diff options
-rw-r--r-- | network/yadifa/README | 25 | ||||
-rw-r--r-- | network/yadifa/doinst.sh | 30 | ||||
-rw-r--r-- | network/yadifa/key.conf | 5 | ||||
-rw-r--r-- | network/yadifa/rc.yadifa | 53 | ||||
-rw-r--r-- | network/yadifa/slack-desc | 19 | ||||
-rw-r--r-- | network/yadifa/yadifa.SlackBuild | 143 | ||||
-rw-r--r-- | network/yadifa/yadifa.conf | 6 | ||||
-rw-r--r-- | network/yadifa/yadifa.info | 10 | ||||
-rw-r--r-- | network/yadifa/yadifa.logrotate | 11 | ||||
-rw-r--r-- | network/yadifa/yadifad.conf | 84 | ||||
-rw-r--r-- | network/yadifa/zones.conf | 20 |
11 files changed, 406 insertions, 0 deletions
diff --git a/network/yadifa/README b/network/yadifa/README new file mode 100644 index 0000000000..122a926a61 --- /dev/null +++ b/network/yadifa/README @@ -0,0 +1,25 @@ +Lightweight authoritative Name Server with DNSSEC capabilities. Developed by +the passionate people behind the .eu top-level domain, YADIFA has been built +from scratch to face today’s DNS challenges, with no compromise on security, +speed and stability, to offer a better and safer Internet experience. + +Package binaries and shared objects linked here dynamically, but by-default +configure script links it statically, for performance consideration. Static +linking makes sence only on heavy loaded environment (10+ Mbit DNS traffic, +5000+ queries/second per server). + +YADIFA requires its own user in order to run securely. It is not advised to +run services as root user without special reason. + + +To add yadifa user in system run as root: + +# groupadd -g 332 yadifa +# useradd -u 332 -d /var/lib/yadifa -g yadifa -s /bin/false yadifa + + +In order to run YADIFA during boot process, add to /etc/rc.d/rc.local : + +if [ -x /etc/rc.d/rc.yadifa ]; then + /etc/rc.d/rc.yadifa start +fi diff --git a/network/yadifa/doinst.sh b/network/yadifa/doinst.sh new file mode 100644 index 0000000000..37e7d841e0 --- /dev/null +++ b/network/yadifa/doinst.sh @@ -0,0 +1,30 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.yadifa.new +preserve_perms etc/yadifa/yadifa.conf.new +preserve_perms etc/yadifa/yadifad.conf.new +preserve_perms etc/yadifa/key.conf.new +preserve_perms etc/yadifa/zones.conf.new +preserve_perms etc/logrotate.d/yadifa.new diff --git a/network/yadifa/key.conf b/network/yadifa/key.conf new file mode 100644 index 0000000000..a5b7a0ad3f --- /dev/null +++ b/network/yadifa/key.conf @@ -0,0 +1,5 @@ +<key> + name uberkey + algorithm hmac-sha512 + secret UNhY4JhezH9gQYqvDMWrWH9CwlcKiECVqejMrND2VFw= +</key> diff --git a/network/yadifa/rc.yadifa b/network/yadifa/rc.yadifa new file mode 100644 index 0000000000..63a35376ed --- /dev/null +++ b/network/yadifa/rc.yadifa @@ -0,0 +1,53 @@ +#!/bin/sh +# +# Start/stop/restart yadifad +# + +do_start() { + if [ -x /usr/sbin/yadifad ]; then + echo -n "Starting YADIFA DNS Server: /usr/sbin/yadifad -c /etc/yadifa/yadifad.conf --daemon... " + /usr/sbin/yadifad -c /etc/yadifa/yadifad.conf --daemon 2> /dev/null + echo "done." + fi +} + +do_stop() { + echo -n "Stopping YADIFA DNS Server: " + kill $(cat /var/run/yadifa/yadifad.pid) 2> /dev/null + sleep 2 + echo "done." +} + +do_restart() { + do_stop + sleep 1 + do_start +} + +do_reload() { + /usr/bin/yadifa cfgreload +} + +do_logreopen() { + /usr/bin/yadifa logreopen +} + +case "$1" in +'start') + do_start + ;; +'stop') + do_stop + ;; +'restart') + do_restart + ;; +'reload') + do_reload + ;; +'logreopen') + do_logreopen + ;; +*) + echo "usage $0 start|stop|restart|reload|logreopen" +esac diff --git a/network/yadifa/slack-desc b/network/yadifa/slack-desc new file mode 100644 index 0000000000..4a46ea28bc --- /dev/null +++ b/network/yadifa/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +yadifa: yadifa (Yet Another DNS Implementation For All) +yadifa: +yadifa: YADIFA is a lightweight authoritative Name Server with DNSSEC +yadifa: capabilities. Developed by the passionate people behind the .eu +yadifa: top-level domain, YADIFA has been built from scratch to face today’s +yadifa: DNS challenges, with no compromise on security, speed and stability, +yadifa: to offer a better and safer Internet experience. +yadifa: +yadifa: +yadifa: Web site: http://www.yadifa.eu/ +yadifa: diff --git a/network/yadifa/yadifa.SlackBuild b/network/yadifa/yadifa.SlackBuild new file mode 100644 index 0000000000..a206256c4b --- /dev/null +++ b/network/yadifa/yadifa.SlackBuild @@ -0,0 +1,143 @@ +#!/bin/sh + +# Slackware build script for YADIFA, Authoritative DNS server + +# Copyright (c) 2016, Sergey Fedosov <eleksir@gmail.com> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=yadifa +VERSION=${VERSION:-2.2.1} +VSUFFIX=${VSUFFIX:-6281} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if ! grep -q "^yadifa:" /etc/group; then + echo "Error: $PRGNAM group (yadifa) doesn't exist." + echo "Try creating one with:" + echo " # groupadd -g 332 yadifa" + exit 1 +fi + +if ! grep -q "^yadifa:" /etc/passwd; then + echo "Error: $PRGNAM user (yadifa) doesn't exist." + echo "Try creating one with:" + echo " # useradd -u 332 -d /var/lib/yadifa -g yadifa -s /bin/false yadifa" + exit 1 +fi + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf yadifa-$VERSION-${VSUFFIX} +tar xvf $CWD/yadifa-$VERSION-${VSUFFIX}.tar.gz || tar xvf $CWD/$VERSION-${VSUFFIX}.tar.gz +cd yadifa-$VERSION-${VSUFFIX} +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +./configure \ + --prefix=/usr \ + --sysconfdir=/etc/yadifa \ + --libdir=/usr/lib${LIBDIRSUFFIX}/yadifa \ + --localstatedir=/var/lib/yadifa \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --build=$ARCH-slackware-linux \ + --with-logdir=/var/log/yadifa \ + --enable-silent-rules \ + --enable-shared=yes \ + --enable-static=no \ + --enable-messages \ + --enable-ctrl \ + --build=$ARCH-slackware-linux + +make +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +install --mode=644 $CWD/$PRGNAM.SlackBuild $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +mkdir -p $PKG/etc/rc.d +install --mode=644 $CWD/rc.yadifa $PKG/etc/rc.d/rc.yadifa.new + +mkdir -p $PKG/var/run/yadifa +chown yadifa:yadifa $PKG/var/run/yadifa + +mkdir -p $PKG/var/log/yadifa +chown yadifa:yadifa $PKG/var/log/yadifa + +chown -R yadifa:yadifa $PKG/var/lib/yadifa + +mkdir -p $PKG/etc/yadifa +install --mode=644 $CWD/yadifad.conf $PKG/etc/yadifa/yadifad.conf.new +install --mode=644 $CWD/yadifa.conf $PKG/etc/yadifa/yadifa.conf.new +install --mode=640 $CWD/key.conf $PKG/etc/yadifa/key.conf.new +install --mode=644 $CWD/zones.conf $PKG/etc/yadifa/zones.conf.new + +mkdir -p $PKG/etc/logrotate.d +install --mode=644 $CWD/yadifa.logrotate $PKG/etc/logrotate.d/yadifa.new + +# remove empty file +rm -rf $PKG/etc/yadifa/yadifad.conf + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-${VERSION}-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/yadifa/yadifa.conf b/network/yadifa/yadifa.conf new file mode 100644 index 0000000000..c2c3f8a5e5 --- /dev/null +++ b/network/yadifa/yadifa.conf @@ -0,0 +1,6 @@ +include /etc/yadifa/key.conf + +<yadifa> + server 127.0.0.1 + tsig-key-name uberkey +</yadifa> diff --git a/network/yadifa/yadifa.info b/network/yadifa/yadifa.info new file mode 100644 index 0000000000..290d81b6fd --- /dev/null +++ b/network/yadifa/yadifa.info @@ -0,0 +1,10 @@ +PRGNAM="yadifa" +VERSION="2.2.1" +HOMEPAGE="http://www.yadifa.eu/" +DOWNLOAD="http://cdn.yadifa.eu/sites/default/files/releases/yadifa-2.2.1-6281.tar.gz" +MD5SUM="f74c7fd0c522dacd344893a78a58a2fe" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Sergei Fedosoff" +EMAIL="eleksir@gmail.com" diff --git a/network/yadifa/yadifa.logrotate b/network/yadifa/yadifa.logrotate new file mode 100644 index 0000000000..93cdd2ee13 --- /dev/null +++ b/network/yadifa/yadifa.logrotate @@ -0,0 +1,11 @@ +/var/log/yadifa/*.log { + daily + rotate 14 + notifempty + missingok + compress + sharedscripts + postrotate + /etc/rc.d/rc.yadifa logreopen + endscript +} diff --git a/network/yadifa/yadifad.conf b/network/yadifa/yadifad.conf new file mode 100644 index 0000000000..c3ac19305e --- /dev/null +++ b/network/yadifa/yadifad.conf @@ -0,0 +1,84 @@ +<main> + allow-control ctrl-server + chroot off + daemonize true + keys-path /var/lib/yadifa/zones/keys + data-path /var/lib/yadifa/zones + log-path /var/log/yadifa + pid-file /var/run/yadifa/yadifad.pid + xfr-path /var/lib/yadifa/zones/xfr + max-tcp-queries 100 + tcp-query-min-rate 6000 + answer-formerr-packets yes + serverid ns-loc-01 + user yadifa + group yadifa + statistics no + statistics-max-period 60 + version " " + allow-query any + allow-update any + allow-transfer any + axfr-max-record-by-packet 0 + axfr-max-packet-size 32768 + axfr-compress-packets true +</main> + +<control> + enabled true +</control> + +<nsid> + ascii "yadifad example NSID" +</nsid> + +include /etc/yadifa/key.conf + +<acl> + master 127.0.0.1 + ctrl-server 127.0.0.1 + yadifa-ctrl-server key uberkey + operations 192.0.2.128/28;2001:DB8::/32 + order-example-1 192.0.2.128/26 ; 192.0.2.5 ; + ! 192.0.2.133 ; ! 192.0.2.0/26 + order-example-2 192.0.2.5 ; !192.0.2.133 ; + 192.0.2.128/26 ; !192.0.2.0/26 + order-example-3 !192.0.2.133 ; 192.0.2.5 ; + !192.0.2.0/26 ; 192.0.2.128/26 +</acl> + +<rrl> + responses-per-second 5 + errors-per-second 5 + slip 10 + log-only off + ipv4-prefix-length 24 + ipv6-prefix-length 56 + enabled no +</rrl> + +<channels> + yadifa yadifa.log 0644 + zone zone.log 0644 +# queries query.log 0644 +# debug debug.log 0644 +# statistics stats.log 0644 +</channels> + +<loggers> + database info,warning,err,crit,alert,emerg yadifa + server info,warning,err,crit,alert,emerg yadifa + system info,warning,err,crit,alert,emerg yadifa + zone info,warning,err,crit,alert,emerg zone +# stats * statistics +# queries * queries + +# database * debug +# server * debug +# system * debug +# zone * debug +# stats * debug +# queries * debug +</loggers> + +include /etc/yadifa/zones.conf diff --git a/network/yadifa/zones.conf b/network/yadifa/zones.conf new file mode 100644 index 0000000000..b1a6206c96 --- /dev/null +++ b/network/yadifa/zones.conf @@ -0,0 +1,20 @@ +<zone> + domain somedomain.eu + file "masters/somedomain.eu.zone" + type "master" + allow-query any + allow-transfer any + allow-update any +</zone> + +<zone> + domain localhost + file "masters/localhost.zone" + type "master" +</zone> + +<zone> + domain localhost6 + file "masters/localhost6.zone" + type "master" +</zone> |