Summary: Fast and lean authoritative DNS Name Server Name: nsd Version: 4.1.7 Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/%{name}/ Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz Source1: nsd.service Source2: nsd.cron Source3: nsd.sysconfig Source4: tmpfiles-nsd.conf Source5: example.com.key.conf Source6: example.com.zone.conf Source7: example.pattern.conf Source8: nsd.conf Group: System Environment/Daemons %if 0%{?el5} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %endif BuildRequires: flex BuildRequires: openssl-devel BuildRequires: libevent-devel BuildRequires: systemd-units Requires(post): systemd-sysv Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils %global _hardened_build 1 %description NSD is a complete implementation of an authoritative DNS name server. For further information about what NSD is and what NSD is not please consult the REQUIREMENTS document which is a part of this distribution (thanks to Olaf). %prep %setup -q %build export LDFLAGS="-Wl,-z,relro,-z,now" export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie" %configure --enable-bind8-stats \ --enable-checking \ --enable-nsec3 \ --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ --with-ssl \ --with-user=nsd \ --with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \ --with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db \ --enable-ratelimit \ --with-max-ips=1024 %{__make} %{?_smp_mflags} #convert to utf8 iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8 iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8 mv -f doc/RELNOTES.utf8 doc/RELNOTES mv -f doc/CREDITS.utf8 doc/CREDITS %install %{__make} DESTDIR=%{buildroot} install mkdir -p %{buildroot}%{_unitdir} install -d -m 0755 %{buildroot}%{_sysconfdir}/cron.hourly install -c -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/cron.hourly/nsd install -m 0755 %{SOURCE1} %{buildroot}/%{_unitdir}/nsd.service install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name} install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig install -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/%{name} install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/tmpfiles.d/nsd.conf # Take care of the configuration mkdir -p %{buildroot}%{_sysconfdir}/nsd/conf.d install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/nsd/conf.d/example.com.key.conf install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/nsd/conf.d/example.com.zone.conf install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/nsd/conf.d/example.pattern.conf install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/nsd/nsd.conf rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample %files %doc doc/* %doc contrib/nsd.zones2nsd.conf %dir %{_sysconfdir}/nsd/ %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/nsd.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/conf.d/example.com.key.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/conf.d/example.com.zone.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/conf.d/example.pattern.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/nsd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tmpfiles.d/nsd.conf %attr(0644,root,root) %{_unitdir}/%{name}.service %{_sysconfdir}/cron.hourly/nsd %attr(0755,nsd,nsd) %dir /run/%{name} %attr(0755,%{name},%{name}) %dir %{_localstatedir}/lib/%{name} %{_sbindir}/* %{_mandir}/*/* %pre getent group nsd >/dev/null || groupadd -r nsd getent passwd nsd >/dev/null || \ useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \ -c "nsd daemon account" nsd exit 0 %post %systemd_post nsd.service %preun %systemd_preun nsd.service %postun %systemd_postun_with_restart nsd.service %triggerun -- nsd < 3.2.8-6 # Save the current service runlevel info # User must manually run systemd-sysv-convert --apply nsd # to migrate them to systemd targets /usr/bin/systemd-sysv-convert --save nsd >/dev/null 2>&1 ||: # Run these because the SysV package being removed won't do them /sbin/chkconfig --del nsd >/dev/null 2>&1 || : /bin/systemctl try-restart nsd.service >/dev/null 2>&1 || : %changelog * Sun Dec 20 2015 Fabio Alessandro Locati - 4.1.7-1 - Update to last upstream - Multiple tests and fixes * Sat Apr 11 2015 Paul Wouters - 4.1.1-1 - Updated to 4.1.1 - Updated cron job for new nsd-control - Updated nsd.conf - Updated nsd init script for use of nsd-control - Renamed --max_interfaces to --max-ips - Added BuildRequires for libevent-devel - Fix buglet in nsd user creation's exit command - Create nsd4 remote-control pem files for nsd-control - chown /var/lib/nsd/nsd.db to the nsd user required for nsd4 - Add logrotate support * Mon Jul 28 2014 Paul Wouters - 3.2.18-1 - Updated to 3.2.18 - improved TXT parsing, new NSID option - Fix nsd.service daemonize option (rhbz#1089505) * Sat Jun 07 2014 Fedora Release Engineering - 3.2.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Mar 30 2014 Paul Wouters - 3.2.17-1 - Updated to 3.2.17 - Added --with-max-ips=1024 - Removed merged in patch * Sat Aug 03 2013 Fedora Release Engineering - 3.2.15-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Apr 18 2013 Paul Wouters - 3.2.15-4 - Enable hardened build - rhbz#850231 - Introduce new systemd-rpm macros in nsd spec file - Added -D option to nsd to allow us to use systemd service Type=simple - Switch from Fork to Simple systemd service - Use /run and not /var/run for pid - The cronjon now uses systemctl reload, which also triggers notifies (should speed up notifications to secondaries) * Mon Mar 25 2013 Peter Robinson 3.2.15-3 - Bump so rawhide/F19 has bigger NVR that older releases * Mon Feb 04 2013 Paul Wouters - 3.2.15-1 - Updates to 3.2.15 which contains rate limit code (fixes rhbz#842036 - nsd fails to start in fips mode) * Fri Nov 23 2012 Paul Wouters - 3.2.14-2 - Updated to 3.2.14 with minor bugfixes and TCP writev support - Only run nsdc rebuild hourly cronjob when nsd service is running * Fri Jul 27 2012 Paul Wouters - 3.2.13-1 - Updated to 3.2.13, addresses VU#517036 CVE-2012-2979 (note Fedora/EPEL packages are not vulnerable to this) * Mon Jul 23 2012 Paul Wouters - 3.2.12-2 - Add /var/run/nsd via tmpfiles (rhbz#842021) * Thu Jul 19 2012 Paul Wouters - 3.2.12-1 - Upgraded to 3.2.12 which fixes CVE-2012-2978 (rhbz#841268) * Mon Jul 16 2012 Paul Wouters - 3.2.11-1 - Updated to 3.2.11 - Remove execute perm from unitdir file * Fri Jan 13 2012 Fedora Release Engineering - 3.2.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Nov 29 2011 Paul Wouters - 3.2.9-2 - Change spec and initscript to chown /var/run/nsd to nsd user to work around the "nsdc restart" problem where it cannot update its own pid file * Sun Nov 27 2011 Paul Wouters - 3.2.9-1 - Updated to 3.2.9 * Mon Sep 12 2011 Tom Callaway - 3.2.8-7 - fix tmpfiles.d creation of /var/run/nsd to be owned by root * Mon Sep 12 2011 Tom Callaway - 3.2.8-6 - convert to systemd, tmpfiles.d * Fri Jun 3 2011 Paul Wouters - 3.2.8-5 - fix /var/run/nsd to be owned by root, not nsd * Fri Jun 3 2011 Tuomo Soini - 3.2.8-4 - fix init status to work as expected (bz#525107) - fix nsd.conf and nsd.conf.5 to have correct logfile - fix nsd.init syntax error by piddir change - fix initscript to create /var/run/nsd if missing (bz#710376) * Sun Mar 27 2011 Paul Wouters - 3.2.8-1 - updated to 3.2.8 * Wed Mar 09 2011 Paul Wouters - 3.2.7-5 - Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD - Fix for init script properly returning OK/Failed (bz#535107) by Noa Resare - Add ghost directive to /var/run/nsd (bz#656642) - Bump release for EVR * Tue Feb 08 2011 Fedora Release Engineering - 3.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Feb 03 2011 Paul Wouters - 3.2.7-1 - Updated to 3.2.7 * Mon Aug 02 2010 Paul Wouters - 3.2.6-1 - Updated to 3.2.6 - Removed obsolete --enable-nsid * Wed Jan 06 2010 Paul Wouters - 3.2.4-1 - Updated to nsd 3.2.4 * Tue Jan 05 2010 Paul Wouters - 3.2.3-4 - Incorporated Ville Mattila's fixes to nsd.cron - Support for NSD_AUTOREBUILD in /etc/sysconfig/nsd [Ville] * Fri Aug 21 2009 Tomas Mraz - 3.2.3-3 - rebuilt with new openssl * Thu Aug 20 2009 Ville Mattila - 3.2.3-2 - The 'nsdc patch' and 'nsdc rebuild' commands wrote a %%1 file by mistake * Mon Aug 17 2009 Paul Wouters - 3.2.3-1 -Updated to version 3.2.3 * Sat Jul 25 2009 Fedora Release Engineering - 3.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jun 06 2009 Paul Wouters - 3.2.2-3 - Fixed /dev/nul which cause a file \%%1 to be written by cron - Bump for EVR. * Mon May 18 2009 Paul Wouters - 3.2.2-1 - Upgraded to 3.2.2 security release http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html * Thu Apr 09 2009 Ville Mattila - 3.2.1-6 - Make various file paths used by the nsd.init script configurable from /etc/sysconfig/nsd. - Add template /etc/sysconfig/nsd. * Sun Mar 08 2009 Paul Wouters - 3.2.1-5 - nsd used the 'named' subsystem in one call in the init script * Wed Feb 25 2009 Fedora Release Engineering - 3.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Jan 26 2009 Paul Wouters - 3.2.1-3 - Fix init script 'unary operator' error. * Mon Jan 26 2009 Paul Wouters - 3.2.1-1 - Updated to new version 3.2.1 * Sat Jan 17 2009 Tomas Mraz - 3.2.0-4 - rebuild with new openssl * Mon Nov 24 2008 Paul Wouters - 3.2.0-3 - Updates summary as per Richard Hughes guidelines * Mon Nov 10 2008 Paul Wouters - 3.2.0-2 - Bump version after pre-release version correction. * Mon Nov 10 2008 Paul Wouters - 3.2.0-1 - 3.2.0-1 * Thu Oct 9 2008 Paul Wouters - 3.1.1-1 - updated to 3.1.1 * Mon Aug 11 2008 Tom "spot" Callaway - 3.1.0-2 - fix license tag - fix static user creation * Mon Jun 30 2008 Paul Wouters - 3.1.0-1 - Updated to 3.1.0 * Tue May 6 2008 Paul Wouters - 3.0.8-2 - Fix /dev/null redirection [Venkatesh Krishnamurthi] * Tue May 6 2008 Paul Wouters - 3.0.8-1 - Updated to 3.0.8 * Tue Feb 19 2008 Fedora Release Engineering - 3.0.7-3 - Autorebuild for GCC 4.3 * Wed Dec 5 2007 Paul Wouters - 3.0.7-2 - Rebuild for new libcrypto * Tue Nov 13 2007 Paul Wouters - 3.0.7-1 - Updated to new version - fix RELNOTES/README to be utf8 - Fix path to nsd.db in cron job. * Thu Nov 8 2007 Paul Wouters - 3.0.6-7 - Modified cron to only rebuild/reload when zone updates have been received * Wed Nov 7 2007 Paul Wouters - 3.0.6-6 - Added hourly cron job to do various maintenance tasks - Added nsd rebuild to create the proper nsd.db file on startup - Added nsd patch on shutdown to ensure zonefiles are up to date * Tue Oct 2 2007 Paul Wouters - 3.0.6-5 - nsdc update and nsdc notify are no longer needed in initscript. * Mon Sep 24 2007 Jesse Keating - 3.0.6-4 - Bump release for upgrade path. * Fri Sep 14 2007 Paul Wouters 3.0.6-3 - Do not include examples from nsd.conf.sample that causes bogus network traffic. * Fri Sep 14 2007 Paul Wouters 3.0.6-2 - Change locations of ixfr.db and xfrd.state to /var/lib/nsd - Enable NSEC3 - Delay running nsdc update until after nsd has started - Delete xfrd.state on nsd stop - Run nsdc notify in the background, since it can take a very long time when remote servers are unavailable. * Tue Sep 11 2007 Paul Wouters 3.0.6-1 - Upgraded to 3.0.6 - Do not include bind2nsd, since it didn't compile for me * Fri Jul 13 2007 Paul Wouters 3.0.5-2 - Fix init script, bug #245546 * Fri Mar 23 2007 Paul Wouters 3.0.5-1 - Upgraded to 3.0.5 * Thu Dec 7 2006 Paul Wouters 3.0.3-1 - Upgraded to 3.0.3 * Mon Nov 27 2006 Paul Wouters 3.0.2-1 - Upgraded to 3.0.2. - Use new configuration file nsd.conf. Still needs migration script. patch from Farkas Levente * Mon Oct 16 2006 Paul Wouters 2.3.6-2 - Bump version for upgrade path * Thu Oct 12 2006 Paul Wouters 2.3.6-1 - Upgraded to 2.3.6 - Removed obsolete workaround in nsd.init - Fixed spec file so daemon gets properly restarted on upgrade * Mon Sep 11 2006 Paul Wouters 2.3.5-4 - Rebuild requested for PT_GNU_HASH support from gcc - Removed dbaccess.c from doc section * Mon Jun 26 2006 Paul Wouters - 2.3.5-3 - Bump version for FC-x upgrade path * Mon Jun 26 2006 Paul Wouters - 2.3.5-1 - Upgraded to nsd-2.3.5 * Sun May 7 2006 Paul Wouters - 2.3.4-3 - Upgraded to nsd-2.3.4. - Removed manual install targets because DESTDIR is now supported - Re-enabled --checking, checking patch no longer needed and removed. - Work around in nsd.init for nsd failing to start when there is no ipv6 * Thu Dec 15 2005 Paul Wouters - 2.3.3-7 - chkconfig and attribute changes as proposed by Dmitry Butskoy * Thu Dec 15 2005 Paul Wouters - 2.3.3-6 - Moved pid file to /var/run/nsd/nsd.pid. - Use _localstatedir instead of "/var" * Tue Dec 13 2005 Paul Wouters - 2.3.3-5 - Added BuildRequires for openssl-devel, removed Requires for openssl. * Mon Dec 12 2005 Paul Wouters - 2.3.3-4 - upgraded to nsd-2.3.3 * Wed Dec 7 2005 Tom "spot" Callaway - 2.3.2-2 - minor cleanups * Mon Dec 5 2005 Paul Wouters - 2.3.2-1 - Upgraded to 2.3.2. Changed post scripts to comply to Fedora Extras policies (eg do not start daemon on fresh install) * Tue Oct 4 2005 Paul Wouters - 2.3.1-1 - Initial version