Package: bind9
Version: 1:9.8.1.dfsg.P1-4
Severity: normal
When creating a directory under /var/run please use shell code such as the
line in the following patch to give it the correct SE Linux label. At the
moment this seems like it will only be a cosmetic error, but it would still
be nice to get this fixed for Wheezy if possible.
--- /etc/init.d/bind9.orig 2012-06-24 20:49:13.000000000 +1000
+++ /etc/init.d/bind9 2012-06-24 20:49:41.000000000 +1000
@@ -48,6 +48,7 @@
# dirs under /var/run can go away on reboots.
mkdir -p /var/run/named
+ [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/named
chmod 775 /var/run/named
chown root:bind /var/run/named >/dev/null 2>&1 || true
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bind9 depends on:
ii adduser 3.113+nmu3
ii bind9utils 1:9.8.1.dfsg.P1-4
ii debconf [debconf-2.0] 1.5.43
ii libbind9-80 1:9.8.1.dfsg.P1-4
ii libc6 2.13-33
ii libcap2 1:2.22-1
ii libdns81 1:9.8.1.dfsg.P1-4
ii libgssapi-krb5-2 1.10.1+dfsg-1
ii libisc83 1:9.8.1.dfsg.P1-4
ii libisccc80 1:9.8.1.dfsg.P1-4
ii libisccfg82 1:9.8.1.dfsg.P1-4
ii liblwres80 1:9.8.1.dfsg.P1-4
ii libssl1.0.0 1.0.1c-3
ii libxml2 2.8.0+dfsg1-3
ii lsb-base 4.1+Debian6
ii net-tools 1.60-24.1
ii netbase 5.0
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind9-doc <none>
ii dnsutils 1:9.8.1.dfsg.P1-4
pn resolvconf <none>
pn ufw <none>
-- Configuration Files:
/etc/bind/named.conf.local changed:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "//etc/bind/zones.rfc1918";
key "ns" {
algorithm hmac-md5;
secret
"/41+6B/6msiQpakbN0JQFslrtwSPrnInsPQo5lI3st6n3DgpJLSivUrvf0ILj+HtcBj8MQCpO66LHrwfV+x4Ag==";
};
key "gw" { algorithm hmac-md5; secret "RPtAvz53t44PONwlcxq0Bg=="; };
key "bigbottle" { algorithm hmac-md5; secret "I8o8BwPR0hOTsgsUWBuE+A=="; };
key "xkcd" { algorithm hmac-md5; secret "v9yQ/MeU2yY3VfVF/mEzRA=="; };
include "//etc/bind/slaves.conf";
zone "sws.net.au" {
type master;
file "/etc/bind/data/sws.net.au";
allow-transfer { key ns; key xkcd; };
};
zone "virtual" {
type master;
allow-query { internal; };
file "/etc/bind/data/virtual";
};
zone "lurking-grue.org" {
type master;
file "/etc/bind/data/lurking-grue.org";
allow-transfer { key ns; };
};
zone "coker.com.au" {
type master;
file "/etc/bind/data/coker.com.au";
allow-transfer { key ns; key xkcd; };
};
zone "dyn.coker.com.au" {
type master;
file "/var/cache/bind/dyn.coker.com.au";
allow-update { key "gw"; };
allow-transfer { key ns; };
};
zone "dyn.bigbottlepurchases.com.au" {
type master;
file "/var/cache/bind/dyn.bigbottlepurchases.com.au";
allow-update { key "bigbottle"; };
allow-transfer { key ns; };
};
zone "andrecoker.com" {
type master;
file "/etc/bind/data/andrecoker.com";
allow-transfer { key ns; };
};
zone "daphnecoker.com" {
type master;
file "/etc/bind/data/daphnecoker.com";
allow-transfer { key ns; };
};
zone "russellcoker.com" {
type master;
file "/etc/bind/data/russellcoker.com";
allow-transfer { key ns; };
};
zone "australiansecularhomescoolers.com.au" {
type master;
file "/etc/bind/data/australiansecularhomescoolers.com.au";
allow-transfer { key ns; };
};
zone "fayecoker.com" {
type master;
file "/etc/bind/data/fayecoker.com";
allow-transfer { key ns; };
};
zone "unixapropos.com" {
type master;
file "/etc/bind/data/unixapropos.com";
allow-transfer { key ns; };
};
zone "likeadumptruck.com" {
type master;
file "/etc/bind/data/likeadumptruck.com";
allow-transfer { key ns; };
};
zone "primewines.au.com" {
type master;
file "/etc/bind/data/primewines.au.com";
};
zone "aviation-center.com.au" {
type master;
file "/etc/bind/data/aviation-center.com.au";
};
zone "mivf.com.au" {
type master;
file "/etc/bind/data/mivf.com.au";
};
zone "bigbottlewine.com" {
type master;
file "/etc/bind/data/bigbottlewine.com";
};
zone "bigbottlepurchases.com.au" {
type master;
file "/etc/bind/data/bigbottlepurchases.com.au";
};
zone "46.36.203.in-addr.arpa" {
type master;
file "/etc/bind/data/203.36.46";
};
zone "sjl.com.au" {
type master;
file "/etc/bind/data/sjl.com.au";
};
zone "lukus.com.au" {
type master;
file "/etc/bind/data/lukus.com.au";
};
zone "nelsonwineco.com.au" {
type master;
file "/etc/bind/data/nelsonwineco.com.au";
};
zone "wholesalewines.com.au" {
type master;
file "/etc/bind/data/wholesalewines.com.au";
};
zone "msalandurb.com.au" {
type master;
file "/etc/bind/data/msalandurb.com.au";
};
zone "mcmahonfearnley.com.au" {
type master;
file "/etc/bind/data/mcmahonfearnley.com.au";
};
zone "fitzpatricklegal.com.au" {
type master;
file "/etc/bind/data/fitzpatricklegal.com.au";
};
zone "powerguardcontrollers.com.au" {
type master;
file "/etc/bind/data/powerguardcontrollers.com.au";
};
zone "powerguardcontrols.com" {
type master;
file "/etc/bind/data/powerguardcontrols.com";
};
zone "standbygenerator.com.au" {
type master;
file "/etc/bind/data/standbygenerator.com.au";
};
zone "abbotsfordhonda.com.au" {
type master;
file "/etc/bind/data/abbotsfordhonda.com.au";
};
zone "nationalbuyingpower.com.au" {
type master;
file "/etc/bind/data/nationalbuyingpower.com.au";
};
/etc/bind/named.conf.options changed:
acl internal {
127.0.0.0/8;
10.0.0.0/8;
192.168.0.0/16; // LAN private addresses
220.245.30.16/29; // old sws local range
220.245.31.40/29; // sws local range
62.141.42.186;
203.217.29.237;
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
notify-source 220.245.31.41;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
8.8.4.4;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-recursion { internal; };
listen-on { any; };
dnssec-enable yes;
dnssec-validation yes;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
zone-statistics 1;
};
// reduce log verbosity on issues outside our control
logging {
category lame-servers { null; };
};
/etc/init.d/bind9 changed:
PATH=/sbin:/bin:/usr/sbin:/usr/bin
OPTIONS=""
RESOLVCONF=no
test -f /etc/default/bind9 && . /etc/default/bind9
test -x /usr/sbin/rndc || exit 0
.. /lib/lsb/init-functions
PIDFILE=/var/run/named/named.pid
check_network() {
if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then
IFCONFIG_OPTS="-au"
else
IFCONFIG_OPTS=""
fi
if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
#log_action_msg "No networks configured."
return 1
fi
return 0
}
case "$1" in
start)
log_daemon_msg "Starting domain name service..." "bind9"
modprobe capability >/dev/null 2>&1 || true
# dirs under /var/run can go away on reboots.
mkdir -p /var/run/named
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/named
chmod 775 /var/run/named
chown root:bind /var/run/named >/dev/null 2>&1 || true
if [ ! -x /usr/sbin/named ]; then
log_action_msg "named binary missing - not starting"
log_end_msg 1
fi
if ! check_network; then
log_action_msg "no networks configured"
log_end_msg 1
fi
if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \
--pidfile ${PIDFILE} -- $OPTIONS; then
if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named
fi
log_end_msg 0
else
log_end_msg 1
fi
;;
stop)
log_daemon_msg "Stopping domain name service..." "bind9"
if ! check_network; then
log_action_msg "no networks configured"
log_end_msg 1
fi
if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
/sbin/resolvconf -d lo.named
fi
pid=$(/usr/sbin/rndc stop -p | awk '/^pid:/ {print $2}') || true
if [ -z "$pid" ]; then # no pid found, so either not running,
or error
pid=$(pgrep -f ^/usr/sbin/named) || true
start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/named \
--pidfile ${PIDFILE} -- $OPTIONS
fi
if [ -n $pid ]; then
sig=0
n=1
while kill -$sig $pid 2>/dev/null; do
if [ $n -eq 1 ]; then
echo "waiting for pid $pid to die"
fi
if [ $n -eq 11 ]; then
echo "giving up on pid $pid with kill -0; trying -9"
sig=9
fi
if [ $n -gt 20 ]; then
echo "giving up on pid $pid"
break
fi
n=$(($n+1))
sleep 1
done
fi
log_end_msg 0
;;
reload|force-reload)
log_daemon_msg "Reloading domain name service..." "bind9"
if ! check_network; then
log_action_msg "no networks configured"
log_end_msg 1
fi
/usr/sbin/rndc reload >/dev/null && log_end_msg 0 || log_end_msg 1
;;
restart)
if ! check_network; then
log_action_msg "no networks configured"
exit 1
fi
$0 stop
$0 start
;;
status)
ret=0
status_of_proc -p ${PIDFILE} /usr/sbin/named bind9 2>/dev/null || ret=$?
exit $ret
;;
*)
log_action_msg "Usage: /etc/init.d/bind9
{start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
exit 0
-- debconf information:
bind9/different-configuration-file:
bind9/run-resolvconf: true
bind9/start-as-user: bind
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]