diff options
author | tcely <tcely@users.noreply.github.com> | 2019-04-17 06:23:44 -0400 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-04-18 11:16:19 +0000 |
commit | 216460fcc5f4d040b6dd75a9af01632cb254c6c9 (patch) | |
tree | 1dd1da6cd1c06c0d6aff5c2fab4d817fd9930bcf /main/unbound | |
parent | b033ae7fc59f3dbf43cfa546dd0dc9276805e7b0 (diff) |
main/unbound: use dns-root-hints
Diffstat (limited to 'main/unbound')
-rw-r--r-- | main/unbound/APKBUILD | 19 | ||||
-rw-r--r-- | main/unbound/conf.patch | 2 | ||||
-rw-r--r-- | main/unbound/migrate-dnscache-to-unbound | 2 | ||||
-rw-r--r-- | main/unbound/root.hints | 92 | ||||
-rw-r--r-- | main/unbound/update-unbound-root-hints | 38 |
5 files changed, 9 insertions, 144 deletions
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD index 73bc99fe92d..304e92faea8 100644 --- a/main/unbound/APKBUILD +++ b/main/unbound/APKBUILD @@ -3,12 +3,12 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=unbound pkgver=1.9.1 -pkgrel=1 +pkgrel=2 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" url="http://unbound.net/" arch="all" license="BSD-3-Clause" -depends="dnssec-root" +depends="dns-root-hints dnssec-root" depends_dev="expat-dev" makedepends="$depends_dev libevent-dev openssl-dev python2-dev swig linux-headers" install="$pkgname.pre-install" @@ -19,9 +19,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg $pkgname-openrc py-unbound:py $pkgname-migrate::noarch" source="https://unbound.net/downloads/$pkgname-$pkgver.tar.gz conf.patch - update-unbound-root-hints migrate-dnscache-to-unbound - root.hints $pkgname.initd $pkgname.confd " @@ -69,10 +67,9 @@ package() { cd "$pkgdir" - install -Dm755 "$srcdir"/update-unbound-root-hints \ - ./etc/periodic/monthly/update-unbound-root-hints - - install -m644 -D "$srcdir"/root.hints ./etc/unbound/root.hints + mkdir -p ./etc/unbound + rm -f ./etc/unbound/root.hints + ln -s ../../usr/share/dns-root-hints/named.root ./etc/unbound/root.hints install -m755 -D "$srcdir"/unbound.initd ./etc/init.d/unbound install -m755 -D "$srcdir"/unbound.confd ./etc/conf.d/unbound @@ -100,9 +97,7 @@ migrate() { } sha512sums="5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d unbound-1.9.1.tar.gz -bd51769e3e2d6035df1abbf220038a56a69795a092b5f31005e1910c6c88e334d7e71fe16d874885ef74c597f3a1d7af50f9ad9736ba7ebb10ae50178828661c conf.patch -b16b7b15392c0d560718ee543f1eebc5617085fb30d61cddc20dd948bd8b1634ee5b2de1c9cb172a6c0d1c5bbaf98b6fd39816d39c72a43ff619455449e668ac update-unbound-root-hints -b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131 migrate-dnscache-to-unbound -5a31dee3d3c4bd814b9a1f2c74b7b8473f294095a147d55108454f0757935d148afb9d51511435c73bdf4aa56ad5d3817cba0500eef89032bae8388a6707a088 root.hints +f9b90c6e717f99f3927a20320c5ec9e666af9eb4ad732520cd6de12c9ea98375c44dbbc598bef955a7c0243fbce0b29d9015ccc85b909b62509967cd8976a3c8 conf.patch +0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59 migrate-dnscache-to-unbound a2b39cb00d342c3bae70ae714dc2bd7c15d0475b35f7afff11fb0bd4c1786f83dd5425a5900a7b4d6c17915a6c546e37f82404bceb44f79c054629e999f23152 unbound.initd 40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71 unbound.confd" diff --git a/main/unbound/conf.patch b/main/unbound/conf.patch index 368de24f7ec..f7ad7515dcb 100644 --- a/main/unbound/conf.patch +++ b/main/unbound/conf.patch @@ -10,7 +10,7 @@ # file to read root hints from. # get one from https://www.internic.net/domain/named.cache - # root-hints: "" -+ root-hints: /etc/unbound/root.hints ++ root-hints: /usr/share/dns-root-hints/named.root # enable to not answer id.server and hostname.bind queries. # hide-identity: no diff --git a/main/unbound/migrate-dnscache-to-unbound b/main/unbound/migrate-dnscache-to-unbound index babbcd4d18e..368504f7f64 100644 --- a/main/unbound/migrate-dnscache-to-unbound +++ b/main/unbound/migrate-dnscache-to-unbound @@ -14,7 +14,7 @@ to_subnet() { gen_config() { echo "# Config generated by $0, $(date)" echo "server:" - echo -e "\troot-hints: /etc/unbound/root.hints\n" + echo -e "\troot-hints: /usr/share/dns-root-hints/named.root\n" [ -n "$IP" ] && echo -e "\tinterface: $IP\n" [ -n "$IPSEND" ] && echo -e "\toutgoing-interface: $IPSEND\n" diff --git a/main/unbound/root.hints b/main/unbound/root.hints deleted file mode 100644 index 48c6c41d4e2..00000000000 --- a/main/unbound/root.hints +++ /dev/null @@ -1,92 +0,0 @@ -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: November 14, 2018 -; related version of root zone: 2018111402 -; -; FORMERLY NS.INTERNIC.NET -; -. 3600000 NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 -; End of file diff --git a/main/unbound/update-unbound-root-hints b/main/unbound/update-unbound-root-hints deleted file mode 100644 index ec7bb86079d..00000000000 --- a/main/unbound/update-unbound-root-hints +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -# to allow passive ftp through a default deny iptables firewall: -# modprobe nf_conntrack_ftp -# echo nf_conntrack_ftp >> /etc/modules -# enable helpers automatically via sysctl: -# net.netfilter.nf_conntrack_helper = 1 -# OR enable manually for ftp only: -# iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp - -check_format() { - # check that we have some ipv4 addresses and some '.' hints - egrep -q '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]' "$1" \ - && egrep -q '^\.[[:space:]]+' "$1" -} - -ftphosts="FTP.INTERNIC.NET RS.INTERNIC.NET" -roothints=domain/named.cache -unbound_dir=/etc/unbound -outfile=$unbound_dir/root.hints - -if [ "$1" = "--verify" ]; then - if check_format $outfile; then - echo "$outfile: ok" - exit 0 - else - echo "$outfile: failed" - exit 1 - fi -fi - -for host in $ftphosts; do - url=ftp://$host/$roothints - if wget -q -O ${outfile}.new $url && check_format ${outfile}.new; then - mv ${outfile}.new $outfile && exit 0 - fi -done -exit 1 |