from unitdir file
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 29 2011 Paul Wouters <paul@xelerance.com> - 3.2.9-2
- Change spec and initscript to chown /var/run/nsd to nsd user to work around
the "nsdc restart" problem where it cannot update its own pid file
* Sun Nov 27 2011 Paul Wouters <paul@xelerance.com> - 3.2.9-1
- Updated to 3.2.9
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 3.2.8-7
- fix tmpfiles.d creation of /var/run/nsd to be owned by root
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 3.2.8-6
- convert to systemd, tmpfiles.d
* Fri Jun 3 2011 Paul Wouters <paul@xelerance.com> - 3.2.8-5
- fix /var/run/nsd to be owned by root, not nsd
* Fri Jun 3 2011 Tuomo Soini <tis@foobar.fi> - 3.2.8-4
- fix init status to work as expected (bz#525107)
- fix nsd.conf and nsd.conf.5 to have correct logfile
- fix nsd.init syntax error by piddir change
- fix initscript to create /var/run/nsd if missing (bz#710376)
* Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 3.2.8-1
- updated to 3.2.8
* Wed Mar 09 2011 Paul Wouters <paul@xelerance.com> - 3.2.7-5
- Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD
- Fix for init script properly returning OK/Failed (bz#535107) by Noa Resare
- Add ghost directive to /var/run/nsd (bz#656642)
- Bump release for EVR
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Feb 03 2011 Paul Wouters <paul@xelerance.com> - 3.2.7-1
- Updated to 3.2.7
* Mon Aug 02 2010 Paul Wouters <paul@xelerance.com> - 3.2.6-1
- Updated to 3.2.6
- Removed obsolete --enable-nsid
* Wed Jan 06 2010 Paul Wouters <paul@xelerance.com> - 3.2.4-1
- Updated to nsd 3.2.4
* Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 3.2.3-4
- Incorporated Ville Mattila's fixes to nsd.cron
- Support for NSD_AUTOREBUILD in /etc/sysconfig/nsd [Ville]
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 3.2.3-3
- rebuilt with new openssl
* Thu Aug 20 2009 Ville Mattila <vmattila@csc.fi> - 3.2.3-2
- The 'nsdc patch' and 'nsdc rebuild' commands wrote a %%1 file by mistake
* Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 3.2.3-1
-Updated to version 3.2.3
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jun 06 2009 Paul Wouters <paul@xelerance.com> - 3.2.2-3
- Fixed /dev/nul which cause a file \%%1 to be written by cron
- Bump for EVR.
* Mon May 18 2009 Paul Wouters <paul@xelerance.com> - 3.2.2-1
- Upgraded to 3.2.2 security release
http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html
* Thu Apr 09 2009 Ville Mattila <vmattila@csc.fi> - 3.2.1-6
- Make various file paths used by the nsd.init script configurable
from /etc/sysconfig/nsd.
- Add template /etc/sysconfig/nsd.
* Sun Mar 08 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-5
- nsd used the 'named' subsystem in one call in the init script
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Jan 26 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-3
- Fix init script 'unary operator' error.
* Mon Jan 26 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-1
- Updated to new version 3.2.1
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 3.2.0-4
- rebuild with new openssl
* Mon Nov 24 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-3
- Updates summary as per Richard Hughes guidelines
* Mon Nov 10 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-2
- Bump version after pre-release version correction.
* Mon Nov 10 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-1
- 3.2.0-1
* Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 3.1.1-1
- updated to 3.1.1
* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 3.1.0-2
- fix license tag
- fix static user creation
* Mon Jun 30 2008 Paul Wouters <paul@xelerance.com> - 3.1.0-1
- Updated to 3.1.0
* Tue May 6 2008 Paul Wouters <paul@xelerance.com> - 3.0.8-2
- Fix /dev/null redirection [Venkatesh Krishnamurthi]
* Tue May 6 2008 Paul Wouters <paul@xelerance.com> - 3.0.8-1
- Updated to 3.0.8
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.0.7-3
- Autorebuild for GCC 4.3
* Wed Dec 5 2007 Paul Wouters <paul@xelerance.com> - 3.0.7-2
- Rebuild for new libcrypto
* Tue Nov 13 2007 Paul Wouters <paul@xelerance.com> - 3.0.7-1
- Updated to new version
- fix RELNOTES/README to be utf8
- Fix path to nsd.db in cron job.
* Thu Nov 8 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-7
- Modified cron to only rebuild/reload when zone updates
have been received
* Wed Nov 7 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-6
- Added hourly cron job to do various maintenance tasks
- Added nsd rebuild to create the proper nsd.db file on startup
- Added nsd patch on shutdown to ensure zonefiles are up to date
* Tue Oct 2 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-5
- nsdc update and nsdc notify are no longer needed in initscript.
* Mon Sep 24 2007 Jesse Keating <jkeating@redhat.com> - 3.0.6-4
- Bump release for upgrade path.
* Fri Sep 14 2007 Paul Wouters <paul@xelerance.com> 3.0.6-3
- Do not include examples from nsd.conf.sample that causes
bogus network traffic.
* Fri Sep 14 2007 Paul Wouters <paul@xelerance.com> 3.0.6-2
- Change locations of ixfr.db and xfrd.state to /var/lib/nsd
- Enable NSEC3
- Delay running nsdc update until after nsd has started
- Delete xfrd.state on nsd stop
- Run nsdc notify in the background, since it can take
a very long time when remote servers are unavailable.
* Tue Sep 11 2007 Paul Wouters <paul@xelerance.com> 3.0.6-1
- Upgraded to 3.0.6
- Do not include bind2nsd, since it didn't compile for me
* Fri Jul 13 2007 Paul Wouters <paul@xelerance.com> 3.0.5-2
- Fix init script, bug #245546
* Fri Mar 23 2007 Paul Wouters <paul@xelerance.com> 3.0.5-1
- Upgraded to 3.0.5
* Thu Dec 7 2006 Paul Wouters <paul@xelerance.com> 3.0.3-1
- Upgraded to 3.0.3
* Mon Nov 27 2006 Paul Wouters <paul@xelerance.com> 3.0.2-1
- Upgraded to 3.0.2.
- Use new configuration file nsd.conf. Still needs migration script.
patch from Farkas Levente <lfarkas@bppiac.hu>
* Mon Oct 16 2006 Paul Wouters <paul@xelerance.com> 2.3.6-2
- Bump version for upgrade path
* Thu Oct 12 2006 Paul Wouters <paul@xelerance.com> 2.3.6-1
- Upgraded to 2.3.6
- Removed obsolete workaround in nsd.init
- Fixed spec file so daemon gets properly restarted on upgrade
* Mon Sep 11 2006 Paul Wouters <paul@xelerance.com> 2.3.5-4
- Rebuild requested for PT_GNU_HASH support from gcc
- Removed dbaccess.c from doc section
* Mon Jun 26 2006 Paul Wouters <paul@xelerance.com> - 2.3.5-3
- Bump version for FC-x upgrade path
* Mon Jun 26 2006 Paul Wouters <paul@xelerance.com> - 2.3.5-1
- Upgraded to nsd-2.3.5
* Sun May 7 2006 Paul Wouters <paul@xelerance.com> - 2.3.4-3
- Upgraded to nsd-2.3.4.
- Removed manual install targets because DESTDIR is now supported
- Re-enabled --checking, checking patch no longer needed and removed.
- Work around in nsd.init for nsd failing to start when there is no ipv6
* Thu Dec 15 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-7
- chkconfig and attribute changes as proposed by Dmitry Butskoy
* Thu Dec 15 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-6
- Moved pid file to /var/run/nsd/nsd.pid.
- Use _localstatedir instead of "/var"
* Tue Dec 13 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-5
- Added BuildRequires for openssl-devel, removed Requires for openssl.
* Mon Dec 12 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-4
- upgraded to nsd-2.3.3
* Wed Dec 7 2005 Tom "spot" Callaway <tcallawa@redhat.com> - 2.3.2-2
- minor cleanups
* Mon Dec 5 2005 Paul Wouters <paul@xelerance.com> - 2.3.2-1
- Upgraded to 2.3.2. Changed post scripts to comply to Fedora
Extras policies (eg do not start daemon on fresh install)
* Tue Oct 4 2005 Paul Wouters <paul@xelerance.com> - 2.3.1-1
- Initial version