- removed dns-keygen utility in favour of rndc-confgen -a (#449287)
- some minor sample fixes (#449274)
This commit is contained in:
parent
484a9481dd
commit
40b00446b3
25
bind.spec
25
bind.spec
@ -16,7 +16,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
|||||||
Name: bind
|
Name: bind
|
||||||
License: ISC
|
License: ISC
|
||||||
Version: 9.5.0
|
Version: 9.5.0
|
||||||
Release: 36%{dist}
|
Release: 36.1%{dist}
|
||||||
Epoch: 32
|
Epoch: 32
|
||||||
Url: http://www.isc.org/products/BIND/
|
Url: http://www.isc.org/products/BIND/
|
||||||
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
@ -26,7 +26,6 @@ Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz
|
|||||||
Source1: named.sysconfig
|
Source1: named.sysconfig
|
||||||
Source2: named.init
|
Source2: named.init
|
||||||
Source3: named.logrotate
|
Source3: named.logrotate
|
||||||
Source4: keygen.c
|
|
||||||
Source5: rfc1912.txt
|
Source5: rfc1912.txt
|
||||||
Source6: bind-chroot.tar.bz2
|
Source6: bind-chroot.tar.bz2
|
||||||
Source7: bind-9.3.1rc1-sdb_tools-Makefile.in
|
Source7: bind-9.3.1rc1-sdb_tools-Makefile.in
|
||||||
@ -353,7 +352,6 @@ install -m 755 contrib/named-bootconf/named-bootconf.sh ${RPM_BUILD_ROOT}%{_sbin
|
|||||||
install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/etc/rc.d/init.d/named
|
install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/etc/rc.d/init.d/named
|
||||||
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
|
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
|
||||||
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.key
|
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.key
|
||||||
%{__cc} $RPM_OPT_FLAGS -o ${RPM_BUILD_ROOT}%{_sbindir}/dns-keygen %{SOURCE4}
|
|
||||||
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
|
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
|
||||||
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
|
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
|
||||||
%if %{SDB}
|
%if %{SDB}
|
||||||
@ -411,12 +409,6 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int
|
|||||||
echo '@ in soa localhost. root 1 3H 15M 1W 1D
|
echo '@ in soa localhost. root 1 3H 15M 1W 1D
|
||||||
ns localhost.' > sample/var/named/$f;
|
ns localhost.' > sample/var/named/$f;
|
||||||
done
|
done
|
||||||
/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: rndc.conf,v' bin/rndc/rndc.conf | sed 's/:.*$/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
|
|
||||||
*\
|
|
||||||
* NOTE: you only need to create this file if it is to\
|
|
||||||
* differ from the following default contents:
|
|
||||||
;d}' > sample/etc/rndc.conf;
|
|
||||||
#
|
|
||||||
:;
|
:;
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
@ -430,16 +422,8 @@ fi;
|
|||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
/sbin/chkconfig --add named
|
/sbin/chkconfig --add named
|
||||||
if [ "$1" -eq 1 ]; then
|
if [ "$1" -eq 1 ]; then
|
||||||
# no more named.boot autoconversion! No-one should be using BIND-4 anymore.
|
|
||||||
if [ ! -e /etc/rndc.key ]; then
|
if [ ! -e /etc/rndc.key ]; then
|
||||||
# create the rndc.key file:
|
/usr/sbin/rndc-confgen -a > /dev/null 2>&1
|
||||||
echo 'key "rndckey" {
|
|
||||||
algorithm hmac-md5;
|
|
||||||
secret "'`/usr/sbin/dns-keygen`'";
|
|
||||||
};' > /etc/rndc.key;
|
|
||||||
elif /bin/egrep -q '@KEY@' /etc/rndc.key; then
|
|
||||||
# fix potential problem with older versions
|
|
||||||
/bin/sed -i -e 's^@KEY@^'`/usr/sbin/dns-keygen`'^' /etc/rndc.key ;
|
|
||||||
fi
|
fi
|
||||||
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
|
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
|
||||||
# rndc.key has to have correct perms and ownership, CVE-2007-6283
|
# rndc.key has to have correct perms and ownership, CVE-2007-6283
|
||||||
@ -536,7 +520,6 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_sysconfdir}/rc.d/init.d/named
|
%{_sysconfdir}/rc.d/init.d/named
|
||||||
%{_sbindir}/dnssec*
|
%{_sbindir}/dnssec*
|
||||||
%{_sbindir}/named-check*
|
%{_sbindir}/named-check*
|
||||||
%{_sbindir}/dns-keygen
|
|
||||||
%{_sbindir}/lwresd
|
%{_sbindir}/lwresd
|
||||||
%{_sbindir}/named
|
%{_sbindir}/named
|
||||||
%{_sbindir}/named-bootconf
|
%{_sbindir}/named-bootconf
|
||||||
@ -651,6 +634,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_sbindir}/bind-chroot-admin
|
%{_sbindir}/bind-chroot-admin
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 02 2008 Adam Tkac <atkac redhat com> 32:9.5.0-36.1
|
||||||
|
- removed dns-keygen utility in favour of rndc-confgen -a (#449287)
|
||||||
|
- some minor sample fixes (#449274)
|
||||||
|
|
||||||
* Wed May 29 2008 Adam Tkac <atkac redhat com> 32:9.5.0-36
|
* Wed May 29 2008 Adam Tkac <atkac redhat com> 32:9.5.0-36
|
||||||
- updated to 9.5.0 final
|
- updated to 9.5.0 final
|
||||||
- use getifaddrs to find available interfaces
|
- use getifaddrs to find available interfaces
|
||||||
|
20
keygen.c
20
keygen.c
@ -1,20 +0,0 @@
|
|||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
int main(int argc, char **argv)
|
|
||||||
{
|
|
||||||
FILE *f=fopen("/dev/urandom", "r");
|
|
||||||
char key[61];
|
|
||||||
int i=0;
|
|
||||||
char tmp;
|
|
||||||
memset(key, 0, 61);
|
|
||||||
while(i<60) {
|
|
||||||
tmp=fgetc(f);
|
|
||||||
if((tmp>='a' && tmp<='z') ||
|
|
||||||
(tmp>='A' && tmp<='Z') ||
|
|
||||||
(tmp>='0' && tmp<='9'))
|
|
||||||
key[i++]=tmp;
|
|
||||||
}
|
|
||||||
puts(key);
|
|
||||||
fclose(f);
|
|
||||||
return(0);
|
|
||||||
}
|
|
@ -64,7 +64,7 @@ view "internal"
|
|||||||
match-clients { localnets; };
|
match-clients { localnets; };
|
||||||
recursion yes;
|
recursion yes;
|
||||||
// all views must contain the root hints zone:
|
// all views must contain the root hints zone:
|
||||||
include "/etc/named.root.hints";
|
include "named.ca";
|
||||||
|
|
||||||
|
|
||||||
/* these are zones that contain definitions for all the localhost
|
/* these are zones that contain definitions for all the localhost
|
||||||
@ -96,7 +96,7 @@ view "internal"
|
|||||||
key ddns_key
|
key ddns_key
|
||||||
{
|
{
|
||||||
algorithm hmac-md5;
|
algorithm hmac-md5;
|
||||||
secret "use /usr/sbin/dns-keygen to generate TSIG keys";
|
secret "use /usr/sbin/dnssec-keygen to generate TSIG keys";
|
||||||
};
|
};
|
||||||
view "external"
|
view "external"
|
||||||
{
|
{
|
||||||
@ -110,7 +110,7 @@ view "external"
|
|||||||
// end up providing free DNS service to all takers
|
// end up providing free DNS service to all takers
|
||||||
|
|
||||||
// all views must contain the root hints zone:
|
// all views must contain the root hints zone:
|
||||||
include "/etc/named.root.hints";
|
include "named.ca";
|
||||||
|
|
||||||
// These are your "authoritative" external zones, and would probably
|
// These are your "authoritative" external zones, and would probably
|
||||||
// contain entries for just your web and mail servers:
|
// contain entries for just your web and mail servers:
|
||||||
|
Loading…
Reference in New Issue
Block a user