diff options
Diffstat (limited to 'net-dns/unbound/files')
| -rw-r--r-- | net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch | 72 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound-1.4.12-gentoo.patch | 12 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound-anchor.service | 13 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.confd | 4 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.initd | 56 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.service | 12 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound_at.service | 13 |
7 files changed, 182 insertions, 0 deletions
diff --git a/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch new file mode 100644 index 000000000000..c1be28cbc0db --- /dev/null +++ b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch @@ -0,0 +1,72 @@ +From 858da540f70a4411ad8fbe7144cef6ce9da18f89 Mon Sep 17 00:00:00 2001 +From: wouter <wouter@be551aaa-1e26-0410-a405-d3ace91eadb9> +Date: Mon, 5 Jan 2015 13:51:22 +0000 +Subject: [PATCH] - Fix #634: fix fail to start on Linux LTS 3.14.X, ignores + missing IP_MTU_DISCOVER OMIT option. + +--- a/services/listen_dnsport.c ++++ b/services/listen_dnsport.c +@@ -368,29 +368,47 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, + * (and also uses the interface mtu to determine the size of the packets). + * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks. + * FreeBSD already has same semantics without setting the option. */ +-# if defined(IP_PMTUDISC_OMIT) +- int action = IP_PMTUDISC_OMIT; +-# else +- int action = IP_PMTUDISC_DONT; +-# endif ++ int omit_set = 0; ++ int action; ++# if defined(IP_PMTUDISC_OMIT) ++ action = IP_PMTUDISC_OMIT; + if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, + &action, (socklen_t)sizeof(action)) < 0) { +- log_err("setsockopt(..., IP_MTU_DISCOVER, " +-# if defined(IP_PMTUDISC_OMIT) +- "IP_PMTUDISC_OMIT" ++ ++ if (errno != EINVAL) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", ++ strerror(errno)); ++ ++# ifndef USE_WINSOCK ++ close(s); + # else +- "IP_PMTUDISC_DONT" ++ closesocket(s); + # endif +- "...) failed: %s", +- strerror(errno)); ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } ++ } ++ else ++ { ++ omit_set = 1; ++ } ++# endif ++ if (omit_set == 0) { ++ action = IP_PMTUDISC_DONT; ++ if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, ++ &action, (socklen_t)sizeof(action)) < 0) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", ++ strerror(errno)); + # ifndef USE_WINSOCK +- close(s); ++ close(s); + # else +- closesocket(s); ++ closesocket(s); + # endif +- *noproto = 0; +- *inuse = 0; +- return -1; ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } + } + # elif defined(IP_DONTFRAG) + int off = 0; diff --git a/net-dns/unbound/files/unbound-1.4.12-gentoo.patch b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch new file mode 100644 index 000000000000..57920689783e --- /dev/null +++ b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch @@ -0,0 +1,12 @@ +diff -Naur unbound-1.4.12.orig/doc/example.conf.in unbound-1.4.12/doc/example.conf.in +--- unbound-1.4.12.orig/doc/example.conf.in 2011-07-14 17:33:37.000000000 +0900 ++++ unbound-1.4.12/doc/example.conf.in 2011-07-16 10:01:06.644402341 +0900 +@@ -334,7 +334,7 @@ + # with several entries, one file per entry. + # Zone file format, with DS and DNSKEY entries. + # Note this gets out of date, use auto-trust-anchor-file please. +- # trust-anchor-file: "" ++ # trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + + # Trusted key for validation. DS or DNSKEY. specify the RR on a + # single line, surrounded by "". TTL is ignored. class is IN default. diff --git a/net-dns/unbound/files/unbound-anchor.service b/net-dns/unbound/files/unbound-anchor.service new file mode 100644 index 000000000000..f55cf9db5d1e --- /dev/null +++ b/net-dns/unbound/files/unbound-anchor.service @@ -0,0 +1,13 @@ +[Unit] +Description=Update of the root trust anchor for DNSSEC validation +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target +Before=unbound.service + +[Service] +Type=oneshot +ExecStart=/usr/sbin/unbound-anchor + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd new file mode 100644 index 000000000000..b4de7cf1142e --- /dev/null +++ b/net-dns/unbound/files/unbound.confd @@ -0,0 +1,4 @@ +# Settings should normally not need any changes. + +# Location of the unbound configuration file. Leave empty for the default. +#UNBOUND_CONFFILE="/etc/unbound/unbound.conf" diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd new file mode 100644 index 000000000000..f17d0720b8f8 --- /dev/null +++ b/net-dns/unbound/files/unbound.initd @@ -0,0 +1,56 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +name="unbound daemon" +extra_commands="configtest" +extra_started_commands="reload" +description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address." +description_configtest="Run syntax tests for configuration files only." +description_reload="Kills all children and reloads the configuration." + + +UNBOUND_BINARY=${UNBOUND_BINARY:-/usr/sbin/unbound} +UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-/usr/sbin/unbound-checkconf} +UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-/etc/unbound/${SVCNAME}.conf} + +depend() { + need net + use logger + provide dns + after auth-dns +} + +checkconfig() { + UNBOUND_PIDFILE=$("${UNBOUND_CHECKCONF}" -o pidfile "${UNBOUND_CONFFILE}") + return $? +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + checkconfig + eend $? +} + +start() { + checkconfig || return $? + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --pidfile "${UNBOUND_PIDFILE}" \ + --exec "${UNBOUND_BINARY}" -- -c "${UNBOUND_CONFFILE}" + eend $? +} + +stop() { + checkconfig || return $? + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --pidfile "${UNBOUND_PIDFILE}" + eend $? +} + +reload() { + checkconfig || return $? + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${UNBOUND_PIDFILE}" + eend $? +} diff --git a/net-dns/unbound/files/unbound.service b/net-dns/unbound/files/unbound.service new file mode 100644 index 000000000000..41dd6fabd290 --- /dev/null +++ b/net-dns/unbound/files/unbound.service @@ -0,0 +1,12 @@ +[Unit] +Description=Unbound recursive Domain Name Server +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +ExecStartPre=/usr/sbin/unbound-checkconf +ExecStart=/usr/sbin/unbound -d + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/unbound/files/unbound_at.service b/net-dns/unbound/files/unbound_at.service new file mode 100644 index 000000000000..84b34af45446 --- /dev/null +++ b/net-dns/unbound/files/unbound_at.service @@ -0,0 +1,13 @@ +[Unit] +Description=Unbound recursive Domain Name Server +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +Type=simple +ExecStartPre=/usr/sbin/unbound-checkconf /etc/unbound/%i.conf +ExecStart=/usr/sbin/unbound -d -c /etc/unbound/%i.conf + +[Install] +WantedBy=multi-user.target |