Summary: Fast and lean authoritative DNS Name Server Name: nsd Version: 3.2.17 Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/%{name}/ Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz Source1: nsd.init Source2: nsd.cron Source3: nsd.sysconfig Source4: nsd.conf Patch0: nsd-install.patch Patch1: nsd-fixlogfile.patch Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: flex, openssl-devel Requires(pre): shadow-utils %global _hardened_build 1 %description NSD is a complete implementation of an authoritative DNS name server. For further information about what NSD is and what NSD is not please consult the REQUIREMENTS document which is a part of this distribution (thanks to Olaf). %prep %setup -q %patch0 -p1 %patch1 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie" %configure --enable-bind8-stats \ --enable-checking \ --enable-nsec3 \ --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ --with-ssl \ --with-user=nsd \ --with-difffile=%{_localstatedir}/lib/%{name}/ixfr.db \ --with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \ --with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db \ --enable-ratelimit --with-max_interfaces=1024 %{__make} %{?_smp_mflags} #convert to utf8 iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8 iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8 mv -f doc/RELNOTES.utf8 doc/RELNOTES mv -f doc/CREDITS.utf8 doc/CREDITS %install rm -rf %{buildroot} %{__make} DESTDIR=%{buildroot} install install -d -m 0755 %{buildroot}%{_initrddir} install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/cron.hourly install -c -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/cron.hourly/nsd install -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/nsd install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name} install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name} install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig install -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample cp %{SOURCE4} %{buildroot}%{_sysconfdir}/nsd/nsd.conf %clean rm -rf ${RPM_BUILD_ROOT} %files %defattr(-,root,root,-) %doc doc/* %doc contrib/nsd.zones2nsd.conf %attr(0750,root,nsd) %dir %{_sysconfdir}/nsd %attr(0644,root,nsd) %config(noreplace) %{_sysconfdir}/nsd/nsd.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/nsd %attr(0755,root,root) %{_initrddir}/%{name} %{_sysconfdir}/cron.hourly/nsd %ghost %attr(0755,%{name},%{name}) %dir %{_localstatedir}/run/%{name} %attr(0755,%{name},%{name}) %dir %{_localstatedir}/lib/%{name} %{_sbindir}/* %{_mandir}/*/* %pre getent group nsd >/dev/null || groupadd -r nsd getent passwd nsd >/dev/null || \ useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \ -c "nsd daemon account" nsd exit 0 %post /sbin/chkconfig --add %{name} %preun if [ $1 -eq 0 ]; then /sbin/service %{name} stop >/dev/null 2>&1 /sbin/chkconfig --del %{name} fi %postun if [ "$1" -ge "1" ]; then /sbin/service %{name} condrestart >/dev/null 2>&1 || : fi %changelog * Sun Mar 30 2014 Paul Wouters - 3.2.17-1 - Updated to 3.2.17 - Added --with-max-ips=1024 to support more interfaces/IPs * Wed Jul 31 2013 Paul Wouters - 3.2.16-2 - Avoid AVCs on directory scans, rhbz#989218 * Mon Jul 22 2013 Paul Wouters - 3.2.16-1 - Updated to 3.2.16 - Added new option entries to nsd.conf * Tue Jun 25 2013 Paul Wouters - 3.2.15-5 - Previous update never made it out * Thu Apr 11 2013 Paul Wouters - 3.2.15-4 - Restarting nsd could fail if stopping took too long - "nsdc notify" was not called on "reload", causing slow sync to secondaries - Compile with full relro support (rhbz#953137) * Tue Feb 05 2013 Paul Wouters - 3.2.15-3 - Updated to 3.2.15 which has support for rate limiting - Only run nsdc rebuild hourly cronjob when nsd service is running - Fix nsd.init to return proper return code for 'status' cmd * Fri Nov 23 2012 Paul Wouters - 3.2.14-2 - Updated to 32.14 with minor bugfixes and TCP writev support - Only run nsdc rebuild hourly cronjob when nsd service is running * Fri Jul 27 2012 Paul Wouters - 3.2.13-1 - Updated to 3.2.13, addresses VU#517036 CVE-2012-2979 (note Fedora/EPEL packages are not vulnerable to this) - Add /var/run/nsd via tmpfiles (rhbz#842021) * Thu Jul 19 2012 Paul Wouters - 3.2.12-1 - Upgraded to 3.2.12 which fixes CVE-2012-2978 (rhbz#841268) * Mon Jul 16 2012 Paul Wouters - 3.2.11-1 - Updated to 3.2.11 (support for TLSA, GOST, bugfixes) * Wed Feb 15 2012 Paul Wouters - 3.2.10-1 - Updated to 3.2.10 - Ship our own nsd.conf instead of hacking the nsd.conf.sample - Merge in fixed by Tuomo Soini - Fix %%preun and %%postun to be quiet - Fix /etc/nsd permissions to be root:nsd mode 0750 - Cleanup /etc/sysconfig/nsd - Change startup order of nsd so it works with IPv6 on 6to4 - Revert piddir to be owned by user nsd - Initscript cleanup * Tue Jun 7 2011 Paul Wouters - 3.2.8-1 - updated to 3.2.8 - fix /var/run/nsd to be owned by root, not nsd - fix init status to work as expected (bz#525107) - fix nsd.conf and nsd.conf.5 to have correct logfile - fix nsd.init syntax error by piddir change - fix initscript to create /var/run/nsd if missing (bz#710376) * Wed Mar 09 2011 Paul Wouters - 3.2.7-5 - Updated to 3.2.7 - Fix for nsd.init to report OK/FAILED properly (bz#525107) - Use ghost directive for /var/run/nsd (bz#656642) - Removed obsolete --enable-nsid - Remove bogus chowns for /var/*/nsdhm - Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD * Wed Jan 06 2010 Paul Wouters - 3.2.4-1 - Upgraded to 3.2.4. Minor fixes to cron/init/sysconfig scripts * Fri Aug 21 2009 Tomas Mraz - 3.2.3-3 - rebuilt with new openssl * Thu Aug 20 2009 Ville Mattila - 3.2.3-2 - The 'nsdc patch' and 'nsdc rebuild' commands wrote a %%1 file by mistake * Mon Aug 17 2009 Paul Wouters - 3.2.3-1 -Updated to version 3.2.3 * Sat Jul 25 2009 Fedora Release Engineering - 3.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jun 06 2009 Paul Wouters - 3.2.2-3 - Fixed /dev/nul which cause a file \%%1 to be written by cron - Bump for EVR. * Mon May 18 2009 Paul Wouters - 3.2.2-1 - Upgraded to 3.2.2 security release http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html * Thu Apr 09 2009 Ville Mattila - 3.2.1-6 - Make various file paths used by the nsd.init script configurable from /etc/sysconfig/nsd. - Add template /etc/sysconfig/nsd. * Sun Mar 08 2009 Paul Wouters - 3.2.1-5 - nsd used the 'named' subsystem in one call in the init script * Wed Feb 25 2009 Fedora Release Engineering - 3.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Jan 26 2009 Paul Wouters - 3.2.1-3 - Fix init script 'unary operator' error. * Mon Jan 26 2009 Paul Wouters - 3.2.1-1 - Updated to new version 3.2.1 * Sat Jan 17 2009 Tomas Mraz - 3.2.0-4 - rebuild with new openssl * Mon Nov 24 2008 Paul Wouters - 3.2.0-3 - Updates summary as per Richard Hughes guidelines * Mon Nov 10 2008 Paul Wouters - 3.2.0-2 - Bump version after pre-release version correction. * Mon Nov 10 2008 Paul Wouters - 3.2.0-1 - 3.2.0-1 * Thu Oct 9 2008 Paul Wouters - 3.1.1-1 - updated to 3.1.1 * Mon Aug 11 2008 Tom "spot" Callaway - 3.1.0-2 - fix license tag - fix static user creation * Mon Jun 30 2008 Paul Wouters - 3.1.0-1 - Updated to 3.1.0 * Tue May 6 2008 Paul Wouters - 3.0.8-2 - Fix /dev/null redirection [Venkatesh Krishnamurthi] * Tue May 6 2008 Paul Wouters - 3.0.8-1 - Updated to 3.0.8 * Tue Feb 19 2008 Fedora Release Engineering - 3.0.7-3 - Autorebuild for GCC 4.3 * Wed Dec 5 2007 Paul Wouters - 3.0.7-2 - Rebuild for new libcrypto * Tue Nov 13 2007 Paul Wouters - 3.0.7-1 - Updated to new version - fix RELNOTES/README to be utf8 - Fix path to nsd.db in cron job. * Thu Nov 8 2007 Paul Wouters - 3.0.6-7 - Modified cron to only rebuild/reload when zone updates have been received * Wed Nov 7 2007 Paul Wouters - 3.0.6-6 - Added hourly cron job to do various maintenance tasks - Added nsd rebuild to create the proper nsd.db file on startup - Added nsd patch on shutdown to ensure zonefiles are up to date * Tue Oct 2 2007 Paul Wouters - 3.0.6-5 - nsdc update and nsdc notify are no longer needed in initscript. * Mon Sep 24 2007 Jesse Keating - 3.0.6-4 - Bump release for upgrade path. * Fri Sep 14 2007 Paul Wouters 3.0.6-3 - Do not include examples from nsd.conf.sample that causes bogus network traffic. * Fri Sep 14 2007 Paul Wouters 3.0.6-2 - Change locations of ixfr.db and xfrd.state to /var/lib/nsd - Enable NSEC3 - Delay running nsdc update until after nsd has started - Delete xfrd.state on nsd stop - Run nsdc notify in the background, since it can take a very long time when remote servers are unavailable. * Tue Sep 11 2007 Paul Wouters 3.0.6-1 - Upgraded to 3.0.6 - Do not include bind2nsd, since it didn't compile for me * Fri Jul 13 2007 Paul Wouters 3.0.5-2 - Fix init script, bug #245546 * Fri Mar 23 2007 Paul Wouters 3.0.5-1 - Upgraded to 3.0.5 * Thu Dec 7 2006 Paul Wouters 3.0.3-1 - Upgraded to 3.0.3 * Mon Nov 27 2006 Paul Wouters 3.0.2-1 - Upgraded to 3.0.2. - Use new configuration file nsd.conf. Still needs migration script. patch from Farkas Levente * Mon Oct 16 2006 Paul Wouters 2.3.6-2 - Bump version for upgrade path * Thu Oct 12 2006 Paul Wouters 2.3.6-1 - Upgraded to 2.3.6 - Removed obsolete workaround in nsd.init - Fixed spec file so daemon gets properly restarted on upgrade * Mon Sep 11 2006 Paul Wouters 2.3.5-4 - Rebuild requested for PT_GNU_HASH support from gcc - Removed dbaccess.c from doc section * Mon Jun 26 2006 Paul Wouters - 2.3.5-3 - Bump version for FC-x upgrade path * Mon Jun 26 2006 Paul Wouters - 2.3.5-1 - Upgraded to nsd-2.3.5 * Sun May 7 2006 Paul Wouters - 2.3.4-3 - Upgraded to nsd-2.3.4. - Removed manual install targets because DESTDIR is now supported - Re-enabled --checking, checking patch no longer needed and removed. - Work around in nsd.init for nsd failing to start when there is no ipv6 * Thu Dec 15 2005 Paul Wouters - 2.3.3-7 - chkconfig and attribute changes as proposed by Dmitry Butskoy * Thu Dec 15 2005 Paul Wouters - 2.3.3-6 - Moved pid file to /var/run/nsd/nsd.pid. - Use _localstatedir instead of "/var" * Tue Dec 13 2005 Paul Wouters - 2.3.3-5 - Added BuildRequires for openssl-devel, removed Requires for openssl. * Mon Dec 12 2005 Paul Wouters - 2.3.3-4 - upgraded to nsd-2.3.3 * Wed Dec 7 2005 Tom "spot" Callaway - 2.3.2-2 - minor cleanups * Mon Dec 5 2005 Paul Wouters - 2.3.2-1 - Upgraded to 2.3.2. Changed post scripts to comply to Fedora Extras policies (eg do not start daemon on fresh install) * Tue Oct 4 2005 Paul Wouters - 2.3.1-1 - Initial version