Changeset 2328


Ignore:
Timestamp:
10/07/08 01:58:04 (6 years ago)
Author:
anarcat
Message:

stop overwriting named.conf

starting this release, only named.conf.options will be replaced (as we
need to modify the options {} block and can't just add another one). We
still install a named.conf, a fresh version from Lenny this time, so
that we get a clean start.

Also get rid of the bind_internal parameter that is not really used or
recommended, as it allows for authoritative nameservers to also serve
recursive queries (which is bad practice).

See: #1025
Closes: #1104

Location:
alternc/trunk
Files:
1 added
9 edited

Legend:

Unmodified
Added
Removed
  • alternc/trunk/debian/alternc-slave.config

    r2317 r2328  
    9595fi 
    9696 
    97 db_get alternc-slave/bind_internal 
    98 if [ -z "$RET" ] 
    99     then 
    100 db_set alternc-slave/bind_internal "$BIND_INTERNAL" 
    101 fi 
    102  
    10397db_get alternc-slave/default_mx 
    10498if [ -z "$RET" ] 
     
    171165db_input low alternc-slave/sql/overwrite || true 
    172166db_input low alternc-slave/monitor_ip || true 
    173 db_input low alternc-slave/bind_internal || true 
    174167db_go 
    175168 
  • alternc/trunk/debian/alternc-slave.postinst

    r2320 r2328  
    8080NS2_HOSTNAME="" 
    8181 
    82 # IP that have privilegied access to the DNS server. Separated by ';'. 
    83 BIND_INTERNAL="" 
    84  
    8582# Mail server hostname 
    8683DEFAULT_MX="" 
     
    121118    update_var alternc-slave/ns1 NS1_HOSTNAME 
    122119    update_var alternc-slave/ns2 NS2_HOSTNAME 
    123     update_var alternc-slave/bind_internal BIND_INTERNAL 
    124120    update_var alternc-slave/default_mx DEFAULT_MX  
    125121    update_var alternc-slave/mysql/client MYSQL_CLIENT  
  • alternc/trunk/debian/alternc-slave.templates

    r2319 r2328  
    143143 ping us and access apache status pages. Completely optional. 
    144144 
    145 Template:alternc-slave/bind_internal 
    146 Type: string 
    147 _Description: trusted servers for bind: 
    148  IP address or prefix of trusted machines for DNS transfers, 
    149  delimited by ';', optional. 
    150  
    151145Template:alternc-slave/pop_before_smtp_warning 
    152146Type: note 
  • alternc/trunk/debian/alternc.config

    r2317 r2328  
    9595fi 
    9696 
    97 db_get alternc/bind_internal 
    98 if [ -z "$RET" ] 
    99     then 
    100 db_set alternc/bind_internal "$BIND_INTERNAL" 
    101 fi 
    102  
    10397db_get alternc/default_mx 
    10498if [ -z "$RET" ] 
     
    171165db_input low alternc/sql/overwrite || true 
    172166db_input low alternc/monitor_ip || true 
    173 db_input low alternc/bind_internal || true 
    174167db_go 
    175168 
  • alternc/trunk/debian/alternc.postinst

    r2317 r2328  
    8080NS2_HOSTNAME="" 
    8181 
    82 # IP that have privilegied access to the DNS server. Separated by ';'. 
    83 BIND_INTERNAL="" 
    84  
    8582# Mail server hostname 
    8683DEFAULT_MX="" 
     
    121118    update_var alternc/ns1 NS1_HOSTNAME 
    122119    update_var alternc/ns2 NS2_HOSTNAME 
    123     update_var alternc/bind_internal BIND_INTERNAL 
    124120    update_var alternc/default_mx DEFAULT_MX  
    125121    update_var alternc/mysql/client MYSQL_CLIENT  
  • alternc/trunk/debian/changelog

    r2327 r2328  
    2929      per Debian Policy), some settings are directly overwritten. those 
    3030      settings are configured in /etc/alternc/postfix.cf. 
     31    * simplify the bind configuration: do not overwrite named.conf, put 
     32      all changes in named.options. get rid of the bind_internal parameter 
     33      that is not recommended anyways (as it allows recursive queries on an 
     34      authoritative nameserver). Note that the 'internal' ACL can still be 
     35      changed in a template if required. named.conf is still deployed by 
     36      AlternC, but this will be the last release that does so. See #1025 and 
     37      #1104. 
    3138 
    3239 -- Antoine Beaupré <anarcat@koumbit.org>  Tue, 15 Apr 2008 11:52:56 -0400 
  • alternc/trunk/debian/templates

    r2319 r2328  
    143143 ping us and access apache status pages. Completely optional. 
    144144 
    145 Template: alternc/bind_internal 
    146 Type: string 
    147 _Description: trusted servers for bind: 
    148  IP address or prefix of trusted machines for DNS transfers, 
    149  delimited by ';', optional. 
    150  
    151145Template: alternc/pop_before_smtp_warning 
    152146Type: note 
  • alternc/trunk/etc/alternc/templates/bind/named.conf

    r1003 r2328  
     1// This is the primary configuration file for the BIND DNS server named. 
    12// 
    2 // %%warning_message%% 
     3// Please read /usr/share/doc/bind9/README.Debian.gz for information on the  
     4// structure of BIND configuration files in Debian, *BEFORE* you customize  
     5// this configuration file. 
    36// 
    4 acl "internal" { 
    5         { 
    6         %%bind_internal%% 
    7         127.0.0.1; 
    8         }; 
    9 }; 
     7// If you are just adding zones, please do that in /etc/bind/named.conf.local 
    108 
    11 include "/var/alternc/bind/slaveip.conf"; 
     9include "/etc/bind/named.conf.options"; 
    1210 
    13 options { 
    14         directory "/var/cache/bind"; 
    15  
    16         // forwarders { 
    17         //      0.0.0.0; 
    18         // }; 
    19         version "Name Server Ready"; 
    20  
    21         auth-nxdomain no;    # conform to RFC1035 
    22         allow-query     { "internal"; }; 
    23         allow-transfer  { "allslaves"; }; 
    24         recursion no; 
    25 }; 
    26  
     11// prime the server with knowledge of the root servers 
    2712zone "." { 
    2813        type hint; 
    2914        file "/etc/bind/db.root"; 
    3015}; 
     16 
     17// be authoritative for the localhost forward and reverse zones, and for 
     18// broadcast zones as per RFC 1912 
    3119 
    3220zone "localhost" { 
     
    5038}; 
    5139 
    52 include "/etc/bind/rndc.key"; 
    53  
    54 // add entries for other zones below here 
    55 include "/var/alternc/bind/automatic.conf"; 
     40include "/etc/bind/named.conf.local"; 
  • alternc/trunk/install/alternc.install

    r2325 r2328  
    2626if [ -e /etc/bind/named.conf ]; then 
    2727    CONFIG_FILES="$CONFIG_FILES etc/bind/templates/zone.template 
    28                   etc/bind/templates/named.template etc/bind/named.conf" 
     28                  etc/bind/templates/named.template etc/bind/named.conf etc/bind/named.conf.options" 
    2929fi 
    3030if [ -e /etc/courier/authdaemonrc ]; then 
     
    111111                 print join (\".\", @ip);"` 
    112112 
    113 if [ ! -z "$BIND_INTERNAL" ]; then 
    114     BIND_INTERNAL="$BIND_INTERNAL;" 
    115 fi 
    116  
    117113if [ -z "$MONITOR_IP" ]; then 
    118114    MONITOR_IP="127.0.0.1" 
     
    130126s\\%%ns1%%\\$NS1_HOSTNAME\\; 
    131127s\\%%ns2%%\\$NS2_HOSTNAME\\; 
    132 s\\%%bind_internal%%\\$BIND_INTERNAL\\; 
    133128s\\%%mx%%\\$DEFAULT_MX\\; 
    134129s\\%%dbhost%%\\$MYSQL_HOST\\; 
Note: See TracChangeset for help on using the changeset viewer.