diff --git a/bind.spec b/bind.spec index f6abb42..de7d7be 100644 --- a/bind.spec +++ b/bind.spec @@ -72,9 +72,16 @@ Source3: named.logrotate Source7: bind-9.3.1rc1-sdb_tools-Makefile.in Source8: dnszone.schema Source12: README.sdb_pgsql +Source16: named.conf +# Refresh by command: dig @a.root-servers.net. +tcp +norec +# or from URL +Source17: https://www.internic.net/domain/named.root +Source18: named.localhost +Source19: named.loopback +Source20: named.empty +Source23: named.rfc1912.zones Source25: named.conf.sample -Source26: named.conf -Source28: config-19.tar.bz2 +Source27: named.root.key Source30: ldap2zone.c Source31: ldap2zone.1 Source32: named-sdb.8 @@ -1016,20 +1023,28 @@ popd touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log # configuration files: -tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28} -install -m 640 %{SOURCE26} ${RPM_BUILD_ROOT}/etc/named.conf -touch ${RPM_BUILD_ROOT}/etc/rndc.key -touch ${RPM_BUILD_ROOT}/etc/rndc.conf -mkdir ${RPM_BUILD_ROOT}/etc/named -install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}/etc/trusted-key.key +install -m 640 %{SOURCE16} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf +touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.{key,conf} +install -m 644 %{SOURCE27} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.root.key +install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}%{_sysconfdir}/trusted-key.key +mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/named + +# data files: +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named +install -m 640 %{SOURCE17} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca +install -m 640 %{SOURCE18} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost +install -m 640 %{SOURCE19} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback +install -m 640 %{SOURCE20} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty +install -m 640 %{SOURCE23} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones # sample bind configuration files for %%doc: mkdir -p sample/etc sample/var/named/{data,slaves} install -m 644 %{SOURCE25} sample/etc/named.conf # Copy default configuration to %%doc to make it usable from system-config-bind -install -m 644 %{SOURCE26} named.conf.default -install -m 644 ${RPM_BUILD_ROOT}/etc/named.rfc1912.zones sample/etc/named.rfc1912.zones -install -m 644 ${RPM_BUILD_ROOT}/var/named/{named.ca,named.localhost,named.loopback,named.empty} sample/var/named +install -m 644 %{SOURCE16} named.conf.default +install -m 640 %{SOURCE23} sample/etc/named.rfc1912.zones +install -m 644 %{SOURCE18} %{SOURCE19} %{SOURCE20} sample/var/named +install -m 644 %{SOURCE17} sample/var/named/named.ca for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do echo '@ in soa localhost. root 1 3H 15M 1W 1D ns localhost.' > sample/var/named/$f; diff --git a/named.empty b/named.empty index fa858eb..8e271e7 100644 --- a/named.empty +++ b/named.empty @@ -1,8 +1,10 @@ -$TTL 1D -@ IN SOA localhost. root.localhost. ( - 0 ; serial - 3H ; refresh - 1H ; retry - 1W ; expire - 3H ) ; minimum - IN NS localhost. +$TTL 3H +@ IN SOA @ rname.invalid. ( + 0 ; serial + 1D ; refresh + 1H ; retry + 1W ; expire + 3H ) ; minimum + NS @ + A 127.0.0.1 + AAAA ::1 diff --git a/named.localhost b/named.localhost new file mode 100644 index 0000000..6fe6a52 --- /dev/null +++ b/named.localhost @@ -0,0 +1,10 @@ +$TTL 1D +@ IN SOA @ rname.invalid. ( + 0 ; serial + 1D ; refresh + 1H ; retry + 1W ; expire + 3H ) ; minimum + NS @ + A 127.0.0.1 + AAAA ::1 diff --git a/named.loopback b/named.loopback new file mode 100644 index 0000000..7f3d862 --- /dev/null +++ b/named.loopback @@ -0,0 +1,11 @@ +$TTL 1D +@ IN SOA @ rname.invalid. ( + 0 ; serial + 1D ; refresh + 1H ; retry + 1W ; expire + 3H ) ; minimum + NS @ + A 127.0.0.1 + AAAA ::1 + PTR localhost. diff --git a/named.rfc1912.zones b/named.rfc1912.zones new file mode 100644 index 0000000..fa8caf5 --- /dev/null +++ b/named.rfc1912.zones @@ -0,0 +1,45 @@ +// named.rfc1912.zones: +// +// Provided by Red Hat caching-nameserver package +// +// ISC BIND named zone configuration for zones recommended by +// RFC 1912 section 4.1 : localhost TLDs and address zones +// and https://tools.ietf.org/html/rfc6303 +// (c)2007 R W Franks +// +// See /usr/share/doc/bind*/sample/ for example named configuration files. +// +// Note: empty-zones-enable yes; option is default. +// If private ranges should be forwarded, add +// disable-empty-zone "."; into options +// + +zone "localhost.localdomain" IN { + type master; + file "named.localhost"; + allow-update { none; }; +}; + +zone "localhost" IN { + type master; + file "named.localhost"; + allow-update { none; }; +}; + +zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { + type master; + file "named.loopback"; + allow-update { none; }; +}; + +zone "1.0.0.127.in-addr.arpa" IN { + type master; + file "named.loopback"; + allow-update { none; }; +}; + +zone "0.in-addr.arpa" IN { + type master; + file "named.empty"; + allow-update { none; }; +}; diff --git a/named.root b/named.root new file mode 100644 index 0000000..532d4ff --- /dev/null +++ b/named.root @@ -0,0 +1,61 @@ + +; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net +; (2 servers found) +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900 +;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 1472 +;; QUESTION SECTION: +;. IN NS + +;; ANSWER SECTION: +. 518400 IN NS a.root-servers.net. +. 518400 IN NS b.root-servers.net. +. 518400 IN NS c.root-servers.net. +. 518400 IN NS d.root-servers.net. +. 518400 IN NS e.root-servers.net. +. 518400 IN NS f.root-servers.net. +. 518400 IN NS g.root-servers.net. +. 518400 IN NS h.root-servers.net. +. 518400 IN NS i.root-servers.net. +. 518400 IN NS j.root-servers.net. +. 518400 IN NS k.root-servers.net. +. 518400 IN NS l.root-servers.net. +. 518400 IN NS m.root-servers.net. + +;; ADDITIONAL SECTION: +a.root-servers.net. 518400 IN A 198.41.0.4 +b.root-servers.net. 518400 IN A 199.9.14.201 +c.root-servers.net. 518400 IN A 192.33.4.12 +d.root-servers.net. 518400 IN A 199.7.91.13 +e.root-servers.net. 518400 IN A 192.203.230.10 +f.root-servers.net. 518400 IN A 192.5.5.241 +g.root-servers.net. 518400 IN A 192.112.36.4 +h.root-servers.net. 518400 IN A 198.97.190.53 +i.root-servers.net. 518400 IN A 192.36.148.17 +j.root-servers.net. 518400 IN A 192.58.128.30 +k.root-servers.net. 518400 IN A 193.0.14.129 +l.root-servers.net. 518400 IN A 199.7.83.42 +m.root-servers.net. 518400 IN A 202.12.27.33 +a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30 +b.root-servers.net. 518400 IN AAAA 2001:500:200::b +c.root-servers.net. 518400 IN AAAA 2001:500:2::c +d.root-servers.net. 518400 IN AAAA 2001:500:2d::d +e.root-servers.net. 518400 IN AAAA 2001:500:a8::e +f.root-servers.net. 518400 IN AAAA 2001:500:2f::f +g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d +h.root-servers.net. 518400 IN AAAA 2001:500:1::53 +i.root-servers.net. 518400 IN AAAA 2001:7fe::53 +j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30 +k.root-servers.net. 518400 IN AAAA 2001:7fd::1 +l.root-servers.net. 518400 IN AAAA 2001:500:9f::42 +m.root-servers.net. 518400 IN AAAA 2001:dc3::35 + +;; Query time: 24 msec +;; SERVER: 198.41.0.4#53(198.41.0.4) +;; WHEN: Thu Apr 05 15:57:34 CEST 2018 +;; MSG SIZE rcvd: 811 + diff --git a/named.root.key b/named.root.key new file mode 100644 index 0000000..48449a8 --- /dev/null +++ b/named.root.key @@ -0,0 +1,19 @@ +managed-keys { + # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml + # for current trust anchor information. + # + # This key (20326) was published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/sources b/sources index 592049d..29d4646 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ SHA512 (bind-9.11.12.tar.gz) = 7e2b9ef4ed5a00c2e5310c932c177887aed330d94eefc87d732dda010f2b71477e2f9d6ea89422ccbc8f6f04ceb83419b758218bcc02f25b34751bad974174e8 -SHA512 (config-19.tar.bz2) = 36aa38a0c7c33267ae594b31c81681290ac58dde7ca6749bd599da531380b5b1428330813dbe983e01071ccaed83e83f6a9cd92179a53b7d0ccbb6851a0b017c