summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/nsd/README19
-rw-r--r--network/nsd/doinst.sh28
-rw-r--r--network/nsd/localhost.zone11
-rw-r--r--network/nsd/nsd.SlackBuild153
-rw-r--r--network/nsd/nsd.conf319
-rw-r--r--network/nsd/nsd.info10
-rw-r--r--network/nsd/nsd.logrotate11
-rw-r--r--network/nsd/rc.nsd50
-rw-r--r--network/nsd/slack-desc19
9 files changed, 620 insertions, 0 deletions
diff --git a/network/nsd/README b/network/nsd/README
new file mode 100644
index 0000000000..1b774e071e
--- /dev/null
+++ b/network/nsd/README
@@ -0,0 +1,19 @@
+NSD is being developed with the purpose of creating more diversity in the
+DNS landscape. Secondly we want to create a fast, modern, RFC compliant
+nameserver.
+
+NSD requires its own user in order to run securely. It is not advised to
+run services as root user without special reason.
+
+
+To add NSD user in system run as root:
+
+# groupadd -g 336 nsd
+# useradd -u 336 -d /var/lib/nsd -g nsd -s /bin/false nsd
+
+
+In order to run NSD during boot process, add to /etc/rc.d/rc.local :
+
+if [ -x /etc/rc.d/rc.nsd ]; then
+ /etc/rc.d/rc.nsd start
+fi
diff --git a/network/nsd/doinst.sh b/network/nsd/doinst.sh
new file mode 100644
index 0000000000..99c48b57d1
--- /dev/null
+++ b/network/nsd/doinst.sh
@@ -0,0 +1,28 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+preserve_perms etc/rc.d/rc.nsd.new
+preserve_perms etc/nsd/nsd.conf.new
+preserve_perms var/lib/nsd/zones/master/localhost.zone.new
+preserve_perms etc/logrotate.d/nsd.new
diff --git a/network/nsd/localhost.zone b/network/nsd/localhost.zone
new file mode 100644
index 0000000000..c47baf5f1f
--- /dev/null
+++ b/network/nsd/localhost.zone
@@ -0,0 +1,11 @@
+$TTL 86400
+$ORIGIN localhost.
+@ 1D IN SOA @ root (
+ 42 ; serial (d. adams)
+ 3H ; refresh
+ 15M ; retry
+ 1W ; expiry
+ 1D ) ; minimum
+
+ 1D IN NS @
+ 1D IN A 127.0.0.1
diff --git a/network/nsd/nsd.SlackBuild b/network/nsd/nsd.SlackBuild
new file mode 100644
index 0000000000..7db9129e99
--- /dev/null
+++ b/network/nsd/nsd.SlackBuild
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+# Slackware build script for YADIFA, Authoritative DNS server
+
+# Copyright (c) 2016, Sergey Fedosov <eleksir@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=nsd
+USER=$PRGNAM
+GROUP=$PRGNAM
+VERSION=${VERSION:-4.1.13}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if ! grep -q "^nsd:" /etc/group; then
+ echo "$0: Error: $PRGNAM group ($GROUP) doesn't exist."
+ echo "$0: Try creating one with:"
+ echo " # groupadd -g 336 $GROUP"
+ exit 1
+fi
+
+if ! grep -q "^nsd:" /etc/passwd; then
+ echo "$0: Error: $PRGNAM user ($GROUP) doesn't exist."
+ echo "$0: Try creating one with:"
+ echo " # useradd -u 336 -d /var/lib/$USER -g $GROUP -s /bin/false $USER"
+ exit 1
+fi
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i586 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf "$PKG"
+mkdir -p "$TMP" "$PKG" "$OUTPUT"
+cd "$TMP"
+rm -rf "$PRGNAM-$VERSION"
+tar xvf "$CWD/$PRGNAM-$VERSION.tar.gz"
+cd "$PRGNAM-$VERSION"
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+--prefix=/usr \
+--bindir=/usr/bin \
+--sbindir=/usr/sbin \
+--libexecdir=/usr/libexec \
+--sysconfdir=/etc \
+--localstatedir=/var \
+--libdir=/usr/lib \
+--enable-ratelimit \
+--enable-ratelimit-default-is-off \
+--with-nsd_conf_file="/etc/$PRGNAM/$PRGNAM.conf" \
+--with-configdir="/var/lib/$USER" \
+--with-logfile="/var/log/$PRGNAM/$PRGNAM.log" \
+--with-pidfile="/var/run/$PRGNAM/$PRGNAM.pid" \
+--with-dbfile="/var/lib/$USER/$PRGNAM.db" \
+--with-zonesdir="/var/lib/$USER/zones" \
+--with-xfrdfile="/var/lib/$USER/$PRGNAM.xfrd" \
+--with-zonelistfile="/var/lib/$USER/$PRGNAM.zones" \
+--with-xfrdir="/var/lib/$USER/xfrd" \
+--with-user=$USER
+
+make
+make install DESTDIR="$PKG"
+
+find "$PKG" -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+mv $PKG/usr/share/man $PKG/usr/
+find "$PKG/usr/man" -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s "$( readlink $i ).gz" "$i.gz" ; rm "$i" ; done
+
+mkdir -p "$PKG/usr/doc/$PRGNAM-$VERSION"
+install --mode=644 "$CWD/$PRGNAM.SlackBuild" "$PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild"
+
+mkdir -p "$PKG/install"
+install --mode=644 "$CWD/slack-desc" "$PKG/install/slack-desc"
+install --mode=644 "$CWD/doinst.sh" "$PKG/install/doinst.sh"
+
+mkdir -p "$PKG/etc/rc.d"
+install --mode=644 "$CWD/rc.$PRGNAM" "$PKG/etc/rc.d/rc.$PRGNAM.new"
+
+mkdir -p "$PKG/var/run/$PRGNAM"
+chown $USER:$GROUP "$PKG/var/run/$PRGNAM"
+
+mkdir -p "$PKG/var/log/$PRGNAM"
+chown $USER:$GROUP "$PKG/var/log/$PRGNAM"
+
+chown -R $USER:$GROUP "$PKG/var/lib/$USER"
+
+mkdir -p "$PKG/etc/$PRGNAM"
+install --mode=644 "$CWD/$PRGNAM.conf" "$PKG/etc/$PRGNAM/${PRGNAM}.conf.new"
+
+mkdir -p $PKG/etc/logrotate.d
+install --mode=644 $CWD/nsd.logrotate $PKG/etc/logrotate.d/nsd.new
+
+# remove empty file
+rm -rf "$PKG/etc/$PRGNAM/$PRGNAM.conf.sample"
+
+# add sample zone
+mkdir -p "$PKG/var/lib/$USER/zones/master"
+install --mode=644 "$CWD/localhost.zone" "$PKG/var/lib/$USER/zones/master/localhost.zone.new"
+
+cd "$PKG"
+/sbin/makepkg -l y -c n "$OUTPUT/$PRGNAM-${VERSION}-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}"
diff --git a/network/nsd/nsd.conf b/network/nsd/nsd.conf
new file mode 100644
index 0000000000..8e691e1923
--- /dev/null
+++ b/network/nsd/nsd.conf
@@ -0,0 +1,319 @@
+#
+# nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
+#
+# Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
+#
+# See LICENSE for the license.
+#
+
+# This is a comment.
+# Sample configuration file
+# include: "file" # include that file's text over here. Globbed, "*.conf"
+
+# options for the nsd server
+server:
+ # Number of NSD servers to fork. Put the number of CPUs to use here.
+ # server-count: 1
+
+ # uncomment to specify specific interfaces to bind (default are the
+ # wildcard interfaces 0.0.0.0 and ::0).
+ # For servers with multiple IP addresses, list them one by one,
+ # or the source address of replies could be wrong.
+ # Use ip-transparent to be able to list addresses that turn on later.
+ # ip-address: 1.2.3.4
+ # ip-address: 1.2.3.4@5678
+ # ip-address: 12fe::8ef0
+
+ # Allow binding to non local addresses. Default no.
+ # ip-transparent: no
+
+ # Allow binding to addresses that are down. Default no.
+ # ip-freebind: no
+
+ # use the reuseport socket option for performance. Default no.
+ # reuseport: no
+ reuseport: yes
+
+ # enable debug mode, does not fork daemon process into the background.
+ # debug-mode: no
+
+ # listen on IPv4 connections
+ # do-ip4: yes
+
+ # listen on IPv6 connections
+ # do-ip6: yes
+
+ # port to answer queries on. default is 53.
+ # port: 53
+
+ # Verbosity level.
+ # verbosity: 0
+
+ # After binding socket, drop user privileges.
+ # can be a username, id or id.gid.
+ # username: nsd
+ username: nsd
+
+ # Run NSD in a chroot-jail.
+ # make sure to have pidfile and database reachable from there.
+ # by default, no chroot-jail is used.
+ # chroot: "/var/lib/nsd"
+
+ # The directory for zonefile: files. The daemon chdirs here.
+ # zonesdir: "/var/lib/nsd/zones"
+
+ # the list of dynamically added zones.
+ # zonelistfile: "/var/lib/nsd/nsd.zones"
+
+ # the database to use
+ # if set to "" then no disk-database is used, less memory usage.
+ # database: "/var/lib/nsd/nsd.db"
+ database: ""
+
+ # log messages to file. Default to stderr and syslog (with
+ # facility LOG_DAEMON). stderr disappears when daemon goes to bg.
+ logfile: "/var/log/nsd/nsd.log"
+
+ # File to store pid for nsd in.
+ pidfile: "/var/run/nsd/nsd.pid"
+
+ # The file where secondary zone refresh and expire timeouts are kept.
+ # If you delete this file, all secondary zones are forced to be
+ # 'refreshing' (as if nsd got a notify). Set to "" to disable.
+ xfrdfile: "/var/lib/nsd/nsd.xfrd"
+
+ # The directory where zone transfers are stored, in a subdir of it.
+ xfrdir: "/var/lib/nsd/xfrd"
+
+ # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries
+ # hide-version: no
+ hide-version: yes
+
+ # version string the server responds with for chaos queries.
+ # default is 'NSD x.y.z' with the server's version number.
+ # version: "NSD"
+
+ # identify the server (CH TXT ID.SERVER entry).
+ # identity: "unidentified server"
+
+ # NSID identity (hex string, or "ascii_somestring"). default disabled.
+ # nsid: "aabbccdd"
+
+ # Maximum number of concurrent TCP connections per server.
+ # tcp-count: 100
+
+ # Maximum number of queries served on a single TCP connection.
+ # By default 0, which means no maximum.
+ # tcp-query-count: 0
+
+ # Override the default (120 seconds) TCP timeout.
+ # tcp-timeout: 120
+ tcp-timeout: 10
+
+ # Maximum segment size (MSS) of TCP socket on which the server
+ # responds to queries. Default is 0, system default MSS.
+ # tcp-mss: 0
+
+ # Maximum segment size (MSS) of TCP socket for outgoing AXFR request.
+ # Default is 0, system default MSS.
+ # outgoing-tcp-mss: 0
+
+ # Preferred EDNS buffer size for IPv4.
+ # ipv4-edns-size: 4096
+
+ # Preferred EDNS buffer size for IPv6.
+ # ipv6-edns-size: 4096
+
+ # statistics are produced every number of seconds. Prints to log.
+ # Default is 0, meaning no statistics are produced.
+ # statistics: 3600
+
+ # Number of seconds between reloads triggered by xfrd.
+ # xfrd-reload-timeout: 1
+
+ # log timestamp in ascii (y-m-d h:m:s.msec), yes is default.
+ # log-time-ascii: yes
+
+ # round robin rotation of records in the answer.
+ # round-robin: no
+
+ # check mtime of all zone files on start and sighup
+ # zonefiles-check: yes
+
+ # write changed zonefiles to disk, every N seconds.
+ # default is 0(disabled) or 3600(if database is "").
+ # zonefiles-write: 3600
+
+ # RRLconfig
+ # Response Rate Limiting, size of the hashtable. Default 1000000.
+ # rrl-size: 1000000
+
+ # Response Rate Limiting, maximum QPS allowed (from one query source).
+ # If set to 0, ratelimiting is disabled. Also set
+ # rrl-whitelist-ratelimit to 0 to disable ratelimit processing.
+ # Default is off.
+ # rrl-ratelimit: 200
+
+ # Response Rate Limiting, number of packets to discard before
+ # sending a SLIP response (a truncated one, allowing an honest
+ # resolver to retry with TCP). Default is 2 (one half of the
+ # queries will receive a SLIP response, 0 disables SLIP (all
+ # packets are discarded), 1 means every request will get a
+ # SLIP response. When the ratelimit is hit the traffic is
+ # divided by the rrl-slip value.
+ # rrl-slip: 2
+
+ # Response Rate Limiting, IPv4 prefix length. Addresses are
+ # grouped by netblock.
+ # rrl-ipv4-prefix-length: 24
+
+ # Response Rate Limiting, IPv6 prefix length. Addresses are
+ # grouped by netblock.
+ # rrl-ipv6-prefix-length: 64
+
+ # Response Rate Limiting, maximum QPS allowed (from one query source)
+ # for whitelisted types. Default is off.
+ # rrl-whitelist-ratelimit: 2000
+ # RRLend
+
+# Remote control config section.
+remote-control:
+ # Enable remote control with nsd-control(8) here.
+ # set up the keys and certificates with nsd-control-setup.
+ # control-enable: no
+
+ # what interfaces are listened to for control, default is on localhost.
+ # control-interface: 127.0.0.1
+ # control-interface: ::1
+
+ # port number for remote control operations (uses TLS over TCP).
+ # control-port: 8952
+
+ # nsd server key file for remote control.
+ # server-key-file: "/var/lib/nsd/nsd_server.key"
+
+ # nsd server certificate file for remote control.
+ # server-cert-file: "/var/lib/nsd/nsd_server.pem"
+
+ # nsd-control key file.
+ # control-key-file: "/var/lib/nsd/nsd_control.key"
+
+ # nsd-control certificate file.
+ # control-cert-file: "/var/lib/nsd/nsd_control.pem"
+
+
+# Secret keys for TSIGs that secure zone transfers.
+# You could include: "secret.keys" and put the 'key:' statements in there,
+# and give that file special access control permissions.
+#
+# key:
+ # The key name is sent to the other party, it must be the same
+ #name: "keyname"
+ # algorithm hmac-md5, or sha1, sha256, sha224, sha384, sha512
+ #algorithm: sha256
+ # secret material, must be the same as the other party uses.
+ # base64 encoded random number.
+ # e.g. from dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64
+ #secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
+
+
+# Patterns have zone configuration and they are shared by one or more zones.
+#
+# pattern:
+ # name by which the pattern is referred to
+ #name: "myzones"
+ # the zonefile for the zones that use this pattern.
+ # if relative then from the zonesdir (inside the chroot).
+ # the name is processed: %s - zone name (as appears in zone:name).
+ # %1 - first character of zone name, %2 second, %3 third.
+ # %z - topleveldomain label of zone, %y, %x next labels in name.
+ # if label or character does not exist you get a dot '.'.
+ # for example "%s.zone" or "zones/%1/%2/%3/%s" or "secondary/%z/%s"
+ #zonefile: "%s.zone"
+
+ # If no master and slave access control elements are provided,
+ # this zone will not be served to/from other servers.
+
+ # A master zone needs notify: and provide-xfr: lists. A slave
+ # may also allow zone transfer (for debug or other secondaries).
+ # notify these slaves when the master zone changes, address TSIG|NOKEY
+ # IP can be ipv4 and ipv6, with @port for a nondefault port number.
+ #notify: 192.0.2.1 NOKEY
+ # allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
+ # address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
+ #provide-xfr: 192.0.2.0/24 my_tsig_key_name
+ # set the number of retries for notify.
+ #notify-retry: 5
+
+ # uncomment to provide AXFR to all the world
+ # provide-xfr: 0.0.0.0/0 NOKEY
+ # provide-xfr: ::0/0 NOKEY
+
+ # A slave zone needs allow-notify: and request-xfr: lists.
+ #allow-notify: 2001:db8::0/64 my_tsig_key_name
+ # By default, a slave will request a zone transfer with IXFR/TCP.
+ # If you want to make use of IXFR/UDP use: UDP addr tsigkey
+ # for a master that only speaks AXFR (like NSD) use AXFR addr tsigkey
+ #request-xfr: 192.0.2.2 the_tsig_key_name
+ # Attention: You cannot use UDP and AXFR together. AXFR is always over
+ # TCP. If you use UDP, we higly recommend you to deploy TSIG.
+ # Allow AXFR fallback if the master does not support IXFR. Default
+ # is yes.
+ #allow-axfr-fallback: yes
+ # set local interface for sending zone transfer requests.
+ # default is let the OS choose.
+ #outgoing-interface: 10.0.0.10
+ # limit the refresh and retry interval in seconds.
+ #max-refresh-time: 2419200
+ #min-refresh-time: 0
+ #max-retry-time: 1209600
+ #min-retry-time: 0
+ # Slave server tries zone transfer to all masters and picks highest
+ # zone version available, for when masters have different versions.
+ #multi-master-check: no
+
+ # limit the zone transfer size (in bytes), stops very large transfers
+ # 0 is no limits enforced.
+ # size-limit-xfr: 0
+
+ # if compiled with --enable-zone-stats, give name of stat block for
+ # this zone (or group of zones). Output from nsd-control stats.
+ # zonestats: "%s"
+
+ # if you give another pattern name here, at this point the settings
+ # from that pattern are inserted into this one (as if it were a
+ # macro). The statement can be given in between other statements,
+ # because the order of access control elements can make a difference
+ # (which master to request from first, which slave to notify first).
+ #include-pattern: "common-masters"
+
+
+# Fixed zone entries. Here you can config zones that cannot be deleted.
+# Zones that are dynamically added and deleted are put in the zonelist file.
+#
+# zone:
+ # name: "example.com"
+ # you can give a pattern here, all the settings from that pattern
+ # are then inserted at this point
+ # include-pattern: "master"
+ # You can also specify (additional) options directly for this zone.
+ # zonefile: "example.com.zone"
+ # request-xfr: 192.0.2.1 example.com.key
+
+ # RRLconfig
+ # Response Rate Limiting, whitelist types
+ # rrl-whitelist: nxdomain
+ # rrl-whitelist: error
+ # rrl-whitelist: referral
+ # rrl-whitelist: any
+ # rrl-whitelist: rrsig
+ # rrl-whitelist: wildcard
+ # rrl-whitelist: nodata
+ # rrl-whitelist: dnskey
+ # rrl-whitelist: positive
+ # rrl-whitelist: all
+ # RRLend
+
+zone:
+ name: "localhost"
+ zonefile: "master/localhost.zone"
diff --git a/network/nsd/nsd.info b/network/nsd/nsd.info
new file mode 100644
index 0000000000..d76c501cef
--- /dev/null
+++ b/network/nsd/nsd.info
@@ -0,0 +1,10 @@
+PRGNAM="nsd"
+VERSION="4.1.13"
+HOMEPAGE="https://www.nlnetlabs.nl/projects/nsd/"
+DOWNLOAD="https://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.13.tar.gz"
+MD5SUM="a3f2a9885bc8664ba4a25c938d26a587"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="Sergei Fedosoff"
+EMAIL="eleksir@gmail.com"
diff --git a/network/nsd/nsd.logrotate b/network/nsd/nsd.logrotate
new file mode 100644
index 0000000000..eb49072a75
--- /dev/null
+++ b/network/nsd/nsd.logrotate
@@ -0,0 +1,11 @@
+/var/log/nsd/*.log {
+ daily
+ rotate 14
+ notifempty
+ missingok
+ compress
+ sharedscripts
+ postrotate
+ /etc/rc.d/rc.nsd logreopen
+ endscript
+}
diff --git a/network/nsd/rc.nsd b/network/nsd/rc.nsd
new file mode 100644
index 0000000000..55118d9464
--- /dev/null
+++ b/network/nsd/rc.nsd
@@ -0,0 +1,50 @@
+#!/bin/sh
+#
+# Start/stop/restart nsd
+#
+
+do_start() {
+ if [ -x /usr/sbin/nsd ]; then
+ echo "Starting Name Server Daemon: /usr/sbin/nsd"
+ /usr/sbin/nsd -c /etc/nsd/nsd.conf 2> /dev/null
+ fi
+}
+
+do_stop() {
+ echo "Stopping Name Server Daemon"
+ kill $(cat /var/run/nsd/nsd.pid) 2> /dev/null
+}
+
+do_restart() {
+ do_stop
+ sleep 1
+ do_start
+}
+
+do_reload() {
+ kill -HUP $(cat /var/run/nsd/nsd.pid)
+}
+
+do_logreopen() {
+ do_reload
+}
+
+case "$1" in
+'start')
+ do_start
+ ;;
+'stop')
+ do_stop
+ ;;
+'restart')
+ do_restart
+ ;;
+'reload')
+ do_reload
+ ;;
+'logreopen')
+ do_logreopen
+ ;;
+*)
+ echo "usage $0 start|stop|restart|reload|logreopen"
+esac
diff --git a/network/nsd/slack-desc b/network/nsd/slack-desc
new file mode 100644
index 0000000000..2aec14873a
--- /dev/null
+++ b/network/nsd/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+nsd: nsd (Name Server Daemon)
+nsd:
+nsd: NSD is an authoritative only, high performance, simple and open
+nsd: source name server.
+nsd:
+nsd:
+nsd:
+nsd:
+nsd:
+nsd: Website: https://www.nlnetlabs.nl/projects/nsd/
+nsd: