From 551fc8c675205b328fc942f3d873a1ad61fa7411 Mon Sep 17 00:00:00 2001 From: "Internet Software Consortium, Inc" <@isc.org> Date: Wed, 12 Jun 2013 10:32:56 -0600 Subject: 9.9.3-P1 --- CHANGES | 5 +++++ lib/dns/resolver.c | 29 +++++++++++++++++++++++------ srcid | 2 +- version | 4 ++-- 4 files changed, 31 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 5032e75f..7eb60ad6 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ + --- 9.9.3-P1 released --- + +3584. [security] Caching data from an incompletely signed zone could + trigger an assertion failure in resolver.c [RT #33690] + --- 9.9.3 released --- 3568. [cleanup] Add a product description line to the version file, diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 10d1f75f..27d15b93 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -4395,7 +4395,7 @@ fctx_log(void *arg, int level, const char *fmt, ...) { static inline isc_result_t findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type, - dns_name_t **noqname) + dns_name_t **noqnamep) { dns_rdataset_t *nrdataset, *next, *sigrdataset; dns_rdata_rrsig_t rrsig; @@ -4408,10 +4408,12 @@ findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type, dns_fixedname_t fclosest; dns_name_t *nearest; dns_fixedname_t fnearest; + dns_rdatatype_t found = dns_rdatatype_none; + dns_name_t *noqname = NULL; FCTXTRACE("findnoqname"); - REQUIRE(noqname != NULL && *noqname == NULL); + REQUIRE(noqnamep != NULL && *noqnamep == NULL); /* * Find the SIG for this rdataset, if we have it. @@ -4480,8 +4482,10 @@ findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type, &data, NULL, fctx_log, fctx))) { - if (!exists) - *noqname = nsec; + if (!exists) { + noqname = nsec; + found = dns_rdatatype_nsec; + } } if (nrdataset->type == dns_rdatatype_nsec3 && @@ -4494,13 +4498,26 @@ findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type, closest, nearest, fctx_log, fctx))) { - if (!exists && setnearest) - *noqname = nsec; + if (!exists && setnearest) { + noqname = nsec; + found = dns_rdatatype_nsec3; + } } } } if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; + if (noqname != NULL) { + for (sigrdataset = ISC_LIST_HEAD(noqname->list); + sigrdataset != NULL; + sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) { + if (sigrdataset->type == dns_rdatatype_rrsig && + sigrdataset->covers == found) + break; + } + if (sigrdataset != NULL) + *noqnamep = noqname; + } return (result); } diff --git a/srcid b/srcid index a2cf288b..b2544aab 100644 --- a/srcid +++ b/srcid @@ -1 +1 @@ -SRCID=d281b394 +SRCID=58d2f2e2 diff --git a/version b/version index 52ab156f..3761bb54 100644 --- a/version +++ b/version @@ -8,5 +8,5 @@ DESCRIPTION="(Extended Support Version)" MAJORVER=9 MINORVER=9 PATCHVER=3 -RELEASETYPE= -RELEASEVER= +RELEASETYPE=-P +RELEASEVER=1 -- cgit v1.2.3 From af47722da3bdf4443cc851a802a0d0f0bccfb696 Mon Sep 17 00:00:00 2001 From: "Internet Software Consortium, Inc" <@isc.org> Date: Wed, 14 Aug 2013 06:33:39 -0600 Subject: 9.9.3-P2 --- CHANGES | 6 ++++++ lib/dns/rdata/generic/keydata_65533.c | 2 +- srcid | 2 +- version | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 7eb60ad6..4e3152fd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ + --- 9.9.3-P2 released --- + +3621. [security] Incorrect bounds checking on private type 'keydata' + can lead to a remotely triggerable REQUIRE failure + (CVE-2013-4854). [RT #34238] + --- 9.9.3-P1 released --- 3584. [security] Caching data from an incompletely signed zone could diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c index 46bf6fce..a2d83f45 100644 --- a/lib/dns/rdata/generic/keydata_65533.c +++ b/lib/dns/rdata/generic/keydata_65533.c @@ -194,7 +194,7 @@ fromwire_keydata(ARGS_FROMWIRE) { UNUSED(options); isc_buffer_activeregion(source, &sr); - if (sr.length < 4) + if (sr.length < 16) return (ISC_R_UNEXPECTEDEND); isc_buffer_forward(source, sr.length); diff --git a/srcid b/srcid index b2544aab..50728030 100644 --- a/srcid +++ b/srcid @@ -1 +1 @@ -SRCID=58d2f2e2 +SRCID=d8a6fe8b diff --git a/version b/version index 3761bb54..039f4a12 100644 --- a/version +++ b/version @@ -9,4 +9,4 @@ MAJORVER=9 MINORVER=9 PATCHVER=3 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=2 -- cgit v1.2.3 From 48ce52d4d48c9dbb71853079fcb78a978096896a Mon Sep 17 00:00:00 2001 From: LaMont Jones Date: Sat, 17 Aug 2013 05:59:42 -0600 Subject: 9.9.3.dfsg.P2-1 debian tree. --- debian/README.Debian | 178 ++++ debian/apparmor-profile | 50 + debian/apparmor-profile.local | 2 + debian/bind9-doc.dirs | 1 + debian/bind9-doc.docs | 1 + debian/bind9-host.dirs | 2 + debian/bind9-host.install | 2 + debian/bind9.NEWS | 14 + debian/bind9.apport | 36 + debian/bind9.config | 14 + debian/bind9.dirs | 13 + debian/bind9.docs | 2 + debian/bind9.init | 145 +++ debian/bind9.postinst | 169 ++++ debian/bind9.postrm | 16 + debian/bind9.preinst | 44 + debian/bind9.prerm | 30 + debian/bind9.ufw.profile | 5 + debian/bind9utils.dirs | 3 + debian/bind9utils.install | 16 + debian/changelog | 1878 ++++++++++++++++++++++++++++++++++++++ debian/compat | 1 + debian/control | 173 ++++ debian/copyright | 121 +++ debian/db.0 | 12 + debian/db.127 | 13 + debian/db.empty | 14 + debian/db.local | 14 + debian/db.root | 88 ++ debian/dnsutils.dirs | 3 + debian/dnsutils.install | 6 + debian/dnsutils.postinst | 5 + debian/ip-down.d | 15 + debian/ip-up.d | 15 + debian/libbind-dev.README.Debian | 9 + debian/libbind-dev.dirs | 2 + debian/libbind-dev.install | 15 + debian/libbind9-90.install | 1 + debian/libbind9-90.postinst | 5 + debian/libbind9-90.postrm | 10 + debian/libdns99.install | 1 + debian/libdns99.postinst | 5 + debian/libdns99.postrm | 10 + debian/libirs90.install | 1 + debian/libirs90.postinst | 5 + debian/libirs90.postrm | 10 + debian/libisc95.install | 1 + debian/libisc95.postinst | 5 + debian/libisc95.postrm | 10 + debian/libisccc90.install | 1 + debian/libisccc90.postinst | 5 + debian/libisccc90.postrm | 10 + debian/libisccfg90.install | 1 + debian/libisccfg90.postinst | 5 + debian/libisccfg90.postrm | 10 + debian/liblwres90.install | 1 + debian/liblwres90.postinst | 5 + debian/libwres90.postrm | 10 + debian/lwresd.dirs | 5 + debian/lwresd.init | 72 ++ debian/lwresd.install | 2 + debian/lwresd.postinst | 40 + debian/named.conf | 11 + debian/named.conf.default-zones | 30 + debian/named.conf.local | 8 + debian/named.conf.options | 26 + debian/nslookup.1 | 536 +++++++++++ debian/po/POTFILES.in | 1 + debian/po/cs.po | 67 ++ debian/po/da.po | 67 ++ debian/po/de.po | 84 ++ debian/po/es.po | 86 ++ debian/po/eu.po | 68 ++ debian/po/fi.po | 64 ++ debian/po/fr.po | 69 ++ debian/po/gl.po | 66 ++ debian/po/id.po | 51 ++ debian/po/it.po | 69 ++ debian/po/ja.po | 66 ++ debian/po/ko.po | 69 ++ debian/po/nb.po | 69 ++ debian/po/nl.po | 72 ++ debian/po/pl.po | 68 ++ debian/po/pt.po | 69 ++ debian/po/pt_BR.po | 71 ++ debian/po/ru.po | 70 ++ debian/po/sk.po | 67 ++ debian/po/sr.po | 66 ++ debian/po/sr@latin.po | 66 ++ debian/po/sv.po | 69 ++ debian/po/templates.pot | 60 ++ debian/po/tr.po | 70 ++ debian/po/vi.po | 67 ++ debian/po/zh_CN.po | 64 ++ debian/rules | 175 ++++ debian/source/format | 1 + debian/templates | 21 + debian/vars.in | 1 + debian/zones.rfc1918 | 20 + 99 files changed, 5962 insertions(+) create mode 100644 debian/README.Debian create mode 100644 debian/apparmor-profile create mode 100644 debian/apparmor-profile.local create mode 100644 debian/bind9-doc.dirs create mode 100644 debian/bind9-doc.docs create mode 100644 debian/bind9-host.dirs create mode 100644 debian/bind9-host.install create mode 100644 debian/bind9.NEWS create mode 100644 debian/bind9.apport create mode 100644 debian/bind9.config create mode 100644 debian/bind9.dirs create mode 100644 debian/bind9.docs create mode 100644 debian/bind9.init create mode 100644 debian/bind9.postinst create mode 100644 debian/bind9.postrm create mode 100644 debian/bind9.preinst create mode 100644 debian/bind9.prerm create mode 100644 debian/bind9.ufw.profile create mode 100644 debian/bind9utils.dirs create mode 100644 debian/bind9utils.install create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/db.0 create mode 100644 debian/db.127 create mode 100644 debian/db.empty create mode 100644 debian/db.local create mode 100644 debian/db.root create mode 100644 debian/dnsutils.dirs create mode 100644 debian/dnsutils.install create mode 100644 debian/dnsutils.postinst create mode 100644 debian/ip-down.d create mode 100644 debian/ip-up.d create mode 100644 debian/libbind-dev.README.Debian create mode 100644 debian/libbind-dev.dirs create mode 100644 debian/libbind-dev.install create mode 100644 debian/libbind9-90.install create mode 100644 debian/libbind9-90.postinst create mode 100644 debian/libbind9-90.postrm create mode 100644 debian/libdns99.install create mode 100644 debian/libdns99.postinst create mode 100644 debian/libdns99.postrm create mode 100644 debian/libirs90.install create mode 100644 debian/libirs90.postinst create mode 100644 debian/libirs90.postrm create mode 100644 debian/libisc95.install create mode 100644 debian/libisc95.postinst create mode 100644 debian/libisc95.postrm create mode 100644 debian/libisccc90.install create mode 100644 debian/libisccc90.postinst create mode 100644 debian/libisccc90.postrm create mode 100644 debian/libisccfg90.install create mode 100644 debian/libisccfg90.postinst create mode 100644 debian/libisccfg90.postrm create mode 100644 debian/liblwres90.install create mode 100644 debian/liblwres90.postinst create mode 100644 debian/libwres90.postrm create mode 100644 debian/lwresd.dirs create mode 100644 debian/lwresd.init create mode 100644 debian/lwresd.install create mode 100644 debian/lwresd.postinst create mode 100644 debian/named.conf create mode 100644 debian/named.conf.default-zones create mode 100644 debian/named.conf.local create mode 100644 debian/named.conf.options create mode 100644 debian/nslookup.1 create mode 100644 debian/po/POTFILES.in create mode 100644 debian/po/cs.po create mode 100644 debian/po/da.po create mode 100644 debian/po/de.po create mode 100644 debian/po/es.po create mode 100644 debian/po/eu.po create mode 100644 debian/po/fi.po create mode 100644 debian/po/fr.po create mode 100644 debian/po/gl.po create mode 100644 debian/po/id.po create mode 100644 debian/po/it.po create mode 100644 debian/po/ja.po create mode 100644 debian/po/ko.po create mode 100644 debian/po/nb.po create mode 100644 debian/po/nl.po create mode 100644 debian/po/pl.po create mode 100644 debian/po/pt.po create mode 100644 debian/po/pt_BR.po create mode 100644 debian/po/ru.po create mode 100644 debian/po/sk.po create mode 100644 debian/po/sr.po create mode 100644 debian/po/sr@latin.po create mode 100644 debian/po/sv.po create mode 100644 debian/po/templates.pot create mode 100644 debian/po/tr.po create mode 100644 debian/po/vi.po create mode 100644 debian/po/zh_CN.po create mode 100644 debian/rules create mode 100644 debian/source/format create mode 100644 debian/templates create mode 100644 debian/vars.in create mode 100644 debian/zones.rfc1918 diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 00000000..c5e76641 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,178 @@ +DNSSEC validation turned on by default as of BIND 9.8.1 +------------------------------------------------------- +As of version 9.8.1.dfsg-1, BIND ships with DNSSEC validation turned on +by default. As the keys get changed over time, this means that a fresh +install of BIND will require that the admin manually upgrade bind.keys +to account for the change, before BIND will be able to resolve hosts in +DNSSEC validated zones. + + +Upgrading from BIND 8.X: +----------------------- + +If you are upgrading an authoritative server from BIND 8.X, please install +the bind9-doc package and read /usr/share/doc/bind9-doc/misc/migration.gz, +which contains a set of notes from the BIND maintainers on what changed +that is likely to need your attention during an upgrade. + + +Upgrading from earlier bind9 packages: +------------------------------------- + +If you installed an early version of the Debian bind9 packages, prior to +version 1:9.2.0-2 to be more precise, you may have an /etc/bind/rndc.conf +configuration file still on your system. There's nothing wrong with that, +and if you've explicitly configured keys for using rndc you may well want to +leave things exactly as they are! + +However, since 9.2.0 BIND 9.X has supported an rndc.key file that both named +and rndc will read to obtain a shared key for rndc use against a daemon on +the same host. The rndc-confgen program will easily create a suitable key +file. To take advantage of this mechanism, you may want to: + + remove the /etc/bind/rndc.conf file + remove the rndc key specification in the /etc/bind/named.conf file + + rndc-confgen -r /dev/urandom -a + +Alternatively, you can 'purge' the bind9 packages and reinstall them and you +will end up with the new behavior since it is now the default. + +This is more secure than using a static key that isn't generated on a per-host +basis, and is an easy alternative to more complex key schemes if you only need +to use rndc to talk to named on the same host. + + +Known Issues: +------------ + +I've had a report that lwresd, at least, fails to work with some recent 2.5 +kernels. If you see something in your logs like + + loading configuration from '/etc/bind/lwresd.conf' + none:0: open: /etc/bind/lwresd.conf: permission denied + +Try rebuilding with --disable-linux-caps added to the configure call in the +rules file. I'm hoping this is a temporary problem in the 2.5 kernel series, +but we'll see. + + +Configuration Schema: +-------------------- + +The Debian BIND package ships with a config that will work for the majority +of leaf servers with no user input required. + +The named configuration file named.conf is located in /etc/bind, so that all +static configuration files relating to bind are in one place. If you really +really don't want named.conf in /etc/bind, then the best way to handle it is +probably to replace /etc/bind/named.conf with a symlink to the location you +want to use. You could also use an option to named in the init.d script, +but that only works for named, not for things like ndc. + +Zone data files for the root servers, and the forward and reverse localhost +zones are also provided in /etc/bind. + +The working directory for named is now /var/cache/bind. Thus, any transient +files generated by named, such as database files for zones the daemon is +secondary for, will be written to the /var filesystem, where they belong. + +To make this work, the named.conf provided uses explicitly fully-qualified +pathnames to reference the files in /etc/bind. + +Unlike previous BIND packages for Debian, the named.conf and provided db.* +files are tagged as conffiles. Thus, if you just want a "caching mostly" +server configuration for a server that does not need to be authoritative for +anything else, you can run the provided configuration as-is. If you want to +hack on named.conf, or even the init.d fragment, you can feel free to. Future +package upgrades will treat your configuration changes sanely, as all Debian +packages should. + +While you are free to craft whatever structure you wish for servers which need +to be authoritative for additional zones, what we suggest is that you put the +db files for any zones you are master for in /etc/bind (perhaps even in a +subdirectory structure depending on complexity), using full pathnames in the +named.conf file. Any zones you are secondary for should be configured in +named.conf with simple filenames (relative to /var/cache/bind), so the data +files will be stored in BIND's working directory (defaults to /var/cache/bind). +Zones subject to automatic updates (such as via DHCP and/or nsupdate) should be +stored in /var/lib/bind, and specified with full pathnames. + + +Running Chroot'ed: +----------------- + +Several users have asked for Debian BIND to run in a "chroot jail". There are +various issues associated with making this the default configuration for the +package in Debian. In the meantime, reasonable instructions on how to do +this yourself are available on the web from: + + http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html + + +Running Non-Root: +----------------- + +Recent versions of named can be invoked with options that specify a non-root +user and/or group for named. Read the named man page for more information. +Note that when running named as a user other than root, it will not be able +to find new interfaces that appear dynamically, such as during a PCMCIA card +insertion, or if you're running some flavors of IPSEC and/or IP over IP +tunnels. If you cannot live with those limitations, feel free to edit the +/etc/init.d/bind9 script to change the invocation of named. + +The default is now to run as the user 'bind' (which is automatically created +in the group 'bind', if it doesn't exist), unless named.conf has been changed. +To change this, edit /etc/default/bind9 + +Please note that 'ndc restart' doesn't honor all the original command line +options to named, so we explicitly don't use it in the init.d script provided +with the package, and you should be careful about using it if you decide to +run named non-root. + + +PPP Control Script: +----------------- + +Unfortunately, 'ndc reload' will not honor any command line options that were +fed to named on the initial invocation. If you can live with that, and +want to wiggle your DNS configuration when your PPP link goes up or down, the +following script fragment from Francesco Potorti` may be helpful +to you: + + I suggest adding this as bot /etc/ppp/ip-up.d/bind and + /etc/ppp/ip-down.d/bind: + + ================================================================ + #!/bin/sh + if [ -x /usr/sbin/ndc -a -x /usr/sbin/named ] + then + /usr/sbin/ndc reload > /dev/null + fi + ================================================================ + + This should cause no harm in any case, and should be helpful in these + cases: + - you configure bind as a forwarder. When ppp is down, it cannot access + the network. As soon as ppp is up, it is forced by the script to try + again, and it succeeds. + - someone writes a clever script that, coupled with the `usepeerdns' + command of pppd, makes a forwarding-only bind use the right servers by + rewriting the configuration file after ppp goes up. Then the script + above makes bind reload the configuration. + + Now, someone should write that clever script :-) + + By the way, this is a badly wanted feature, that should help setting up + a ppp connection automatically. Currently, setting up a ppp connection + is much easier on a windows system than on linux, and there is really no + reason why it should be so, given that all the tools are there. + + +Apparmor Profile +---------------- +If your system uses apparmor, please note that the shipped enforcing profile +works with the default installation, and changes in your configuration may +require changes to the installed apparmor profile. Please see +https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this +software. diff --git a/debian/apparmor-profile b/debian/apparmor-profile new file mode 100644 index 00000000..0eb118a7 --- /dev/null +++ b/debian/apparmor-profile @@ -0,0 +1,50 @@ +# vim:syntax=apparmor +# Last Modified: Fri Jun 1 16:43:22 2007 +#include + +/usr/sbin/named { + #include + #include + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + capability sys_resource, + + # /etc/bind should be read-only for bind + # /var/lib/bind is for dynamically updated zone (and journal) files. + # /var/cache/bind is for slave/stub data, since we're not the origin of it. + # See /usr/share/doc/bind9/README.Debian.gz + /etc/bind/** r, + /var/lib/bind/** rw, + /var/lib/bind/ rw, + /var/cache/bind/** lrw, + /var/cache/bind/ rw, + + # gssapi + /etc/krb5.keytab kr, + /etc/bind/krb5.keytab kr, + + # ssl + /etc/ssl/openssl.cnf r, + + # dnscvsutil package + /var/lib/dnscvsutil/compiled/** rw, + + /proc/net/if_inet6 r, + /proc/*/net/if_inet6 r, + /usr/sbin/named mr, + /{,var/}run/named/named.pid w, + /{,var/}run/named/session.key w, + # support for resolvconf + /{,var/}run/named/named.options r, + + # some people like to put logs in /var/log/named/ instead of having + # syslog do the heavy lifting. + /var/log/named/** rw, + /var/log/named/ rw, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/debian/apparmor-profile.local b/debian/apparmor-profile.local new file mode 100644 index 00000000..c72fe2de --- /dev/null +++ b/debian/apparmor-profile.local @@ -0,0 +1,2 @@ +# Site-specific additions and overrides for usr.sbin.named. +# For more details, please see /etc/apparmor.d/local/README. diff --git a/debian/bind9-doc.dirs b/debian/bind9-doc.dirs new file mode 100644 index 00000000..3d13cf81 --- /dev/null +++ b/debian/bind9-doc.dirs @@ -0,0 +1 @@ +usr/share/doc/bind9-doc/arm diff --git a/debian/bind9-doc.docs b/debian/bind9-doc.docs new file mode 100644 index 00000000..86d3a6d7 --- /dev/null +++ b/debian/bind9-doc.docs @@ -0,0 +1 @@ +doc/misc diff --git a/debian/bind9-host.dirs b/debian/bind9-host.dirs new file mode 100644 index 00000000..98d15831 --- /dev/null +++ b/debian/bind9-host.dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/man/man1 diff --git a/debian/bind9-host.install b/debian/bind9-host.install new file mode 100644 index 00000000..f07a04d8 --- /dev/null +++ b/debian/bind9-host.install @@ -0,0 +1,2 @@ +usr/bin/host +usr/share/man/man1/host.1* diff --git a/debian/bind9.NEWS b/debian/bind9.NEWS new file mode 100644 index 00000000..d235da68 --- /dev/null +++ b/debian/bind9.NEWS @@ -0,0 +1,14 @@ +bind9 (1:9.4.0-1) experimental; urgency=low + + As of bind 9.4, allow-query-cache and allow-recursion default to the + builtin acls 'localnets' and 'localhost'. If you are setting up a + name server for a network, you will almost certainly need to change + this. + + The change in default has been done to make caching servers less + attractive as reflective amplifying targets for spoofed traffic. + This still leaves authoritative servers exposed. + + The best fix is for full BCP 38 deployment to remove spoofed traffic. + + -- LaMont Jones Wed, 03 Oct 2007 00:52:44 -0600 diff --git a/debian/bind9.apport b/debian/bind9.apport new file mode 100644 index 00000000..e484b949 --- /dev/null +++ b/debian/bind9.apport @@ -0,0 +1,36 @@ +#!/usr/bin/python + +'''apport hook for bind9 + +(c) 2010 Andres Rodriguez. +Author: Andres Rodriguez + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +from apport.hookutils import * +import re + +def add_info(report, ui): + response = ui.yesno("The contents of your /etc/bind/named.conf file " + "may help developers diagnose your bug more " + "quickly. However, it may contain sensitive " + "information. Do you want to include it in your " + "bug report?") + + if response == None: # user cancelled + raise StopIteration + elif response == True: + attach_conffiles(report,'bind9') + + # getting syslog stuff + report['SyslogBind9'] = recent_syslog(re.compile(r'named\[')) + + # Attaching related packages info + attach_related_packages(report, ['bind9utils', 'apparmor']) + + attach_mac_events(report, '/usr/sbin/named') diff --git a/debian/bind9.config b/debian/bind9.config new file mode 100644 index 00000000..e7f85c5e --- /dev/null +++ b/debian/bind9.config @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +db_input low bind9/start-as-user || true +db_go + +db_input low bind9/different-configuration-file || true +db_go + +db_input low bind9/run-resolvconf || true +db_go diff --git a/debian/bind9.dirs b/debian/bind9.dirs new file mode 100644 index 00000000..fbaaad7a --- /dev/null +++ b/debian/bind9.dirs @@ -0,0 +1,13 @@ +etc/ufw/applications.d +etc/apparmor.d/force-complain +etc/apparmor.d/local +etc/bind +usr/bin +usr/sbin +var/cache/bind +var/run/named +usr/share/bind9 +etc/ppp/ip-up.d +etc/ppp/ip-down.d +etc/network/if-up.d +etc/network/if-down.d diff --git a/debian/bind9.docs b/debian/bind9.docs new file mode 100644 index 00000000..45b05038 --- /dev/null +++ b/debian/bind9.docs @@ -0,0 +1,2 @@ +FAQ +README diff --git a/debian/bind9.init b/debian/bind9.init new file mode 100644 index 00000000..4fb7a187 --- /dev/null +++ b/debian/bind9.init @@ -0,0 +1,145 @@ +#!/bin/sh -e + +### BEGIN INIT INFO +# Provides: bind9 +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Should-Start: $network $syslog +# Should-Stop: $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop bind9 +# Description: bind9 is a Domain Name Server (DNS) +# which translates ip addresses to and from internet names +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +# for a chrooted server: "-u bind -t /var/lib/named" +# Don't modify this line, change or create /etc/default/bind9. +OPTIONS="" +RESOLVCONF=no + +test -f /etc/default/bind9 && . /etc/default/bind9 + +test -x /usr/sbin/rndc || exit 0 + +. /lib/lsb/init-functions +PIDFILE=/var/run/named/named.pid + +check_network() { + if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then + IFCONFIG_OPTS="-au" + else + IFCONFIG_OPTS="" + fi + if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then + #log_action_msg "No networks configured." + return 1 + fi + return 0 +} + +case "$1" in + start) + log_daemon_msg "Starting domain name service..." "bind9" + + modprobe capability >/dev/null 2>&1 || true + + # dirs under /var/run can go away on reboots. + mkdir -p /var/run/named + chmod 775 /var/run/named + chown root:bind /var/run/named >/dev/null 2>&1 || true + + if [ ! -x /usr/sbin/named ]; then + log_action_msg "named binary missing - not starting" + log_end_msg 1 + fi + + if ! check_network; then + log_action_msg "no networks configured" + log_end_msg 1 + fi + + if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \ + --pidfile ${PIDFILE} -- $OPTIONS; then + if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named + fi + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + + stop) + log_daemon_msg "Stopping domain name service..." "bind9" + if ! check_network; then + log_action_msg "no networks configured" + log_end_msg 1 + fi + + if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d lo.named + fi + pid=$(/usr/sbin/rndc stop -p | awk '/^pid:/ {print $2}') || true + if [ -z "$pid" ]; then # no pid found, so either not running, or error + pid=$(pgrep -f ^/usr/sbin/named) || true + start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/named \ + --pidfile ${PIDFILE} -- $OPTIONS + fi + if [ -n $pid ]; then + sig=0 + n=1 + while kill -$sig $pid 2>/dev/null; do + if [ $n -eq 1 ]; then + echo "waiting for pid $pid to die" + fi + if [ $n -eq 11 ]; then + echo "giving up on pid $pid with kill -0; trying -9" + sig=9 + fi + if [ $n -gt 20 ]; then + echo "giving up on pid $pid" + break + fi + n=$(($n+1)) + sleep 1 + done + fi + log_end_msg 0 + ;; + + reload|force-reload) + log_daemon_msg "Reloading domain name service..." "bind9" + if ! check_network; then + log_action_msg "no networks configured" + log_end_msg 1 + fi + + /usr/sbin/rndc reload >/dev/null && log_end_msg 0 || log_end_msg 1 + ;; + + restart) + if ! check_network; then + log_action_msg "no networks configured" + exit 1 + fi + + $0 stop + $0 start + ;; + + status) + ret=0 + status_of_proc -p ${PIDFILE} /usr/sbin/named bind9 2>/dev/null || ret=$? + exit $ret + ;; + + *) + log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/debian/bind9.postinst b/debian/bind9.postinst new file mode 100644 index 00000000..01ca6119 --- /dev/null +++ b/debian/bind9.postinst @@ -0,0 +1,169 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +if [ "$1" = configure ]; then + lastversion="$2"; + + # lets give them a bind user/group in all cases. + getent group bind >/dev/null 2>&1 || addgroup --system bind + getent passwd bind >/dev/null 2>&1 || + adduser --system --home /var/cache/bind --no-create-home \ + --disabled-password --ingroup bind bind + + if [ -z "$lastversion" ] || dpkg --compare-versions "$lastversion" lt 1:9.4.2-2 ; then + mkdir -p /var/lib/bind + chown root:bind /var/lib/bind + chmod 775 /var/lib/bind + fi + + if [ ! -s /etc/bind/rndc.key ]; then + rndc-confgen -r /dev/urandom -a + fi + + # no sumfile means you get the default + [ -f /var/lib/bind/bind9-default.md5sum ] || + echo "2cfcfb7bf1b99c7930fd475907e38be7 /etc/default/bind9" > /var/lib/bind/bind9-default.md5sum + + if [ -f /etc/default/bind9 ] && \ + [ "$(cat /var/lib/bind/bind9-default.md5sum)" = "$(md5sum /etc/default/bind9)" ]; then + config="/etc/default/bind9" + elif [ ! -e /etc/default/bind9 ]; then + config="/etc/default/bind9" + else + config="/etc/default/bind9.dpkg-dist" + fi + + + # On a fresh install, or if we are upgrading from pre-9.8, think about dnssec + if [ -z "$lastversion" ] || dpkg --compare-versions "$lastversion" lt 1:9.8.1.dfsg-1 ; then + UPDATE_OPTS="n" + if [ -f /etc/bind/named.conf.options ]; then + case $(md5sum /etc/bind/named.conf.options | sed 's/ .*$//') in + d6b678ac90fd6ab163d74dfe5d68c2c9) UPDATE_OPTS=y;; # 9.4.2ish + 0367900f381d5c83cf34009440f3d211) UPDATE_OPTS=y;; # 9.6 and later + 56919cbc0d819c9a303a8bdeb306b5f1) UPDATE_OPTS=ok;; # 9.8 + esac + case $UPDATE_OPTS in + y) + echo Updating named.conf.options to include DNSSEC enablement + cp /usr/share/bind9/named.conf.options /etc/bind/named.conf.options + chmod 644 /etc/bind/named.conf.options + ;; + n) + echo NOT updating named.conf.options to include DNSSEC enablement + ;; + esac + else + cp /usr/share/bind9/named.conf.options /etc/bind/named.conf.options + chmod 644 /etc/bind/named.conf.options + fi + fi + + localconf="" + if [ ! -f $config ]; then + CONF=/etc/bind/named.conf + for file in ${CONF} ${CONF}.local ${CONF}.default-zones; do + if [ -f ${file} ]; then + theirs=$(md5sum $file | sed 's/ .*$//') + mine=$(dpkg --status bind9 | grep "^ $file " | sed -n 's/.* //p') + if [ "$mine" != "$theirs" ]; then + localconf="y" + fi + else + localconf="y" + fi + done + if [ -n "$localconf" ]; then + db_reset bind9/start-as-user + else + db_set bind9/start-as-user bind || true + fi + + echo '#' + echo '# run resolvconf?' >> $config + db_get bind9/run-resolvconf + if [ ! -z "$RET" ] && [ "$RET" = "true" ]; then + echo "RESOLVCONF=yes" >> $config + else + echo "RESOLVCONF=no" >> $config + fi + + db_get bind9/start-as-user + USER=$RET + db_get bind9/different-configuration-file + CONFFILE=$RET + + echo '' >> $config + echo '# startup options for the server' >> $config + if [ ! -z "$USER" ] && [ ! -z "$CONFFILE" ]; then + echo "OPTIONS=\"-u $USER -c $CONFFILE\"" >> $config + elif [ ! -z "$USER" ]; then + echo "OPTIONS=\"-u $USER\"" >> $config + elif [ ! -z "$CONFFILE" ]; then + echo "OPTIONS=\"-c $CONFFILE\"" >> $config + else + echo "OPTIONS=\"\"" >> $config + fi + else + db_get bind9/run-resolvconf + if [ ! -z "$RET" ] && [ "$RET" = "true" ]; then + sed -e "s#^\([[:space:]]*\)\(RESOLVCONF=[[:space:]]*\)[^ ]*#\1\2yes#g" -i $config + else + sed -e "s#^\([[:space:]]*\)\(RESOLVCONF=[[:space:]]*\)[^ ]*#\1\2no#g" -i $config + fi + db_get bind9/start-as-user + if [ ! -z "$RET" ]; then + if [ ! -z "`grep OPTIONS $config`" ]; then + if [ ! -z "`grep OPTIONS $config | grep '\-u'`" ]; then + sed -e "s#\([[:space:]]*OPTIONS[[:space:]]*\)=\"\([^\"]*\)-u[[:space:]]*[^\" ]*\([^\"]*\)\"#\1=\"\2-u $RET\3\"#g" -i $config + else + sed -e "s#\([[:space:]]*OPTIONS[[:space:]]*\)=\"\([^\"]*\)\"#\1=\"\2 -u $RET\"#g" -i $config + fi + else + echo "OPTIONS=\"-u $RET\"" + fi + fi + db_get bind9/different-configuration-file + if [ ! -z "$RET" ]; then + if [ ! -z "`grep OPTIONS $config | grep '\-c'`" ]; then + sed -e "s#\([[:space:]]*OPTIONS[[:space:]]*\)=\"\([^\"]*\)-c[[:space:]]*[^\" ]*\([^\"]*\)\"#\1=\"\2-c $RET\3\"#g" -i $config + else + sed -e "s#\([[:space:]]*OPTIONS[[:space:]]*\)=\"\([^\"]*\)\"#\1=\"\2 -c $RET\"#g" -i $config + fi + fi + fi + + if [ "$config" = "/etc/default/bind9" ]; then + md5sum /etc/default/bind9 > /var/lib/bind/bind9-default.md5sum + fi + + uid=$(ls -ln /etc/bind/rndc.key | awk '{print $3}') + if [ "$uid" = "0" ]; then + [ -n "$localconf" ] || chown bind /etc/bind/rndc.key + chgrp bind /etc/bind + chmod g+s /etc/bind + chgrp bind /etc/bind/rndc.key /var/cache/bind + chgrp bind /etc/bind/named.conf* || true + chmod g+r /etc/bind/rndc.key /etc/bind/named.conf* || true + chmod g+rwx /var/cache/bind + fi + + # Reload AppArmor profile + APP_PROFILE="/etc/apparmor.d/usr.sbin.named" + if [ -f "$APP_PROFILE" ] && aa-status --enabled 2>/dev/null; then + apparmor_parser -r "$APP_PROFILE" || true + fi + + if pidof /usr/sbin/named >/dev/null 2>&1; then + invoke-rc.d bind9 restart + else + invoke-rc.d bind9 start + fi +fi + +db_stop + +#DEBHELPER# diff --git a/debian/bind9.postrm b/debian/bind9.postrm new file mode 100644 index 00000000..0c99299b --- /dev/null +++ b/debian/bind9.postrm @@ -0,0 +1,16 @@ +#!/bin/sh + +#DEBHELPER# + +if [ "$1" = "purge" ]; then + rm -f /etc/bind/rndc.key /etc/bind/named.conf.options /etc/default/bind9 + rmdir /etc/bind >/dev/null 2>&1 || true + rm -f /etc/apparmor.d/force-complain/usr.sbin.named >/dev/null 2>&1 || true + rm -f /var/lib/bind/bind9-default.md5sum + rmdir /var/lib/bind + # delete bind daemon user, if it exists + if getent passwd bind > /dev/null ; then + echo "Deleting bind user" + deluser --quiet bind > /dev/null || true + fi +fi diff --git a/debian/bind9.preinst b/debian/bind9.preinst new file mode 100644 index 00000000..fa68a6f2 --- /dev/null +++ b/debian/bind9.preinst @@ -0,0 +1,44 @@ +#!/bin/sh +# pre install script for the Debian bind9 package + +set -e + +# Check if we are upgrading while running a kernel before 2.2.18. If so abort +# immediately since we don't support those kernels anymore. +if [ "$1" = "upgrade" ] && dpkg --compare-versions "`uname -r`" lt 2.2.18 ; then + cat </dev/null || true + if dpkg --compare-versions $2 lt 1:9.3.4-2ubuntu2 ; then + # force-complain for pre-apparmor upgrades + ln -sf $APP_CONFFILE $APP_COMPLAIN + elif dpkg --compare-versions $2 lt 1:9.4.2-3ubuntu1 ; then + if [ -e "$APP_CONFFILE" ]; then + md5sum="`md5sum \"$APP_CONFFILE\" | sed -e \"s/ .*//\"`" + pkg_md5sum="`sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' $APP_CONFFILE'{s/.* //;p}}\" /var/lib/dpkg/status`" + if [ "$md5sum" = "$pkg_md5sum" ]; then + # force-complain when upgrade from pre-shipped profile and an existing + # profile is same as in conffiles + ln -sf $APP_CONFFILE $APP_COMPLAIN + fi + else + # force-complain on upgrade from pre-shipped profile and + # there is no existing profile + ln -sf $APP_CONFFILE $APP_COMPLAIN + fi + fi +fi + + +#DEBHELPER# +exit 0 diff --git a/debian/bind9.prerm b/debian/bind9.prerm new file mode 100644 index 00000000..12afbeaa --- /dev/null +++ b/debian/bind9.prerm @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +case "$1" in + remove) + # if bind is running, stop it before removing + if pidof named >/dev/null 2>&1; then + # test if invoke-rc.d command is present on this system + if command -v invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d bind9 stop + # if really not, use initscript + else + /etc/init.d/bind9 stop + fi + fi + ;; + + upgrade) + # leave bind running during the upgrade + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/bind9.ufw.profile b/debian/bind9.ufw.profile new file mode 100644 index 00000000..6cd6fcac --- /dev/null +++ b/debian/bind9.ufw.profile @@ -0,0 +1,5 @@ +[Bind9] +title=Internet Domain Name Server +description=The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. +ports=53 + diff --git a/debian/bind9utils.dirs b/debian/bind9utils.dirs new file mode 100644 index 00000000..4f215827 --- /dev/null +++ b/debian/bind9utils.dirs @@ -0,0 +1,3 @@ +usr +usr/sbin +usr/share/man/man8 diff --git a/debian/bind9utils.install b/debian/bind9utils.install new file mode 100644 index 00000000..1cf5bd23 --- /dev/null +++ b/debian/bind9utils.install @@ -0,0 +1,16 @@ +usr/sbin/dnssec-checkds +usr/sbin/dnssec-keygen +usr/sbin/dnssec-signzone +usr/sbin/dnssec-verify +usr/sbin/named-checkconf +usr/sbin/named-checkzone +usr/sbin/named-compilezone +usr/sbin/rndc +usr/sbin/rndc-confgen +usr/share/man/man8/dnssec-keygen.8 +usr/share/man/man8/dnssec-signzone.8 +usr/share/man/man8/named-checkconf.8 +usr/share/man/man8/named-checkzone.8 +usr/share/man/man8/named-compilezone.8 +usr/share/man/man8/rndc-confgen.8 +usr/share/man/man8/rndc.8 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..de236ebe --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1878 @@ +bind9 (1:9.9.3.dfsg.P2-1) unstable; urgency=low + + + [Internet Software Consortium, Inc] + + * 9.9.3-P2 + + [Ben Hutchings] + + * Initialise OpenSSL before calling chroot(). Closes: #696661 + + [LaMont Jones] + + * soname changes + + [Paul Vixie] + + * Reapply rpz/rrl patches from http://www.redbarn.org/dns/ratelimits + + -- LaMont Jones Wed, 14 Aug 2013 10:38:59 -0600 + +bind9 (1:9.9.2.dfsg.P1-3) experimental; urgency=low + + [LaMont Jones] + + * Merge 1:9.8.4.dfsg.P1-6 + + [Ben Hutchings] + + * Initialise OpenSSL before calling chroot(). Closes: #696661 + + -- LaMont Jones Mon, 04 Mar 2013 09:30:50 -0700 + +bind9 (1:9.9.2.dfsg.P1-2) experimental; urgency=low + + [Michael Gilbert] + + * Use /var/lib/bind for state file. Closes: #689332 + + [LaMont Jones] + + * zone transfers now involve link(), update the apparmor profile + * Update db.root with new IP for D.root-servers.net. Closes: #697352 + * re-drop dlzexternal test + * Reduce log level for "sucessfully validated after lower casing" dnssec + based on mail from Mark Andrews. Closes: #697681 + * remove /var/lib/bind/bind9-default.md5sum in postrm + * remove /etc/bind/named.conf.options on purge. Closes: #668801 + + [Sebastian Wiesinger] + + * Build and deliver dnssec-checkds and dnssec-verify in bind9utils + + -- LaMont Jones Wed, 09 Jan 2013 10:09:40 -0700 + +bind9 (1:9.8.4.dfsg.P1-6) unstable; urgency=low + + [Ben Hutchings] + + * Initialise OpenSSL before calling chroot(). Closes: #696661 + + -- LaMont Jones Fri, 01 Mar 2013 08:23:27 -0700 + +bind9 (1:9.8.4.dfsg.P1-5) unstable; urgency=low + + [LaMont Jones] + + * Properly acknowledge 1:9.8.1.dfsg.P1-4.4: [Philipp Kern] + - Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing the patch. + + [Paul Vixie] + + * Include rpz/rrl patches from http://www.redbarn.org/dns/ratelimits. + Closes: #698641 + + -- LaMont Jones Wed, 30 Jan 2013 14:04:35 -0700 + +bind9 (1:9.8.4.dfsg.P1-4) unstable; urgency=high + + * The rest of the dnssec validation logspam removal. Closes: #697681 + + -- LaMont Jones Mon, 21 Jan 2013 13:18:53 -0700 + +bind9 (1:9.8.4.dfsg.P1-3) unstable; urgency=low + + [Marc Deslauriers] + + * debian/bind9.apport: Add AppArmor info and logs to apport hook. + + [LaMont Jones] + + * Reduce log level for "sucessfully validated after lower casing" dnssec + based on mail from Mark Andrews. Closes: #697681 + * remove /var/lib/bind/bind9-default.md5sum in postrm + * remove /etc/bind/named.conf.options on purge. Closes: #668801 + + -- LaMont Jones Wed, 09 Jan 2013 09:47:24 -0700 + +bind9 (1:9.9.2.dfsg.P1-1) experimental; urgency=low + + * Named could die on specific queries with dns64 enabled. + [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.] + CVE-2012-5688 Closes: #695192 + + -- LaMont Jones Wed, 05 Dec 2012 05:27:18 -0700 + +bind9 (1:9.8.4.dfsg.P1-2) unstable; urgency=low + + [Michael Gilbert] + + * Use /var/lib/bind for state file. Closes: #689332 + + [LaMont Jones] + + * Re-enable dlopen, do not build the test that fails. Closes: #692416 + * Update db.root with new IP for D.root-servers.net. Closes: #697352 + + -- LaMont Jones Mon, 07 Jan 2013 06:50:25 -0700 + +bind9 (1:9.8.4.dfsg.P1-1) unstable; urgency=low + + * Named could die on specific queries with dns64 enabled. + [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.] + CVE-2012-5688 Closes: #695192 + + -- LaMont Jones Wed, 05 Dec 2012 05:22:06 -0700 + +bind9 (1:9.9.2.dfsg-1) experimental; urgency=low + + [Matthew Grant] + + * Turn off dlopen as it was causing test compile failures. + * Add missing library .postrm files for debhelper + + [LaMont Jones] + + * New upstream version 9.9.2 + * soname fixes + + -- LaMont Jones Thu, 01 Nov 2012 08:59:57 -0600 + +bind9 (1:9.9.1.dfsg.P1-1) unstable; urgency=low + + [LaMont Jones] + + * New upstream 9.9.1-P1 + + -- LaMont Jones Wed, 13 Jun 2012 08:22:15 -0600 + +bind9 (1:9.9.0.dfsg-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * 9.9.0 release + + [Christoph Egger] + + * define _GNU_SOURCE on kfreebsd et al. Closes: #658201 + + [LaMont Jones] + + * chmod typo in postinst. LP: #980798 + * Correctly order debhelper bits in postrm. Closes: #661040 + + -- LaMont Jones Mon, 23 Apr 2012 09:52:51 -0600 + +bind9 (1:9.9.0.dfsg~rc4-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * New upstream release + + [LaMont Jones] + + * soname changes for new release + + -- LaMont Jones Fri, 17 Feb 2012 17:51:39 -0700 + +bind9 (1:9.8.4.dfsg-1ubuntu2) raring; urgency=low + + * SECURITY UPDATE: denial of service via DNS64 and crafted query + - bin/named/query.c: init rdataset before cleanup. + - Patch backported from 9.8.4-P1 + - CVE-2012-5688 + + -- Marc Deslauriers Wed, 05 Dec 2012 15:42:08 -0500 + +bind9 (1:9.8.4.dfsg-1ubuntu1) raring; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/bind9.apport: Add AppArmor info and logs to apport hook. + + -- Marc Deslauriers Fri, 23 Nov 2012 08:13:50 -0500 + +bind9 (1:9.8.4.dfsg-1) unstable; urgency=low + + [Matthew Grant] + + * Turn off dlopen as it was causing test compile failures. + * Add missing library .postrm files for debhelper + + [LaMont Jones] + + * New upstream version + * soname fixup + * Ack NMUs + + -- LaMont Jones Mon, 29 Oct 2012 08:37:49 -0600 + +bind9 (1:9.8.1.dfsg.P1-4.4) testing-proposed-updates; urgency=low + + * Non-maintainer upload. + * Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing + the patch. + + -- Philipp Kern Sat, 03 Nov 2012 20:43:43 +0100 + +bind9 (1:9.8.1.dfsg.P1-4.3) unstable; urgency=medium + + [ Philipp Kern ] + * Non-maintainer upload. + + [ Marc Deslauriers ] + * SECURITY UPDATE: denial of service via specific combinations of RDATA + - bin/named/query.c: fix logic + - Patch backported from 9.8.3-P4 + - CVE-2012-5166 + + -- Philipp Kern Sun, 28 Oct 2012 20:28:11 +0100 + +bind9 (1:9.8.1.dfsg.P1-4.2) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix denial of service vulnerability triggered + through an assert because of using bad cache + (CVE-2012-3817; Closes: #683259). + + -- Nico Golde Mon, 30 Jul 2012 20:56:10 +0200 + +bind9 (1:9.8.1.dfsg.P1-4.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * SECURITY UPDATE: ghost domain names attack + - lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that + of the old NS RRset when replacing it. + - Patch backported from 9.8.2. + - CVE-2012-1033 + * SECURITY UPDATE: denial of service via zero length rdata handling + - lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for + duplicate rdata. + - Patch backported from 9.8.3-P1. + - CVE-2012-1667 + + -- Luk Claes Wed, 20 Jun 2012 15:26:09 -0400 + +bind9 (1:9.8.1.dfsg.P1-4) unstable; urgency=low + + [Christoph Egger] + + * define _GNU_SOURCE on kfreebsd et al. Closes: #658201 + + [LaMont Jones] + + * chmod typo in postinst. LP: #980798 + * Correctly order debhelper bits in postrm. Closes: #661040 + + -- LaMont Jones Fri, 13 Apr 2012 12:09:24 -0600 + +bind9 (1:9.8.1.dfsg.P1-3) unstable; urgency=low + + [Zlatan Todoric] + + * fixed Serbian latin translation of debconf template. Closes: #634951 + + [Peter Eisentraut] + + * Add support for "status" action to lwresd init script. Closes: #651540 + + [Bjørn Steensrud] + + * NB Translations. Closes: #654454 + + [LaMont Jones] + + * Default to run_resolvconf=false. LP: #933723 + * Deliver named.conf.options on fresh install. Closes: #657042 LP: #920202 + * Do not deliver /usr/share/bind9/bind9-default.md5sum in the bind9 deb. + Closes: #620007 LP: #681536 + * Deliver and use /etc/apparmor.d/local/usr.sbin.named for local overrides. + LP: #929563 + + -- LaMont Jones Fri, 17 Feb 2012 14:40:29 -0800 + +bind9 (1:9.8.1.dfsg.P1-2) unstable; urgency=low + + * Deliver named.conf.options on fresh install. Closes: #657042 LP: #920202 + + -- LaMont Jones Wed, 25 Jan 2012 03:55:21 -0700 + +bind9 (1:9.8.1.dfsg.P1-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * 9.8.1-P1 + - Cache lookup could return RRSIG data associated with nonexistent + records, leading to an assertion failure. + + [LaMont Jones] + + * add a readme entry for DNSSEC-by-default + * Failed to install due to chgrp on non-existant directory. Closes: #647598 + * ack NMU: l10n issues + + -- LaMont Jones Wed, 18 Jan 2012 10:44:14 -0700 + +bind9 (1:9.8.1.dfsg-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Danish (Joe Hansen). Closes: #619302 + - Korean (강민지). Closes: #632006, #632016 + - Serbian (FULL NAME). Closes: #634886 + + -- Christian Perrier Sat, 03 Dec 2011 17:22:12 +0100 + +bind9 (1:9.8.1.dfsg-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * New upstream release + + [LaMont Jones] + + * cleanup the messages around killing named + * enable dnssec validation: deliver named.conf.options outside of + conffiledom, and update if able, complain and do not update if not + Closes: #516979 + * typo in min-ncache-ttl processing + * disable dlz until we get a patch to make it build again + + [Jay Ford] + + * Fix "waiting for pid $pid to die" loop to not be infinite. Closes: #570852 + + -- LaMont Jones Tue, 01 Nov 2011 16:39:19 -0600 + +bind9 (1:9.8.0.dfsg.P1-0) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * 9.8.0-P1 + + [LaMont Jones] + + * soname changes + + -- LaMont Jones Fri, 13 May 2011 03:46:22 -0600 + +bind9 (1:9.7.4.dfsg-0) unstable; urgency=low + + * New upstream + + -- LaMont Jones Sun, 21 Aug 2011 04:43:16 -0600 + +bind9 (1:9.7.3.dfsg-1ubuntu4) oneiric; urgency=low + + * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270) + + -- Martin Pitt Thu, 14 Jul 2011 15:15:45 +0200 + +bind9 (1:9.7.3.dfsg-1ubuntu3) oneiric; urgency=low + + * SECURITY UPDATE: denial of service via specially crafted packet + - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache, + nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute + flag to indicate negative-cache records rather than using rrtype 0. + - Patch backported from 9.7.3-P3. + - CVE-2011-2464 + + -- Marc Deslauriers Tue, 05 Jul 2011 08:33:30 -0400 + +bind9 (1:9.7.3.dfsg-1ubuntu2.1) natty-security; urgency=low + + * SECURITY UPDATE: denial of service via off-by-one + - lib/dns/ncache.c: correctly validate length. + - Patch backported from 9.7.3-P1. + - CVE-2011-1910 + + -- Marc Deslauriers Fri, 27 May 2011 12:50:40 -0400 + +bind9 (1:9.7.3.dfsg-1ubuntu2) natty; urgency=low + + * debian/rules, configure, contrib/dlz/config.dlz.in: use + DEB_HOST_MULTIARCH so we can find multiarch libraries and fix FTBFS. + (LP: #745642) + + -- Marc Deslauriers Wed, 30 Mar 2011 10:19:37 -0400 + +bind9 (1:9.7.3.dfsg-1ubuntu1) natty; urgency=low + + * debian/bind9-default.md5sum: + - updated to reflect the default md5sum in maverick and natty, this + avoids a bogus /etc/default/bind9.dpkg-dist file + (LP: #556332) + + -- Michael Vogt Tue, 29 Mar 2011 10:13:11 +0200 + +bind9 (1:9.7.3.dfsg-1) unstable; urgency=low + + [Peter Palfrader] + + * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right + db. + + [Internet Systems Consortium, Inc] + + * 9.7.3 - Closes: #612287 + + [Mahyuddin Susanto] + + * Updated Indonesian debconf templates. Closes: #608559 + + [LaMont Jones] + + * soname changes + + -- LaMont Jones Wed, 23 Feb 2011 09:14:36 -0700 + +bind9 (1:9.7.3.dfsg~rc1-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * New upstream + + [Peter Palfrader] + + * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right + db. + + [Mahyuddin Susanto] + + * Updated Indonesian debconf templates. Closes: #608559 + + [LaMont Jones] + + * soname changes for new upstream + + -- LaMont Jones Fri, 04 Feb 2011 21:20:05 -0700 + +bind9 (1:9.7.2.dfsg.P3-1) unstable; urgency=high + + [ISC] + * Fix denial of service via ncache entry and a rrsig for the + same type (CVE-2010-3613) + * answers were incorrectly marked as insecure during key algorithm + rollover (CVE-2010-3614) + * Using "allow-query" in the "options" or "view" statements to + restrict access to authoritative zones had no effect. + (CVE-2010-3615) + + [LaMont Jones] + + * Adjust indentation for dpkg change. Closes: #597171 + + -- LaMont Jones Wed, 01 Dec 2010 16:32:48 -0700 + +bind9 (1:9.7.2.dfsg.P2-3) unstable; urgency=low + + [LaMont Jones] + + * Adjust indentation for dpkg change. Closes: #597171 + * acknowledge and incorporate ubuntu change. + + -- LaMont Jones Fri, 26 Nov 2010 05:18:43 -0700 + +bind9 (1:9.7.2.dfsg.P2-2ubuntu1) natty; urgency=low + + [ Andres Rodriguez ] + * Add apport hook (LP: #533601): + - debian/bind9.apport: Added. + + [ Martin Pitt ] + * debian/rules: Install Apport hook when building on Ubuntu. + + -- Martin Pitt Fri, 26 Nov 2010 10:50:17 +0100 + +bind9 (1:9.7.2.dfsg.P2-2) unstable; urgency=low + + [Roy Jamison] + + * lib/isc/unix/resource.c was missing inttypes.h include. LP: #674199 + + -- LaMont Jones Fri, 12 Nov 2010 10:52:32 -0700 + +bind9 (1:9.7.2.dfsg.P2-1) unstable; urgency=low + + [Joe Dalton] + + * Add Danish translation of debconf templates. Closes: #599431 + + [Internet Software Consortium, Inc] + + * v9.7.2-P2 + + [José Figueiredo] + + * Add Brazilian Portuguese debconf templates translation. Closes: #597616 + + [LaMont Jones] + + * drop this v3 (quilt) source format idea. Closes: #589916 + + -- LaMont Jones Sun, 10 Oct 2010 19:01:57 -0600 + +bind9 (1:9.7.1.dfsg.P2-2) unstable; urgency=low + + * Correct conflicts for bind9-host + + -- LaMont Jones Fri, 16 Jul 2010 05:24:38 -0600 + +bind9 (1:9.7.1.dfsg.P2-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * Temporarily and partially disable change 2864 because it would cause + inifinite attempts of RRSIG queries. This is an urgent care fix; we'll + revisit the issue and complete the fix later. [RT #21710] + * Temporarially rollback change 2748. [RT #21594] + * Named failed to accept uncachable negative responses from insecure zones. + [RT# 21555] + + [LaMont Jones] + + * freshen copyright file + + -- LaMont Jones Thu, 15 Jul 2010 15:07:54 -0600 + +bind9 (1:9.7.1.dfsg.0-1) unstable; urgency=low + + * Repack to drop zkt/doc/{draft,rfc}* Closes: #588055 + + -- LaMont Jones Mon, 05 Jul 2010 07:21:34 -0600 + +bind9 (1:9.7.1.dfsg-2) unstable; urgency=low + + [Regid Ichira] + + * explicitly add nsupdate to dynamic updates in README.Debian. + Closes: #577398 + + [LaMont Jones] + + * Cleanup bind9-host description. Closes: #579421 + * switch to 3.0 (quilt) source format, but not to quilt. Closes: #578210 + + [Stephen Gran] + + * updated geoip patch for ipv6, based on work by John 'Warthog9' Hawley + . Closes: #584603 + + -- LaMont Jones Fri, 02 Jul 2010 08:19:29 -0600 + +bind9 (1:9.7.1.dfsg-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * 9.7.1 + + [LaMont Jones] + + * Add freebsd support. Closes: #578447 + * soname changes + * freshen root cache. LP: #596363 + + -- LaMont Jones Mon, 21 Jun 2010 09:53:30 -0600 + +bind9 (1:9.7.0.dfsg.P1-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * 9.7.0-P1 + - 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] + + -- LaMont Jones Wed, 17 Mar 2010 08:06:42 -0600 + +bind9 (1:9.7.0.dfsg.1-1) unstable; urgency=low + + [Niko Tyni] + + * fix mips/mipsel startup. Closes: #516616 + + [LaMont Jones] + + * ignore failures due to a lack of /etc/bind/named.conf*. LP: #422968 + * ldap API changed regarding % sign. LP: #227344 + * Drop more rfc and draft files. Closes: #572606 + * update config.guess, config.sub. Closes: #572528 + + -- LaMont Jones Fri, 12 Mar 2010 14:56:08 -0700 + +bind9 (1:9.7.0.dfsg-2) unstable; urgency=low + + [Aurelien Jarno] + + * kfreebsd has linux threads. Closes: #470500 + + [LaMont Jones] + + * do not error out on initial install. Closes: #572443 + + -- LaMont Jones Thu, 04 Mar 2010 09:32:13 -0700 + +bind9 (1:9.7.0.dfsg-1) unstable; urgency=low + + * New upstream release + + -- LaMont Jones Wed, 17 Feb 2010 14:53:36 -0700 + +bind9 (1:9.7.0.dfsg~rc2-1) experimental; urgency=low + + * New upstream release + + -- LaMont Jones Thu, 28 Jan 2010 05:46:50 -0700 + +bind9 (1:9.7.0.dfsg~b3-2) experimental; urgency=low + + * merge changes from 9.6.1.dfsg.P2-1 + * meta: drop verisoned depends from library packages, for less upgrade pain + * apparmor: allow named to create /var/run/named/session.key + + -- LaMont Jones Sun, 06 Dec 2009 11:46:17 -0700 + +bind9 (1:9.7.0.dfsg~b3-1) experimental; urgency=low + + [Internet Software Consortium, Inc] + + * 9.7.0b3 + + [LaMont Jones] + + * Merge remote branch 'origin/master' + * soname changes + + -- LaMont Jones Mon, 30 Nov 2009 21:07:58 -0700 + +bind9 (1:9.6.1.dfsg.P2-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * 9.6.1-P2 + - When validating, track whether pending data was from the + additional section or not and only return it if validates + as secure. [RT #20438] CVE-2009-4022 + + [LaMont Jones] + + * prerm: do not stop named on upgrade. Closes: #542888 + * Drop some RFCs that crept into the diff. + * meta: add ${misc:Depends} + * lintian: update config.guess, config.sub in idnkit-1.0 tree + * dnsutils: remove pre-sarge dpkg-divert calls in postinst + * meta: soname changes + * l10n: missing newline in pofile. + + -- LaMont Jones Fri, 27 Nov 2009 10:07:10 -0700 + +bind9 (1:9.7.0.dfsg~b2-2) experimental; urgency=low + + * dnsutils: remove pre-sarge dpkg-divert calls in postinst + + -- LaMont Jones Tue, 17 Nov 2009 22:42:40 -0600 + +bind9 (1:9.7.0.dfsg~b2-1) experimental; urgency=low + + [Internet Software Consortium, Inc] + + * 9.7.0b2 + + [LaMont Jones] + + * /etc/bind/bind.keys need not be executable. + * bind9: drop old stale code from postinst + * prerm: do not stop named on upgrade. Closes: #542888 + * Drop some RFCs that crept into the diff. + * meta: add ${misc:Depends} + * lintian: update config.guess, config.sub in idnkit-1.0 tree + * l10n: missing newline in pofile. + + -- LaMont Jones Mon, 16 Nov 2009 18:53:24 -0700 + +bind9 (1:9.7.0~a1.dfsg-0) experimental; urgency=low + + [Internet Software Consortium, Inc] + + * 9.7.0a1 + + -- LaMont Jones Wed, 24 Jun 2009 15:10:08 -0600 + +bind9 (1:9.6.1.dfsg.P1-3) unstable; urgency=low + + * Build-Depend on the fixed libgeoip-dev. Closes: #540973 + + -- LaMont Jones Mon, 17 Aug 2009 06:53:11 -0600 + +bind9 (1:9.6.1.dfsg.P1-2) unstable; urgency=low + + [Jamie Strandboge] + + * reload individual named profile, not all of apparmor. LP: #412751 + + [Guillaume Delacour] + + * bind9 did not purge cleanly. Closes: #497959 + + [LaMont Jones] + + * postinst: do not append a blank line to /etc/default/bind9. + Closes: #541469 + * init.d stop needs to not error out. LP: #398033 + * meta: fix build-depends. Closes: #539230 + + -- LaMont Jones Fri, 14 Aug 2009 17:03:31 -0600 + +bind9 (1:9.6.1.dfsg.P1-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * A specially crafted update packet will cause named to exit. + CVE-2009-0696, CERT VU#725188. Closes: #538975 + + [InterNIC] + + * Update db.root hints file. + + [LaMont Jones] + + * Move default zone definitions from named.conf to named.conf.default-zones. + Closes: #492308 + * use start-stop-daemon if rndc stop fails. Closes: #536487 + * lwresd: pidfile name was wrong in init script. Closes: #527137 + + -- LaMont Jones Tue, 28 Jul 2009 22:03:14 -0600 + +bind9 (1:9.6.1.dfsg-2) unstable; urgency=low + + * ia64: fix atomic.h + + -- LaMont Jones Tue, 23 Jun 2009 01:56:35 -0600 + +bind9 (1:9.6.1.dfsg-1) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * 9.6.1 + + -- LaMont Jones Mon, 22 Jun 2009 14:33:20 -0600 + +bind9 (1:9.6.0.dfsg.P1-3) unstable; urgency=low + + [Martin Zobel-Helas] + + * GEO-IP Patch from + git://git.kernel.org/pub/scm/network/bind/bind-geodns.git. Closes: #395191 + + [LaMont Jones] + + * Remove /var/lib/bind on purge. Closes: #527613 + * Build-Depend: libdb-dev (>4.6). Closes: #527877, #528772 + * init.d: detect rndc errors better. LP: #380962 + * init.d: clean up exit status. Closes: #523454 + * Enable pkcs11 support, and then Revert - causes assertion failures + c.f.: #516552 + + -- LaMont Jones Mon, 22 Jun 2009 13:58:32 -0600 + +bind9 (1:9.6.0.dfsg.P1-2) unstable; urgency=low + + * random_1 broke memory usage assertions. + + -- LaMont Jones Thu, 23 Apr 2009 05:15:45 -0600 + +bind9 (1:9.6.0.dfsg.P1-1) experimental; urgency=low + + [Michael Milligan] + + * Add min-cache-ttl and min-ncache-ttl keywords + + [LaMont Jones] + + * Fix merge errors from 9.6.0.dfsg.P1-0 + + -- LaMont Jones Fri, 20 Mar 2009 15:50:50 -0600 + +bind9 (1:9.6.0.dfsg.P1-0) experimental; urgency=low + + [Internet Software Consortium, Inc] + + * 9.6.0-P1 + + [LaMont Jones] + + * meta: fix override disparity + * meta: soname package fixups for 9.6.0 + * meta: update Standards-Version: 3.7.3.0 + * upstream now uses a bind subdir. Closes: #212659 + + [Sven Joachim] + + * meta: pass host and build into configure for hybrid build machines. + Closes: #515110 + + -- LaMont Jones Fri, 20 Mar 2009 11:54:55 -0600 + +bind9 (1:9.5.1.dfsg.P1-3) unstable; urgency=low + + * package -2 for unstable + + -- LaMont Jones Wed, 18 Mar 2009 09:40:18 -0600 + +bind9 (1:9.5.1.dfsg.P1-2) stable; urgency=low + + [Juhana Helovuo] + + * fix atomic operations on alpha. Closes: #512285 + + [Dann Frazier] + + * fix atomic operations on ia64. Closes: #520179 + + [LaMont Jones] + + * build-conflict: libdb4.2-dev. Closes: #515074, #507013 + + [localization folks] + + * l10n: Basque debconf template. Closes: #516549 (Piarres Beobide) + + -- LaMont Jones Wed, 18 Mar 2009 05:30:22 -0600 + +bind9 (1:9.5.1.dfsg.P1-1) unstable; urgency=low + + * New upstream patch release + - supportable version of fix from 9.5.0.dfsg.P2-5.1 + - CVE-2009-0025: Closes: #511936 + - 2475: Overly agressive cache entry removal. Closes: #511768 + - other bug fixes worthy of patch-release inclusion + + -- LaMont Jones Mon, 26 Jan 2009 10:33:42 -0700 + +bind9 (1:9.5.0.dfsg.P2-5.1) unstable; urgency=low + + * Non-maintainer upload. + * Apply upstream ACL fixes from 9.5.1 to fix RC bug. Patch was provided + by Evan Hunt (upstream bind9 developer) after Emmanuel Bouthenot + contacted him. Closes: #496954, #501800. + * Remove obsolete dh_installmanpages invocation which was adding + unwanted manual pages to bind9. Closes: #486196. + + -- Ben Hutchings Fri, 02 Jan 2009 16:51:42 +0000 + +bind9 (1:9.5.0.dfsg.P2-5) unstable; urgency=low + + [ISC] + + * 2463: IPv6 Advanced Socket API broken on linux. LP: #249824 + + [Jamie Strandboge] + + * apparmor: add capability sys_resource + * apparmor: add krb keytab access. LP: #277370 + + [LaMont Jones] + + * apparmor: allow proc/*/net/if_inet6 read access too. LP: #289060 + * apparmor: add /var/log/named/* entries. LP: #294935 + + [Ben Hutchings] + + * meta: Add dependency of bind9 on net-tools (ifconfig used in init script) + * meta: Fix bind9utils Depends. + * meta: fix typo in package description + + [localization folks] + + * l10n: add polish debconf translations. Closes: #506856 (L) + + -- LaMont Jones Sun, 07 Dec 2008 21:03:29 -0700 + +bind9 (1:9.5.0.dfsg.P2-4) unstable; urgency=low + + * meta: fix typo in Depends: lsb-base. Closes: #501365 + + -- LaMont Jones Tue, 07 Oct 2008 17:20:11 -0600 + +bind9 (1:9.5.0.dfsg.P2-3) unstable; urgency=low + + [LaMont Jones] + + * enable largefile support. Closes: #497040 + + [localization folks] + + * l10n: Dutch translation. Closes: #499977 (Paul Gevers) + * l10n: simplified chinese debconf template. Closes: #501103 (LI Daobing) + * l10n: Update spanish template. Closes: #493775 (Ignacio Mondino) + + -- LaMont Jones Sun, 05 Oct 2008 20:20:00 -0600 + +bind9 (1:9.5.0.dfsg.P2-2) unstable; urgency=low + + [Kees Cook] + + * debian/{control,rules}: enable PIE hardening (from -1ubuntu1) + + [Nicolas Valcárcel] + + * Add ufw integration (from -1ubuntu2) + + [Dustin Kirkland] + + * use pid file in init.d/bind9 status. LP: #247084 + + [LaMont Jones] + + * dig: add -DDIG_SIGCHASE to compile options. LP: #257682 + * apparmor profile: add /var/log/named + + [Nikita Ofitserov] + + * ipv6 support requires _GNU_SOURCE definition. LP: #249824 + + -- LaMont Jones Thu, 28 Aug 2008 23:08:36 -0600 + +bind9 (1:9.5.0.dfsg.P2-1) unstable; urgency=low + + [LaMont Jones] + + * default to using resolvconf if it is installed + * fix sonames and dependencies. Closes: #149259, #492418 + * Do not build-depend libcap2-dev on non-linux. Closes: #493392 + * drop unused query-loc manpage. Closes: #492564 + * lwresd: Deliver /etc/bind directory. Closes: #490027 + * fix query-source comment in default install + + [Internet Software Consortium, Inc] + + * 9.5.0-P2. Closes: #492949 + + [localization folks] + + * l10n: Spanish debconf translation. Closes: #492425 (Ignacio Mondino) + * l10n: Swedish debconf templates. Closes: #491369 (Martin Ågren) + * l10n: Japanese debconf translations. Closes: #492048 (Hideki Yamane + (Debian-JP)) + * l10n: Finnish translation. Closes: #490630 (Esko Arajärvi) + * l10n: Italian debconf translations. Closes: #492587 (Alessandro Vietta) + + -- LaMont Jones Sat, 02 Aug 2008 14:20:20 -0600 + +bind9 (1:9.5.0.dfsg.P1-2) unstable; urgency=low + + * Revert "meta: merge the mess of single-lib packages back into one large + one." - That way lies madness and pain. + * init.d/bind9: implement status function. LP: #203169 + + -- LaMont Jones Tue, 08 Jul 2008 21:56:58 -0600 + +bind9 (1:9.5.0.dfsg.P1-1) unstable; urgency=low + + * Repackage 9.5.0.dfsg-5 with the -P1 tarball. + + -- LaMont Jones Tue, 08 Jul 2008 15:06:07 -0600 + +bind9 (1:9.5.0.dfsg-5) unstable; urgency=low + + [Internet Software Consortium, Inc] + + * Randomize UDP query source ports to improve forgery resilience. + (CVE-2008-1447) + + [LaMont Jones] + + * add build-depends: texlive-latex-base, xsltproc, remove Bv9ARM.pdf in clean + * fix sonames + * drop unneeded build-deps, since we do not actually deliver B9vARM.pdf + * meta: cleanup libbind9-41 Provides/Conflicts + * build: fix sonames for new libraries + * postinst: really restart bind/lwresd in postinst + + -- LaMont Jones Sun, 06 Jul 2008 21:34:18 -0600 + +bind9 (1:9.5.0.dfsg-4) unstable; urgency=low + + [LaMont Jones] + + * control: fix dnsutils description to avoid list reformatting. + Closes: #480317 + * lwresd: restart in postinst. Closes: #486481 + * meta: merge the mess of single-lib packages back into one large one. + * apparmor: allow bind to create files in /var/{lib,cache}/bind + * build: drop .la files. Closes: #486969 + * build: drop the extra lib path from the library-package merge + * meta: liblwres40 does not conflict with the libbind9-40-provided libbind0 + + [localization folks] + + * l10n: German debconf translation. Closes: #486547 (Helge Kreutzmann) + * l10n: Indonesian debconf translations. Closes: #486503 (Arief S Fitrianto) + * l10n: Slovak po-debconf translation Closes: #488905 (helix84) + * l10n: Turkish debconf template. Closes: #486479 (Mert Dirik) + + -- LaMont Jones Mon, 30 Jun 2008 11:22:05 -0600 + +bind9 (1:9.4.2-12) unstable; urgency=low + + * apparmor: allow bind to create files in /var/{lib,cache}/bind + + -- LaMont Jones Mon, 30 Jun 2008 11:17:53 -0600 + +bind9 (1:9.4.2-11) unstable; urgency=low + + * apparmor: add dnscvsutil package files + * lwresd Depends: adduser + * control: fix dnsutils description to avoid list reformatting. + Closes: #480317 + + -- LaMont Jones Tue, 17 Jun 2008 21:30:12 -0600 + +bind9 (1:9.5.0.dfsg-3) unstable; urgency=low + + [LaMont Jones] + + * bind9utils Depends: libbind9-40. Closes: #486194 + * bind9 should not deliver manpages for nonexistant binaries. + Closes: #486196 + + [localization folks] + + * l10n: Vietnamese debconf templates translation update. Closes: #486185 + (Clytie Siddall) + * l10n: Russian debconf templates translation. Closes: #486191 (Yuri Kozlov) + * l10n: Galician debconf template. Closes: #486215 (Jacobo Tarrio) + * l10n: French debconf templates. Closes: #486325 (CALARESU Luc) + * l10n: Czech debconf translation. Closes: #486337 (Miroslav Kure) + * l10n: Updated Portuguese translation. Closes: #486267 (Traduz - + Portuguese Translation Team) + + -- LaMont Jones Sun, 15 Jun 2008 18:25:02 -0600 + +bind9 (1:9.5.0.dfsg-2) unstable; urgency=low + + [Tim Spriggs] + + * init.d: Nexenta has different ifconfig arguments + + [LaMont Jones] + + * templates rework from debian-l10n-english + * reload named when an interface goes up or down. LP: #226495 + * build: need to create the directories for interface restart triggering + * Build-Depends: libcap2-dev. Closes: #485747 + * Leave named running during update. Closes: #453765 + * Fix path to uname, cleaning up the nexenta checks. + * l10n: avoid double-question in templates. + + [localization folks] + + * l10n: Vietnamese debconf translations. Closes: #483911 (Clytie Siddall) + * l10n: Portuguese debconf translations. Closes: #483872 (Traduz - + Portuguese Translation Team) + + -- LaMont Jones Fri, 13 Jun 2008 16:54:42 -0600 + +bind9 (1:9.5.0.dfsg-1) unstable; urgency=low + + [LaMont Jones] + + * manpages: fix references that should say /etc/bind + * meta: build-depend libxml2-dev for statistics support + + -- LaMont Jones Sat, 31 May 2008 12:17:21 -0600 + +bind9 (1:9.5.0.dfsg-0) experimental; urgency=low + + [Internet Software Consortium, Inc] + + * 9.5.0 release + + [LaMont Jones] + + * Only use capabilities if they are present: reprise. Closes: #360339, #212226 + * control: fix dnsutils description to avoid list reformatting. Closes: #480317 + * build: use the correct directories in dh_shlibdeps invocation + * build: turn on dlz. No pgsql or mysql support yet. LP: #227344 + + -- LaMont Jones Thu, 29 May 2008 22:05:19 -0600 + +bind9 (1:9.5.0~rc1-2~0ubuntu2) intrepid; urgency=low + + * build: use the correct directories in dh_shlibdeps invocation + * build: turn on dlz. LP: #227344 + + -- LaMont Jones Tue, 27 May 2008 21:43:06 -0600 + +bind9 (1:9.5.0~rc1-2~0ubuntu1) intrepid; urgency=low + + * Upload what will become (maybe an ancestor of) -2 to intrepid. + - Only use capabilities if they are present: reprise. Closes: #360339, #212226 + - control: fix dnsutils description to avoid list reformatting. Closes: #480317 + + -- LaMont Jones Mon, 26 May 2008 11:46:27 -0600 + +bind9 (1:9.5.0~rc1-1) experimental; urgency=low + + [Patrick Winnertz] + + * postinst: make add debconf support. Closes: #473460 + + [Jamie Strandboge] + + * debian/bind9.preinst: Apparmor force-complain on upgrade without + existing profile. LP: #204658 + + [LaMont Jones] + + * bind9utils: fix typos in .install + * host: manpage inaccurately describes default query. LP: #203087 + * apparmor: add dnscvsutil package files + * Revert "Only use capabilities if they are present." for merge of 9.5.0rc1. + * soname: libdns41 -> 42 + * fix typos in debconf patch, #473460 + * cleanup more files in clean target + * lwresd Depends: adduser + + -- LaMont Jones Thu, 15 May 2008 17:59:54 -0600 + +bind9 (1:9.5.0~b2-2) experimental; urgency=low + + * meta: add bind9utils binary package, with various useful utilities. Closes: #151957, #130445, #160483 + + -- LaMont Jones Thu, 03 Apr 2008 07:01:42 -0600 + +bind9 (1:9.4.2-10) unstable; urgency=low + + [Jamie Strandboge] + + * debian/bind9.preinst: AA force-complain on upgrade without existing + profile. LP: #204658 + + [LaMont Jones] + + * host: manpage inaccurately describes default query. LP: #203087 + + -- LaMont Jones Tue, 08 Apr 2008 22:45:57 -0600 + +bind9 (1:9.4.2-9) unstable; urgency=low + + * apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind + * apparmor: make profile match README.Debian + + -- LaMont Jones Tue, 01 Apr 2008 21:13:05 -0600 + +bind9 (1:9.4.2-8) unstable; urgency=low + + [ISC] + + * CVE-2008-0122: off by one error in (unused) inet_network function. + Closes: #462783 LP: #203476 + + [Michael Milligan] + + * Fix min-cache-ttl and min-ncache-ttl keywords + + [Jamie Strandboge] + + * apparmor: force complain-mode for apparmor on certain upgrades. LP: #203528 + * debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named + + -- LaMont Jones Tue, 18 Mar 2008 18:35:15 -0600 + +bind9 (1:9.4.2-7) unstable; urgency=low + + [Jamie Strandboge] + + * Allow rw access to /var/lib/bind/* in apparmor-profile. LP: #201954 + + [LaMont Jones] + + * Drop root-delegation comments from named.conf. Closes: #217829, #297219 + + -- LaMont Jones Sat, 15 Mar 2008 09:48:10 -0600 + +bind9 (1:9.4.2-6) unstable; urgency=low + + * Correct apparmor profile filename. LP: #200739 + + -- LaMont Jones Mon, 10 Mar 2008 14:28:01 -0600 + +bind9 (1:9.4.2-5) unstable; urgency=low + + * add "order random_1" support (return one random RR) + * Fix doc pathnames in README.Debian. Closes: #266891 + * Add AAAA ::1 entry to db.local. Closes: #230088 + + -- LaMont Jones Mon, 10 Mar 2008 13:51:28 -0600 + +bind9 (1:9.5.0~b2-1) experimental; urgency=low + + [Thiemo Seufer] + + * mips:atomic.h: improve implementation of atomic ops, fix mips{el,64} + + [LaMont Jones] + + * manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750 + * named.conf.5: correct filename. Closes: #428015 + * manpages: fix typo errors. Closes: #395834 + * Makefile.in: be explicit about library paths + * build: Turn on GSS-TSIG support. LP: #158197 + * build: soname changes + * db.root: include AAAA RRs. Closes: #464111 + * soname: lib{dns,isc}40 -> 41 + * meta: use binary:Version instead of Source-Version + + [Andreas John] + + * Only use capabilities if they are present. Closes: #360339, #212226 + + -- LaMont Jones Sat, 23 Feb 2008 08:06:17 -0700 + +bind9 (1:9.4.2-4) unstable; urgency=low + + * incorporate ubuntu apparmor change from Jamie Strandboge, + with changes: + - Add apparmor profile, reload apparmor profile on config + - Add a note about apparmor to README.Debian + - conflicts/replaces old apparmor versions + * db.root: include AAAA RRs. Closes: #464111 + * Don't die when /var/lib/bind already exists. LP: #191685 + * build: turn on optimization. Closes: #435194 + + -- LaMont Jones Fri, 22 Feb 2008 22:05:25 -0700 + +bind9 (1:9.4.2-3ubuntu1) hardy; urgency=low + + * add AppArmor profile + + debian/apparmor-profile + + debian/bind9.postinst: Reload AA profile on configuration + * updated debian/README.Debian for note on AppArmor + * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we + should now take control + * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 + to make sure that if earlier version of apparmor-profiles gets installed + it won't overwrite our profile + * Modify Maintainer value to match the DebianMaintainerField + specification. + + -- Jamie Strandboge Wed, 13 Feb 2008 17:30:45 +0000 + +bind9 (1:9.4.2-3) unstable; urgency=low + + * don't run rndc-confgen when it's not there. Closes: #459551 + * control: drop use of ${Source-Version} + + -- LaMont Jones Mon, 07 Jan 2008 10:16:06 -0700 + +bind9 (1:9.4.2-2) unstable; urgency=low + + * init.d: add --oknodo to start-stop-daemon. Closes: #411881 + * init: LSB dependency info. Closes: #459421, #448006 + * meta: bind9 Suggests: resolvconf. Closes: #252285 + * bind9: deliver /var/lib/bind directory, and document. + Closes: #248771, #200253, #202981, #209022 + * lwresd: create bind user/group and rndc key if needed, at install. + Closes: #190742 + * dnsutils: update long description. Closes: #236901 + + -- LaMont Jones Sun, 06 Jan 2008 12:25:31 -0700 + +bind9 (1:9.4.2-1) unstable; urgency=low + + [Mike O'Connor] + + * bind9.init: LSB compliance. Closes: #448006 + + [Internet Software Consortium, Inc] + + * New release: 9.4.2 + + [LaMont Jones] + + * soname shifts for new release + + -- LaMont Jones Sat, 17 Nov 2007 10:50:07 -0700 + +bind9 (1:9.4.2~rc2-1) experimental; urgency=low + + * New upstream release + + -- LaMont Jones Fri, 12 Oct 2007 18:33:57 -0600 + +bind9 (1:9.4.1-P1-4) unstable; urgency=low + + [Thomas Antepoth] + + * unix/socket.c: don't send to a socket with pending_send. Closes: #430065 + + [LaMont Jones] + + * document git repositories + * db.root: l.root-servers.net changed IP address. Closes: #449148 LP: #160176 + * init.d: if there are no networks configured, error out quickly + + -- LaMont Jones Thu, 08 Nov 2007 21:31:55 -0700 + +bind9 (1:9.4.1-P1-3) unstable; urgency=low + + * Only deliver upstream changes with bind9-doc + + -- LaMont Jones Thu, 04 Oct 2007 08:30:55 -0600 + +bind9 (1:9.4.1-P1-2) unstable; urgency=low + + * manpages: fix typo errors. Closes: #395834 + * manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750 + * named.conf.5: correct filename. Closes: #428015 + * bind9.NEWS: update version for ACL change doc. Closes: #435225 + * build: don't have dnsutils deliver man pages that it shouldn't. LP: #82178 + * nslookup.1: some of the manpage was not visible. LP: #131415 + * document git repositories + * unix/socket.c: don't send to a socket with pending_send. Closes: #430065 + + -- LaMont Jones Wed, 03 Oct 2007 01:10:59 -0600 + +bind9 (1:9.4.1-P1-1) unstable; urgency=high + + * New upstream version, addresses CVE-2007-2926 and CVE-2007-2925 + + -- Bdale Garbee Thu, 26 Jul 2007 16:41:50 -0600 + +bind9 (1:9.4.1-1) unstable; urgency=low + + * New upstream version + + -- LaMont Jones Mon, 30 Apr 2007 16:59:05 -0600 + +bind9 (1:9.4.0-2) unstable; urgency=low + + * upload to unstable + + -- LaMont Jones Tue, 10 Apr 2007 11:12:16 -0600 + +bind9 (1:9.4.0-1) experimental; urgency=low + + * New upstream version + * more mipsel patch. Closes: #406409 + + -- LaMont Jones Sun, 25 Feb 2007 11:44:11 -0700 + +bind9 (1:9.4.0~rc2-1) experimental; urgency=low + + * New upstream version. Addresses CVE-2007-0493 CVE-2007-0494 + + -- LaMont Jones Thu, 25 Jan 2007 14:26:12 -0700 + +bind9 (1:9.4.0~rc1.0-3) experimental; urgency=low + + * add NEWS file talking about the change in defaults: + As of bind 9.4, allow-query-cache and allow-recursion default to the + builtin acls 'localnets' and 'localhost'. If you are setting up a + name server for a network, you will almost certainly need to change + this. + + The change in default has been done to make caching servers less + attractive as reflective amplifying targets for spoofed traffic. + This still leaves authoritative servers exposed. + + -- LaMont Jones Wed, 24 Jan 2007 09:35:06 -0700 + +bind9 (1:9.4.0~rc1.0-2) experimental; urgency=low + + * Fix mips64. Closes: #406409 + + -- LaMont Jones Sun, 21 Jan 2007 15:32:27 -0700 + +bind9 (1:9.4.0~rc1.0-1) experimental; urgency=low + + * Broken orig.tar.gz. + + -- LaMont Jones Thu, 28 Dec 2006 23:04:05 -0700 + +bind9 (1:9.4.0~rc1-1) experimental; urgency=low + + * New upstream + + -- LaMont Jones Thu, 28 Dec 2006 19:00:37 -0700 + +bind9 (1:9.3.4-2etch2) stable-proposed-updates; urgency=low + + [Thomas Antepoth] + + * unix/socket.c: don't send to a socket with pending_send. Closes: #430065 + + [LaMont Jones] + + * document git repositories + * db.root: l.root-servers.net changed IP address. Closes: #449148 + + -- LaMont Jones Mon, 05 Nov 2007 19:48:23 -0700 + +bind9 (1:9.3.4-2etch1) stable-security; urgency=high + + * Fix DNS cache poisoning through predictable query IDs. (CVE-2007-2926) + + -- Moritz Muehlenhoff Tue, 24 Jul 2007 22:09:35 +0000 + +bind9 (1:9.3.4-2) unstable; urgency=high + + * Actually really do the merge of 9.3.4. Sigh. Closes: #408925 + + -- LaMont Jones Mon, 29 Jan 2007 06:09:03 -0700 + +bind9 (1:9.3.4-1) unstable; urgency=high + + * New upstream version. Addresses CVE-2007-0493 CVE-2007-0494 + + -- LaMont Jones Thu, 25 Jan 2007 14:31:09 -0700 + +bind9 (1:9.3.3-1) unstable; urgency=low + + * New upstream version + + -- LaMont Jones Tue, 12 Dec 2006 23:31:51 -0700 + +bind9 (1:9.3.2-P1.0-1) unstable; urgency=low + + * Fix README.Debian to point to the URL. Closes: #387437 + * Strip rfc's from orig.tar.gz. Closes: #393359 + + -- LaMont Jones Mon, 16 Oct 2006 06:38:22 -0600 + +bind9 (1:9.3.2-P1-2) unstable; urgency=low + + * Fix init script output. Closes: #354192 + Thanks to Joey Hess for the patch. + * Default install should listen on ipv6 interfaces. Closes: #382438 + + -- LaMont Jones Sat, 9 Sep 2006 19:01:53 -0600 + +bind9 (1:9.3.2-P1-1) unstable; urgency=high + + * New upstream, fixes CVE-2006-4095 and CVE-2006-4096. + Closes: #386237, #386245 + * Drop gcc-3.4 [powerpc] dependency. Closes: #342957, #372203 + * Add -fno-strict-aliasing for type-punned pointer aliasing issues + Closes: #386224 + * Use getent in postinst instead of chown/chgrp. Closes: #386091, #239665 + * Drop redundant update-rc.d calls. Closes: #356914 + + -- LaMont Jones Wed, 6 Sep 2006 08:07:13 -0600 + +bind9 (1:9.3.2-2) unstable; urgency=low + + * correct force-reload. Closes: #333841 + * Fix init.d's usage message. Closes: #331090 + * resolvconf tweaks. Closes: #252232, #275412 + + -- LaMont Jones Mon, 16 Jan 2006 15:17:04 -0700 + +bind9 (1:9.3.2-1) unstable; urgency=low + + * New upstream + * use lsb-base for start/stop messages in init.d. + * switch to debhelper 4 + + -- LaMont Jones Thu, 5 Jan 2006 12:29:28 -0700 + +bind9 (1:9.3.1-2) unstable; urgency=low + + * Getting good reports from experimental, uploading to sid. + Release team, please consider this package for sarge. Thanks. + * correct pidfile name in init.d/lwresd. Closes: #298100 + + -- LaMont Jones Sat, 19 Mar 2005 17:46:31 -0700 + +bind9 (1:9.3.1-1) experimental; urgency=low + + * Build with gcc-3.4 on powerpc, to work around #292958. + + -- LaMont Jones Sat, 19 Mar 2005 11:40:06 -0700 + +bind9 (1:9.3.1-0) experimental; urgency=low + + * New upstream version. + + -- LaMont Jones Sun, 13 Mar 2005 21:44:57 -0700 + +bind9 (1:9.3.0+9.3.1beta2-1) experimental; urgency=low + + * new upstream version + + -- LaMont Jones Tue, 25 Jan 2005 14:21:51 -0700 + +bind9 (1:9.3.0-1) experimental; urgency=low + + * New upstream version + + -- LaMont Jones Sat, 25 Sep 2004 21:35:46 -0600 + +bind9 (1:9.2.4-1) unstable; urgency=high + + * New upstream version. Closes: #269157 and others. + * Version debhelper build-dep. Closes: #262720 + + -- LaMont Jones Thu, 23 Sep 2004 09:11:37 -0600 + +bind9 (1:9.2.3+9.2.4-rc7-1) unstable; urgency=low + + * New upstream + + -- LaMont Jones Wed, 1 Sep 2004 00:04:55 -0600 + +bind9 (1:9.2.3+9.2.4-rc6-1) unstable; urgency=low + + * New upstream. + * Comment out delegation-only directives in named.conf + + -- LaMont Jones Mon, 2 Aug 2004 10:00:38 -0600 + +bind9 (1:9.2.3+9.2.4-rc5-1) unstable; urgency=low + + * New upstream release candidate + + -- LaMont Jones Thu, 17 Jun 2004 19:50:37 -0600 + +bind9 (1:9.2.3+9.2.4-rc2-1) unstable; urgency=low + + * New upstream release candidate + * Remove shared library symlinks in clean. Closes: #243109 + * Deal with capset being a module. Closes: #245043, #240874, #241605 + * deliver /var/run/bind/run in lwresd as well. Closes: #186569 + + -- LaMont Jones Thu, 22 Apr 2004 12:20:05 -0600 + +bind9 (1:9.2.3-3) unstable; urgency=low + + * new IP for b.root-servers.net. Closes: #234278 + * Fix RC linkages to match bind8. Closes: #218007 + + -- LaMont Jones Mon, 1 Mar 2004 15:00:44 -0700 + +bind9 (1:9.2.3-2) unstable; urgency=low + + * Rebuild autoconf files for mips. Closes: #221419 + + -- LaMont Jones Tue, 18 Nov 2003 06:33:34 -0700 + +bind9 (1:9.2.3-1) unstable; urgency=low + + * New upstream. + * cleanup zones.rfc1918/db.empty stuff. + * Fix Makefiles to work even if the build environment is unclean. + Closes: #211503 + * Add comments about root-delegation-only to named.conf. Closes: #212243 + * Add resolvconf support. Closes: #199255 + * more SO_BSDCOMPAT hacks for linux. Closes: #220735, #214460 + + -- LaMont Jones Mon, 17 Nov 2003 21:30:33 -0700 + +bind9 (1:9.2.2+9.2.3rc4-1) unstable; urgency=low + + * Yet another new upstream release. + + -- LaMont Jones Mon, 22 Sep 2003 09:39:50 -0600 + +bind9 (1:9.2.2+9.2.3rc3-1) unstable; urgency=low + + * New upstream. Closes: #211752. #211503. #211496, #211520 + + -- LaMont Jones Sat, 20 Sep 2003 12:22:59 -0600 + +bind9 (1:9.2.2+9.2.3rc2-4) unstable; urgency=low + + * Really fix versioned depends. Closes: #211590 + + -- LaMont Jones Thu, 18 Sep 2003 17:29:47 -0600 + +bind9 (1:9.2.2+9.2.3rc2-3) unstable; urgency=low + + * Version depends for all the libraries. sigh. Closes: #211412,#210293 + + -- LaMont Jones Wed, 17 Sep 2003 10:56:36 -0600 + +bind9 (1:9.2.2+9.2.3rc2-2) unstable; urgency=low + + * Need a versioned depend. sigh. + + -- LaMont Jones Wed, 17 Sep 2003 10:25:35 -0600 + +bind9 (1:9.2.2+9.2.3rc2-1) unstable; urgency=low + + * New upstream release. Closes: #211373 + * Remove RFC's from package, per policy. + * Make com and net zones delegation-only by default. + + -- LaMont Jones Wed, 17 Sep 2003 07:15:37 -0600 + +bind9 (1:9.2.2+9.2.3rc1-3) unstable; urgency=low + + * A bit more cleanup of descriptions. + * fix package sections + * Fix b0rkage with dependencies. + + -- LaMont Jones Sun, 14 Sep 2003 09:05:10 -0600 + +bind9 (1:9.2.2+9.2.3rc1-2) unstable; urgency=low + + * Explicitly link libraries. Closes: #210653 + * Fix descriptions. Closes: #209563, #209853, #210063 + + -- LaMont Jones Sat, 13 Sep 2003 19:29:05 -0600 + +bind9 (1:9.2.2+9.2.3rc1-1) unstable; urgency=low + + * New upstream release candidate. + * Quit using SO_BSDCOMPAT (why is it still in the header files??) so + that the kernel will shut up about it's advertised, obsolete option. + Closes: #201293, #204282, #205590 + + -- LaMont Jones Thu, 28 Aug 2003 14:44:28 -0600 + +bind9 (1:9.2.2-2) unstable; urgency=low + + * Fix libtool.m4. Closes: #183791 + * move lib packages into Section: libs. Closes: #184788 + * make sure it's libssl0.9.7. Closes: #182363 + * Add /etc/default/lwresd. Closes: #169727 + * Add fakeroot dir to dh_shlibdeps. Closes: #169622 + * Fix rndc manpage. Closes: #179353 + * Deliver /usr/bin/isc-config.sh (in libbind-dev). Closes: #178186 + + -- LaMont Jones Sat, 15 Mar 2003 16:34:15 -0700 + +bind9 (1:9.2.2-1) unstable; urgency=low + + * New upstream version + * Document /etc/default/bind9 in init.d script. Closes: #170267 + + -- LaMont Jones Tue, 4 Mar 2003 22:43:58 -0700 + +bind9 (1:9.2.1-7) unstable; urgency=low + + * One more overrides disparity. + * Fix bashism in postinst. Closes: #169531 + + -- LaMont Jones Sun, 17 Nov 2002 19:22:58 -0700 + +bind9 (1:9.2.1-6) unstable; urgency=low + + * The "I give up for now" release. + * Only convert to running as bind if named.conf hasn't been modified. + * Closes: #163552, #164352 + * Fix overrides + * Cleanup README.Debian wrt non-root-by-default. + * Make sure that /var/run/bind/run exists in init.d script. Closes: #168912 + * New IP for j.root-servers.net. Closes: #167818 + * Check for 2.2.18 kernel in preinst. Closes: #164349 + * Move local options to /etc/default/bind9. Closes: #169132, #163073 + * Cleanup old bugs (fixed in -5, really). Closes: #165864 + * Add /etc/bind/named.conf.local, included from named.conf. Closes: #129576 + * Do options definitions in /etc/bind/named.conf.options, makes life + easier in the face of named.conf changes from upstream. + * Add missing Depends: adduser + + -- LaMont Jones Sat, 16 Nov 2002 17:05:45 -0700 + +bind9 (1:9.2.1-5) unstable; urgency=low + + * Run named a non-privileged user by default. Closes: #149059 + + -- LaMont Jones Thu, 12 Sep 2002 16:57:37 -0600 + +bind9 (1:9.2.1-4) unstable; urgency=low + + * swap maintainer/uploader status so LaMont is primary and Bdale is backup + * Deal with bind/bind9 collisions better. Closes: #149580 + * Fix some documentation. Closes: #151579 + + -- LaMont Jones Wed, 4 Sep 2002 23:25:33 -0600 + +bind9 (1:9.2.1-3) unstable; urgency=high + + * fold in lib/bind/resolv from 8.3.3 to resolve buffer overlow issue in + resolver library, closes: #151342, #151431 + + -- Bdale Garbee Mon, 1 Jul 2002 00:16:31 -0600 + +bind9 (1:9.2.1-1.woody.1) testing-security woody-proposed-updates; urgency=high + + * backport to woody (simple rebuild) since 9.2.1 resolves a security issue + + -- Bdale Garbee Tue, 4 Jun 2002 10:30:57 -0600 + +bind9 (1:9.2.1-2) unstable; urgency=low + + * don't include nslint man page, closes: #148695 + * fix typo in rndc.8, closes: #139602 + * add a section to README.Debian explaining the rndc key mode that has been + our default since 9.2.0-2, closes: #129849 + * fix paths for named.conf in named.8 to reflect our default, closes: #143443 + * upstream fixed the nsupdate man page at some point, closes: #121108 + + -- Bdale Garbee Mon, 3 Jun 2002 15:44:37 -0600 + +bind9 (1:9.2.1-1) unstable; urgency=medium + + * new upstream version + * have bind9-host provide host, closes: #140174 + * move bind9-host to priority standard since dnsutils depends on it or host, + and we prefer bind9-host over host. + * move libdns5 and libisc4 to priority standard since dnsutils depends on + them and is priority standard + + -- Bdale Garbee Thu, 30 May 2002 10:38:39 -0600 + +bind9 (1:9.2.0-6) unstable; urgency=low + + * move to US main! Yippee! Closes: #123969 + * add info to README.Debian about 2.5 kernels vs --disable-linux-caps + + -- Bdale Garbee Sat, 23 Mar 2002 00:18:05 -0700 + +bind9 (1:9.2.0-5) unstable; urgency=medium + + * clean up various issues in the rules file + * make bind9-host conflict/replace old dnsutils as host does, otherwise we + can have problems upgrading from potato to woody, closes: #136686 + * use /dev/urandom for rndc-confgen in postinst, it should be good enough for + this purpose, and will keep the postinst from blocking arbitrarily. + closes: #130372 + * add fresh pointers to chroot howto to README.Debian, closes: #135774 + + -- Bdale Garbee Sun, 3 Mar 2002 16:47:12 -0700 + +bind9 (1:9.2.0-4) unstable; urgency=low + + * bind9-host needs to conflict with host, closes: #127395 + + -- Bdale Garbee Tue, 1 Jan 2002 20:12:14 -0700 + +bind9 (1:9.2.0-3) unstable; urgency=low + + * force removal of old diverted files, closes: #126236 + * change priority of liblwres1 from optional to standard per ftp admins + * add a bind9-host package so that the 'host' provided with the BIND 9.X + source tree can be an alternative to the aging NIKHEF version packaged + separately. Update dnsutils dependencies to depend on one of the two, + with preference to this one since it has fewer bugs (but fewer features, + too). + + -- Bdale Garbee Sun, 23 Dec 2001 00:59:15 -0700 + +bind9 (1:9.2.0-2) unstable; urgency=medium + + * change rc.d links to ensure daemon starts before and stops after other + daemons that may fail if name service is not working (bug was filed + against 8.X bind packages, but is just as relevant here!) + * use rndc for daemon shutdown instead of start-stop-daemon, closes: #111935 + * add a postinst to dnsutils to remove any lingering diversions from old + dnsutils packages, closes: #122227 + * not much point in delivering zone2ldap.1 since we aren't delivering + zone2ldap right now (though we might someday?), closes: #124058 + * be more verbose with shared library descriptions, closes: #123426, #123428 + * 9.2.0 added a new rndc.key file that both named and rndc will read to + obtain a shared key, and rndc-confgen will easily create this file with + a unique-per-system key. Modify named.conf and remove rndc.conf + to take advantage of this mechanism and stop delivering a pre-determined + static key to all Debian systems (which has been a mild security risk). + Create the key in postinst if the key file doesn't already exist, and + remove the file in postrm if purging. + Closes: #86718, #87208 + + -- Bdale Garbee Fri, 21 Dec 2001 04:04:30 -0700 + +bind9 (1:9.2.0-1) unstable; urgency=low + + * new upstream version, closes: #108243, #112266, #114250, #119506, #120657 + * /etc/bind/rndc.conf is now a conffile + * minor hacks to the README.Debian since the chroot instructions it points + to are 8.X specific, part of addressing bug 111868. + * libomapi is gone, replaced by libisccc and libisccfg + * a few lintian-motivated cosmetic cleanups + * lose task-dns-server meta package, since tasksel doesn't need it now + * dig problem not reproducible in this version, closes: #89526 + * named-checkconf now uses $sysconfdir, closes: #107835 + * no longer deliver man pages for contributed binaries we're not including + in dnsutils, closes: #108220 + * fix section in nslookup man page, though that's the least of the man + page's problems... glitch reported is unreproducible + closes: #103630, #120946 + * update libbind-dev README.Debian, closes: #121050 + + -- Bdale Garbee Tue, 27 Nov 2001 01:41:00 -0700 + +bind9 (1:9.1.3-1) unstable; urgency=low + + * new upstream version, closes: #96483, #99824, #100647, #101568, #103429 + * update config.sub/guess for hppa/ia64 support + * small init.d patch from Marco d'Itri to ease adding options on invocation + * stop having bind9-doc conflict/replace bind-doc since they don't really + conflict and there's no reason to prevent having both installed at the + same time, closes: #90994 + * the CHANGES file documents fixes since 9.1.1 that probably cured the + reported assertion failure. If it turns out that I'm wrong, the bug can + be re-opened or a new one filed. I can't see any way to reproduce the bug + in a test case here. Closes: #99352 + * have libbind-dev depend on the runtime library packages it delivers + compile-time symlinks for, closes: #100898, #103855 + * fix lwres man pages to source man3/* instead of * so all the page content + can actually be found, closes: #85450, #103865 + + -- Bdale Garbee Mon, 9 Jul 2001 11:30:39 -0600 + +bind9 (1:9.1.1-1) unstable; urgency=low + + * new upstream release + * update build-depends for libssl-dev + * add build-depends on bison, closes: #90150, #90752, #90159 + * split up libbind0 since libdns is changing so numbers + * downgrade rblcheck from a depends to a suggests, closes: #90783 + * bind9 mkdep creates files in the current working directory, closes: #58353 + + -- Bdale Garbee Wed, 25 Apr 2001 22:53:21 -0600 + +bind9 (1:9.1.0-3) unstable; urgency=low + + * merge patch from Zack Weinberg that solves compilation problem, and + reduces the memory footprint of applications by making configure.in + smarter. Closes: #86776, #86910 + * the bind-doc package includes all relevant documentation from the bind9 + source tree, including HTML content in /usr/share/doc/bind9-doc/arm, + closes: #85718 + * default named.conf and rndc.conf to not world-readable. This is an + interim step towards addressing the concerns about security raised by + bugs 86718 and closes: #86836 A better long-term solution would be for + rndc.conf to allow includes, so that both named.conf and rndc.conf could + include a key file built on the fly during installation while themselves + retaining conffile status. The required functionality has been requested + of the bind9 upstream, this will limit vulnerability in the meantime. + * add replaces logic to the dnsutils package to avoid complaints about the + delivery of nsupdate.8.gz, closes: #86759 + * move a couple of man pages back from dnsutils to bind9 that really belong + there. sigh. + + -- Bdale Garbee Thu, 22 Feb 2001 16:39:02 -0700 + +bind9 (1:9.1.0-2) unstable; urgency=low + + * merge patch from Luca Filipozzi - thanks! + + bind9: ships with a working rndc.conf file, closes: #84572 + + bind9: init.d calls rndc rather than ndc on reload, closes: #85481 + + bind9: named.conf ships with 'key' and 'control' sections + + bind9: correctly creates /var/cache/bind, closes: #85457 + + lwresd: lwresd is split off into its own package, closes: #85627 + * nsupdate is delivered by the dnsutils package, but the (wrong) man page + was accidentally also included in the bind9 package, closes: #85717 + * freshen config.sub and config.guess for ia64 and hppa support + + -- Bdale Garbee Mon, 12 Feb 2001 23:43:55 -0700 + +bind9 (1:9.1.0-1) unstable; urgency=low + + * Initial packaging of BIND 9.1.0. Must use epoch so that meta packages + retain their sequencing from the bind 8 package version stream. + * snarf a couple of man pages from the 8.X tree for now + + -- Bdale Garbee Thu, 1 Feb 2001 16:30:35 -0700 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 00000000..7ed6ff82 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..284b10ea --- /dev/null +++ b/debian/control @@ -0,0 +1,173 @@ +Source: bind9 +Section: net +Priority: optional +Maintainer: LaMont Jones +Uploaders: Bdale Garbee +Build-Depends: libkrb5-dev, debhelper (>= 5), libssl-dev, libtool, bison, libdb-dev (>>4.6), libldap2-dev, libxml2-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], hardening-wrapper, libgeoip-dev (>= 1.4.6.dfsg-5), dpkg-dev (>= 1.15.5), python, python-argparse +Build-Conflicts: libdb4.2-dev +Standards-Version: 3.7.3.0 +XS-Vcs-Browser: http://git.debian.org/?p=users/lamont/bind9.git +XS-Vcs-Git: git://git.debian.org/~lamont/bind9.git + +Package: bind9 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, debconf | debconf-2.0, netbase, adduser, libdns99 (=${binary:Version}), libisccfg90 (=${binary:Version}), libisc95 (=${binary:Version}), libisccc90 (=${binary:Version}), lsb-base (>= 3.2-14), bind9utils (=${binary:Version}), liblwres90 (=${binary:Version}), libbind9-90 (=${binary:Version}), net-tools +Conflicts: bind, apparmor-profiles (<< 2.1+1075-0ubuntu4) +Replaces: bind, dnsutils (<< 1:9.1.0-3), apparmor-profiles (<< 2.1+1075-0ubuntu4) +Suggests: dnsutils, bind9-doc, resolvconf, ufw +Description: Internet Domain Name Server + ${Description} + . + This package provides the server and related configuration files. + +Package: bind9utils +Architecture: any +Replaces: bind9 (<= 1:9.5.0~b2-1) +Depends: ${shlibs:Depends}, ${misc:Depends}, python, python-argparse +Description: Utilities for BIND + This package provides various utilities that are useful for maintaining a + working BIND installation. + +Package: bind9-doc +Architecture: all +Section: doc +Depends: ${misc:Depends} +Description: Documentation for BIND + This package provides various documents that are useful for maintaining a + working BIND installation. + +Package: host +Priority: standard +Architecture: all +Depends: ${misc:Depends}, bind9-host +Description: Transitional package + This dummy package is provided for a smooth transition from the previous + host package. It may safely be removed after installation. + +Package: bind9-host +Priority: standard +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libdns99 (=${binary:Version}), libisccfg90 (=${binary:Version}), libisc95 (=${binary:Version}), liblwres90 (=${binary:Version}), libbind9-90 (=${binary:Version}) +Conflicts: host (<<1:9.7.0), dnsutils (<< 1:9.0.0) +Replaces: dnsutils (<< 1:9.0.0), host (<< 1:9.7.0) +Provides: host +Description: Version of 'host' bundled with BIND 9.X + This package provides the 'host' program in the form that is bundled with + the BIND 9.X sources. + +Package: libbind-dev +Section: libdevel +Architecture: any +Conflicts: bind-dev +Replaces: bind-dev +Depends: ${shlibs:Depends}, ${misc:Depends}, libdns99 (=${binary:Version}), libisccfg90 (=${binary:Version}), libisc95 (=${binary:Version}), liblwres90 (=${binary:Version}), libbind9-90 (=${binary:Version}) +Description: Static Libraries and Headers used by BIND + This package delivers archive-style libraries, header files, and API man + pages for libbind, libdns, libisc, and liblwres. These are only needed + if you want to compile other packages that need more nameserver API than the + resolver code provided in libc. + +Package: libbind9-90 +Section: libs +Priority: standard +Architecture: any +Conflicts: libbind0, libbind9-41 +Replaces: libbind0 +Depends: ${shlibs:Depends}, ${misc:Depends}, libdns99, libisccfg90, libisc95 +Description: BIND9 Shared Library used by BIND + ${Description} + . + This package delivers the libbind9 shared library used by BIND's daemons and + clients. + +Package: libdns99 +Section: libs +Priority: standard +Architecture: any +Conflicts: libbind0, libbind9-41 +Replaces: libbind0 +Depends: ${shlibs:Depends}, ${misc:Depends}, libisc95 +Description: DNS Shared Library used by BIND + ${Description} + . + This package delivers the libdns shared library used by BIND's daemons and + clients. + +Package: libisc95 +Section: libs +Priority: standard +Architecture: any +Conflicts: libbind0, libbind9-41 +Replaces: libbind0 +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: ISC Shared Library used by BIND + ${Description} + . + This package delivers the libisc shared library used by BIND's daemons and + clients. + +Package: liblwres90 +Section: libs +Priority: standard +Architecture: any +Replaces: libbind0 +Conflicts: libbind0 +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Lightweight Resolver Library used by BIND + ${Description} + . + This package delivers the liblwres shared library used by BIND's daemons + and clients. + +Package: libisccc90 +Section: libs +Architecture: any +Conflicts: libbind0, libbind9-41 +Replaces: libbind0 +Depends: ${shlibs:Depends}, ${misc:Depends}, libisc95 +Description: Command Channel Library used by BIND + ${Description} + . + This package delivers the libisccc shared library used by BIND's daemons + and clients, particularly rndc. + +Package: libisccfg90 +Section: libs +Architecture: any +Conflicts: libbind0, libbind9-41 +Replaces: libbind0 +Depends: ${shlibs:Depends}, ${misc:Depends}, libdns99, libisccc90, libisc95 +Description: Config File Handling Library used by BIND + ${Description} + . + This package delivers the libisccfg shared library used by BIND's daemons + and clients to read and write ISC-style configuration files like named.conf + and rndc.conf. + +Package: dnsutils +Priority: standard +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, bind9-host | host, libdns99 (=${binary:Version}), libisccfg90 (=${binary:Version}), libisc95 (=${binary:Version}), liblwres90 (=${binary:Version}), libbind9-90 (=${binary:Version}) +Suggests: rblcheck +Conflicts: netstd (<< 2.00) +Replaces: bind, bind9 (<< 1:9.1.0-3) +Description: Clients provided with BIND + ${Description} + . + This package delivers various client programs related to DNS that are + derived from the BIND source tree. + . + - dig - query the DNS in various ways + - nslookup - the older way to do it + - nsupdate - perform dynamic updates (See RFC2136) + +Package: lwresd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libdns99 (=${binary:Version}), libisccfg90 (=${binary:Version}), libisccc90 (=${binary:Version}), libisc95 (=${binary:Version}), liblwres90 (=${binary:Version}), libbind9-90 (=${binary:Version}) +Recommends: libnss-lwres +Suggests: bind9utils +Description: Lightweight Resolver Daemon + lwresd is the daemon providing name lookup services to clients that use + the BIND 9 lightweight resolver library. It is essentially a stripped- + down, caching-only name server that answers queries using the BIND 9 + lightweight resolver protocol rather than the DNS protocol. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..32819b88 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,121 @@ +This package was debianized by Bdale Garbee on +Tue, 12 Dec 2000 02:42:56 -0700. + +It was downloaded from http://www.isc.org/products/BIND/ and can be fetched +from git with: + git clone git://git.debian.org/users/lamont/bind9.git +ISC releases can be cloned from git with: + git clone git://git.debian.org/users/lamont/bind9-isc.git + +Upstream Author: Internet Systems Consortium, Inc. ("ISC") + +Copyright: + +Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 1996-2003 Internet Software Consortium. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. + +Portions Copyright (C) 1996-2001 Nominum, Inc. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +Portions Copyright (c) 2000 Japan Network Information Center. All rights reserved. + +By using this file, you agree to the terms and conditions set forth bellow. + + LICENSE TERMS AND CONDITIONS + +The following License Terms and Conditions apply, unless a different +license is obtained from Japan Network Information Center ("JPNIC"), +a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda, +Chiyoda-ku, Tokyo 101-0047, Japan. + +1. Use, Modification and Redistribution (including distribution of any + modified or derived work) in source and/or binary forms is permitted + under this License Terms and Conditions. + +2. Redistribution of source code must retain the copyright notices as they + appear in each source code file, this License Terms and Conditions. + +3. Redistribution in binary form must reproduce the Copyright Notice, + this License Terms and Conditions, in the documentation and/or other + materials provided with the distribution. For the purposes of binary + distribution the "Copyright Notice" refers to the following language: + "Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved." + +4. The name of JPNIC may not be used to endorse or promote products + derived from this Software without specific prior written approval of + JPNIC. + +5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JPNIC BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +Portions Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. + +This software is open source. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +Neither the name of Holger Zuleger HZnet nor the names of its contributors may +be used to endorse or promote products derived from this software without +specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +Portions Copyright(C) Jason Vas Dias, Red Hat Inc., 2005 +Modified by Adam Tkac, Red Hat Inc., 2007 + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation at + http://www.fsf.org/licensing/licenses/gpl.txt +and found in /usr/share/common-licenses. diff --git a/debian/db.0 b/debian/db.0 new file mode 100644 index 00000000..e3aabdbe --- /dev/null +++ b/debian/db.0 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/debian/db.127 b/debian/db.127 new file mode 100644 index 00000000..cd05bef1 --- /dev/null +++ b/debian/db.127 @@ -0,0 +1,13 @@ +; +; BIND reverse data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +1.0.0 IN PTR localhost. diff --git a/debian/db.empty b/debian/db.empty new file mode 100644 index 00000000..8a128589 --- /dev/null +++ b/debian/db.empty @@ -0,0 +1,14 @@ +; BIND reverse data file for empty rfc1918 zone +; +; DO NOT EDIT THIS FILE - it is used for multiple zones. +; Instead, copy it, edit named.conf, and use that copy. +; +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 86400 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/debian/db.local b/debian/db.local new file mode 100644 index 00000000..2f272d40 --- /dev/null +++ b/debian/db.local @@ -0,0 +1,14 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +@ IN A 127.0.0.1 +@ IN AAAA ::1 diff --git a/debian/db.root b/debian/db.root new file mode 100644 index 00000000..6c197412 --- /dev/null +++ b/debian/db.root @@ -0,0 +1,88 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jan 3, 2013 +; related version of root zone: 2013010300 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/debian/dnsutils.dirs b/debian/dnsutils.dirs new file mode 100644 index 00000000..b8d2de1a --- /dev/null +++ b/debian/dnsutils.dirs @@ -0,0 +1,3 @@ +usr/bin +usr/share/doc/dnsutils +usr/share/man/man1 diff --git a/debian/dnsutils.install b/debian/dnsutils.install new file mode 100644 index 00000000..b2515fb4 --- /dev/null +++ b/debian/dnsutils.install @@ -0,0 +1,6 @@ +usr/bin/dig +usr/bin/nslookup +usr/bin/nsupdate +usr/share/man/man1/dig.1* +usr/share/man/man1/nslookup.1* +usr/share/man/man1/nsupdate.1* diff --git a/debian/dnsutils.postinst b/debian/dnsutils.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/dnsutils.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/ip-down.d b/debian/ip-down.d new file mode 100644 index 00000000..742139b8 --- /dev/null +++ b/debian/ip-down.d @@ -0,0 +1,15 @@ +#!/bin/sh -e +# Called when an interface disconnects +# Written by LaMont Jones + +# kick named as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/sbin ]; then + exit 0 +fi + +# if named is running, reconfig it. +rndc reconfig >/dev/null 2>&1 || true + +exit 0 diff --git a/debian/ip-up.d b/debian/ip-up.d new file mode 100644 index 00000000..65bb3625 --- /dev/null +++ b/debian/ip-up.d @@ -0,0 +1,15 @@ +#!/bin/sh -e +# Called when a new interface comes up +# Written by LaMont Jones + +# kick named as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/sbin ]; then + exit 0 +fi + +# if named is running, reconfig it. +rndc reconfig >/dev/null 2>&1 || true + +exit 0 diff --git a/debian/libbind-dev.README.Debian b/debian/libbind-dev.README.Debian new file mode 100644 index 00000000..ff47ab50 --- /dev/null +++ b/debian/libbind-dev.README.Debian @@ -0,0 +1,9 @@ +The include files for BIND are in /usr/include/{isc,dns,dst,lwres}. If +you're compiling something that uses them, use something like + + '-I/usr/include/isc' + +and so on in the call to the compiler to pick up the BIND versions before +the normal system versions for files that have conflicting filenames. + + diff --git a/debian/libbind-dev.dirs b/debian/libbind-dev.dirs new file mode 100644 index 00000000..da07fddd --- /dev/null +++ b/debian/libbind-dev.dirs @@ -0,0 +1,2 @@ +usr/include +usr/lib diff --git a/debian/libbind-dev.install b/debian/libbind-dev.install new file mode 100644 index 00000000..342a2296 --- /dev/null +++ b/debian/libbind-dev.install @@ -0,0 +1,15 @@ +usr/include +usr/lib/libbind9.a +usr/lib/libbind9.so +usr/lib/libdns.a +usr/lib/libdns.so +usr/lib/libisc.a +usr/lib/libisc.so +usr/lib/liblwres.a +usr/lib/liblwres.so +usr/lib/libisccc.a +usr/lib/libisccc.so +usr/lib/libisccfg.a +usr/lib/libisccfg.so +usr/share/man/man3 +usr/bin/isc-config.sh diff --git a/debian/libbind9-90.install b/debian/libbind9-90.install new file mode 100644 index 00000000..e7da23ed --- /dev/null +++ b/debian/libbind9-90.install @@ -0,0 +1 @@ +usr/lib/libbind9.so.90* diff --git a/debian/libbind9-90.postinst b/debian/libbind9-90.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/libbind9-90.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/libbind9-90.postrm b/debian/libbind9-90.postrm new file mode 100644 index 00000000..7baba967 --- /dev/null +++ b/debian/libbind9-90.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +#DEBHELPER# + +exit 0 diff --git a/debian/libdns99.install b/debian/libdns99.install new file mode 100644 index 00000000..66ebbf58 --- /dev/null +++ b/debian/libdns99.install @@ -0,0 +1 @@ +usr/lib/libdns.so.99* diff --git a/debian/libdns99.postinst b/debian/libdns99.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/libdns99.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/libdns99.postrm b/debian/libdns99.postrm new file mode 100644 index 00000000..7baba967 --- /dev/null +++ b/debian/libdns99.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +#DEBHELPER# + +exit 0 diff --git a/debian/libirs90.install b/debian/libirs90.install new file mode 100644 index 00000000..14e87a05 --- /dev/null +++ b/debian/libirs90.install @@ -0,0 +1 @@ +usr/lib/libirs.so.90* diff --git a/debian/libirs90.postinst b/debian/libirs90.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/libirs90.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/libirs90.postrm b/debian/libirs90.postrm new file mode 100644 index 00000000..7baba967 --- /dev/null +++ b/debian/libirs90.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +#DEBHELPER# + +exit 0 diff --git a/debian/libisc95.install b/debian/libisc95.install new file mode 100644 index 00000000..f299636e --- /dev/null +++ b/debian/libisc95.install @@ -0,0 +1 @@ +usr/lib/libisc.so.95* diff --git a/debian/libisc95.postinst b/debian/libisc95.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/libisc95.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/libisc95.postrm b/debian/libisc95.postrm new file mode 100644 index 00000000..7baba967 --- /dev/null +++ b/debian/libisc95.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +#DEBHELPER# + +exit 0 diff --git a/debian/libisccc90.install b/debian/libisccc90.install new file mode 100644 index 00000000..b33cd0f4 --- /dev/null +++ b/debian/libisccc90.install @@ -0,0 +1 @@ +usr/lib/libisccc.so.90* diff --git a/debian/libisccc90.postinst b/debian/libisccc90.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/libisccc90.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/libisccc90.postrm b/debian/libisccc90.postrm new file mode 100644 index 00000000..7baba967 --- /dev/null +++ b/debian/libisccc90.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +#DEBHELPER# + +exit 0 diff --git a/debian/libisccfg90.install b/debian/libisccfg90.install new file mode 100644 index 00000000..1704f677 --- /dev/null +++ b/debian/libisccfg90.install @@ -0,0 +1 @@ +usr/lib/libisccfg.so.90* diff --git a/debian/libisccfg90.postinst b/debian/libisccfg90.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/libisccfg90.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/libisccfg90.postrm b/debian/libisccfg90.postrm new file mode 100644 index 00000000..7baba967 --- /dev/null +++ b/debian/libisccfg90.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +#DEBHELPER# + +exit 0 diff --git a/debian/liblwres90.install b/debian/liblwres90.install new file mode 100644 index 00000000..1836a19d --- /dev/null +++ b/debian/liblwres90.install @@ -0,0 +1 @@ +usr/lib/liblwres.so.90* diff --git a/debian/liblwres90.postinst b/debian/liblwres90.postinst new file mode 100644 index 00000000..c1fc8b91 --- /dev/null +++ b/debian/liblwres90.postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +#DEBHELPER# diff --git a/debian/libwres90.postrm b/debian/libwres90.postrm new file mode 100644 index 00000000..7baba967 --- /dev/null +++ b/debian/libwres90.postrm @@ -0,0 +1,10 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +#DEBHELPER# + +exit 0 diff --git a/debian/lwresd.dirs b/debian/lwresd.dirs new file mode 100644 index 00000000..e444bb3d --- /dev/null +++ b/debian/lwresd.dirs @@ -0,0 +1,5 @@ +etc/bind +usr/sbin +usr/share/man/man8 +usr/share/doc/lwresd +var/run/named diff --git a/debian/lwresd.init b/debian/lwresd.init new file mode 100644 index 00000000..17950861 --- /dev/null +++ b/debian/lwresd.init @@ -0,0 +1,72 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: lwresd +# Required-Start: $remote_fs +# Should-Start: $syslog $network +# Required-Stop: $remote_fs +# Should-Stop: $syslog $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop the Lightweight Resolver Daemon. +### END INIT INFO + +. /lib/lsb/init-functions + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +NAME=lwresd +DAEMON=/usr/sbin/lwresd +PIDFILE=/var/run/lwresd/lwresd.pid + +# Don't modify this line, change or create /etc/default/lwresd. +OPTIONS="" + +test -f /etc/default/lwresd && . /etc/default/lwresd + +test -x $DAEMON || exit 0 + +case "$1" in + start) + modprobe capability >/dev/null 2>&1 || true + + # dirs under /var/run can go away on reboots. + mkdir -p ${PIDFILE%/*} + chmod 775 ${PIDFILE%/*} + chown root:bind ${PIDFILE%/*} >/dev/null 2>&1 || true + + log_daemon_msg "Starting domain name service" $NAME + if start-stop-daemon --start --quiet --exec $DAEMON -- $OPTIONS; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + + stop) + log_daemon_msg "Stopping domain name service" $NAME + if start-stop-daemon --stop --quiet \ + --pidfile ${PIDFILE} --exec $DAEMON; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + + + restart|force-reload) + $0 stop + sleep 2 + $0 start + ;; + + *) + log_action_msg "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/debian/lwresd.install b/debian/lwresd.install new file mode 100644 index 00000000..48325631 --- /dev/null +++ b/debian/lwresd.install @@ -0,0 +1,2 @@ +usr/sbin/lwresd +usr/share/man/man8/lwresd.8* diff --git a/debian/lwresd.postinst b/debian/lwresd.postinst new file mode 100644 index 00000000..9e859f00 --- /dev/null +++ b/debian/lwresd.postinst @@ -0,0 +1,40 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +case "$1" in + configure) + OLDVERSION="$2" + # see below + ;; + + abort-upgrade) + exit 0 + ;; + + abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# lets give them a bind user/group in all cases. +getent group bind >/dev/null 2>&1 || addgroup --system bind +getent passwd bind >/dev/null 2>&1 || + adduser --system --home /var/cache/bind --no-create-home \ + --disabled-password --ingroup bind bind + +if [ ! -s /etc/bind/rndc.key ] && [ -x /usr/sbin/rndc-confgen ]; then + rndc-confgen -r /dev/urandom -a +fi + +if pidof /usr/sbin/lwresd >/dev/null 2>&1; then + invoke-rc.d lwresd restart +else + invoke-rc.d lwresd start +fi diff --git a/debian/named.conf b/debian/named.conf new file mode 100644 index 00000000..880786af --- /dev/null +++ b/debian/named.conf @@ -0,0 +1,11 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; diff --git a/debian/named.conf.default-zones b/debian/named.conf.default-zones new file mode 100644 index 00000000..355338bd --- /dev/null +++ b/debian/named.conf.default-zones @@ -0,0 +1,30 @@ +// prime the server with knowledge of the root servers +zone "." { + type hint; + file "/etc/bind/db.root"; +}; + +// be authoritative for the localhost forward and reverse zones, and for +// broadcast zones as per RFC 1912 + +zone "localhost" { + type master; + file "/etc/bind/db.local"; +}; + +zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; +}; + +zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; +}; + +zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; +}; + + diff --git a/debian/named.conf.local b/debian/named.conf.local new file mode 100644 index 00000000..7a57b101 --- /dev/null +++ b/debian/named.conf.local @@ -0,0 +1,8 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + diff --git a/debian/named.conf.options b/debian/named.conf.options new file mode 100644 index 00000000..b1bef512 --- /dev/null +++ b/debian/named.conf.options @@ -0,0 +1,26 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; +}; + diff --git a/debian/nslookup.1 b/debian/nslookup.1 new file mode 100644 index 00000000..1c68dbe0 --- /dev/null +++ b/debian/nslookup.1 @@ -0,0 +1,536 @@ +.\" +.\" ++Copyright++ 1985, 1989 +.\" - +.\" Copyright (c) 1985, 1989 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" - +.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies, and that +.\" the name of Digital Equipment Corporation not be used in advertising or +.\" publicity pertaining to distribution of the document or software without +.\" specific, written prior permission. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL +.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT +.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +.\" SOFTWARE. +.\" - +.\" --Copyright-- +.\" +.\" @(#)nslookup.8 5.3 (Berkeley) 6/24/90 +.\" +.Dd June 24, 1990 +.Dt NSLOOKUP 1 +.Os BSD 4 +.Sh NAME +.Nm nslookup +.Nd query Internet name servers interactively +.Sh SYNOPSIS +.Nm nslookup +.Op Fl option Ar ... +.Op Ar host-to-find | Fl Op Ar server +.Sh DESCRIPTION +.Ic Nslookup +is a program to query Internet domain name servers. +.Ic Nslookup +has two modes: interactive and non-interactive. +Interactive mode allows the user to query name servers for +information about various hosts and domains or to print a list of hosts +in a domain. +Non-interactive mode is used to print just the name and requested information +for a host or domain. +.Sh ARGUMENTS +Interactive mode is entered in the following cases: +.Bl -tag -width "a) " +.It a) +when no arguments are given (the default name server will be used), +.It b) +when the first argument is a hyphen (-) and the second argument +is the host name or Internet address of a name server. +.El +.Pp +Non-interactive mode is used when the name or Internet address +of the host to be looked up +is given as the first argument. The optional second argument specifies +the host name or address of a name server. +.Pp +The options listed under the +.Dq Li set +command below can be specified in +the +.Pa .nslookuprc +file in the user's home directory if they are listed +one per line. Options can also be specified +on the command line if they precede the arguments and are prefixed with +a hyphen. For example, to change the default query type to host information, +and the initial timeout to 10 seconds, type: +.Bd -literal -offset indent + nslookup -query=hinfo -timeout=10 +.Ed +.Sh INTERACTIVE COMMANDS +Commands may be interrupted at any time by typing a control-C. +To exit, type a control-D +.Pq Dv EOF +or type +.Li exit . +The command line length must be less than 256 characters. +To treat a built-in command as a host name, +precede it with an escape character +.Pq .&\\ . +.Sy N.B.: An unrecognized command will be interpreted as a host name. +.Bl -tag -width "lserver" +.It Ar host Op Ar server +Look up information for +.Ar host +using the current default server or using +.Ar server , +if specified. +If +.Ar host +is an Internet address and the query type is +.Dv A +or +.Dv PTR , +the name of the host is returned. +If +.Ar host +is a name and does not have a trailing period, the default +domain name is appended to the name. (This behavior depends on the state of the +.Ic set +options +.Ic domain , srchlist , defname , +and +.Ic search . ) +.Pp +To look up a host not in the current domain, append a period to +the name. +.It Ic server Ar domain +.It Ic lserver Ar domain +Change the default server to +.Ar domain ; +.Ic lserver +uses the initial server to look up information about +.Ar domain , +while +.Ic server +uses the current default server. +If an authoritative answer can't be found, the names of servers +that might have the answer are returned. +.It Ic root +Changes the default server to the server for the root of the domain name space. +Currently, the host +.Li ns.internic.net +is used. +(This command is a synonym for +.Dq Ic lserver ns.internic.net . ) +The name of the root server can be changed with the +.Dq Ic set root +command. +.It Xo Ic finger Op Ar name +.Op Ic > Ar filename +.Xc +.It Xo Ic finger Op Ar name +.Op Ic >> Ar filename +.Xc +Connects with the finger server on the current host. +The current host is defined when a previous lookup for a host +was successful and returned address information (see the +.Dq Ic set querytype=A +command). +The +.Ar name +is optional. +.Ic > +and +.Ic >> +can be used to redirect output in the usual manner. +.It Xo Ic ls Op Ar option +.Ar domain Op Ic > Ar filename +.Xc +.It Xo Ic ls Op Ar option +.Ar domain Op Ic >> Ar filename +.Xc +List the information available for +.Ar domain , +optionally creating or appending to +.Ar filename . +The default output contains host names and their Internet addresses. +.Ar Option +can be one of the following: +.Bl -tag -width "-a " +.It Fl t Ar querytype +lists all records of the specified type (see +.Ar querytype +below). +.It Fl a +lists aliases of hosts in the domain; +synonym for +.Dq Fl t Dv CNAME . +.It Fl d +lists all records for the domain; +synonym for +.Dq Fl t Dv ANY . +.It Fl h +lists CPU and operating system information for the domain; +synonym for +.Dq Fl t Dv HINFO . +.It Fl s +lists well-known services of hosts in the domain; +synonym for +.Dq Fl t Dv WKS . +.El +.Pp +When output is directed to a file, hash marks are printed for every +50 records received from the server. +.It Ic view Ar filename +Sorts and lists the output of previous +.Ic ls +command(s) with +.Xr more @CMD_EXT@ . +.It Ic help +.It Ic ? +Prints a brief summary of commands. +.It Ic exit +Exits the program. +.It Xo Ic set Ar keyword +.Ns Op = Ns Ar value +.Xc +This command is used to change state information that affects the lookups. +Valid keywords are: +.Bl -tag -width "class=v" +.It Ic all +Prints the current values of the frequently-used options to +.Ic set . +Information about the current default server and host is also printed. +.It Ic class= Ns Ar value +Change the query class to one of: +.Bl -tag -width "HESIOD " +.It Dv IN +the Internet class +.It Dv CHAOS +the Chaos class +.It Dv HESIOD +the MIT Athena Hesiod class +.It Dv ANY +wildcard (any of the above) +.El +.Pp +The class specifies the protocol group of the information. +.Pp +(Default = +.Dv IN ; +abbreviation = +.Ic cl ) +.It Xo Op Ic no +.Ns Ic debug +.Xc +Turn debugging mode on. A lot more information is printed about the +packet sent to the server and the resulting answer. +.Pp +(Default = +.Ic nodebug ; +abbreviation = +.Xo Op Ic no +.Ns Ic deb ) +.Xc +.It Xo Op Ic no +.Ns Ic d2 +.Xc +Turn exhaustive debugging mode on. +Essentially all fields of every packet are printed. +.Pp +(Default = +.Ic nod2 ) +.It Ic domain= Ns Ar name +Change the default domain name to +.Ar name . +The default domain name is appended to a lookup request depending on the +state of the +.Ic defname +and +.Ic search +options. +The domain search list contains the parents of the default domain if it has +at least two components in its name. +For example, if the default domain +is CC.Berkeley.EDU, the search list is CC.Berkeley.EDU and Berkeley.EDU. +Use the +.Dq Ic set srchlist +command to specify a different list. +Use the +.Dq Ic set all +command to display the list. +.Pp +(Default = value from +.Xr hostname @CMD_EXT@ , +.Pa /etc/resolv.conf , +or +.Ev LOCALDOMAIN; +abbreviation = +.Ic do ) +.It Ic srchlist= Ns Ar name1/name2/... +Change the default domain name to +.Ar name1 +and the domain search list +to +.Ar name1 , name2 , +etc. A maximum of 6 names separated by slashes (/) +can be specified. +For example, +.Bd -literal -offset indent +set srchlist=lcs.MIT.EDU/ai.MIT.EDU/MIT.EDU +.Ed +.Pp +sets the domain to lcs.MIT.EDU and the search list to the three names. +This command overrides the +default domain name and search list of the +.Dq Ic set domain +command. +Use the +.Dq Ic set all +command to display the list. +.Pp +(Default = value based on +.Xr hostname @CMD_EXT@ , +.Pa /etc/resolv.conf , +or +.Ev LOCALDOMAIN; +abbreviation = +.Ic srchl ) +.It Xo Op Ic no +.Ns Ic defname +.Xc +If set, append the default domain name to a single-component lookup request +(i.e., one that does not contain a period). +.Pp +(Default = +.Ic defname ; +abbreviation = +.Xo Op Ic no +.Ns Ic defname ) +.Xc +.It Xo Op Ic no +.Ns Ic search +.Xc +If the lookup request contains at least one period but +.Em doesn't +end with a trailing period, append the domain names in the domain search list +to the request until an answer is received. +.Pp +(Default = +.Ic search ; +abbreviation = +.Xo Op Ic no +.Ns Ic sea ) +.Xc +.It Ic port= Ns Ar value +Change the default TCP/UDP name server port to +.Ar value . +.Pp +(Default = 53; +abbreviation = +.Ic \&po ) +.It Ic querytype= Ns Ar value +.It Ic type= Ns Ar value +Change the type of information query to one of: +.Bl -tag -width "HINFO " +.It Dv A +the host's Internet address. +.It Dv CNAME +the canonical name for an alias. +.It Dv HINFO +the host CPU and operating system type. +.It Dv MINFO +the mailbox or mail list information. +.It Dv MX +the mail exchanger. +.It Dv NS +the name server for the named zone. +.It Dv PTR +the host name if the query is an Internet address; +otherwise, the pointer to other information. +.It Dv SOA +the domain's +.Dq start-of-authority +information. +.It Dv TXT +the text information. +.It Dv UINFO +the user information. +.It Dv WKS +the supported well-known services. +.El +.Pp +Other types +.Pq Dv ANY, AXFR, MB, MD, MF, NULL +are described in the RFC-1035 document. +.Pp +(Default = +.Dv A ; +abbreviations = +.Ic q , ty ) +.It Xo Op Ic no +.Ns Ic recurse +.Xc +Tell the name server to query other servers if it does not have the +information. +.Pp +(Default = +.Ic recurse ; +abbreviation = +.Xo Op Ic no +.Ns Ic rec ) +.Xc +.It Ic retry= Ns Ar number +Set the number of retries to +.Ar number . +When a reply to a request is not received within a certain +amount of time (changed with +.Dq Ic set timeout ) , +the timeout period is doubled and the request is resent. +The retry value controls how many times a request is resent before giving up. +.Pp +(Default = 4, abbreviation = +.Ic ret ) +.It Ic root= Ns Ar host +Change the name of the root server to +.Ar host . +This affects the +.Dq Ic root +command. +.Pp +(Default = +.Ic ns.internic.net. ; +abbreviation = +.Ic ro ) +.It Ic timeout= Ns Ar number +Change the initial timeout interval for waiting for a reply to +.Ar number +seconds. Each retry doubles the timeout period. +.Pp +(Default = 5 seconds; abbreviation = +.Ic ti ) +.It Xo Op Ic no +.Ns Ic vc +.Xc +Always use a virtual circuit when sending requests to the server. +.Pp +(Default = +.Ic novc ; +abbreviation = +.Xo Op Ic no +.Ns Ic v ) +.Xc +.It Xo Op Ic no +.Ns Ic ignoretc +.Xc +Ignore packet truncation errors. +.Pp +(Default = +.Ic noignoretc ; +abbreviation = +.Xo Op Ic no +.Ns Ic ig ) +.Xc +.El +.El +.Sh DIAGNOSTICS +If the lookup request was not successful, an error message is printed. +Possible errors are: +.Bl -tag -width "Timed" +.It Li Timed out +The server did not respond to a request after a certain amount of +time (changed with +.Dq Ic set timeout= Ns Ar value ) +and a certain number of retries (changed with +.Dq Ic set retry= Ns Ar value ) . +.It Li \&No response from server +No name server is running on the server machine. +.It Li \&No records +The server does not have resource records of the current query type for the +host, although the host name is valid. +The query type is specified with the +.Dq Ic set querytype +command. +.It Li Non-existent domain +The host or domain name does not exist. +.It Li Connection refused +.It Li Network is unreachable +The connection to the name or finger server could not be made +at the current time. +This error commonly occurs with +.Ic ls +and +.Ic finger +requests. +.It Li Server failure +The name server found an internal inconsistency in its database +and could not return a valid answer. +.It Li Refused +The name server refused to service the request. +.It Li Format error +The name server found that the request packet was not in the proper format. +It may indicate an error in +.Nm nslookup . +.El +.Sh FILES +.Bl -tag -width "/usr/share/misc/nslookup.helpXXX" -compact +.It Pa /etc/resolv.conf +initial domain name and name server addresses +.It Pa $HOME/.nslookuprc +user's initial options +.It Pa /usr/share/misc/nslookup.help +summary of commands +.El +.Sh ENVIRONMENT +.Bl -tag -width "HOSTALIASESXXXX" -compact +.It Ev HOSTALIASES +file containing host aliases +.It Ev LOCALDOMAIN +overrides default domain +.El +.Sh SEE ALSO +.Xr @INDOT@named @SYS_OPS_EXT@ , +.Xr resolver @LIB_NETWORK_EXT@ , +.Xr resolver @FORMAT_EXT@ ; +RFC-1034, +.Dq Domain Names - Concepts and Facilities ; +RFC-1035, +.Dq Domain Names - Implementation and Specification . +.Sh AUTHOR +Andrew Cherenson diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 00000000..cef83a34 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 00000000..0f916c80 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,67 @@ +# Czech translation of bind9 debconf messages. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the bind9 package. +# Miroslav Kure , 2008 +# +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-15 14:38+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Uživatelský účet pro běh daemona BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Ve výchozím nastavení se daemon BINDu9 (named) spouští pod účtem uživatele " +"„bind“. Pro použití jiného účtu zadejte jeho jméno." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Další spouštěcí parametry pro named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Zadejte prosím případné další parametry (mimo uživatelského účtu), které se " +"mají předat daemonu BINDu9 (named) při každém spuštění." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Má se přepsat nastavení v resolv.conf?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Rozhodněte se, zda se má přepsat nastavení resolveru tak, aby vždy používal " +"lokální daemon BINDu9 (named) namísto serveru, který doporučí aktuální " +"připojení." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 00000000..e9a2df1f --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,67 @@ +# Danish translation bind9. +# Copyright (C) 2010 bind9 & Joe Hansen. +# This file is distributed under the same license as the bind9 package. +# Joe Hansen , 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2010-10-07 17:30+01:00\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Brugerkonto til kørsel af BIND9-dæmonen:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Standarden er at køre BIND9-dæmonen (navngivet) under brugerkontoen »bind«. " +"For at bruge en anden konto, så indtast venligst et passende brugernavn." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Andre opstartsindstillinger for navngivet:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Angiv venligst eventuelle yderligere indstillinger (udover brugernavnet) som " +"skal videresendes til BIND9-dæmonen (navngivet) ved opstart." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Skal opsætningen af resolv.conf overskrives?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Vælg venligst hvorvidt opløseren skal tvinges til at bruge den lokale BIND9-" +"dæmon (navngivet), frem for hvad den aktuelle forbindelse anbefaler, når " +"denne maskine flytter rundt." diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 00000000..b2a18df4 --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,84 @@ +# Translation of bind9 debconf templates to German +# (C) Helge Kreutzmann , 2008. +# This file is distributed under the same license as the bind9 package. +# +msgid "" +msgstr "" +"Project-Id-Version: bind9 1:9.5.0.dfsg-2\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-16 20:22+0200\n" +"Last-Translator: Helge Kreutzmann \n" +"Language-Team: de \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Benutzerkonto, unter dessen Kennung der BIND9-Daemon laufen soll:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Standardmig wird der BIND9-Daemon (Named) unter der Kennung des Benutzers " +"bind betrieben. Um ein anderes Benutzerkonto auszuwhlen, geben Sie bitte " +"den entsprechenden Benutzernamen ein." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Weitere Optionen fr den Start des Named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Bitte geben Sie hier die zustzlichen Optionen (auer dem Benutzernamen) " +"ein, die dem Bind9-Daemon (Named) beim Starten bergeben werden sollen." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Sollen die Einstellungen in resolv.conf ignoriert werden?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Bitte whlen Sie aus, ob der Namensauflser (Resolver) dazu gezwungen werden " +"soll, den lokalen BIND9-Daemon (Named) zu verwenden, statt den aktuellen " +"Verbindungsempfehlungen zu folgen, wenn diese Maschine bewegt wird." + +#~ msgid "Options that should be passed at startup to bind9" +#~ msgstr "Optionen, die beim Starten an Bind9 weitergegeben werden sollen" + +#~ msgid "which user should bind9 run as?" +#~ msgstr "Unter welcher Benutzerkennung soll Bind9 laufen?" + +#~ msgid "" +#~ "The default is to start bind9 as bind user, if you would like to change " +#~ "that, please give here the username as which bind9 should start as." +#~ msgstr "" +#~ "Standardmig startet Bind9 unter der Benutzerkennung bind. Falls Sie " +#~ "dies ndern mchten geben Sie hier bitte den Benutzernamen ein, unter " +#~ "dessen Kennung Bind9 starten soll." + +#~ msgid "Should resolvconf run when bind9 starts up?" +#~ msgstr "Soll Resolvconf laufen, wenn Bind9 startet?" diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 00000000..c9094284 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,86 @@ +# bind9 translation to spanish +# Copyright (C) 2008 Software in the Public Interest +# This file is distributed under the same license as the bind9 package. +# Changes: +# - Initial translation +# Ignacio Mondino , 2008 +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# +msgid "" +msgstr "" +"Project-Id-Version: bind9_1:9.5.0.dfsg-3\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-07-08 20:18-0300\n" +"Last-Translator: Ignacio Mondino \n" +"Language-Team: Debian Spanish team \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Cuenta de usuario que ejecuta el demonio BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"La cuenta de usuario por omisión que ejecuta el demonio BIND9 («named») es " +"«bind». Para usar una cuenta diferente, por favor ingrese el nombre de " +"usuario apropiado." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Otras opciones de inicio para «named»:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Ingrese cualquier opción adicional (además del nombre de usuario) que " +"debiera pasarse como parámetro al demonio BIND9 («named») al inicio del " +"sistema." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "¿Debería sobreescribirse el archivo «resolv.conf»?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Indique si se debería forzar al cliente a utilizar el demonio BIND9 " +"(«named») local en lugar de lo que la conexión actual recomiende, cuando " +"este equipo este en movimiento." diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 00000000..d0d0acf2 --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,68 @@ +# translation of eu.po to Euskara +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide , 2009. +msgid "" +msgstr "" +"Project-Id-Version: eu\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2009-02-22 10:36+0100\n" +"Last-Translator: Piarres Beobide \n" +"Language-Team: Euskara \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "BIND9 exekutatuko duen erabiltzaile kontua:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Lehenetsia BIND9 deabrua (named) 'bind' erabiltzaile kontuarekin exekutatzea " +"da. Beste kontu bat erabiltzeko, idatzi dagokion erabiltzaile-izena" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Beste abio aukera batzuek named-rentzat:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Mesedez zehaztu BIND9 deabruari abioan pasa behar zaizkion beste aukera " +"gehigarriak (erabiltzaile-izenaz beste)." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "resolv.conf ezarpenak gainidatzi behar al dira?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Mesedez hautatu ebazlea nola behartu behar den BIND9 deabru kopia lokala " +"erabiltzeko ekipo hau mugitzen ari denean konexioak gomendatzen dionaren " +"ordez." diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 00000000..ef9aae05 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,64 @@ +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-07-13 08:08-0000\n" +"Last-Translator: Esko Arajärvi \n" +"Language-Team: Finnish \n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Käyttäjätunnus, jolla BIND9-taustaohjelmaa ajetaan:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Oletuksena BIND9-taustaohjelmaa (named) ajetaan käyttäjätunnuksella ”bind”. " +"Jos halutaan käyttää jotain muuta tunnusta, syötä se tähän." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Ohjelman named muut käynnistysvalitsimet:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Anna mahdolliset muut valitsimet (muut kuin käyttäjätunnus), jotka BIND9-" +"taustaohjelmalle (named) tulisi antaa käynnistyksessä." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Tulisiko tiedoston resolv.conf asetukset jättää huomioitta?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Valitse tulisiko selvittäjä pakottaa käyttämään paikallista BIND9-" +"taustaohjelmaa (named) sen sijaan mitä nykyinen yhteys suosittelee, kun " +"konetta siirrellään eri paikkoihin." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 00000000..757f05d1 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,69 @@ +# Translation of bind9 debconf templates to French +# Copyright (C) 2008 CALARESU Luc +# This file is distributed under the same license as the bind9 package. +# CALARESU Luc , 2008. +# +# +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-14 14:26+0200\n" +"Last-Translator: CALARESU Luc \n" +"Language-Team: French \n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Identifiant pour l'exécution du démon de BIND9 :" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Par défaut, le démon de BIND9 est lancé avec les privilèges de l'identifiant " +"« bind ». Si vous souhaitez utiliser un autre identifiant, veuillez " +"l'indiquer ici." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Autres options à transmettre pour « named » :" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Veuillez indiquer toute option supplémentaire (autre que l'identifiant) qui " +"doit être transmise au démarrage du démon de BIND9 (« named »)." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Faut-il écraser les paramètres de resolv.conf ?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Veuillez choisir si la résolution de noms doit utiliser le démon BIND9 local " +"(« named ») plutôt que les paramètres recommandés pour la connexion " +"actuelle, lorsque cette machine est déplacée." diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 00000000..f299cb37 --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,66 @@ +# Galician translation of bind9's debconf templates +# This file is distributed under the same license as the bind9 package. +# Jacobo Tarrio , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-14 11:36+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Conta de usuario que executa o servizo de BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"A elección por defecto é executar o servizo de BIND9 (named) baixo a conta " +"de usuario \"bind\". Para empregar unha conta diferente, introduza o nome." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Outras opcións de inicio para named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Forneza as opcións adicionais (que non sexan o nome de usuario) que se deban " +"pasar ao servizo de BIND9 (named) no inicio." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "¿Quere substituír a configuración de resolv.conf?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Indique se quere forzar o resolvedor a que empregue o servizo de BIND9 local " +"(named) no canto do que recomenda a conexión actual, cando esta máquina " +"estea en movemento." diff --git a/debian/po/id.po b/debian/po/id.po new file mode 100644 index 00000000..e389970c --- /dev/null +++ b/debian/po/id.po @@ -0,0 +1,51 @@ +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: \n" +"Last-Translator: Mahyuddin Susanto \n" +"Language-Team: Debian Indonesia Translator \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Indonesian\n" +"X-Poedit-Country: INDONESIA\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Akun pengguna untuk menjalankan daemon BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "The default is to run the BIND9 daemon (named) under the 'bind' user account. To use a different account, please enter the appropriate username." +msgstr "Bawaan dari daemon BIND9 adalah menjalankan dengan user akun 'bind'. Untuk menggunakan akun berbeda, silakan masukkan nama pengguna yang sesuai." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Opsi lain startup untuk named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Please provide any additional options (other than username) that should be passed to the BIND9 daemon (named) on startup." +msgstr "Harap menyediakan opsi tambahan (selain nama pengguna) yang digunakan daemon BIND9 untuk startup" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "haruskah resolv.conf ditimpa?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Please choose whether the resolver should be forced to use the local BIND9 daemon (named) rather than what the current connection recommends, when this machine moves around." +msgstr "Silakan tentukan resolver mana yang akan digunakan untuk daemon lokal BIND9 (named) dari koneksi sekarang yang digunakan, ketika mesin ini berjalan" + diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 00000000..2e3ef2e8 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,69 @@ +# translation of bind9_1:9.5.0.dfsg.P1-2_templates.po to Italian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Alex , 2008. +msgid "" +msgstr "" +"Project-Id-Version: bind9_1:9.5.0.dfsg.P1-2_templates\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-07-27 16:10+0200\n" +"Last-Translator: Alex \n" +"Language-Team: Italian \n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Account utente con cui eseguire il demone BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"L'opzione predefinita prevede l'esecuzione del demone BIND9 (named) " +"utilizzando l'utente 'bind'. Se si desidera utilizzare un differente account " +"utente, inserire il nome corrispondente." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Altre opzioni di avvio per named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Inserire qualsiasi opzione addizionale (differente dal nome utente) che " +"dovrebbe essere inviata al demone BIND9 (named) durante l'avvio." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Si desidera non tener conto delle impostazioni in resolv.conf?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Scegliere se si desidera forzare la risoluzione di tutte le query DNS con il " +"demone BIND9 locale (named) non utilizzando i server raccomandati dalla " +"connessione attiva." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 00000000..c9317481 --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,66 @@ +# Copyright (C) 2008 LaMont Jones +# This file is distributed under the same license as the bind9 package. +# Hideki Yamane , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: bind9 1:9.5.0.dfsg.P1-2\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-07-22 00:03+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "BIND9 デーモンの動作に使うユーザアカウント:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"デフォルトでは BIND9 デーモン (named) は「bind」ユーザアカウントで動作しま" +"す。異なるアカウントを使いたい場合は、適切なユーザ名を入力してください。" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "起動時に named に指定するオプション:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"BIND9 デーモン (named) の起動時に指定したい (ユーザ名以外の) 追加オプションを" +"入力してください。" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "resolv.conf の設定を上書きしますか?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"このマシンを移動した際、リゾルバがローカルの BIND9 デーモン (named) を使うよ" +"うにするか、現在の接続先で推奨されるネームサーバを使うようにするかを選んでく" +"ださい。" diff --git a/debian/po/ko.po b/debian/po/ko.po new file mode 100644 index 00000000..9da0f6f5 --- /dev/null +++ b/debian/po/ko.po @@ -0,0 +1,69 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: debconf template\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2011-06-24 18:37+0900\n" +"Last-Translator: 강민지 \n" +"Language-Team: opensource \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Korean\n" +"X-Poedit-Country: KOREA, REPUBLIC OF\n" +"X-Poedit-SourceCharset: utf-8\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "BIND9 데몬을 실행하기 위한 사용자 계정:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"기본값은 '바인드' 사용자 계정에서 BIND9 데몬(지정된 이름)을 실행합니다. 다른 " +"계정을 사용하려면 해당 사용자 이름을 입력하세요." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "지명된 다른 시작 옵션:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"BIND9 데몬(지정된 이름)이 실행으로 전달되기 위해서 추가옵션(사용자 이름 이외)" +"을 입력하세요." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "resolv.conf 설정은 재정의 되어야하는가?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"이 기계가 근처로 이동될 때 해결자는 현재의 연결을 권장하는 것보다 로컬 BIND9 " +"데몬(지정된 이름)을 사용하도록 강요해야하는지 여부를 선택하세요." diff --git a/debian/po/nb.po b/debian/po/nb.po new file mode 100644 index 00000000..2d420479 --- /dev/null +++ b/debian/po/nb.po @@ -0,0 +1,69 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Bjørn Steensrud , 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2012-01-03 21:33+0100\n" +"Last-Translator: Bjørn Steensrud \n" +"Language-Team: Norwegian Bokmål \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: nb\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Brukerkonto for å kjøre BIND9-daemonen:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Standard er å kjøre BIND8-daemonen (named) under brukerkontoen «bind». Skriv " +"inn et passende navn for å bruke en annen konto." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Andre oppstartsvalg for named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Skriv inn flere valg (annet enn brukernavn) som skal sendes over til " +"BIND9-daemonen (named) ved oppstart." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Skal innstillingene i resolv.conf oveerstyres?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Velg om adresseløseren skal tvinges til å bruke den lokale BIND9-daemonen " +"(named) i stedet for det den gjeldende tilkoblingen anbefaler, når denne " +"maskinen flyttes omkring." + diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 00000000..b710b34e --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,72 @@ +# translation of bind9_1:9.5.0.dfsg.P2-1_nl.po to Dutch +# translation of bind9 debconf template to Dutch +# Copyright (C) 2008 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the bind9 package. +# +# Paul Gevers , 2008. +msgid "" +msgstr "" +"Project-Id-Version: bind9_1:9.5.0.dfsg.P2-1_nl\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-09-17 21:15-0500\n" +"Last-Translator: Paul Gevers \n" +"Language-Team: Dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "" +"Gebruikersaccount waaronder de BIND9 achtergronddienst dient te draaien:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Standaard wordt 'named', de BIND9-achtergronddienst, uitgevoerd onder de " +"'bind' gebruikersaccount. Als u een andere account wilt gebruiken kunt hier " +"de geschikte gebruikersnaam invullen." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Andere opstartopties voor 'named':" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Welke aanvullende opties (anders dan de gebruikersnaam) wilt u bij het " +"opstarten meegeven aan 'named', de BIND9 achtergronddienst?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Wilt u dat de 'resolv.conf' instellingen omzeild worden?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Wilt u afdwingen dat de 'resolver' gebruik maakt van de lokale BIND9 " +"achtergronddienst (named), in plaats van de aanbevelingen van de huidige " +"connectie. Bijvoorbeeld, wanneer deze computer veel verplaatst wordt." diff --git a/debian/po/pl.po b/debian/po/pl.po new file mode 100644 index 00000000..9cc79bd5 --- /dev/null +++ b/debian/po/pl.po @@ -0,0 +1,68 @@ +# debconf templates for bind9 package +# Polish translation +# Copyright (C) 2008 +# This file is distributed under the same license as the bind9 package. +# Łukasz Paździora , 2008 +# +msgid "" +msgstr "" +"Project-Id-Version: bind9 9.5.0.dfsg.P2-4\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-11-24 18:30+0100\n" +"Last-Translator: Łukasz Paździora \n" +"Language-Team: Polish \n" +"Language: pl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Konto użytkownika, jako który powinien działać BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Domyślnie demon BIND9 (named) działa jako użytkownik 'bind'. Aby użyć innego " +"konta podaj inną nazwę użytkownika." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Inne opcje startowe dla named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Proszę podać dodatkowe opcje (inne niż nazwa użytkownika), które powinny " +"zostać podane demonowi BIND9 (named) przy starcie." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Czy ustawienia resolv.conf mają zostać nadpisane?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Proszę wybrać czy do rozwiązywania nazw powinna być używana lokalna usługa " +"BIND9 (named), kiedy maszyna zmienia miejsce, czy też powinien korzystać z " +"zalecanych ustawień aktualnego połączenia." diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 00000000..2d3347f0 --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,69 @@ +# translation of bind9_1:9.5.0.dfsg-2_pt debconf to Portuguese +# Copyright (C) 2008 Américo Monteiro +# This file is distributed under the same license as the bind9 package. +# +# Américo Monteiro , 2008. +msgid "" +msgstr "" +"Project-Id-Version: bind9_1:9.5.0.dfsg-2_pt\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-14 11:55+0100\n" +"Last-Translator: Américo Monteiro \n" +"Language-Team: Portuguese \n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Conta de utilizador para correr o deamon BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"A pré-definição é correr o deamon BIND9 (named) sob a conta de utilizador " +"'bind'. Para usar uma conta diferente, por favor indique o nome de " +"utilizador apropriado." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Outras opções de arranque para o named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Por favor forneça quaisquer opções adicionais (além do nome de utilizador) " +"que deverão ser enviadas ao deamon BIND9 (named) durante o arranque. " + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Devem as configurações de resolv.conf ser substituidas?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Por favor escolha se a resolução de nomes deverá ser forçada a usar o deamon " +"local BIND9 (named) em vez do que a corrente ligação recomenda, quando esta " +"máquina está ligada." diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 00000000..f10725dc --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,71 @@ +# bind9 Brazilian Portuguese translation +# Copyright (C) 2009 bind9's COPYRIGHT HOLDER +# This file is distributed under the same license as the bind9 package. +# Luís Gustavo Pessoa Sales , 2009. +# José Figueiredo , 2010. +# +# +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2010-09-10 22:37-0300\n" +"Last-Translator: José de Figueiredo \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"pt_BR utf-8\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Conta de usuário para execução do daemon do BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"O padrão é executar o daemon do BIND9 (named) com a conta de usuário 'bind'. " +"Para usar uma conta diferente, por favor informe o nome do usuário." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Outras opções de inicialização para o named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Por favor, forneça outras opções adicionais (além de nome de usuário), que " +"devam ser passadas ao daemon do BIND9 (named) na inicialização." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "As configurações do resolv.conf devem ser sobrescritas?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Por favor, escolha se o resolvedor de nomes deve ser forçado a usar o daemon " +"do BIND9 local (named) em vez daquele que a conexão atual recomendar, quando " +"esta máquina for movida." diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 00000000..b182747e --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,70 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Yuri Kozlov , 2008. +msgid "" +msgstr "" +"Project-Id-Version: bind9 1:9.5.0.dfsg-2\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-14 11:08+0400\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Учётная запись для запуска службы BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"По умолчанию, служба BIND9 (файл named) запускается с правами учётной записи " +"'bind'. Если вы хотите использовать другую учётную запись, то введите это " +"имя здесь." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Другие параметры запуска named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Укажите любые дополнительные параметры (кроме имени учётной записи), которые " +"нужно передать службе BIND9 (файлу named) при запуске." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Переписать настройки resolv.conf?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Укажите, хотите ли вы, чтобы определитель имён машины использовал локальную " +"службу BIND9 (named), а не настройки имеющегося подключения." diff --git a/debian/po/sk.po b/debian/po/sk.po new file mode 100644 index 00000000..4ea69c64 --- /dev/null +++ b/debian/po/sk.po @@ -0,0 +1,67 @@ +# Slovak translation of bind9 +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the bind9 package. +# Ivan Masár , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: \n" +"Last-Translator: Ivan Masár \n" +"Language-Team: \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Používateľský účet démona BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Štandardne sa démon BIND9 (named) spúšťa s používateľským účtom „bind”. Ak " +"chcete použiť iný účet, prosím zadajte príslušný názov účtu." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Ďalšie spúšťacie voľby pre named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Zadajte ďalšie voľby (okrem používateľského mena), ktoré sa majú odovzdať " +"démonovi BIND9 (named) pri spustení." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Má sa nastaviť priorita pred resolv.conf?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Zvoľte, či má sa má vynútiť, aby prekladač adries používal lokálneho démona " +"BIND9 (named) namiesto toho, čo odporúča aktuálne pripojenie, keď sa " +"umiestnenie tohto počítača mení." diff --git a/debian/po/sr.po b/debian/po/sr.po new file mode 100644 index 00000000..98b67be6 --- /dev/null +++ b/debian/po/sr.po @@ -0,0 +1,66 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Zlatan Todoric \n" +"Language-Team: Serbian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Кориснички налог за покретање BIND9 процеса у позадини:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Подразумијевано је да се BIND9 процес у позадини (Named) покреће под 'bind'" +"корисничким налогом. Да бисте користили другачији налог, унесите адекватно корисничко име." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Друге опције приликом покретања за (Named):" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Молимо вас обезбједите додатне опције (осим корисничког имена) који би требали" +"бити прослијеђени BIND9 процесу у позадини (Named) приликом покретања." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Желите ли поништити постојећа resolv.conf подешавања?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Одаберите желите ли да аутоматски помагач (Resolver) буде присиљен користити " +"локални BIND9 процес у позадини (Named) умјесто препорука тренутне мреже, када " +"ова машина буде помјерана." diff --git a/debian/po/sr@latin.po b/debian/po/sr@latin.po new file mode 100644 index 00000000..5456ba62 --- /dev/null +++ b/debian/po/sr@latin.po @@ -0,0 +1,66 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) 2011 +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Zlatan Todorić \n" +"Language-Team: Serbian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Korisnički nalog za pokretanje BIND9 procesa u pozadini:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Podrazumijevano je da se BIND9 proces u pozadini (Named) pokreće pod 'bind'" +"korisničkim nalogom. Da biste koristili drugačiji nalog, unesite adekvatno korisničko ime." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Druge opcije prilikom pokretanja za (Named):" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Molimo vas obezbjedite dodatne opcije (osim korisničkog imena) koji bi trebali" +"biti proslijeđeni BIND9 procesu u pozadini (Named) prilikom pokretanja." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Želite li poništiti postojeća resolv.conf podešavanja?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Odaberite želite li da automatski pomagač (Resolver) bude prisiljen koristiti" +"lokalni BIND9 proces u pozadini umjesto preporuka trenutne mreže, kada ova" +"mašina bude pomjerana." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 00000000..4dbd1e2f --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,69 @@ +# translation of bind9_1:9.5.0.dfsg.P1-2_sv.po to Swedish +# Copyright (C) 2008 +# This file is distributed under the same license as the bind9 package. +# +# Martin Ågren , 2008. +msgid "" +msgstr "" +"Project-Id-Version: bind9_1:9.5.0.dfsg.P1-2_sv\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-07-18 19:24+0200\n" +"Last-Translator: Martin Ågren \n" +"Language-Team: Swedish \n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Användarkonto att köra BIND9-demonen under:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Standardvalet är att köra BIND9-demonen (named) under användarkontot 'bind'. " +"För att använda ett annat konto, var vänlig ange användarnamnet." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Övriga uppstartsval för named:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Var vänlig ange eventuella ytterligare val (förutom användarnamn) som ska " +"skickas till BIND9-demonen (named) vid uppstart." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Ska resolv.conf-inställningar hoppas över?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Var vänlig välj huruvida uppslagaren ska tvingas använda den lokala BIND9-" +"demonen (named) snarare än vad den aktuella uppkopplingen rekommenderar när " +"den här maskinen flyttar runt." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 00000000..6001e434 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,60 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" diff --git a/debian/po/tr.po b/debian/po/tr.po new file mode 100644 index 00000000..3d44ff85 --- /dev/null +++ b/debian/po/tr.po @@ -0,0 +1,70 @@ +# turkish translation of bind9 debconf template +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Mert Dirik , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: bind9\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-15 23:31+0200\n" +"Last-Translator: Mert Dirik \n" +"Language-Team: Debian L10n Turkish \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Poedit-Language: Turkish\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "BIND9 bekletici programının (named) kullanacağı kullanıcı hesabı:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Öntanımlı olarak BIND9 bekletici (daemon) programı 'bind' kullanıcı " +"hesabıyla çalışır. Farklı bir hesap kullanmak için kullanmak istediğiniz " +"hesabın adını girin." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "'named'in kullanacağı diğer başlatma seçenekleri:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Lütfen BIND9 bekletici programına (named) geçilmesini istediğiniz, kullanıcı " +"adı dışındaki ek seçenekleri yazın." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "'resolv.conf' ayarları ezilmeli mi (override)?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Lütfen bu makine gezerken; çözümleyicinin o anda kullanılan bağlantının " +"önerdiği sunucu yerine yerel BIND9 bekletici programını (named) kullanmaya " +"zorlanması gerekip gerekmediğini seçin." diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 00000000..99865f74 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,67 @@ +# Vietnamese translation for Bind 9. +# Copyright © 2008 Free Software Foundation, Inc. +# Clytie Siddall , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: bind9 1:9.5.0.dfsg-2\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-06-14 15:35+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.7b3\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "Tài khoản người dùng để chạy trình nền BIND9:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"Mặc định là chạy trình nền BIND9 (đặt tên) dưới tài khoản người dùng « bind " +"». Để sử dụng tài khoản khác, hãy nhập tên người dùng thích hợp." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "Tùy chọn khởi chạy khác cần đặt tên:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "" +"Hãy nhập vào đây bất kỳ tùy chọn bổ sung (khác với tên người dùng) nên gửi " +"cho trình nền BIND9 vào lúc khởi chạy." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "Co nên ghi đè lên thiết lập « resolv.conf » không?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"Hãy chọn có nên ép buộc trình giải quyết sử dụng trình nền BIND9 cục bộ (đặt " +"tên) hơn là kết nối hiện thời đề nghị gì khi máy này ở nơi khác." diff --git a/debian/po/zh_CN.po b/debian/po/zh_CN.po new file mode 100644 index 00000000..9296c1a8 --- /dev/null +++ b/debian/po/zh_CN.po @@ -0,0 +1,64 @@ +# Chinese translations for bind package. +# Copyright (C) 2008 THE bind'S COPYRIGHT HOLDER +# This file is distributed under the same license as the bind package. +# LI Daobing , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: bind 9-9.5.0.dfsg.P2\n" +"Report-Msgid-Bugs-To: Source: bind9@packages.debian.org\n" +"POT-Creation-Date: 2008-06-13 16:56-0600\n" +"PO-Revision-Date: 2008-10-04 14:36+0800\n" +"Last-Translator: LI Daobing \n" +"Language-Team: Chinese (simplified)\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "User account for running the BIND9 daemon:" +msgstr "运行 BIND9 服务的用户账号:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The default is to run the BIND9 daemon (named) under the 'bind' user " +"account. To use a different account, please enter the appropriate username." +msgstr "" +"缺省使用 'bind' 用户来运行 BIND9 服务(named)。 想使用其他的账号, 请输入合适的" +"用户名。" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Other startup options for named:" +msgstr "named 的其他启动选项:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"Please provide any additional options (other than username) that should be " +"passed to the BIND9 daemon (named) on startup." +msgstr "请提供需要传给 BIND9 服务(named)的启动选项(用户名除外)。" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Should resolv.conf settings be overridden?" +msgstr "是否覆盖 resolv.conf 的设置?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Please choose whether the resolver should be forced to use the local BIND9 " +"daemon (named) rather than what the current connection recommends, when this " +"machine moves around." +msgstr "" +"请选择是否强制使用本地 BIND9 服务(named)来做域名解析, 而不是使用当前连接所推" +"荐的域名解析服务器, 特别是当机器需要移动时。" diff --git a/debian/rules b/debian/rules new file mode 100644 index 00000000..20618ddd --- /dev/null +++ b/debian/rules @@ -0,0 +1,175 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +export DEB_BUILD_HARDENING=1 +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +ifndef DEB_HOST_ARCH +DEB_BUILD_ARCH := $(shell dpkg --print-architecture) +endif +export arch = $(DEB_HOST_ARCH) + +DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) +DEBUG = -g +endif + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) +OPT = +else +OPT = -O2 +endif + +export CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE $(DEBUG) $(OPT) + +ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) +EXTRA_FEATURES=--disable-linux-caps --disable-threads +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + ./configure --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info \ + --sysconfdir=/etc/bind \ + --localstatedir=/var \ + --enable-threads \ + --enable-largefile \ + --with-libtool \ + --enable-shared \ + --enable-static \ + --with-openssl=/usr \ + --with-gssapi=/usr \ + --with-gnu-ld \ + --with-geoip=/usr \ + --with-atf=no \ + --enable-ipv6 \ + $(EXTRA_FEATURES) + + touch configure-stamp + +build: configure-stamp build-stamp +build-stamp: + dh_testdir + LD_LIBRARY_PATH=$$(pwd)/lib/isc/.libs:$$(pwd)/lib/isccc/.libs:$$(pwd)/isccfg/.libs:$${LD_LIBRARY_PATH} $(MAKE) + touch build-stamp + +autofiles: + libtoolize --automake --copy --force + aclocal + #automake + autoheader + autoconf + rm -rf autom4te.cache + +clean: + dh_testdir + dh_testroot + -$(MAKE) distclean + find . -name \*.o -exec rm {} \; + rm -f build-stamp configure-stamp + rm -f debian/substvars lib/bind/include/isc/platform.h + rm -f contrib/dlz/bin/dlzbdb/Makefile contrib/dlz/drivers/rules + rm -f doc/arm/Bv9ARM.pdf + dh_clean + +newtemplate: + debconf-updatepo + +msgstats: + @cd debian/po && for i in *.po; do x=$$(msgfmt --statistics $$i 2>&1); echo $$i $$x; done; rm -f messages.mo *.po~ + +msg-email: + @podebconf-report-po + +ETCBIND=debian/bind9/etc/bind +ETCAPP=debian/bind9/etc/apparmor.d +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + $(MAKE) install DESTDIR=`pwd`/debian/bind9 + rm -f debian/bind9/usr/lib/*.la + install -c -o bin -g bin -m 444 debian/db.0 ${ETCBIND}/db.0 + install -c -o bin -g bin -m 444 debian/db.0 ${ETCBIND}/db.255 + install -c -o bin -g bin -m 444 debian/db.empty ${ETCBIND} + install -c -o bin -g bin -m 444 debian/zones.rfc1918 ${ETCBIND} + install -c -o bin -g bin -m 444 debian/db.127 ${ETCBIND} + install -c -o bin -g bin -m 444 debian/db.local ${ETCBIND} + install -c -o bin -g bin -m 444 debian/db.root ${ETCBIND} + install -c -o bin -g bin -m 440 debian/named.conf ${ETCBIND} + install -c -o bin -g bin -m 440 debian/named.conf.local ${ETCBIND} + install -c -o bin -g bin -m 440 debian/named.conf.default-zones ${ETCBIND} + install -c -o bin -g bin -m 440 bind.keys ${ETCBIND} + install -c -o bin -g bin -m 440 debian/named.conf.options debian/bind9/usr/share/bind9/ + cp doc/arm/*.html debian/bind9-doc/usr/share/doc/bind9-doc/arm + install -m 644 -o root -g root debian/apparmor-profile ${ETCAPP}/usr.sbin.named + install -m 644 -o root -g root debian/apparmor-profile.local ${ETCAPP}/local/usr.sbin.named + rmdir debian/bind9/var/run/named debian/lwresd/var/run/named || true + + install debian/ip-up.d debian/bind9/etc/ppp/ip-up.d/bind9 + install debian/ip-down.d debian/bind9/etc/ppp/ip-down.d/bind9 + install debian/ip-up.d debian/bind9/etc/network/if-up.d/bind9 + install debian/ip-down.d debian/bind9/etc/network/if-down.d/bind9 + install -m644 debian/bind9.ufw.profile debian/bind9/etc/ufw/applications.d/bind9 + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir -i + dh_testroot -i + dh_installdocs -i + dh_installexamples -i + dh_installmenu -i + dh_installcron -i + dh_installinfo -i + dh_installchangelogs -i # CHANGES # upstream changelog only in bind9-doc + dh_installchangelogs -pbind9-doc CHANGES + dh_link -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + for i in $$(sed -n '/^Package:/s/^.* //p' debian/control); do cat debian/vars.in >> debian/$$i.substvars; done + cat debian/vars.in >> debian/substvars + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir -a + dh_testroot -a + dh_installdocs -a + dh_installexamples -a + dh_installmenu -a + dh_installinit -a --no-start -- defaults 15 85 + dh_installcron -a + dh_installdebconf -pbind9 + dh_installinfo -a + dh_installchangelogs -a # CHANGES # upstream changelog only in bind9-doc + dh_install --sourcedir=debian/bind9 -a + (cd debian/bind9/ && rm -rf $$(cat ../*.install) ) + rm -f debian/bind9/usr/share/man/man1/query-loc.1 + # install apport hook on Ubuntu + if dpkg-vendor --is ubuntu; then \ + install -m 644 -D debian/bind9.apport debian/bind9/usr/share/apport/package-hooks/bind9.py; \ + fi + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_makeshlibs -a + dh_installdeb -a + dh_shlibdeps -l"debian/libbind9-90/usr/lib:debian/libbind-dev/usr/lib:debian/libdns99/usr/lib:debian/libisc95/usr/lib:debian/libisccc90/usr/lib:debian/libisccfg90/usr/lib:debian/liblwres90/usr/lib:/usr/lib/libfakeroot" -a + for i in $$(sed -n '/^Package:/s/^.* //p' debian/control); do cat debian/vars.in >> debian/$$i.substvars; done + cat debian/vars.in >> debian/substvars + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 00000000..d3827e75 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +1.0 diff --git a/debian/templates b/debian/templates new file mode 100644 index 00000000..b5dd9bc6 --- /dev/null +++ b/debian/templates @@ -0,0 +1,21 @@ +Template: bind9/start-as-user +Type: string +Default: bind +_Description: User account for running the BIND9 daemon: + The default is to run the BIND9 daemon (named) under the 'bind' + user account. To use a different account, please enter the + appropriate username. + +Template: bind9/different-configuration-file +Type: string +_Description: Other startup options for named: + Please provide any additional options (other than username) that should + be passed to the BIND9 daemon (named) on startup. + +Template: bind9/run-resolvconf +Type: boolean +Default: false +_Description: Should resolv.conf settings be overridden? + Please choose whether the resolver should be forced to use the + local BIND9 daemon (named) rather than what the current connection + recommends, when this machine moves around. diff --git a/debian/vars.in b/debian/vars.in new file mode 100644 index 00000000..4a576c50 --- /dev/null +++ b/debian/vars.in @@ -0,0 +1 @@ +Description=The Berkeley Internet Name Domain (BIND) implements an Internet domain${Newline}name server. BIND is the most widely-used name server software on the${Newline}Internet, and is supported by the Internet Software Consortium, www.isc.org. diff --git a/debian/zones.rfc1918 b/debian/zones.rfc1918 new file mode 100644 index 00000000..03b55462 --- /dev/null +++ b/debian/zones.rfc1918 @@ -0,0 +1,20 @@ +zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -- cgit v1.2.3 From c9ccfef705fc6b6c39b610940ee9d4d45d5de828 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 1 Mar 2013 08:19:55 -0700 Subject: Initialise OpenSSL before calling chroot() OpenSSL may need to load additional shared libraries, in particular for the gost algorithm. This will not work after we chroot(), so we need to initialise it before doing that. Move the calls to dst_lib_init2() and isc_entropy_create() into setup() and calls to the corresponding cleanup into cleanup(). Addresses-Debian-Bug: 696661 Signed-off-by: LaMont Jones --- bin/named/main.c | 33 +++++++++++++++++++++------------ bin/named/server.c | 6 ------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/bin/named/main.c b/bin/named/main.c index a5467249..45aa1af3 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -643,14 +643,6 @@ create_managers(void) { ISC_LOG_INFO, "using up to %u sockets", socks); } - result = isc_entropy_create(ns_g_mctx, &ns_g_entropy); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_entropy_create() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); - } - result = isc_hash_create(ns_g_mctx, ns_g_entropy, DNS_NAME_MAXWIRE); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -666,10 +658,6 @@ static void destroy_managers(void) { ns_lwresd_shutdown(); - isc_entropy_detach(&ns_g_entropy); - if (ns_g_fallbackentropy != NULL) - isc_entropy_detach(&ns_g_fallbackentropy); - /* * isc_taskmgr_destroy() will block until all tasks have exited, */ @@ -770,6 +758,21 @@ setup(void) { } #endif + result = isc_entropy_create(ns_g_mctx, &ns_g_entropy); + if (result != ISC_R_SUCCESS) + ns_main_earlyfatal("isc_entropy_create() failed: %s", + isc_result_totext(result)); + + /* + * DST may load additional libraries, which must be done before + * chroot + */ + result = dst_lib_init2(ns_g_mctx, ns_g_entropy, + ns_g_engine, ISC_ENTROPY_GOODONLY); + if (result != ISC_R_SUCCESS) + ns_main_earlyfatal("dst_lib_init2() failed: %s", + isc_result_totext(result)); + #ifdef ISC_PLATFORM_USETHREADS /* * Check for the number of cpu's before ns_os_chroot(). @@ -936,6 +939,12 @@ cleanup(void) { ns_builtin_deinit(); + dst_lib_destroy(); + + isc_entropy_detach(&ns_g_entropy); + if (ns_g_fallbackentropy != NULL) + isc_entropy_detach(&ns_g_fallbackentropy); + /* * Add calls to unregister sdb drivers here. */ diff --git a/bin/named/server.c b/bin/named/server.c index aef922bb..77a6b5d8 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -5730,10 +5730,6 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { ISC_R_NOMEMORY : ISC_R_SUCCESS, "allocating reload event"); - CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy, - ns_g_engine, ISC_ENTROPY_GOODONLY), - "initializing DST"); - server->tkeyctx = NULL; CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy, &server->tkeyctx), @@ -5880,8 +5876,6 @@ ns_server_destroy(ns_server_t **serverp) { if (server->tkeyctx != NULL) dns_tkeyctx_destroy(&server->tkeyctx); - dst_lib_destroy(); - isc_event_free(&server->reload_event); INSIST(ISC_LIST_EMPTY(server->viewlist)); -- cgit v1.2.3 From 52e4767ae0421d1b480f7c09df7082ca97a9bce2 Mon Sep 17 00:00:00 2001 From: LaMont Jones Date: Tue, 8 Jan 2013 06:29:34 -0700 Subject: drop dlzexternal test --- bin/tests/system/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in index 1f9f41fd..c7d876a2 100644 --- a/bin/tests/system/Makefile.in +++ b/bin/tests/system/Makefile.in @@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@ @BIND9_MAKE_INCLUDES@ -SUBDIRS = dlzexternal filter-aaaa lwresd rpz rsabigexponent tkey tsiggss +SUBDIRS = filter-aaaa lwresd rpz rsabigexponent tkey tsiggss TARGETS = @BIND9_MAKE_RULES@ -- cgit v1.2.3 From 04108496d454eb843978fe6aaa515686043579e0 Mon Sep 17 00:00:00 2001 From: LaMont Jones Date: Mon, 10 Mar 2008 11:38:41 -0600 Subject: add "order random_1" support (return one random RR) Clients who implement RFC 3484, Section 6, Rule 9 for IPv4 addresses create serious issues for domains that use rrset-order cyclic or random to do load balancing, since they erroneously decide that the host with the longest prefix in common with their own address is "closest", while no such relationship exists in IPv4. While technically incorrect, returning exactly one A RR from a random ordering works around this behavior. Using a short TTL is a good idea, for fault tollerance. Signed-off-by: LaMont Jones --- bin/named/server.c | 2 ++ lib/bind9/check.c | 1 + lib/dns/include/dns/rdataset.h | 2 ++ lib/dns/order.c | 1 + lib/dns/rdataset.c | 10 ++++++++-- 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/bin/named/server.c b/bin/named/server.c index 77a6b5d8..d0a9b3cc 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1082,6 +1082,8 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) { mode = DNS_RDATASETATTR_FIXEDORDER; else if (!strcasecmp(str, "random")) mode = DNS_RDATASETATTR_RANDOMIZE; + else if (!strcasecmp(str, "random_1")) + mode = DNS_RDATASETATTR_RANDOMIZE|DNS_RDATASETATTR_SINGLE; else if (!strcasecmp(str, "cyclic")) mode = 0; else diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 91f8bff1..51c674b0 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -131,6 +131,7 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) { "compilation time"); #endif } else if (strcasecmp(cfg_obj_asstring(obj), "random") != 0 && + strcasecmp(cfg_obj_asstring(obj), "random_1") != 0 && strcasecmp(cfg_obj_asstring(obj), "cyclic") != 0) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "rrset-order: invalid order '%s'", diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h index 31bcd15f..f02bc7d0 100644 --- a/lib/dns/include/dns/rdataset.h +++ b/lib/dns/include/dns/rdataset.h @@ -206,6 +206,8 @@ struct dns_rdataset { #define DNS_RDATASETATTR_OPTOUT 0x00100000 /*%< OPTOUT proof */ #define DNS_RDATASETATTR_NEGATIVE 0x00200000 +#define DNS_RDATASETATTR_SINGLE 0x10000000 /* Only return 1 answer */ + /*% * _OMITDNSSEC: * Omit DNSSEC records when rendering ncache records. diff --git a/lib/dns/order.c b/lib/dns/order.c index 853b0019..18dc24ea 100644 --- a/lib/dns/order.c +++ b/lib/dns/order.c @@ -89,6 +89,7 @@ dns_order_add(dns_order_t *order, dns_name_t *name, REQUIRE(DNS_ORDER_VALID(order)); REQUIRE(mode == DNS_RDATASETATTR_RANDOMIZE || mode == DNS_RDATASETATTR_FIXEDORDER || + mode == (DNS_RDATASETATTR_RANDOMIZE|DNS_RDATASETATTR_SINGLE) || mode == 0 /* DNS_RDATASETATTR_CYCLIC */ ); ent = isc_mem_get(order->mctx, sizeof(*ent)); diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index 026d7712..83775689 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -297,6 +297,7 @@ dns_rdataset_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { #define MAX_SHUFFLE 32 #define WANT_FIXED(r) (((r)->attributes & DNS_RDATASETATTR_FIXEDORDER) != 0) #define WANT_RANDOM(r) (((r)->attributes & DNS_RDATASETATTR_RANDOMIZE) != 0) +#define WANT_SINGLE(r) (((r)->attributes & DNS_RDATASETATTR_SINGLE) != 0) struct towire_sort { int key; @@ -321,6 +322,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, isc_region_t r; isc_result_t result; unsigned int i, count = 0, added, choice; + unsigned int real_count; isc_buffer_t savedbuffer, rdlen, rrbuffer; unsigned int headlen; isc_boolean_t question = ISC_FALSE; @@ -362,6 +364,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, if (result != ISC_R_SUCCESS) return (result); } + real_count = count; /* * Do we want to shuffle this answer? @@ -430,6 +433,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, sorted[i].key = 0; /* Unused */ sorted[i].rdata = &shuffled[i]; } + if (count > 1 && WANT_SINGLE(rdataset)) { + count = 1; + } } else { /* * "Cyclic" order. @@ -550,9 +556,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, cleanup: if (sorted != NULL && sorted != sorted_fixed) - isc_mem_put(cctx->mctx, sorted, count * sizeof(*sorted)); + isc_mem_put(cctx->mctx, sorted, real_count * sizeof(*sorted)); if (shuffled != NULL && shuffled != shuffled_fixed) - isc_mem_put(cctx->mctx, shuffled, count * sizeof(*shuffled)); + isc_mem_put(cctx->mctx, shuffled, real_count * sizeof(*shuffled)); return (result); } -- cgit v1.2.3 From 10111e84727f78972ec20467e8e47d881b38680a Mon Sep 17 00:00:00 2001 From: Michael Milligan Date: Fri, 20 Mar 2009 15:01:03 -0600 Subject: Add min-cache-ttl and min-ncache-ttl keywords Sometimes it is useful to set a 'floor' on the TTL for records to be cached. Some sites like to use ridiculously low TTLs for some reason, and that often is not compatible with slow links. Signed-off-by: Michael Milligan Signed-off-by: LaMont Jones Conflicts: bin/named/server.c lib/dns/ncache.c lib/dns/resolver.c --- bin/named/config.c | 2 ++ bin/named/server.c | 12 ++++++++++++ bin/tests/named.conf | 2 ++ lib/dns/include/dns/ncache.h | 4 ++-- lib/dns/include/dns/view.h | 2 ++ lib/dns/ncache.c | 14 ++++++++------ lib/dns/resolver.c | 20 ++++++++++++++------ lib/isccfg/namedconf.c | 2 ++ 8 files changed, 44 insertions(+), 14 deletions(-) diff --git a/bin/named/config.c b/bin/named/config.c index fa349eea..7ea85bdd 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -144,6 +144,8 @@ options {\n\ lame-ttl 600;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-cache-ttl 604800; /* 1 week */\n\ + min-ncache-ttl 0; /* 0 hours */\n\ + min-cache-ttl 0; /* 0 seconds */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ check-names master fail;\n\ diff --git a/bin/named/server.c b/bin/named/server.c index d0a9b3cc..5fe3b8c7 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -2146,6 +2146,18 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, if (view->maxncachettl > 7 * 24 * 3600) view->maxncachettl = 7 * 24 * 3600; + obj = NULL; + result = ns_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "min-ncache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->minncachettl = cfg_obj_asuint32(obj); + if (view->minncachettl > 7 * 24 * 3600) + view->minncachettl = 7 * 24 * 3600; + /* * Configure the view's cache. * diff --git a/bin/tests/named.conf b/bin/tests/named.conf index 722d2626..d89856ca 100644 --- a/bin/tests/named.conf +++ b/bin/tests/named.conf @@ -54,6 +54,7 @@ options { memstatistics-file "named.memstats"; // _PATH_MEMSTATS max-cache-ttl 999; + min-cache-ttl 666; auth-nxdomain yes; // always set AA on NXDOMAIN. // don't set this to 'no' unless // you know what you're doing -- older @@ -155,6 +156,7 @@ options { min-refresh-time 777; max-ncache-ttl 333; + min-ncache-ttl 222; min-roots 15; serial-queries 34; diff --git a/lib/dns/include/dns/ncache.h b/lib/dns/include/dns/ncache.h index 337e8348..14ccefd3 100644 --- a/lib/dns/include/dns/ncache.h +++ b/lib/dns/include/dns/ncache.h @@ -61,12 +61,12 @@ ISC_LANG_BEGINDECLS isc_result_t dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, - dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, + dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, dns_rdataset_t *addedrdataset); isc_result_t dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, - isc_stdtime_t now, dns_ttl_t maxttl, + isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, isc_boolean_t optout, dns_rdataset_t *addedrdataset); /*%< * Convert the authority data from 'message' into a negative cache diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h index d0c1931d..e9b501c8 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -146,6 +146,8 @@ struct dns_view { isc_boolean_t requestnsid; dns_ttl_t maxcachettl; dns_ttl_t maxncachettl; + dns_ttl_t mincachettl; + dns_ttl_t minncachettl; in_port_t dstport; dns_aclenv_t aclenv; dns_rdatatype_t preferred_glue; diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index bcb3d057..d3ab27b4 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -49,7 +49,7 @@ static isc_result_t addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, - dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, + dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, isc_boolean_t optout, isc_boolean_t secure, dns_rdataset_t *addedrdataset); @@ -99,26 +99,26 @@ copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) { isc_result_t dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, - dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, + dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, dns_rdataset_t *addedrdataset) { - return (addoptout(message, cache, node, covers, now, maxttl, + return (addoptout(message, cache, node, covers, now, minttl, maxttl, ISC_FALSE, ISC_FALSE, addedrdataset)); } isc_result_t dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, - isc_stdtime_t now, dns_ttl_t maxttl, + isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, isc_boolean_t optout, dns_rdataset_t *addedrdataset) { - return (addoptout(message, cache, node, covers, now, maxttl, + return (addoptout(message, cache, node, covers, now, minttl, maxttl, optout, ISC_TRUE, addedrdataset)); } static isc_result_t addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, - dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, + dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, isc_boolean_t optout, isc_boolean_t secure, dns_rdataset_t *addedrdataset) { @@ -187,6 +187,8 @@ addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, type == dns_rdatatype_nsec3) { if (ttl > rdataset->ttl) ttl = rdataset->ttl; + if (ttl < minttl) + ttl = minttl; if (trust > rdataset->trust) trust = rdataset->trust; /* diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 27d15b93..13ed6ef2 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -470,7 +470,9 @@ static isc_boolean_t fctx_unlink(fetchctx_t *fctx); static isc_result_t ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, - isc_stdtime_t now, dns_ttl_t maxttl, + isc_stdtime_t now, + dns_ttl_t minttl, + dns_ttl_t maxttl, isc_boolean_t optout, isc_boolean_t secure, dns_rdataset_t *ardataset, @@ -4197,7 +4199,7 @@ validated(isc_task_t *task, isc_event_t *event) { ttl = 0; result = ncache_adderesult(fctx->rmessage, fctx->cache, node, - covers, now, ttl, vevent->optout, + covers, now, fctx->res->view->minncachettl, ttl, vevent->optout, vevent->secure, ardataset, &eresult); if (result != ISC_R_SUCCESS) goto noanswer_response; @@ -4652,6 +4654,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, */ if (rdataset->ttl > res->view->maxcachettl) rdataset->ttl = res->view->maxcachettl; + + /* + * Enforce configured minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; /* * Find the SIG for this rdataset, if we have it. @@ -4979,7 +4987,7 @@ cache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_stdtime_t now) */ static isc_result_t ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, - dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, + dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t minttl, dns_ttl_t maxttl, isc_boolean_t optout, isc_boolean_t secure, dns_rdataset_t *ardataset, isc_result_t *eresultp) { @@ -4992,10 +5000,10 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, } if (secure) result = dns_ncache_addoptout(message, cache, node, covers, - now, maxttl, optout, ardataset); + now, minttl, maxttl, optout, ardataset); else result = dns_ncache_add(message, cache, node, covers, now, - maxttl, ardataset); + minttl, maxttl, ardataset); if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) { /* * If the cache now contains a negative entry and we @@ -5161,7 +5169,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, ttl = 0; result = ncache_adderesult(fctx->rmessage, fctx->cache, node, - covers, now, ttl, ISC_FALSE, + covers, now, fctx->res->view->minncachettl, ttl, ISC_FALSE, ISC_FALSE, ardataset, &eresult); if (result != ISC_R_SUCCESS) goto unlock; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 431af746..de8d1fd5 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1387,6 +1387,8 @@ view_clauses[] = { { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, { "max-udp-size", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, + { "min-ncache-ttl", &cfg_type_uint32, 0 }, { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, { "minimal-responses", &cfg_type_boolean, 0 }, { "preferred-glue", &cfg_type_astring, 0 }, -- cgit v1.2.3 From afb6958efeb543bee50ac7cdce6f41d217565028 Mon Sep 17 00:00:00 2001 From: LaMont Jones Date: Thu, 8 Nov 2007 15:16:39 -0700 Subject: Makefile.in: be explicit about library paths Debian policy requires that all dependant libs be in the .so, not just the immediately depended ones. Signed-off-by: LaMont Jones Conflicts: lib/isc/Makefile.in lib/isccc/Makefile.in --- lib/dns/Makefile.in | 4 +++- lib/isc/Makefile.in | 3 +++ lib/isccc/Makefile.in | 4 +++- lib/isccfg/Makefile.in | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in index b712ab1c..31ea25cd 100644 --- a/lib/dns/Makefile.in +++ b/lib/dns/Makefile.in @@ -42,7 +42,7 @@ ISCLIBS = ../../lib/isc/libisc.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@ -LIBS = @LIBS@ +LIBS = @LIBS@ -L../../lib/isc -lcrypto # Alphabetically @@ -130,6 +130,7 @@ libdns.la: ${OBJS} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la -rpath ${libdir} \ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS} + ln -sf .libs/libdns.so . timestamp: libdns.@A@ touch timestamp @@ -144,6 +145,7 @@ clean distclean:: rm -f libdns.@A@ timestamp rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h rm -f include/dns/rdatastruct.h + rm -f libdns.so newrr:: rm -f code.h include/dns/enumtype.h include/dns/enumclass.h diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in index e68290cd..fe3ee8b2 100644 --- a/lib/isc/Makefile.in +++ b/lib/isc/Makefile.in @@ -114,12 +114,14 @@ libisc.la: ${OBJS} ${SYMTBLOBJS} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la -rpath ${libdir} \ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ ${OBJS} ${SYMTBLOBJS} ${LIBS} + ln -sf .libs/libisc.so . libisc-nosymtbl.la: ${OBJS} ${LIBTOOL_MODE_LINK} \ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-nosymtbl.la -rpath ${libdir} \ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ ${OBJS} ${LIBS} + ln -sf .libs/libisc-nosymtbl.so . timestamp: libisc.@A@ libisc-nosymtbl.@A@ touch timestamp @@ -133,3 +135,4 @@ install:: timestamp installdirs clean distclean:: rm -f libisc.@A@ libisc-nosymtbl.@A@ libisc.la \ libisc-nosymtbl.la timestamp + rm -f libisc.so libisc-nosymtbl.so diff --git a/lib/isccc/Makefile.in b/lib/isccc/Makefile.in index efa83413..ce1d0155 100644 --- a/lib/isccc/Makefile.in +++ b/lib/isccc/Makefile.in @@ -36,7 +36,7 @@ ISCCCLIBS = ../../lib/isccc/libisccc.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@ ISCCCDEPLIBS = libisccc.@A@ -LIBS = @LIBS@ +LIBS = @LIBS@ -L../../lib/isc SUBDIRS = include @@ -72,6 +72,7 @@ libisccc.la: ${OBJS} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccc.la -rpath ${libdir} \ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ ${OBJS} ${ISCLIBS} ${LIBS} + ln -sf .libs/libisccc.so . timestamp: libisccc.@A@ touch timestamp @@ -84,3 +85,4 @@ install:: timestamp installdirs clean distclean:: rm -f libisccc.@A@ timestamp + rm -f libisccc.so diff --git a/lib/isccfg/Makefile.in b/lib/isccfg/Makefile.in index 19ec61ed..e0919787 100644 --- a/lib/isccfg/Makefile.in +++ b/lib/isccfg/Makefile.in @@ -38,7 +38,7 @@ ISCCFGLIBS = ../../lib/cfg/libisccfg.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@ ISCCFGDEPLIBS = libisccfg.@A@ -LIBS = @LIBS@ +LIBS = @LIBS@ -L../dns -L../isc -L../isccc SUBDIRS = include -- cgit v1.2.3 From a8a9f25549ec8521b10f1dc11794a307d87c1d95 Mon Sep 17 00:00:00 2001 From: Martin Zobel-Helas Date: Mon, 22 Jun 2009 11:05:33 -0600 Subject: GEO-IP Patch from git://git.kernel.org/pub/scm/network/bind/bind-geodns.git Addresses-Debian-Bug: 395191 Signed-off-by: LaMont Jones Conflicts: aclocal.m4 config.guess config.h.in configure lib/dns/Makefile.in ltmain.sh --- config.h.in | 6 +++++ configure.in | 68 +++++++++++++++++++++++++++++++++++++++++++++++ lib/dns/Makefile.in | 2 +- lib/dns/acl.c | 41 ++++++++++++++++++++++++++++ lib/dns/include/dns/acl.h | 11 ++++++++ lib/isccfg/aclconf.c | 11 ++++++++ 6 files changed, 138 insertions(+), 1 deletion(-) diff --git a/config.h.in b/config.h.in index a6ddcb1e..2c180556 100644 --- a/config.h.in +++ b/config.h.in @@ -193,6 +193,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the `dlclose' function. */ #undef HAVE_DLCLOSE +/* Defined if GeoIP supports IPv6 lookups */ +#undef GEOIP_V6 + /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H @@ -421,6 +424,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS +/* Define if you want GeoIP support. */ +#undef SUPPORT_GEOIP + /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME diff --git a/configure.in b/configure.in index 8e543d85..b2ccb388 100644 --- a/configure.in +++ b/configure.in @@ -904,6 +904,74 @@ int main() { ;; esac +# +# Check for GeoIP - if yes enable it +# + +AC_MSG_CHECKING(for GeoIP library) +AC_ARG_WITH(geoip, +[ --with-geoip=PATH Specify path for system-supplied GeoIP], + use_geoip="$withval", use_geoip="no") + +#geoipdirs="/usr/local /usr/pkg /usr/kerberos /usr" +# +#if test "$use_geoip" = "yes" +#then +# for d in $geoipdirs +# do +# if test -f $d/include/include/GeoIP.h -o -f $d/include/GeoIP.h +# then +# use_geoip=$d +# break +# fi +# done +#fi + +AC_DEFINE([GEOIP_V6], [1], [Defined if GeoIP supports IPv6 lookups]) +case "$use_geoip" in + no) + AC_MSG_RESULT(disabled) + USE_GEOIP='' + ;; +# yes) +# AC_MSG_ERROR([--with-geoip must specify a path]) +# ;; + *) + AC_CHECK_HEADER(GeoIP.h,, + [AC_MSG_ERROR([GeoIP library header files not found])] + ) + AC_CHECK_LIB(GeoIP, GeoIP_open, + [ + AC_DEFINE(SUPPORT_GEOIP, 1, Define if you want GeoIP support.) + ], + [ + AC_MSG_ERROR([GeoIP library header files were found but the library was not found]) + ]) + GEOIP_LIBS="-lGeoIP" + AC_MSG_CHECKING(for for GeoIP IPv6 support) + AC_TRY_COMPILE([ +#include +#include +], +[ + +extern const struct in6_addr in6addr_loopback; +static GeoIP *geoip = NULL; + +const char* value = value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)in6addr_loopback); + +] +, + [AC_MSG_RESULT(yes) + GEOIP_V6="#define GEOIP_V6 1"], + [AC_MSG_RESULT(no) + GEOIP_V6="#undef GEOIP_V6"]) +AC_DEFINE(GEOIP_V6) + ;; +esac + +AC_SUBST(GEOIP_LIBS) + # # This would include the system openssl path (and linker options to use # it as needed) if it is found. diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in index 31ea25cd..de144e62 100644 --- a/lib/dns/Makefile.in +++ b/lib/dns/Makefile.in @@ -42,7 +42,7 @@ ISCLIBS = ../../lib/isc/libisc.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@ -LIBS = @LIBS@ -L../../lib/isc -lcrypto +LIBS = @LIBS@ -L../../lib/isc -lcrypto @GEOIP_LIBS@ # Alphabetically diff --git a/lib/dns/acl.c b/lib/dns/acl.c index 3221d30c..aefba77e 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -21,6 +21,10 @@ #include +#ifdef SUPPORT_GEOIP +#include +#endif + #include #include #include @@ -29,6 +33,10 @@ #include #include +#ifdef SUPPORT_GEOIP +static GeoIP *geoip = NULL; +#endif + /* * Create a new ACL, including an IP table and an array with room * for 'n' ACL elements. The elements are uninitialized and the @@ -320,6 +328,13 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos) dest->elements[nelem + i].node_num = source->elements[i].node_num + dest->node_count; +#ifdef SUPPORT_GEOIP + /* Country */ + if (source->elements[i].type == dns_aclelementtype_ipcountry && + source->elements[i].country != NULL) { + strncpy(dest->elements[nelem + i].country, source->elements[i].country, 3); + } +#endif /* Duplicate nested acl. */ if (source->elements[i].type == dns_aclelementtype_nestedacl && source->elements[i].nestedacl != NULL) @@ -380,6 +395,32 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr, isc_result_t result; switch (e->type) { +#ifdef SUPPORT_GEOIP + case dns_aclelementtype_ipcountry: + /* Country match */ + if (NULL == geoip) { + geoip = GeoIP_new(GEOIP_MEMORY_CACHE); + } + if (NULL != geoip) { + const char *value = NULL; + + if (reqaddr->family == AF_INET) { + value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in)); +#ifdef GEOIP_V6 + } else if (reqaddr->family == AF_INET6) { + value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)reqaddr->type.in6); +#endif + } + + if ((NULL != value) && (2 == strlen(value))) { + if ((e->country[0] == value[0]) && (e->country[1] == value[1])) { + return (ISC_TRUE); + } + } + } + return (ISC_FALSE); +#endif + case dns_aclelementtype_keyname: if (reqsigner != NULL && dns_name_equal(reqsigner, &e->keyname)) { diff --git a/lib/dns/include/dns/acl.h b/lib/dns/include/dns/acl.h index f4fc4a3b..08fa468a 100644 --- a/lib/dns/include/dns/acl.h +++ b/lib/dns/include/dns/acl.h @@ -53,8 +53,16 @@ typedef enum { dns_aclelementtype_localhost, dns_aclelementtype_localnets, dns_aclelementtype_any +#ifdef SUPPORT_GEOIP + , + dns_aclelementtype_ipcountry +#endif } dns_aclelemettype_t; +#ifdef SUPPORT_GEOIP +typedef char dns_aclipcountry[3]; +#endif + typedef struct dns_aclipprefix dns_aclipprefix_t; struct dns_aclipprefix { @@ -68,6 +76,9 @@ struct dns_aclelement { dns_name_t keyname; dns_acl_t *nestedacl; int node_num; +#ifdef SUPPORT_GEOIP + dns_aclipcountry country; +#endif }; struct dns_acl { diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c index af565990..f7ad0004 100644 --- a/lib/isccfg/aclconf.c +++ b/lib/isccfg/aclconf.c @@ -247,6 +247,9 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx, } else if (cfg_obj_isstring(ce)) { const char *name = cfg_obj_asstring(ce); if (strcasecmp(name, "localhost") == 0 || +#ifdef SUPPORT_GEOIP + strncasecmp(name, "country_", 8) == 0 || +#endif strcasecmp(name, "localnets") == 0) { n++; } else if (strcasecmp(name, "any") != 0 && @@ -441,6 +444,14 @@ nested_acl: de->negative = !neg; } else continue; +#ifdef SUPPORT_GEOIP + } else if ((0 == (strncmp("country_", name, 8))) && (10 == strlen(name))) { + /* It is a country code */ + de->type = dns_aclelementtype_ipcountry; + de->country[0] = name[8]; + de->country[1] = name[9]; + de->country[2] = '\0'; +#endif } else if (strcasecmp(name, "localhost") == 0) { de->type = dns_aclelementtype_localhost; de->negative = neg; -- cgit v1.2.3 From df44a1cd0ed8e1e8cfaec8bea09eaf9e07812b89 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Wed, 30 Jun 2010 07:40:05 -0600 Subject: updated geoip patch for ipv6, based on work by John 'Warthog9' Hawley Addresses-Debian-Bug: 584603 Signed-off-by: LaMont Jones --- config.h.in | 6 +++--- lib/dns/acl.c | 68 +++++++++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 53 insertions(+), 21 deletions(-) diff --git a/config.h.in b/config.h.in index 2c180556..7953ea7a 100644 --- a/config.h.in +++ b/config.h.in @@ -184,6 +184,9 @@ int sigwait(const unsigned int *set, int *sig); MSVC and with C++ compilers. */ #undef FLEXIBLE_ARRAY_MEMBER +/* Defined if GeoIP supports IPv6 lookups */ +#undef GEOIP_V6 + /* Define to 1 if you have the `chroot' function. */ #undef HAVE_CHROOT @@ -193,9 +196,6 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the `dlclose' function. */ #undef HAVE_DLCLOSE -/* Defined if GeoIP supports IPv6 lookups */ -#undef GEOIP_V6 - /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H diff --git a/lib/dns/acl.c b/lib/dns/acl.c index aefba77e..aa3b7c6b 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -29,14 +29,11 @@ #include #include #include +#include #include #include -#ifdef SUPPORT_GEOIP -static GeoIP *geoip = NULL; -#endif - /* * Create a new ACL, including an IP table and an array with room * for 'n' ACL elements. The elements are uninitialized and the @@ -394,30 +391,65 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr, int indirectmatch; isc_result_t result; + #ifdef SUPPORT_GEOIP + static GeoIP *geoip = NULL; + static isc_boolean_t geoip_init_tried = ISC_FALSE; + #ifdef GEOIP_V6 + static GeoIP *geoip6 = NULL; + static isc_boolean_t geoip6_init_tried = ISC_FALSE; + #endif + #endif + switch (e->type) { #ifdef SUPPORT_GEOIP case dns_aclelementtype_ipcountry: /* Country match */ - if (NULL == geoip) { - geoip = GeoIP_new(GEOIP_MEMORY_CACHE); + if (NULL == geoip && !geoip_init_tried) { + geoip_init_tried = ISC_TRUE; + if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION)) { + geoip = GeoIP_open_type(GEOIP_COUNTRY_EDITION, GEOIP_MEMORY_CACHE); + if (NULL == geoip) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_ACL, ISC_LOG_NOTICE, + "Failed to open geoip database for ipv4"); + } else { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_ACL, ISC_LOG_NOTICE, + "geoip database for ipv4 is not available"); + } + } +#ifdef GEOIP_V6 + if (NULL == geoip6 && !geoip6_init_tried) { + geoip6_init_tried = ISC_TRUE; + if (GeoIP_db_avail(GEOIP_COUNTRY_EDITION_V6)) { + geoip6 = GeoIP_open_type(GEOIP_COUNTRY_EDITION_V6, GEOIP_MEMORY_CACHE); + if (NULL == geoip6) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_ACL, ISC_LOG_NOTICE, + "Failed to open geoip database for ipv6"); + } else { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_ACL, ISC_LOG_NOTICE, + "geoip database for ipv6 is not available"); + } } - if (NULL != geoip) { - const char *value = NULL; +#endif - if (reqaddr->family == AF_INET) { - value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in)); + const char *value = NULL; + + if (reqaddr->family == AF_INET && geoip) { + value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in)); #ifdef GEOIP_V6 - } else if (reqaddr->family == AF_INET6) { - value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)reqaddr->type.in6); + } else if (reqaddr->family == AF_INET6 && geoip6) { + value = GeoIP_country_code_by_ipnum_v6(geoip6, (geoipv6_t)reqaddr->type.in6); #endif - } + } - if ((NULL != value) && (2 == strlen(value))) { - if ((e->country[0] == value[0]) && (e->country[1] == value[1])) { - return (ISC_TRUE); - } + if ((NULL != value) && (2 == strlen(value))) { + if ((e->country[0] == value[0]) && (e->country[1] == value[1])) { + return (ISC_TRUE); } - } + } return (ISC_FALSE); #endif -- cgit v1.2.3 From b1e10345898655cb19f7ffed50e6759962a60b03 Mon Sep 17 00:00:00 2001 From: Roy Jamison Date: Fri, 12 Nov 2010 10:20:23 -0700 Subject: lib/isc/unix/resource.c was missing inttypes.h include. Addresses-Ubuntu-Bug: 674199 Signed-off-by: LaMont Jones --- lib/isc/unix/resource.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/isc/unix/resource.c b/lib/isc/unix/resource.c index 29596e2a..cfd3e618 100644 --- a/lib/isc/unix/resource.c +++ b/lib/isc/unix/resource.c @@ -29,6 +29,7 @@ #include #ifdef __linux__ +#include #include /* To get the large NR_OPEN. */ #endif -- cgit v1.2.3 From 14cb2d0750593e2d51c7e028a678f3fd00775fea Mon Sep 17 00:00:00 2001 From: Thiemo Seufer Date: Thu, 8 Nov 2007 15:11:48 -0700 Subject: mips:atomic.h: improve implementation of atomic ops, fix mips{el,64} The appended patch extends the configure check to cover mips64 and mipsel, and improves the mips atomics implementation. See http://bugs.debian.org/406409 for more detail. Signed-off-by: LaMont Jones --- lib/isc/mips/include/isc/atomic.h | 66 ++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 35 deletions(-) diff --git a/lib/isc/mips/include/isc/atomic.h b/lib/isc/mips/include/isc/atomic.h index bb739f74..9281c10f 100644 --- a/lib/isc/mips/include/isc/atomic.h +++ b/lib/isc/mips/include/isc/atomic.h @@ -31,18 +31,20 @@ static inline isc_int32_t isc_atomic_xadd(isc_int32_t *p, int val) { isc_int32_t orig; - /* add is a cheat, since MIPS has no mov instruction */ - __asm__ volatile ( - "1:" - "ll $3, %1\n" - "add %0, $0, $3\n" - "add $3, $3, %2\n" - "sc $3, %1\n" - "beq $3, 0, 1b" - : "=&r"(orig) - : "m"(*p), "r"(val) - : "memory", "$3" - ); + __asm__ __volatile__ ( + " .set push \n" + " .set mips2 \n" + " .set noreorder \n" + " .set noat \n" + "1: ll $1, %1 \n" + " addu %0, $1, %2 \n" + " sc %0, %1 \n" + " beqz %0, 1b \n" + " addu %0, $1, %2 \n" + " .set pop \n" + : "=&r" (orig), "+R" (*p) + : "r" (val) + : "memory"); return (orig); } @@ -52,16 +54,7 @@ isc_atomic_xadd(isc_int32_t *p, int val) { */ static inline void isc_atomic_store(isc_int32_t *p, isc_int32_t val) { - __asm__ volatile ( - "1:" - "ll $3, %0\n" - "add $3, $0, %1\n" - "sc $3, %0\n" - "beq $3, 0, 1b" - : - : "m"(*p), "r"(val) - : "memory", "$3" - ); + *p = val; } /* @@ -72,20 +65,23 @@ isc_atomic_store(isc_int32_t *p, isc_int32_t val) { static inline isc_int32_t isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) { isc_int32_t orig; + isc_int32_t tmp; - __asm__ volatile( - "1:" - "ll $3, %1\n" - "add %0, $0, $3\n" - "bne $3, %2, 2f\n" - "add $3, $0, %3\n" - "sc $3, %1\n" - "beq $3, 0, 1b\n" - "2:" - : "=&r"(orig) - : "m"(*p), "r"(cmpval), "r"(val) - : "memory", "$3" - ); + __asm__ __volatile__ ( + " .set push \n" + " .set mips2 \n" + " .set noreorder \n" + " .set noat \n" + "1: ll $1, %1 \n" + " bne $1, %3, 2f \n" + " move %2, %4 \n" + " sc %2, %1 \n" + " beqz %2, 1b \n" + "2: move %0, $1 \n" + " .set pop \n" + : "=&r"(orig), "+R" (*p), "=r" (tmp) + : "r"(cmpval), "r"(val) + : "memory"); return (orig); } -- cgit v1.2.3