summary refs log tree commit diff
path: root/gnu/packages/dns.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/dns.scm')
-rw-r--r--gnu/packages/dns.scm87
1 files changed, 79 insertions, 8 deletions
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 7a80e1bd9b..55147f829e 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -65,7 +65,7 @@
 (define-public dnsmasq
   (package
     (name "dnsmasq")
-    (version "2.79")
+    (version "2.80")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -73,7 +73,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "07w6cw706yyahwvbvslhkrbjf2ynv567cgy9pal8bz8lrbsp9bbq"))))
+                "1fv3g8vikj3sn37x1j6qsywn09w1jipvlv34j3q5qrljbrwa5ayd"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -104,7 +104,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public isc-bind
   (package
     (name "bind")
-    (version "9.12.2-P1")
+    (version "9.12.2-P2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -112,7 +112,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "192ld6w8f4n46hvdmmzzrfkd28apf4dwmbpbi3j2q1d2p315ajww"))))
+                "0gk9vwqlbdmn10m21f2awvmiccfbadvcwi8zsgm91awbx4k7h0l7"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
@@ -289,10 +289,81 @@ asynchronous fashion.")
                    (license:non-copyleft "file://LICENSE") ; includes.h
                    license:openssl))))
 
+(define-public nsd
+  (package
+    (name "nsd")
+    (version "4.1.25")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0zyzjd3wmq258jiry62ci1z23qfd0rc5ggnpmybc60xvpddgynwg"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "--enable-pie"             ; fully benefit from ASLR
+             "--enable-ratelimit"
+             "--enable-recvmmsg"
+             "--enable-relro-now"       ; protect GOT and .dtor areas
+             "--disable-radix-tree"
+             (string-append "--with-libevent="
+                            (assoc-ref %build-inputs "libevent"))
+             (string-append "--with-ssl="
+                            (assoc-ref %build-inputs "openssl"))
+             "--with-configdir=/etc"
+             "--with-nsd_conf_file=/etc/nsd/nsd.conf"
+             "--with-logfile=/var/log/nsd.log"
+             "--with-pidfile=/var/db/nsd/nsd.pid"
+             "--with-dbfile=/var/db/nsd/nsd.db"
+             "--with-zonesdir=/etc/nsd"
+             "--with-xfrdfile=/var/db/nsd/xfrd.state"
+             "--with-zonelistfile=/var/db/nsd/zone.list")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-installation-paths
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
+               ;; The ‘make install’ target tries to create the parent
+               ;; directories of run-time things like ‘pidfile’ above, and
+               ;; useless empty directories like 'configdir'.  Remove such
+               ;; '$(INSTALL)' lines and install the example configuration file
+               ;; in an appropriate location.
+               (substitute* "Makefile.in"
+                 ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command)
+                  (string-append "#" command))
+                 (("\\$\\(nsdconfigfile\\)\\.sample" file-name)
+                  (string-append doc "/examples/" file-name)))
+               #t))))
+       #:tests? #f))                    ; no tests
+    (inputs
+     `(("libevent" ,libevent)
+       ("openssl" ,openssl)))
+    (home-page "https://www.nlnetlabs.nl/projects/nsd/about/")
+    (synopsis "Authoritative DNS name server")
+    (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative
+name server for the Domain Name System (@dfn{DNS}).  It aims to be a fast and
+RFC-compliant nameserver.
+
+NSD uses zone information compiled via @command{zonec} into a binary database
+file (@file{nsd.db}).  This allows fast startup of the name service daemon and
+allows syntax-structural errors in zone files to be flagged at compile time,
+before being made available to NSD service itself.  However, most traditional
+BIND-style zone files can be directly imported into NSD without modification.
+
+The collection of programs and processes that make up NSD are designed so that
+the daemon itself runs as a non-privileged user and can be easily configured to
+run in a @code{chroot} jail, thus making any security flaws in NSD less likely
+to result in system-wide compromise.")
+    (license (list license:bsd-3))))
+
 (define-public unbound
   (package
     (name "unbound")
-    (version "1.7.3")
+    (version "1.8.1")
     (source
      (origin
        (method url-fetch)
@@ -300,7 +371,7 @@ asynchronous fashion.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "0bb0p8nbda77ghx20yfl7hqxm9x709223q35465v99i8v4ay27f1"))))
+         "0p9w6spar5dfi7fplxjcq4394wldabaws0ns30cqq6sxqfwv6qn3"))))
     (build-system gnu-build-system)
     (outputs '("out" "python"))
     (native-inputs
@@ -498,14 +569,14 @@ Extensions} (DNSSEC).")
 (define-public knot
   (package
     (name "knot")
-    (version "2.7.1")
+    (version "2.7.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-dns/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "108k6x3hjsnyf06pv5rlxqhynjbbz13pzwax1mqff3hgv85f4skx"))
+                "1pwjcv7hzhqawisibybma160k77a6f1v94xw6ay9c7j49vrw05w7"))
               (modules '((guix build utils)))
               (snippet
                '(begin