main/unbound: use dns-root-hints

author: tcely <tcely@users.noreply.github.com> 2019-04-17 06:23:44 -0400
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2019-04-18 11:16:19 +0000
commit: 216460fcc5f4d040b6dd75a9af01632cb254c6c9 (patch)
tree: 1dd1da6cd1c06c0d6aff5c2fab4d817fd9930bcf /main/unbound
parent: b033ae7fc59f3dbf43cfa546dd0dc9276805e7b0 (diff)
5 files changed, 9 insertions, 144 deletions
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index 73bc99fe92d..304e92faea8 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -3,12 +3,12 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=unbound
 pkgver=1.9.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
 url="http://unbound.net/"
 arch="all"
 license="BSD-3-Clause"
-depends="dnssec-root"
+depends="dns-root-hints dnssec-root"
 depends_dev="expat-dev"
 makedepends="$depends_dev libevent-dev openssl-dev python2-dev swig linux-headers"
 install="$pkgname.pre-install"
@@ -19,9 +19,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg
 	$pkgname-openrc py-unbound:py $pkgname-migrate::noarch"
 source="https://unbound.net/downloads/$pkgname-$pkgver.tar.gz
 	conf.patch
-	update-unbound-root-hints
 	migrate-dnscache-to-unbound
-	root.hints
 	$pkgname.initd
 	$pkgname.confd
 	"
@@ -69,10 +67,9 @@ package() {
 
 	cd "$pkgdir"
 
-	install -Dm755 "$srcdir"/update-unbound-root-hints \
-		./etc/periodic/monthly/update-unbound-root-hints
-
-	install -m644 -D "$srcdir"/root.hints ./etc/unbound/root.hints
+	mkdir -p ./etc/unbound
+	rm -f ./etc/unbound/root.hints
+	ln -s ../../usr/share/dns-root-hints/named.root ./etc/unbound/root.hints
 
 	install -m755 -D "$srcdir"/unbound.initd ./etc/init.d/unbound
 	install -m755 -D "$srcdir"/unbound.confd ./etc/conf.d/unbound
@@ -100,9 +97,7 @@ migrate() {
 }
 
 sha512sums="5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d  unbound-1.9.1.tar.gz
-bd51769e3e2d6035df1abbf220038a56a69795a092b5f31005e1910c6c88e334d7e71fe16d874885ef74c597f3a1d7af50f9ad9736ba7ebb10ae50178828661c  conf.patch
-b16b7b15392c0d560718ee543f1eebc5617085fb30d61cddc20dd948bd8b1634ee5b2de1c9cb172a6c0d1c5bbaf98b6fd39816d39c72a43ff619455449e668ac  update-unbound-root-hints
-b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131  migrate-dnscache-to-unbound
-5a31dee3d3c4bd814b9a1f2c74b7b8473f294095a147d55108454f0757935d148afb9d51511435c73bdf4aa56ad5d3817cba0500eef89032bae8388a6707a088  root.hints
+f9b90c6e717f99f3927a20320c5ec9e666af9eb4ad732520cd6de12c9ea98375c44dbbc598bef955a7c0243fbce0b29d9015ccc85b909b62509967cd8976a3c8  conf.patch
+0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59  migrate-dnscache-to-unbound
 a2b39cb00d342c3bae70ae714dc2bd7c15d0475b35f7afff11fb0bd4c1786f83dd5425a5900a7b4d6c17915a6c546e37f82404bceb44f79c054629e999f23152  unbound.initd
 40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71  unbound.confd"
diff --git a/main/unbound/conf.patch b/main/unbound/conf.patch
index 368de24f7ec..f7ad7515dcb 100644
--- a/main/unbound/conf.patch
+++ b/main/unbound/conf.patch
@@ -10,7 +10,7 @@
  	# file to read root hints from.
  	# get one from https://www.internic.net/domain/named.cache
 -	# root-hints: ""
-+	root-hints: /etc/unbound/root.hints
++	root-hints: /usr/share/dns-root-hints/named.root
  
  	# enable to not answer id.server and hostname.bind queries.
  	# hide-identity: no
diff --git a/main/unbound/migrate-dnscache-to-unbound b/main/unbound/migrate-dnscache-to-unbound
index babbcd4d18e..368504f7f64 100644
--- a/main/unbound/migrate-dnscache-to-unbound
+++ b/main/unbound/migrate-dnscache-to-unbound
@@ -14,7 +14,7 @@ to_subnet() {
 gen_config() {
 	echo "# Config generated by $0, $(date)"
 	echo "server:"
-	echo -e "\troot-hints: /etc/unbound/root.hints\n"
+	echo -e "\troot-hints: /usr/share/dns-root-hints/named.root\n"
 
 	[ -n "$IP" ] && echo -e "\tinterface: $IP\n"
 	[ -n "$IPSEND" ] && echo -e "\toutgoing-interface: $IPSEND\n"
diff --git a/main/unbound/root.hints b/main/unbound/root.hints
deleted file mode 100644
index 48c6c41d4e2..00000000000
--- a/main/unbound/root.hints
+++ /dev/null
@@ -1,92 +0,0 @@
-;       This file holds the information on root name servers needed to
-;       initialize cache of Internet domain name servers
-;       (e.g. reference this file in the "cache  .  <file>"
-;       configuration file of BIND domain name servers).
-;
-;       This file is made available by InterNIC
-;       under anonymous FTP as
-;           file                /domain/named.cache
-;           on server           FTP.INTERNIC.NET
-;       -OR-                    RS.INTERNIC.NET
-;
-;       last update:     November 14, 2018
-;       related version of root zone:     2018111402
-;
-; FORMERLY NS.INTERNIC.NET
-;
-.                        3600000      NS    A.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
-A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
-;
-; FORMERLY NS1.ISI.EDU
-;
-.                        3600000      NS    B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET.      3600000      A     199.9.14.201
-B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
-;
-; FORMERLY C.PSI.NET
-;
-.                        3600000      NS    C.ROOT-SERVERS.NET.
-C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
-C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
-;
-; FORMERLY TERP.UMD.EDU
-;
-.                        3600000      NS    D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
-D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
-;
-; FORMERLY NS.NASA.GOV
-;
-.                        3600000      NS    E.ROOT-SERVERS.NET.
-E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
-E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
-;
-; FORMERLY NS.ISC.ORG
-;
-.                        3600000      NS    F.ROOT-SERVERS.NET.
-F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
-F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
-;
-; FORMERLY NS.NIC.DDN.MIL
-;
-.                        3600000      NS    G.ROOT-SERVERS.NET.
-G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
-G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
-;
-; FORMERLY AOS.ARL.ARMY.MIL
-;
-.                        3600000      NS    H.ROOT-SERVERS.NET.
-H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
-H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
-;
-; FORMERLY NIC.NORDU.NET
-;
-.                        3600000      NS    I.ROOT-SERVERS.NET.
-I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
-I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
-;
-; OPERATED BY VERISIGN, INC.
-;
-.                        3600000      NS    J.ROOT-SERVERS.NET.
-J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
-J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
-;
-; OPERATED BY RIPE NCC
-;
-.                        3600000      NS    K.ROOT-SERVERS.NET.
-K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
-K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
-;
-; OPERATED BY ICANN
-;
-.                        3600000      NS    L.ROOT-SERVERS.NET.
-L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
-L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
-;
-; OPERATED BY WIDE
-;
-.                        3600000      NS    M.ROOT-SERVERS.NET.
-M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
-M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
-; End of file
diff --git a/main/unbound/update-unbound-root-hints b/main/unbound/update-unbound-root-hints
deleted file mode 100644
index ec7bb86079d..00000000000
--- a/main/unbound/update-unbound-root-hints
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh
-
-# to allow passive ftp through a default deny iptables firewall:
-# modprobe nf_conntrack_ftp
-# echo nf_conntrack_ftp >> /etc/modules
-# enable helpers automatically via sysctl:
-# net.netfilter.nf_conntrack_helper = 1
-# OR enable manually for ftp only:
-# iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp
-
-check_format() {
-	# check that we have some ipv4 addresses and some '.' hints
-	egrep -q '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]' "$1" \
-		&& egrep -q '^\.[[:space:]]+' "$1"
-}
-
-ftphosts="FTP.INTERNIC.NET RS.INTERNIC.NET"
-roothints=domain/named.cache
-unbound_dir=/etc/unbound
-outfile=$unbound_dir/root.hints
-
-if [ "$1" = "--verify" ]; then
-	if check_format $outfile; then
-		echo "$outfile: ok"
-		exit 0
-	else
-		echo "$outfile: failed"
-		exit 1
-	fi
-fi
-
-for host in $ftphosts; do
-	url=ftp://$host/$roothints
-	if wget -q -O ${outfile}.new $url && check_format ${outfile}.new; then
-		mv ${outfile}.new $outfile && exit 0
-	fi
-done
-exit 1
author	tcely <tcely@users.noreply.github.com>	2019-04-17 06:23:44 -0400
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2019-04-18 11:16:19 +0000
commit	216460fcc5f4d040b6dd75a9af01632cb254c6c9 (patch)
tree	1dd1da6cd1c06c0d6aff5c2fab4d817fd9930bcf /main/unbound
parent	b033ae7fc59f3dbf43cfa546dd0dc9276805e7b0 (diff)