Would appreciate an ebuild for the latest bind 9.7 release candidate when convenient. I looked around the overlays and didn't see anything. We'll probably put one together ourselves at some point, but one from the experts would certainly be better :). Thanks. Reproducible: Always Steps to Reproduce:
I'm far from an ebuild hacker, but I tweaked the 9.6 ebuild to work for 9.7rc2 (attached). The configure options for 9.7 are almost the same. It has a handful of new options: --enable-backtrace log stack backtrace on abort [default=yes] --enable-exportlib build exportable library (GNU make required) --enable-filter-aaaa enable filtering of AAAA records over IPv4 --enable-openssl-hash use OpenSSL for hash functions [default=no] --enable-symtable use internal symbol table for backtrace None of them seemed particularly important to me so I left them at defaults. I updated the parallel compilation workaround patch for 9.7 (attached). I don't use dlz, mysql, or sdb-ldap, so I didn't touch those patches, they may or may not apply. I didn't have the time to figure out the version magic (and portage insisted on an underscore between the 9.7 and the rc2 in the build name), so I hardcoded src_uri as: ftp://ftp.isc.org/isc/bind9/${MY_PV}/bind-9.7.0rc2.tar.gz That broke a couple of other things, which I fixed (kludged around) by adding: ln -s bind-9.7.0rc2 bind-9.7.0_rc2 cd bind-9.7.0rc2 in src_prepare. There's no file named KNOWN-DEFECTS in 9.7 so I removed that dodoc. It seems to install fine at this point. The only differences in the installed image appear to be new .so versions and a handful of new binaries. This ebuild is pretty kludgy :), I wouldn't necessarily advise using it ;). But if you want to play with the release candidate pending an official ebuild I think it mostly works. Unless I missed something I don't think it would take an actual dev much time to make a real ebuild, hopefully one will have time.
Created attachment 218457 [details] Crappy ebuld for bind 9.7.0rc2
Created attachment 218459 [details, diff] Updated parallel workaround patch for bind 9.7.0rc2 ebuild
Created attachment 220783 [details] bind-9.7.0.ebuild bind 9.7 final is out. No new parallel patch needed, the current one is fine. Only change is two doc files no longer exist (README.idnkit and KNOWN-DEFECTS). bind-tools requires no changes afaics, just copy-over works.
bind 9.7.0_p1 has been released. Is this package still being maintained?
Created attachment 230685 [details] net-dns/bind/files/10bind.env
Created attachment 230687 [details] net-dns/bind/files/127.zone-r2
Created attachment 230689 [details, diff] net-dns/bind/files/bind-9.4.0-dlzbdb-close_cursor.patch
Created attachment 230691 [details, diff] net-dns/bind/files/bind-9.6.1-parallel.patch
Created attachment 230693 [details, diff] net-dns/bind/files/bind-dlzmysql5-reconnect.patch
Created attachment 230695 [details] net-dns/bind/files/empty.zone-r1
Created attachment 230697 [details] net-dns/bind/files/localhost.zone-r3
Created attachment 230699 [details] net-dns/bind/files/named.cache
Created attachment 230701 [details] net-dns/bind/files/named.confd-r3
Created attachment 230703 [details] net-dns/bind/files/named.conf-r4
Created attachment 230705 [details] net-dns/bind/files/named.init-r7
Created attachment 230707 [details] net-dns/bind/bind-9.7.0_p1.ebuild
Here the Ebuild for BIND 9.7.0_p1. I have changed the named.conf used in stock Gentoo to be more secure, use views, use ACLs, have examples for logging, have examples for dynamic zones, have examples for forwarding, etc... The old named.conf from Gentoo has not changed since ages and can IMHO be considered as out of date (regarding security and features).
Can you please attach patches instead of the whole files and of course only files that has been changed?
(In reply to comment #19) > Can you please attach patches instead of the whole files and of course only > files that has been changed? > Patches would make sense if I would have modified existing files. But I have not. I only reused old files or added new files (and renamed one or copied and renamed one). Used old files (from net-dns/bind): =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= net-dns/bind/files/10bind.env net-dns/bind/files/bind-9.4.0-dlzbdb-close_cursor.patch net-dns/bind/files/bind-9.6.1-parallel.patch net-dns/bind/files/bind-dlzmysql5-reconnect.patch net-dns/bind/files/named.confd-r3 net-dns/bind/files/named.init-r7 net-dns/bind/files/localhost.zone-r3 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Renamed files (or if you want call it a copy). The reason for the rename is that the file is called named.cache when downloaded from internic (ftp://ftp.rs.internic.net/domain/named.cache) and there is no real point in calling that file named.ca: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Old: net-dns/bind/files/named.ca New: net-dns/bind/files/named.cache =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= New files (new revision): =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= net-dns/bind/files/127.zone-r2 net-dns/bind/files/empty.zone-r1 net-dns/bind/files/named.conf-r4 net-dns/bind/bind-9.7.0_p1.ebuild =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Do you really want me to make a patch for those 5 new files (if I count named.cache as a new file else it's just 4 new files and one rename/copy)? Making patches for new files is IMHO pointless. A patch for new files would just be the original file plus some patch headers. That's it. I fail to see the ultra big benefit in submitting patches for new files. But if you insist or if you can not work without patches, then let me know. I will create and upload them.
bind-9.7.0_p1 is in CVS now. I added some new stuff to the default config but not all of your patch. For further config related discussion please reopen bug 308231. One of the main reason is: its a default config, basics are already in and everybody want a different config. And re patches: I meant you should add a patch instead of the complete file like for the ebuild, just a few lines has been changed so a patch would make more sense there. Thanks to all who contributed :)
(In reply to comment #21) > bind-9.7.0_p1 is in CVS now. > I added some new stuff to the default config but not all of your patch. > For further config related discussion please reopen bug 308231. > One of the main reason is: its a default config, basics are already in and > everybody want a different config. > > And re patches: I meant you should add a patch instead of the complete file > like for the ebuild, just a few lines has been changed so a patch would make > more sense there. > > Thanks to all who contributed :) > I think you should add an additional zone (below "127.in-addr.arpa") to the new named.conf: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= zone "0.ip6.arpa" IN { type master; file "pri/127.zone"; allow-update { none; }; notify no; }; =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= IMHO that one should be there since 127.in-addr.arpa is there too. And I personally would find it good if you would reference this bug id in the ChangeLog so that other Gentoo users could raise their opinion if they find that adding those additional zones that prevent spurious traffic leaving their network is a good thing.
(In reply to comment #22) > I think you should add an additional zone (below "127.in-addr.arpa") to the new > named.conf: > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > zone "0.ip6.arpa" IN { > type master; > file "pri/127.zone"; > allow-update { none; }; > notify no; > }; > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > IMHO that one should be there since 127.in-addr.arpa is there too. I agree, will do that ASAP. > > And I personally would find it good if you would reference this bug id in the > ChangeLog so that other Gentoo users could raise their opinion if they find > that adding those additional zones that prevent spurious traffic leaving their > network is a good thing. > This bug has been mentioned in the ChangeLog but I'll also add a reference to bug 308231 if I get to it.
(In reply to comment #21) > bind-9.7.0_p1 is in CVS now. > I added some new stuff to the default config but not all of your patch. > For further config related discussion please reopen bug 308231. > I can't reopen that bug. I think only the initial reporter or a Bugzilla admin can reopen that bug. > One of the main reason is: its a default config, basics are already in and > everybody want a different config. > I understand that but it would have been a good opportunity to make the BIND configuration more polished. Anyway... since I can not reopen the other bug I am going to post here in this bug report a proposal how to have that empty zone stuff in stock Gentoo BIND while still being flexible. How about adding those instructions from the empty zone in a separate file and then use the include directive to include it, should some one have the need to close down his BIND and not send any spurious traffic to the root name servers or his ISP servers? Would you accept such a change? It could still be disabled for stock named.conf. Something like that: // If you wish to silence your BIND to not send spurious traffic to the root // name servers then enable the line below. //include "/etc/bind/empty-zone.conf"; And empty-zone.conf will then include all the zones that should point to empty.zone. What do you think about that? Should I upload the files and a patch for the 9.7.0_p1 ebuild?
I just reopened the bug, can you please attach the specific files/patches plus your last reply there? Sorry for the extra work that may cause :/