From 0357b8e08f99d074229d4298e954b94b05cf4540 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Dec 28 2015 04:47:18 +0000 Subject: * Mon Dec 28 2015 Paul Wouters - 4.1.7-3 - Merge: Sun Dec 27 2015 Tuomo Soini - 4.1.7-2 --- diff --git a/nsd.conf b/nsd.conf index 28ea76c..be2d3e1 100644 --- a/nsd.conf +++ b/nsd.conf @@ -47,37 +47,37 @@ server: # After binding socket, drop user privileges. # can be a username, id or id.gid. - # username: @user@ + # username: nsd # Run NSD in a chroot-jail. # make sure to have pidfile and database reachable from there. # by default, no chroot-jail is used. - # chroot: "@configdir@" + # chroot: "/etc/nsd" # The directory for zonefile: files. The daemon chdirs here. - # zonesdir: "@zonesdir@" - + # zonesdir: "/etc/nsd" + # the list of dynamically added zones. - # zonelistfile: "@zonelistfile@" + # zonelistfile: "/var/lib/nsd/zone.list" # the database to use # if set to "" then no disk-database is used, less memory usage. - # database: "@dbfile@" + # database: "/var/lib/nsd/nsd.db" # log messages to file. Default to stderr and syslog (with # facility LOG_DAEMON). stderr disappears when daemon goes to bg. - # logfile: "@logfile@" + # logfile: "/var/log/nsd.log" # File to store pid for nsd in. - # pidfile: "@pidfile@" + # pidfile: "/var/run/nsd/nsd.pid" # The file where secondary zone refresh and expire timeouts are kept. - # If you delete this file, all secondary zones are forced to be + # If you delete this file, all secondary zones are forced to be # 'refreshing' (as if nsd got a notify). Set to "" to disable. - # xfrdfile: "@xfrdfile@" + # xfrdfile: "/var/lib/nsd/ixfr.state" # The directory where zone transfers are stored, in a subdir of it. - # xfrdir: "@xfrdir@" + # xfrdir: "/tmp" # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries # hide-version: no @@ -114,7 +114,7 @@ server: # Number of seconds between reloads triggered by xfrd. # xfrd-reload-timeout: 1 - + # log timestamp in ascii (y-m-d h:m:s.msec), yes is default. # log-time-ascii: yes @@ -123,7 +123,7 @@ server: # check mtime of all zone files on start and sighup # zonefiles-check: yes - + # write changed zonefiles to disk, every N seconds. # default is 0(disabled) or 3600(if database is ""). # zonefiles-write: 3600 @@ -135,7 +135,7 @@ server: # Response Rate Limiting, maximum QPS allowed (from one query source). # If set to 0, ratelimiting is disabled. Also set # rrl-whitelist-ratelimit to 0 to disable ratelimit processing. - # Default is @ratelimit_default@. + # Default is on. # rrl-ratelimit: 200 # Response Rate Limiting, number of packets to discard before @@ -148,27 +148,146 @@ server: # rrl-slip: 2 # Response Rate Limiting, IPv4 prefix length. Addresses are - # grouped by netblock. + # grouped by netblock. # rrl-ipv4-prefix-length: 24 # Response Rate Limiting, IPv6 prefix length. Addresses are - # grouped by netblock. + # grouped by netblock. # rrl-ipv6-prefix-length: 64 # Response Rate Limiting, maximum QPS allowed (from one query source) - # for whitelisted types. Default is @ratelimit_default@. + # for whitelisted types. Default is on. # rrl-whitelist-ratelimit: 2000 # RRLend -database: /var/lib/nsd/nsd.db + # Optional local server config + include: "/etc/nsd/server.d/*.conf" +# Include optional local configs. +include: "/etc/nsd/conf.d/*.conf" + +# Remote control config section. remote-control: - control-enable: yes - control-interface: 127.0.0.1 - control-port: 8952 - server-key-file: "/etc/nsd/nsd_server.key" - server-cert-file: "/etc/nsd/nsd_server.pem" - control-key-file: "/etc/nsd/nsd_control.key" - control-cert-file: "/etc/nsd/nsd_control.pem" - -include: /etc/nsd/conf.d/*.conf + # Enable remote control with nsd-control(8) here. + # set up the keys and certificates with nsd-control-setup. + control-enable: yes + + # what interfaces are listened to for control, default is on localhost. + # control-interface: 127.0.0.1 + # control-interface: ::1 + + # port number for remote control operations (uses TLS over TCP). + # control-port: 8952 + + # nsd server key file for remote control. + # server-key-file: "/etc/nsd/nsd_server.key" + + # nsd server certificate file for remote control. + # server-cert-file: "/etc/nsd/nsd_server.pem" + + # nsd-control key file. + # control-key-file: "/etc/nsd/nsd_control.key" + + # nsd-control certificate file. + # control-cert-file: "/etc/nsd/nsd_control.pem" + + +# Secret keys for TSIGs that secure zone transfers. +# You could include: "secret.keys" and put the 'key:' statements in there, +# and give that file special access control permissions. +# +# key: + # The key name is sent to the other party, it must be the same + #name: "keyname" + # algorithm hmac-md5, or hmac-sha1, or hmac-sha256 (if compiled in) + #algorithm: hmac-sha256 + # secret material, must be the same as the other party uses. + # base64 encoded random number. + # e.g. from dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64 + #secret: "K2tf3TRjvQkVCmJF3/Z9vA==" + + +# Patterns have zone configuration and they are shared by one or more zones. +# +# pattern: + # name by which the pattern is referred to + #name: "myzones" + # the zonefile for the zones that use this pattern. + # if relative then from the zonesdir (inside the chroot). + # the name is processed: %s - zone name (as appears in zone:name). + # %1 - first character of zone name, %2 second, %3 third. + # %z - topleveldomain label of zone, %y, %x next labels in name. + # if label or character does not exist you get a dot '.'. + # for example "%s.zone" or "zones/%1/%2/%3/%s" or "secondary/%z/%s" + #zonefile: "%s.zone" + + # If no master and slave access control elements are provided, + # this zone will not be served to/from other servers. + + # A master zone needs notify: and provide-xfr: lists. A slave + # may also allow zone transfer (for debug or other secondaries). + # notify these slaves when the master zone changes, address TSIG|NOKEY + # IP can be ipv4 and ipv6, with @port for a nondefault port number. + #notify: 192.0.2.1 NOKEY + # allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED + # address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40 + #provide-xfr: 192.0.2.0/24 my_tsig_key_name + # set the number of retries for notify. + #notify-retry: 5 + + # uncomment to provide AXFR to all the world + # provide-xfr: 0.0.0.0/0 NOKEY + # provide-xfr: ::0/0 NOKEY + + # A slave zone needs allow-notify: and request-xfr: lists. + #allow-notify: 2001:db8::0/64 my_tsig_key_name + # By default, a slave will request a zone transfer with IXFR/TCP. + # If you want to make use of IXFR/UDP use: UDP addr tsigkey + # for a master that only speaks AXFR (like NSD) use AXFR addr tsigkey + #request-xfr: 192.0.2.2 the_tsig_key_name + # Attention: You cannot use UDP and AXFR together. AXFR is always over + # TCP. If you use UDP, we higly recommend you to deploy TSIG. + # Allow AXFR fallback if the master does not support IXFR. Default + # is yes. + #allow-axfr-fallback: yes + # set local interface for sending zone transfer requests. + # default is let the OS choose. + #outgoing-interface: 10.0.0.10 + + # if compiled with --enable-zone-stats, give name of stat block for + # this zone (or group of zones). Output from nsd-control stats. + # zonestats: "%s" + + # if you give another pattern name here, at this point the settings + # from that pattern are inserted into this one (as if it were a + # macro). The statement can be given in between other statements, + # because the order of access control elements can make a difference + # (which master to request from first, which slave to notify first). + #include-pattern: "common-masters" + + +# Fixed zone entries. Here you can config zones that cannot be deleted. +# Zones that are dynamically added and deleted are put in the zonelist file. +# +# zone: + # name: "example.com" + # you can give a pattern here, all the settings from that pattern + # are then inserted at this point + # include-pattern: "master" + # You can also specify (additional) options directly for this zone. + # zonefile: "example.com.zone" + # request-xfr: 192.0.2.1 example.com.key + + # RRLconfig + # Response Rate Limiting, whitelist types + # rrl-whitelist: nxdomain + # rrl-whitelist: error + # rrl-whitelist: referral + # rrl-whitelist: any + # rrl-whitelist: rrsig + # rrl-whitelist: wildcard + # rrl-whitelist: nodata + # rrl-whitelist: dnskey + # rrl-whitelist: positive + # rrl-whitelist: all + # RRLend diff --git a/nsd.cron b/nsd.cron index f12d694..9871613 100644 --- a/nsd.cron +++ b/nsd.cron @@ -6,16 +6,13 @@ # in the nsd.db file back into the zone files # Only check when nsd is actively running -# systemd: -systemctl -q is-active nsd.service 2>/dev/null || exit 0 # sysvinit: (service nsd status has useless return codes) -# pidof nsd > /dev/null || exit 0 +pidof nsd > /dev/null || exit 0 # Default settings - do not edit these but /etc/sysconfig/nsd instead! NSD_CONF="/etc/nsd/nsd.conf" NSDC_PROG="/usr/sbin/nsd-control" NSD_CHECKCONF_PROG="/usr/sbin/nsd-checkconf" -NSD_AUTOREBUILD="yes" # Read in local settings. [ -r /etc/sysconfig/nsd ] && . /etc/sysconfig/nsd @@ -23,28 +20,4 @@ NSD_AUTOREBUILD="yes" # needed to avoid useless AVC rhbz#989218 cd ~nsd -$NSDC_PROG -c $NSD_CONF write > /dev/null 2>&1 - -# We try to only rebuild/reload when neccessary. If 1 zone is newer, -# we need to rebuild the db file. -# This might give problems with huge zones, eg TLD's, which cannot -# complete this operation within an hour, but it should work fine for -# most other uses. - -case "$NSD_AUTOREBUILD" in - [Yy]|[Yy][Ee][Ss]) - database="`$NSD_CHECKCONF_PROG -o database $NSD_CONF`" - $NSD_CHECKCONF_PROG -v $NSD_CONF | grep zonefile: | sed "s/^.*\"\(.*\)\"/\1/" | while read zonefile - do - if [ $zonefile -nt $database ] - then - echo "Zone $zonefile update requires database rebuild" - # use service not nsdc, as we do rebuild+reload+notify - /sbin/service nsd reload > /dev/null 2>&1 - break - fi - done - ;; - *) - ;; -esac +${NSDC_PROG} -c ${NSD_CONF} write > /dev/null 2>&1 diff --git a/nsd.service b/nsd.service index f34e20e..00f827c 100644 --- a/nsd.service +++ b/nsd.service @@ -1,17 +1,20 @@ [Unit] Description=NSD DNS Server After=syslog.target network.target +After=nsd-keygen.service +Wants=nsd-keygen.service [Service] Type=simple PIDFile=/var/run/nsd/nsd.pid -EnvironmentFile=/etc/sysconfig/nsd -ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf $OTHER_NSD_OPTS -ExecReload=/usr/sbin/nsd-control -c /etc/nsd/nsd.conf reload +EnvironmentFile=-/etc/sysconfig/nsd +ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf $NSD_EXTRA_OPTS +ExecReload=/bin/kill -HUP $MAINPID # notify blocks on misconfigurations - but does show it very loudly ExecReload=/usr/sbin/nsd-control -c /etc/nsd/nsd.conf notify -ExecStop=/usr/sbin/nsd-control -c /etc/nsd/nsd.conf stop ExecStopPost=/bin/rm -f /var/lib/nsd/xfrd.state +KillMode=mixed +PrivateTmp=true [Install] WantedBy=multi-user.target diff --git a/nsd.spec b/nsd.spec index 84ddc06..9f4f857 100644 --- a/nsd.spec +++ b/nsd.spec @@ -1,98 +1,131 @@ +#global prever rc1 +%if 0%{?fedora} || 0%{?rhel} >= 7 +%bcond_without systemd # enabled systemd +%else +%bcond_with systemd # disabled systemd +%endif Summary: Fast and lean authoritative DNS Name Server Name: nsd Version: 4.1.7 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD -Url: http://www.nlnetlabs.nl/%{name}/ -Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz -Source1: nsd.service -Source2: nsd.cron -Source3: nsd.sysconfig -Source4: tmpfiles-nsd.conf -Source5: example.com.key.conf -Source6: example.com.zone.conf -Source7: example.pattern.conf -Source8: nsd.conf +Url: http://www.nlnetlabs.nl/nsd/ Group: System Environment/Daemons -%if 0%{?el5} -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -%endif +Source0: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?prever}.tar.gz +Source1: nsd.conf +Source2: nsd.service +Source3: nsd-keygen.service +Source4: nsd-write.service +Source5: nsd-write.timer +Source6: tmpfiles-nsd.conf +Source10: nsd.init +Source11: nsd.cron +Source12: nsd.sysconfig BuildRequires: flex BuildRequires: openssl-devel BuildRequires: libevent-devel +Requires(pre): shadow-utils +%if %{with systemd} BuildRequires: systemd-units -Requires(post): systemd-sysv Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -Requires(pre): shadow-utils +%else +Group: System Environment/Daemons +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/service +Requires(preun): /sbin/chkconfig +Requires(postun): /sbin/service +%endif %global _hardened_build 1 %description NSD is a complete implementation of an authoritative DNS name server. For further information about what NSD is and what NSD is not please -consult the REQUIREMENTS document which is a part of this distribution -(thanks to Olaf). +consult the REQUIREMENTS document which is a part of this distribution. %prep -%setup -q +%setup -q -n %{name}-%{version}%{?prever} %build -export LDFLAGS="-Wl,-z,relro,-z,now" -export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie" -%configure --enable-bind8-stats \ - --enable-checking \ - --enable-nsec3 \ - --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ - --with-ssl \ - --with-user=nsd \ - --with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \ - --with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db \ - --enable-ratelimit \ - --with-max-ips=1024 - -%{__make} %{?_smp_mflags} -#convert to utf8 +CFLAGS="%{optflags} -fPIE -pie" +LDFLAGS="-Wl,-z,relro,-z,now" +export CFLAGS LDFLAGS +%configure \ + --enable-bind8-stats \ + --enable-checking \ + --enable-nsec3 \ + --with-pidfile=%{_localstatedir}/run/nsd/nsd.pid \ + --with-ssl \ + --with-user=nsd \ + --with-xfrdfile=%{_sharedstatedir}/nsd/ixfr.state \ + --with-dbfile=%{_sharedstatedir}/nsd/nsd.db \ + --enable-ratelimit \ + --with-max-ips=1024 + +make %{?_smp_mflags} iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8 iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8 mv -f doc/RELNOTES.utf8 doc/RELNOTES mv -f doc/CREDITS.utf8 doc/CREDITS %install -%{__make} DESTDIR=%{buildroot} install +make DESTDIR=%{buildroot} install +%if %{with systemd} mkdir -p %{buildroot}%{_unitdir} -install -d -m 0755 %{buildroot}%{_sysconfdir}/cron.hourly -install -c -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/cron.hourly/nsd -install -m 0755 %{SOURCE1} %{buildroot}/%{_unitdir}/nsd.service -install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name} -install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig -install -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} -mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/%{name} -install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/tmpfiles.d/nsd.conf +install -m 0644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} \ + %{buildroot}%{_unitdir} +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/nsd.conf +%else +mkdir -p %{buildroot}%{_initddir} +install -m 0755 %{SOURCE10} %{buildroot}%{_initddir}/nsd +mkdir -p %{buildroot}%{_sysconfdir}/cron.hourly +install -m 0755 %{SOURCE11} %{buildroot}%{_sysconfdir}/cron.hourly/nsd +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +install -m 0755 %{SOURCE12} %{buildroot}%{_sysconfdir}/sysconfig/nsd +%endif +mkdir -p %{buildroot}%{_localstatedir}/run/nsd +mkdir -p %{buildroot}%{_sharedstatedir}/nsd + +# Install ghost files +for name in control server; do + for extension in key pem; do + touch %{buildroot}%{_sysconfdir}/nsd/nsd_${name}.${extension} + done +done # Take care of the configuration mkdir -p %{buildroot}%{_sysconfdir}/nsd/conf.d -install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/nsd/conf.d/example.com.key.conf -install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/nsd/conf.d/example.com.zone.conf -install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/nsd/conf.d/example.pattern.conf -install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/nsd/nsd.conf +mkdir -p %{buildroot}%{_sysconfdir}/nsd/server.d +install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/nsd/nsd.conf rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample -%files +%files %doc doc/* %doc contrib/nsd.zones2nsd.conf -%dir %{_sysconfdir}/nsd/ -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/nsd.conf -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/conf.d/example.com.key.conf -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/conf.d/example.com.zone.conf -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/conf.d/example.pattern.conf -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/nsd -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tmpfiles.d/nsd.conf -%attr(0644,root,root) %{_unitdir}/%{name}.service +%dir %{_sysconfdir}/nsd +%config(noreplace) %{_sysconfdir}/nsd/nsd.conf +%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_server.key +%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_server.pem +%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_control.key +%attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_control.pem +%dir %{_sysconfdir}/nsd/conf.d +%dir %{_sysconfdir}/nsd/server.d +%if %{with systemd} +%attr(0644,root,root) %{_unitdir}/nsd.service +%attr(0644,root,root) %{_unitdir}/nsd-keygen.service +%attr(0644,root,root) %{_unitdir}/nsd-write.service +%attr(0644,root,root) %{_unitdir}/nsd-write.timer +%attr(0644,root,root) %{_tmpfilesdir}/nsd.conf +%else %{_sysconfdir}/cron.hourly/nsd -%attr(0755,nsd,nsd) %dir /run/%{name} -%attr(0755,%{name},%{name}) %dir %{_localstatedir}/lib/%{name} +%attr(0755,root,root) %{_initddir}/nsd +%config(noreplace) %{_sysconfdir}/sysconfig/nsd +%endif +%attr(0755,nsd,nsd) %dir %{_localstatedir}/run/nsd +%attr(0750,nsd,nsd) %dir %{_sharedstatedir}/nsd %{_sbindir}/* %{_mandir}/*/* @@ -100,30 +133,62 @@ rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample getent group nsd >/dev/null || groupadd -r nsd getent passwd nsd >/dev/null || \ useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \ --c "nsd daemon account" nsd + -c "nsd daemon account" nsd exit 0 %post +%if %{with systemd} %systemd_post nsd.service -nsd-control-setup +%systemd_post nsd-keygen.serivce +%else +/sbin/chkconfig --add nsd +%endif %preun +%if %{with systemd} %systemd_preun nsd.service +%systemd_preun nsd-keygen.serivce +%else +if [ "$1" -eq 0 ]; then + /sbin/service nsd stop >/dev/null 2>&1 + /sbin/chkconfig --del nsd +fi +%endif %postun +%if %{with systemd} %systemd_postun_with_restart nsd.service +%systemd_postun nsd-keygen.service +%else +if [ "$1" -ge 1 ]; then + /sbin/service nsd condrestart >/dev/null 2>&1 || : +fi +%endif -%triggerun -- nsd < 3.2.8-6 -# Save the current service runlevel info -# User must manually run systemd-sysv-convert --apply nsd -# to migrate them to systemd targets -/usr/bin/systemd-sysv-convert --save nsd >/dev/null 2>&1 ||: - -# Run these because the SysV package being removed won't do them -/sbin/chkconfig --del nsd >/dev/null 2>&1 || : -/bin/systemctl try-restart nsd.service >/dev/null 2>&1 || : +%triggerin -- nsd < 4.0.0-0 +chown nsd:nsd %{_sharedstatedir}/nsd/* 2>&1 || : %changelog +* Mon Dec 28 2015 Paul Wouters - 4.1.7-3 +- Merge: Sun Dec 27 2015 Tuomo Soini - 4.1.7-2 + - Enable PrivateTmp for nsd.service + - Rename /etc/nsd/local.d/ to /etc/nsd/server.d/ + - Add /etc/nsd/local.d for local server config + - Add ghost entries for nsd_control and nsd_server key and certificate + - Fix sysv init script by removing nsd3 specific NSDC_PROG options + - Use signals whenever possible instead of using nsd-control + - Use cron script on sysvinit systems only + - Add nsd-write.service and nsd-write.timer (not enabled by default) + - Remove old options from /etc/sysconfig/nsd + - Install /etc/sysconfig/nsd on sysvinit systems only + - Remove all example files from /etc/nsd/conf.d/ - don't belong to package + - Add nsd-keygen.service to generate nsd-control keys + - Add creation of nsd_control.key to nsd.init + - nsd.service depends on nsd-keygen.service + - Change nsd.service to use KillMode=mixed + - Add triggerin for older nsd package to chown /var/lib/nsd/* + - Update nsd.conf from upstream and add nsd-control section + * Thu Dec 24 2015 Fabio Alessandro Locati - 4.1.7-2 - Run nsd-control-setup as soon as the package is installed - Improve config to allow control diff --git a/nsd.sysconfig b/nsd.sysconfig index 03e7699..cb58bee 100644 --- a/nsd.sysconfig +++ b/nsd.sysconfig @@ -13,7 +13,7 @@ #NSD_CONF="/etc/nsd/nsd.conf" # Path to nsdc program -#NSDC_PROG="/usr/sbin/nsdc" +#NSDC_PROG="/usr/sbin/nsd-control" # User to run NSD as #NSD_USER="nsd" @@ -30,10 +30,3 @@ # NSD zone transfer daemon state file (should equal to the xfrdfile # parameter set in nsd.conf) #NSD_XFRDFILE="/var/lib/nsd/xfrd.state" - -# NSD_AUTOREBUILD: Choose with "yes" or "no" whether NSD database should -# be rebuilt and reloaded automatically hourly by /etc/cron.hourly/nsd script. -# (Default value is set in the script.) -#NSD_AUTOREBUILD="yes" - -# EOF diff --git a/tmpfiles-nsd.conf b/tmpfiles-nsd.conf index 52c1778..1db67d3 100644 --- a/tmpfiles-nsd.conf +++ b/tmpfiles-nsd.conf @@ -1 +1 @@ -D /var/run/nsd 0755 nsd nsd - +D /run/nsd 0755 nsd nsd -