Summary: Fast and lean authoritative DNS Name Server
Name: nsd
Version: 3.2.15
Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Source1: nsd.service
Source2: nsd.cron
Source3: nsd.sysconfig
Source4: tmpfiles-nsd.conf
Patch0: nsd-install.patch
Group: System Environment/Daemons
BuildRequires: flex, openssl-devel
BuildRequires: systemd-units
Requires(post): systemd-sysv
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(pre): shadow-utils
%description
NSD is a complete implementation of an authoritative DNS name server.
For further information about what NSD is and what NSD is not please
consult the REQUIREMENTS document which is a part of this distribution
(thanks to Olaf).
%prep
%setup -q
%patch0 -p1 -b .install
%build
%configure --enable-bind8-stats --enable-checking --enable-nsec3 \
--with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid --with-ssl \
--with-user=nsd --with-difffile=%{_localstatedir}/lib/%{name}/ixfr.db \
--with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \
--with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db \
--enable-ratelimit
%{__make} %{?_smp_mflags}
#convert to utf8
iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8
iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8
mv -f doc/RELNOTES.utf8 doc/RELNOTES
mv -f doc/CREDITS.utf8 doc/CREDITS
%install
%{__make} DESTDIR=%{buildroot} install
mkdir -p %{buildroot}%{_unitdir}
install -d -m 0755 %{buildroot}%{_sysconfdir}/cron.hourly
install -c -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/cron.hourly/nsd
install -m 0755 %{SOURCE1} %{buildroot}/%{_unitdir}/nsd.service
install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name}
install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name}
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/tmpfiles.d/nsd.conf
# change .sample to normal config files
head -76 %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample > %{buildroot}%{_sysconfdir}/nsd/nsd.conf
rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample
echo "database: /var/lib/nsd/nsd.db" >> %{buildroot}%{_sysconfdir}/nsd/nsd.conf
echo "# include: \"/some/path/file\"" >> %{buildroot}%{_sysconfdir}/nsd/nsd.conf
%files
%doc doc/*
%doc contrib/nsd.zones2nsd.conf
%dir %{_sysconfdir}/nsd/
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/nsd.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/nsd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tmpfiles.d/nsd.conf
%attr(0644,root,root) %{_unitdir}/%{name}.service
%{_sysconfdir}/cron.hourly/nsd
# owner nsd is to work around 'nsdc restart' pid bug (no permission to unlink root file)
%ghost %attr(0755,nsd,root) %dir %{_localstatedir}/run/%{name}
%attr(0755,%{name},%{name}) %dir %{_localstatedir}/lib/%{name}
%{_sbindir}/*
%{_mandir}/*/*
%pre
getent group nsd >/dev/null || groupadd -r nsd
getent passwd nsd >/dev/null || \
useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \
-c "nsd daemon account" nsd
exit 0
%post
if [ $1 -eq 1 ] ; then
# Initial installation
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
%preun
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable nsd.service > /dev/null 2>&1 || :
/bin/systemctl stop nsd.service > /dev/null 2>&1 || :
fi
%postun
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart nsd.service >/dev/null 2>&1 || :
fi
%triggerun -- nsd < 3.2.8-6
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply nsd
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save nsd >/dev/null 2>&1 ||:
# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del nsd >/dev/null 2>&1 || :
/bin/systemctl try-restart nsd.service >/dev/null 2>&1 || :
%changelog
* Fri Feb 01 2013 Paul Wouters <pwouters@redhat.com> - 3.2.15-1
- Updated to 3.2.15 which includes the rate limit code
- Patch to not fail when MD5 is not available (FIPS mode)
(also be quiet in cron jobs)
* Fri Nov 23 2012 Paul Wouters <pwouters@redhat.com> - 3.2.14-2
- Updated to 3.2.14 with minor bugfixes and TCP writev support
- Only run nsdc rebuild hourly cronjob when nsd service is running
* Fri Jul 27 2012 Paul Wouters <pwouters@redhat.com> - 3.2.13-1
- Updated to 3.2.13, addresses VU#517036 CVE-2012-2979
(note Fedora/EPEL packages are not vulnerable to this)
* Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 3.2.12-2
- Add /var/run/nsd via tmpfiles (rhbz#842021)
* Thu Jul 19 2012 Paul Wouters <pwouters@redhat.com> - 3.2.12-1
- Upgraded to 3.2.12 which fixes CVE-2012-2978 (rhbz#841268)
* Mon Jul 16 2012 Paul Wouters <pwouters@redhat.com> - 3.2.11-1
- Updated to 3.2.11
- Remove execute perm from unitdir file
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 29 2011 Paul Wouters <paul@xelerance.com> - 3.2.9-2
- Change spec and initscript to chown /var/run/nsd to nsd user to work around
the "nsdc restart" problem where it cannot update its own pid file
* Sun Nov 27 2011 Paul Wouters <paul@xelerance.com> - 3.2.9-1
- Updated to 3.2.9
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 3.2.8-7
- fix tmpfiles.d creation of /var/run/nsd to be owned by root
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 3.2.8-6
- convert to systemd, tmpfiles.d
* Fri Jun 3 2011 Paul Wouters <paul@xelerance.com> - 3.2.8-5
- fix /var/run/nsd to be owned by root, not nsd
* Fri Jun 3 2011 Tuomo Soini <tis@foobar.fi> - 3.2.8-4
- fix init status to work as expected (bz#525107)
- fix nsd.conf and nsd.conf.5 to have correct logfile
- fix nsd.init syntax error by piddir change
- fix initscript to create /var/run/nsd if missing (bz#710376)
* Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 3.2.8-1
- updated to 3.2.8
* Wed Mar 09 2011 Paul Wouters <paul@xelerance.com> - 3.2.7-5
- Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD
- Fix for init script properly returning OK/Failed (bz#535107) by Noa Resare
- Add ghost directive to /var/run/nsd (bz#656642)
- Bump release for EVR
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Feb 03 2011 Paul Wouters <paul@xelerance.com> - 3.2.7-1
- Updated to 3.2.7
* Mon Aug 02 2010 Paul Wouters <paul@xelerance.com> - 3.2.6-1
- Updated to 3.2.6
- Removed obsolete --enable-nsid
* Wed Jan 06 2010 Paul Wouters <paul@xelerance.com> - 3.2.4-1
- Updated to nsd 3.2.4
* Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 3.2.3-4
- Incorporated Ville Mattila's fixes to nsd.cron
- Support for NSD_AUTOREBUILD in /etc/sysconfig/nsd [Ville]
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 3.2.3-3
- rebuilt with new openssl
* Thu Aug 20 2009 Ville Mattila <vmattila@csc.fi> - 3.2.3-2
- The 'nsdc patch' and 'nsdc rebuild' commands wrote a %%1 file by mistake
* Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 3.2.3-1
-Updated to version 3.2.3
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jun 06 2009 Paul Wouters <paul@xelerance.com> - 3.2.2-3
- Fixed /dev/nul which cause a file \%%1 to be written by cron
- Bump for EVR.
* Mon May 18 2009 Paul Wouters <paul@xelerance.com> - 3.2.2-1
- Upgraded to 3.2.2 security release
http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html
* Thu Apr 09 2009 Ville Mattila <vmattila@csc.fi> - 3.2.1-6
- Make various file paths used by the nsd.init script configurable
from /etc/sysconfig/nsd.
- Add template /etc/sysconfig/nsd.
* Sun Mar 08 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-5
- nsd used the 'named' subsystem in one call in the init script
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Jan 26 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-3
- Fix init script 'unary operator' error.
* Mon Jan 26 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-1
- Updated to new version 3.2.1
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 3.2.0-4
- rebuild with new openssl
* Mon Nov 24 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-3
- Updates summary as per Richard Hughes guidelines
* Mon Nov 10 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-2
- Bump version after pre-release version correction.
* Mon Nov 10 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-1
- 3.2.0-1
* Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 3.1.1-1
- updated to 3.1.1
* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 3.1.0-2
- fix license tag
- fix static user creation
* Mon Jun 30 2008 Paul Wouters <paul@xelerance.com> - 3.1.0-1
- Updated to 3.1.0
* Tue May 6 2008 Paul Wouters <paul@xelerance.com> - 3.0.8-2
- Fix /dev/null redirection [Venkatesh Krishnamurthi]
* Tue May 6 2008 Paul Wouters <paul@xelerance.com> - 3.0.8-1
- Updated to 3.0.8
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.0.7-3
- Autorebuild for GCC 4.3
* Wed Dec 5 2007 Paul Wouters <paul@xelerance.com> - 3.0.7-2
- Rebuild for new libcrypto
* Tue Nov 13 2007 Paul Wouters <paul@xelerance.com> - 3.0.7-1
- Updated to new version
- fix RELNOTES/README to be utf8
- Fix path to nsd.db in cron job.
* Thu Nov 8 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-7
- Modified cron to only rebuild/reload when zone updates
have been received
* Wed Nov 7 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-6
- Added hourly cron job to do various maintenance tasks
- Added nsd rebuild to create the proper nsd.db file on startup
- Added nsd patch on shutdown to ensure zonefiles are up to date
* Tue Oct 2 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-5
- nsdc update and nsdc notify are no longer needed in initscript.
* Mon Sep 24 2007 Jesse Keating <jkeating@redhat.com> - 3.0.6-4
- Bump release for upgrade path.
* Fri Sep 14 2007 Paul Wouters <paul@xelerance.com> 3.0.6-3
- Do not include examples from nsd.conf.sample that causes
bogus network traffic.
* Fri Sep 14 2007 Paul Wouters <paul@xelerance.com> 3.0.6-2
- Change locations of ixfr.db and xfrd.state to /var/lib/nsd
- Enable NSEC3
- Delay running nsdc update until after nsd has started
- Delete xfrd.state on nsd stop
- Run nsdc notify in the background, since it can take
a very long time when remote servers are unavailable.
* Tue Sep 11 2007 Paul Wouters <paul@xelerance.com> 3.0.6-1
- Upgraded to 3.0.6
- Do not include bind2nsd, since it didn't compile for me
* Fri Jul 13 2007 Paul Wouters <paul@xelerance.com> 3.0.5-2
- Fix init script, bug #245546
* Fri Mar 23 2007 Paul Wouters <paul@xelerance.com> 3.0.5-1
- Upgraded to 3.0.5
* Thu Dec 7 2006 Paul Wouters <paul@xelerance.com> 3.0.3-1
- Upgraded to 3.0.3
* Mon Nov 27 2006 Paul Wouters <paul@xelerance.com> 3.0.2-1
- Upgraded to 3.0.2.
- Use new configuration file nsd.conf. Still needs migration script.
patch from Farkas Levente <lfarkas@bppiac.hu>
* Mon Oct 16 2006 Paul Wouters <paul@xelerance.com> 2.3.6-2
- Bump version for upgrade path
* Thu Oct 12 2006 Paul Wouters <paul@xelerance.com> 2.3.6-1
- Upgraded to 2.3.6
- Removed obsolete workaround in nsd.init
- Fixed spec file so daemon gets properly restarted on upgrade
* Mon Sep 11 2006 Paul Wouters <paul@xelerance.com> 2.3.5-4
- Rebuild requested for PT_GNU_HASH support from gcc
- Removed dbaccess.c from doc section
* Mon Jun 26 2006 Paul Wouters <paul@xelerance.com> - 2.3.5-3
- Bump version for FC-x upgrade path
* Mon Jun 26 2006 Paul Wouters <paul@xelerance.com> - 2.3.5-1
- Upgraded to nsd-2.3.5
* Sun May 7 2006 Paul Wouters <paul@xelerance.com> - 2.3.4-3
- Upgraded to nsd-2.3.4.
- Removed manual install targets because DESTDIR is now supported
- Re-enabled --checking, checking patch no longer needed and removed.
- Work around in nsd.init for nsd failing to start when there is no ipv6
* Thu Dec 15 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-7
- chkconfig and attribute changes as proposed by Dmitry Butskoy
* Thu Dec 15 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-6
- Moved pid file to /var/run/nsd/nsd.pid.
- Use _localstatedir instead of "/var"
* Tue Dec 13 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-5
- Added BuildRequires for openssl-devel, removed Requires for openssl.
* Mon Dec 12 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-4
- upgraded to nsd-2.3.3
* Wed Dec 7 2005 Tom "spot" Callaway <tcallawa@redhat.com> - 2.3.2-2
- minor cleanups
* Mon Dec 5 2005 Paul Wouters <paul@xelerance.com> - 2.3.2-1
- Upgraded to 2.3.2. Changed post scripts to comply to Fedora
Extras policies (eg do not start daemon on fresh install)
* Tue Oct 4 2005 Paul Wouters <paul@xelerance.com> - 2.3.1-1
- Initial version