This is a major update for powerdns. changelog: http://doc.powerdns.com/html/changelog.html#changelog-auth-3-3 ff.
Lightly tested, including dnssec on amd64 + sparc64 with sqlite. I'm going to test mysql + postgres in the next days (don't expect any suprises there). More tests would be appreciated. If you're in a position where you want or need to provide dnssec I suggest looking into using powerdns as a hidden signer, I quite like what they did there from a usability stand point. Can't comment on the code quality though, but I susspect it's snafu ;) The patch for nameserver.cc is already pushed upstream: https://github.com/PowerDNS/pdns/pull/1405 (it's for a different file because there was some code shuffling in HEAD) If someone has a masters degree in autohell (or maybe even a Phd is needed there?) I'd appriciate a diff that could be pushed upstream so we can drop the Makefile.in patch, too. sthen@ was mumbling that we might want a powerdns 3.x port and keep the 2.x port. But that was at a time when sparc64 was still busted. I'm not sure, it would be best if 2.x users would speak up if they can absolutly not upgrade to 3.3.1. I upgraded our (linux based) powerdns servers from 2.x to 3.x some time ago without trouble fwiw. Comments / OKs? diff --git Makefile Makefile index c57fa68..e6e77b6 100644 --- Makefile +++ Makefile @@ -7,7 +7,7 @@ COMMENT-mysql= MySQL database access module for PowerDNS COMMENT-pgsql= PGSQL database access module for PowerDNS COMMENT-ldap= LDAP module for PowerDNS -V= 2.9.22.6 +V= 3.3.1 DISTNAME= pdns-${V} PKGNAME= powerdns-${V} PKGNAME-main= powerdns-${V} @@ -17,7 +17,6 @@ PKGNAME-ldap= powerdns-ldap-${V} CATEGORIES= net HOMEPAGE= http://www.powerdns.com/ -REVISION= 4 MULTI_PACKAGES= -main -mysql -pgsql -ldap @@ -31,7 +30,7 @@ MASTER_SITES= http://downloads.powerdns.com/releases/ NO_TEST= Yes -BUILD_DEPENDS= devel/boost +BUILD_DEPENDS= devel/boost security/botan PSEUDO_FLAVORS+= no_mysql no_pgsql no_ldap FLAVOR?= @@ -66,8 +65,6 @@ WANTLIB-pgsql= crypto pq>=2 ssl ${WANTLIB} # LDAP .if ${BUILD_PACKAGES:M-ldap} -CONFIGURE_ARGS+= --with-ldap=${LOCALBASE} \ - --with-ldap-includes=${LOCALBASE}/include BACKENDS+= ldap .else CONFIGURE_ARGS+= --without-ldap @@ -77,21 +74,15 @@ LIB_DEPENDS-ldap= databases/openldap RUN_DEPENDS-ldap= ${FULLPKGNAME-main}:net/powerdns WANTLIB-ldap+= ${WANTLIB} crypto lber-2.4 ldap_r-2.4 sasl2 ssl - -BUILD_DEPENDS+= ${MODGNU_AUTOCONF_DEPENDS} - SYSCONFDIR= ${BASESYSCONFDIR}/pdns -CONFIGURE_STYLE= autoconf -AUTOCONF_VERSION= 2.65 +CONFIGURE_STYLE= gnu CONFIGURE_ARGS+= --disable-shared \ --libdir="${PREFIX}/lib/powerdns" \ --with-modules="geo" \ --with-dynmodules="${BACKENDS}" \ - --with-sqlite3=/usr \ - --with-sqlite3-includes=/usr/include \ - --without-sqlite \ - --disable-recursor # OpenBSD lacks ucontext.h, see PR 5099 + --without-lua \ + --enable-botan1.10 CONFIGURE_ENV+= CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${LOCALBASE}/lib" diff --git distinfo distinfo index 7caf3b0..1cb527a 100644 --- distinfo +++ distinfo @@ -1,5 +1,2 @@ -MD5 (pdns-2.9.22.6.tar.gz) = /5e6mAsyKtthw+nJ6cSt7w== -RMD160 (pdns-2.9.22.6.tar.gz) = 4MYEjmg+yoMIM2eS2xYowXJ30Xo= -SHA1 (pdns-2.9.22.6.tar.gz) = YI1SVbKYmQL9xgSM2BvAe8EwXj4= -SHA256 (pdns-2.9.22.6.tar.gz) = /bu8IJNjEC0CbxpDS880WfpwAmp4wxRsNv0e0UkkLQ4= -SIZE (pdns-2.9.22.6.tar.gz) = 1090648 +SHA256 (pdns-3.3.1.tar.gz) = /rVmmUcl4Ek5HpuGLJQ3ylRfG7lwFD0jh+R0pv9kW/M= +SIZE (pdns-3.3.1.tar.gz) = 1403435 diff --git files/pdns.conf files/pdns.conf index e4c5425..44e6d8e 100644 --- files/pdns.conf +++ files/pdns.conf @@ -12,10 +12,6 @@ #gpgsql-user=pdns #gpgsql-password=pdns -# SQLite -#launch=gsqlite -#gsqlite-database=<path to your SQLite database> - # SQLite 3 #launch=gsqlite3 #gsqlite3-database=<path to your SQLite database> @@ -33,9 +29,14 @@ # Autogenerated configuration file template ################################# +# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record to positive wildcard response +# +# add-superfluous-nsec3-for-old-bind=yes + +################################# # allow-axfr-ips Allow zonetransfers only to these subnets # -# allow-axfr-ips=0.0.0.0/0 +# allow-axfr-ips=0.0.0.0/0,::/0 ################################# # allow-recursion List of subnets that are allowed to recurse @@ -43,9 +44,9 @@ # allow-recursion=0.0.0.0/0 ################################# -# allow-recursion-override Set this so that local data fully overrides the recursor +# any-to-tcp Answer ANY queries with tc=1, shunting to TCP # -# allow-recursion-override=no +# any-to-tcp=no ################################# # cache-ttl Seconds to store packets in the PacketCache @@ -78,6 +79,21 @@ # daemon=no ################################# +# default-ksk-algorithms Default KSK algorithms +# +# default-ksk-algorithms=rsasha256 + +################################# +# default-ksk-size Default KSK size (0 means default) +# +# default-ksk-size=0 + +################################# +# default-soa-mail mail address to insert in the SOA record if none set in the backend +# +# default-soa-mail= + +################################# # default-soa-name name to insert in the SOA record if none set in the backend # # default-soa-name=a.misconfigured.powerdns.server @@ -88,6 +104,21 @@ # default-ttl=3600 ################################# +# default-zsk-algorithms Default ZSK algorithms +# +# default-zsk-algorithms=rsasha256 + +################################# +# default-zsk-size Default KSK size (0 means default) +# +# default-zsk-size=0 + +################################# +# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis +# +# direct-dnskey=no + +################################# # disable-axfr Disable zonetransfers but do allow TCP queries # # disable-axfr=no @@ -105,7 +136,32 @@ ################################# # do-ipv6-additional-processing Do AAAA additional processing # -# do-ipv6-additional-processing=no +# do-ipv6-additional-processing=yes + +################################# +# edns-subnet-option-number EDNS option number to use +# +# edns-subnet-option-number=20730 + +################################# +# edns-subnet-processing If we should act on EDNS Subnet options +# +# edns-subnet-processing=no + +################################# +# entropy-source If set, read entropy from this file +# +# entropy-source=/dev/urandom + +################################# +# experimental-json-interface If the webserver should serve JSON data +# +# experimental-json-interface=no + +################################# +# experimental-logfile Filename of the log file for JSON parser +# +# experimental-logfile=/var/log/pdns.log ################################# # fancy-records Process URL and MBOXFW records @@ -118,14 +174,14 @@ # guardian=no ################################# -# launch Which backends to launch and order to query them in +# include-dir Include *.conf files from this directory # -# launch= +# include-dir= ################################# -# lazy-recursion Only recurse if question cannot be answered locally +# launch Which backends to launch and order to query them in # -# lazy-recursion=yes +# launch= ################################# # load-modules Load this module - supply absolute or relative path @@ -153,14 +209,14 @@ # log-dns-details= ################################# -# log-failed-updates If PDNS should log failed update requests +# log-dns-queries If PDNS should log all incoming DNS queries # -# log-failed-updates= +# log-dns-queries=no ################################# -# logfile Logfile to use +# log-failed-updates If PDNS should log failed update requests # -# logfile=pdns.log +# log-failed-updates= ################################# # logging-facility Log under a specific facility @@ -173,11 +229,26 @@ # loglevel=4 ################################# +# lua-prequery-script Lua script with prequery handler +# +# lua-prequery-script= + +################################# # master Act as a master # # master=no ################################# +# max-cache-entries Maximum number of cache entries +# +# max-cache-entries=1000000 + +################################# +# max-ent-entries Maximum number of empty non-terminals in a zone +# +# max-ent-entries=100000 + +################################# # max-queue-length Maximum queuelength before considering situation lost # # max-queue-length=5000 @@ -193,7 +264,7 @@ # module-dir=/usr/local/lib ################################# -# negquery-cache-ttl Seconds to store packets in the PacketCache +# negquery-cache-ttl Seconds to store negative query results in the QueryCache # # negquery-cache-ttl=60 @@ -208,19 +279,34 @@ # out-of-zone-additional-processing=yes ################################# +# overload-queue-length Maximum queuelength moving to packetcache only +# +# overload-queue-length=0 + +################################# # pipebackend-abi-version Version of the pipe backend ABI # # pipebackend-abi-version=1 ################################# -# query-cache-ttl Seconds to store packets in the PacketCache +# prevent-self-notification Don't send notifications to what we think is ourself +# +# prevent-self-notification=yes + +################################# +# query-cache-ttl Seconds to store query results in the QueryCache # # query-cache-ttl=20 ################################# # query-local-address Source IP address for sending queries # -# query-local-address= +# query-local-address=0.0.0.0 + +################################# +# query-local-address6 Source IPv6 address for sending queries +# +# query-local-address6=:: ################################# # query-logging Hint backends that queries should be logged @@ -233,7 +319,12 @@ # queue-limit=1500 ################################# -# recursive-cache-ttl Seconds to store packets in the PacketCache +# receiver-threads Default number of receiver threads to start +# +# receiver-threads=1 + +################################# +# recursive-cache-ttl Seconds to store packets for recursive queries in the PacketCache # # recursive-cache-ttl=10 @@ -243,24 +334,34 @@ # recursor=no ################################# +# retrieval-threads Number of AXFR-retrieval threads for slave operation +# +# retrieval-threads=2 + +################################# # send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority # # send-root-referral=no ################################# +# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname +# +# server-id= + +################################# # setgid If set, change group id to this gid for more security # -# setgid= 609 +# setgid= ################################# # setuid If set, change user id to this uid for more security # -# setuid= 609 +# setuid= ################################# -# skip-cname Do not perform CNAME indirection for each query +# signing-threads Default number of signer threads to start # -# skip-cname=no +# signing-threads=3 ################################# # slave Act as a slave @@ -273,6 +374,11 @@ # slave-cycle-interval=60 ################################# +# slave-renotify If we should send out notifications for slaved updates +# +# slave-renotify=no + +################################# # smtpredirector Our smtpredir MX host # # smtpredirector=a.misconfigured.powerdns.smtp.server @@ -283,7 +389,7 @@ # soa-expire-default=604800 ################################# -# soa-minimum-ttl Default SOA mininum ttl +# soa-minimum-ttl Default SOA minimum ttl # # soa-minimum-ttl=3600 @@ -308,19 +414,39 @@ # socket-dir=/var/run ################################# -# strict-rfc-axfrs Perform strictly rfc compliant axfrs (very slow) +# tcp-control-address If set, PowerDNS can be controlled over TCP on this address # -# strict-rfc-axfrs=no +# tcp-control-address= ################################# -# urlredirector Where we send hosts to that need to be url redirected +# tcp-control-port If set, PowerDNS can be controlled over TCP on this address # -# urlredirector=127.0.0.1 +# tcp-control-port=53000 + +################################# +# tcp-control-range If set, remote control of PowerDNS is possible over these networks only +# +# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 + +################################# +# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret +# +# tcp-control-secret= ################################# -# use-logfile Use a log file +# traceback-handler Enable the traceback handler (Linux only) # -# use-logfile=no +# traceback-handler=yes + +################################# +# trusted-notification-proxy IP address of incoming notification proxy +# +# trusted-notification-proxy= + +################################# +# urlredirector Where we send hosts to that need to be url redirected +# +# urlredirector=127.0.0.1 ################################# # version-string PowerDNS version in packets - full, anonymous, powerdns or custom @@ -356,8 +482,3 @@ # wildcard-url Process URL and MBOXFW records # # wildcard-url=no - -################################# -# wildcards Honor wildcards in the database -# -# wildcards= diff --git files/tables-mysql.sql files/tables-mysql.sql index f4c6a6d..90b6984 100644 --- files/tables-mysql.sql +++ files/tables-mysql.sql @@ -1,60 +1,95 @@ -- $OpenBSD: tables-mysql.sql,v 1.1.1.1 2008/10/02 18:40:41 jasper Exp $ --- Taken from FreeBSD's powerdns port. +-- from the powerdns documentation +-- http://doc.powerdns.com/html/generic-mypgsql-backends.html#idp9659216 +CREATE TABLE domains ( + id INT AUTO_INCREMENT, + name VARCHAR(255) NOT NULL, + master VARCHAR(128) DEFAULT NULL, + last_check INT DEFAULT NULL, + type VARCHAR(6) NOT NULL, + notified_serial INT DEFAULT NULL, + account VARCHAR(40) DEFAULT NULL, + PRIMARY KEY (id) +) Engine=InnoDB; -SET SESSION sql_mode='ANSI'; +CREATE UNIQUE INDEX name_index ON domains(name); -CREATE TABLE "domains" ( - "id" INTEGER NOT NULL AUTO_INCREMENT, - "name" VARCHAR(255) NOT NULL, - "type" VARCHAR(6) NOT NULL, - "master" VARCHAR(40) NOT NULL DEFAULT '', - "account" VARCHAR(40) NOT NULL DEFAULT '', - "notified_serial" INTEGER DEFAULT NULL, - "last_check" INTEGER DEFAULT NULL, - "status" CHAR(1) NOT NULL DEFAULT 'A', -CONSTRAINT "pk_domains_id" - PRIMARY KEY ("id"), -CONSTRAINT "unq_domains_name" - UNIQUE ("name") -) type=InnoDB; -CREATE INDEX "idx_domains_status_type" ON "domains" ("status","type"); +CREATE TABLE records ( + id INT AUTO_INCREMENT, + domain_id INT DEFAULT NULL, + name VARCHAR(255) DEFAULT NULL, + type VARCHAR(10) DEFAULT NULL, + content VARCHAR(64000) DEFAULT NULL, + ttl INT DEFAULT NULL, + prio INT DEFAULT NULL, + change_date INT DEFAULT NULL, + disabled TINYINT(1) DEFAULT 0, + ordername VARCHAR(255) BINARY DEFAULT NULL, + auth TINYINT(1) DEFAULT 1, + PRIMARY KEY (id), + CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains` + (`id`) ON DELETE CASCADE +) Engine=InnoDB; +CREATE INDEX nametype_index ON records(name,type); +CREATE INDEX domain_id ON records(domain_id); +CREATE INDEX recordorder ON records (domain_id, ordername); -CREATE TABLE "records" ( - "id" INTEGER NOT NULL AUTO_INCREMENT, - "domain_id" INTEGER NOT NULL, - "name" VARCHAR(255) NOT NULL, - "type" VARCHAR(6) NOT NULL, - "ttl" INTEGER DEFAULT NULL, - "prio" INTEGER DEFAULT NULL, - "content" VARCHAR(255) NOT NULL, - "change_date" INTEGER DEFAULT NULL, -CONSTRAINT "pk_records_id" - PRIMARY KEY ("id"), -CONSTRAINT "fk_records_domainid" - FOREIGN KEY ("domain_id") - REFERENCES "domains" ("id") - ON UPDATE CASCADE - ON DELETE CASCADE -) type=InnoDB; +CREATE TABLE supermasters ( + ip VARCHAR(64) NOT NULL, + nameserver VARCHAR(255) NOT NULL, + account VARCHAR(40) DEFAULT NULL, + PRIMARY KEY (ip, nameserver) +) Engine=InnoDB; -CREATE INDEX "idx_records_name_type" ON "records" ("name","type"); -CREATE INDEX "idx_records_type" ON "records" ("type"); +CREATE TABLE comments ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + name VARCHAR(255) NOT NULL, + type VARCHAR(10) NOT NULL, + modified_at INT NOT NULL, + account VARCHAR(40) NOT NULL, + comment VARCHAR(64000) NOT NULL, + PRIMARY KEY (id) +) Engine=InnoDB; +CREATE INDEX comments_domain_id_idx ON comments (domain_id); +CREATE INDEX comments_name_type_idx ON comments (name, type); +CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); -CREATE TABLE "supermasters" ( - "ip" VARCHAR(40) NOT NULL, - "nameserver" VARCHAR(255) NOT NULL, - "account" VARCHAR(40) NOT NULL DEFAULT '' -); -CREATE INDEX "idx_smip_smns" ON "supermasters" ("ip","nameserver"); +CREATE TABLE domainmetadata ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + kind VARCHAR(16), + content TEXT, + PRIMARY KEY (id) +) Engine=InnoDB; +CREATE INDEX domainmetaidindex ON domainmetadata(domain_id); -GRANT SELECT ON "supermasters" TO "powerdns"; -GRANT ALL ON "domains" TO "powerdns"; -GRANT ALL ON "records" TO "powerdns"; +CREATE TABLE cryptokeys ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + flags INT NOT NULL, + active BOOL, + content TEXT, + PRIMARY KEY(id) +) Engine=InnoDB; + +CREATE INDEX domainidindex ON cryptokeys(domain_id); + + +CREATE TABLE tsigkeys ( + id INT AUTO_INCREMENT, + name VARCHAR(255), + algorithm VARCHAR(50), + secret VARCHAR(255), + PRIMARY KEY (id) +) Engine=InnoDB; + +CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); diff --git files/tables-pgsql.sql files/tables-pgsql.sql index 3167c34..9d1800a 100644 --- files/tables-pgsql.sql +++ files/tables-pgsql.sql @@ -1,60 +1,98 @@ -- $OpenBSD: tables-pgsql.sql,v 1.1.1.1 2008/10/02 18:40:41 jasper Exp $ --- Taken from FreeBSD's powerdns port. - -CREATE TABLE "domains" ( - "id" SERIAL NOT NULL, - "name" VARCHAR(255) NOT NULL, - "type" VARCHAR(6) NOT NULL, - "master" VARCHAR(40) NOT NULL DEFAULT '', - "account" VARCHAR(40) NOT NULL DEFAULT '', - "notified_serial" INTEGER DEFAULT NULL, - "last_check" INTEGER DEFAULT NULL, - "status" CHAR(1) NOT NULL DEFAULT 'A', -CONSTRAINT "pk_domains_id" - PRIMARY KEY ("id"), -CONSTRAINT "unq_domains_name" - UNIQUE ("name") +-- from the powerdns documentation +-- http://doc.powerdns.com/html/generic-mypgsql-backends.html#idp9669072 +CREATE TABLE domains ( + id SERIAL PRIMARY KEY, + name VARCHAR(255) NOT NULL, + master VARCHAR(128) DEFAULT NULL, + last_check INT DEFAULT NULL, + type VARCHAR(6) NOT NULL, + notified_serial INT DEFAULT NULL, + account VARCHAR(40) DEFAULT NULL, + CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT))) ); -CREATE INDEX "idx_domains_status_type" ON "domains" ("status","type"); - - - -CREATE TABLE "records" ( - "id" SERIAL NOT NULL, - "domain_id" INTEGER NOT NULL, - "name" VARCHAR(255) NOT NULL, - "type" VARCHAR(6) NOT NULL, - "ttl" INTEGER DEFAULT NULL, - "prio" INTEGER DEFAULT NULL, - "content" VARCHAR(255) NOT NULL, - "change_date" INTEGER DEFAULT NULL, -CONSTRAINT "pk_records_id" - PRIMARY KEY ("id"), -CONSTRAINT "fk_records_domainid" - FOREIGN KEY ("domain_id") - REFERENCES domains ("id") - ON UPDATE CASCADE - ON DELETE CASCADE +CREATE UNIQUE INDEX name_index ON domains(name); + + +CREATE TABLE records ( + id SERIAL PRIMARY KEY, + domain_id INT DEFAULT NULL, + name VARCHAR(255) DEFAULT NULL, + type VARCHAR(10) DEFAULT NULL, + content VARCHAR(65535) DEFAULT NULL, + ttl INT DEFAULT NULL, + prio INT DEFAULT NULL, + change_date INT DEFAULT NULL, + disabled BOOL DEFAULT 'f', + ordername VARCHAR(255), + auth BOOL DEFAULT 't', + CONSTRAINT domain_exists + FOREIGN KEY(domain_id) REFERENCES domains(id) + ON DELETE CASCADE, + CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT))) ); -CREATE INDEX "idx_records_name_type" ON "records" ("name","type"); -CREATE INDEX "idx_records_type" ON "records" ("type"); +CREATE INDEX rec_name_index ON records(name); +CREATE INDEX nametype_index ON records(name,type); +CREATE INDEX domain_id ON records(domain_id); +CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops); +CREATE TABLE supermasters ( + ip INET NOT NULL, + nameserver VARCHAR(255) NOT NULL, + account VARCHAR(40) DEFAULT NULL, + PRIMARY KEY(ip, nameserver) +); + -CREATE TABLE "supermasters" ( - "ip" VARCHAR(40) NOT NULL, - "nameserver" VARCHAR(255) NOT NULL, - "account" VARCHAR(40) NOT NULL DEFAULT '' +CREATE TABLE comments ( + id SERIAL PRIMARY KEY, + domain_id INT NOT NULL, + name VARCHAR(255) NOT NULL, + type VARCHAR(10) NOT NULL, + modified_at INT NOT NULL, + account VARCHAR(40) DEFAULT NULL, + comment VARCHAR(65535) NOT NULL, + CONSTRAINT domain_exists + FOREIGN KEY(domain_id) REFERENCES domains(id) + ON DELETE CASCADE, + CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT))) ); -CREATE INDEX "idx_smaster_ip_ns" ON "supermasters" ("ip","nameserver"); +CREATE INDEX comments_domain_id_idx ON comments (domain_id); +CREATE INDEX comments_name_type_idx ON comments (name, type); +CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); + + +CREATE TABLE domainmetadata ( + id SERIAL PRIMARY KEY, + domain_id INT REFERENCES domains(id) ON DELETE CASCADE, + kind VARCHAR(16), + content TEXT +); +CREATE INDEX domainidmetaindex ON domainmetadata(domain_id); -GRANT SELECT ON "supermasters" TO "powerdns"; -GRANT ALL ON "domains" TO "powerdns"; -GRANT ALL ON "domains_id_seq" TO "powerdns"; -GRANT ALL ON "records" TO "powerdns"; -GRANT ALL ON "records_id_seq" TO "powerdns"; +CREATE TABLE cryptokeys ( + id SERIAL PRIMARY KEY, + domain_id INT REFERENCES domains(id) ON DELETE CASCADE, + flags INT NOT NULL, + active BOOL, + content TEXT +); + +CREATE INDEX domainidindex ON cryptokeys(domain_id); + + +CREATE TABLE tsigkeys ( + id SERIAL PRIMARY KEY, + name VARCHAR(255), + algorithm VARCHAR(50), + secret VARCHAR(255), + CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT))) +); + +CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); diff --git files/tables-sqlite.sql files/tables-sqlite.sql index 5e0548b..666fe47 100644 --- files/tables-sqlite.sql +++ files/tables-sqlite.sql @@ -1,54 +1,89 @@ -- $OpenBSD: tables-sqlite.sql,v 1.1.1.1 2008/10/02 18:40:41 jasper Exp $ --- Taken from FreeBSD's powerdns port. - -CREATE TABLE "domains" ( - "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, - "name" VARCHAR(255) NOT NULL, - "type" VARCHAR(6) NOT NULL, - "master" VARCHAR(40) NOT NULL DEFAULT '', - "account" VARCHAR(40) NOT NULL DEFAULT '', - "notified_serial" INTEGER DEFAULT NULL, - "last_check" INTEGER DEFAULT NULL, - "status" CHAR(1) NOT NULL DEFAULT 'A', -CONSTRAINT "unq_domains_name" - UNIQUE ("name") +-- from the powerdns documentation +-- http://doc.powerdns.com/html/gsqlite.html#idp10048416 +CREATE TABLE domains ( + id INTEGER PRIMARY KEY, + name VARCHAR(255) NOT NULL COLLATE NOCASE, + master VARCHAR(128) DEFAULT NULL, + last_check INTEGER DEFAULT NULL, + type VARCHAR(6) NOT NULL, + notified_serial INTEGER DEFAULT NULL, + account VARCHAR(40) DEFAULT NULL ); -CREATE INDEX "idx_domains_status_type" ON "domains" ("status","type"); +CREATE UNIQUE INDEX name_index ON domains(name); +CREATE TABLE records ( + id INTEGER PRIMARY KEY, + domain_id INTEGER DEFAULT NULL, + name VARCHAR(255) DEFAULT NULL, + type VARCHAR(10) DEFAULT NULL, + content VARCHAR(65535) DEFAULT NULL, + ttl INTEGER DEFAULT NULL, + prio INTEGER DEFAULT NULL, + change_date INTEGER DEFAULT NULL, + disabled BOOLEAN DEFAULT 0, + ordername VARCHAR(255), + auth BOOL DEFAULT 1 +); + +CREATE INDEX rec_name_index ON records(name); +CREATE INDEX nametype_index ON records(name,type); +CREATE INDEX domain_id ON records(domain_id); +CREATE INDEX orderindex ON records(ordername); + -CREATE TABLE "records" ( - "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, - "domain_id" INTEGER NOT NULL, - "name" VARCHAR(255) NOT NULL, - "type" VARCHAR(6) NOT NULL, - "ttl" INTEGER DEFAULT NULL, - "prio" INTEGER DEFAULT NULL, - "content" VARCHAR(255) NOT NULL, - "change_date" INTEGER DEFAULT NULL, -CONSTRAINT "fk_records_domainid" - FOREIGN KEY ("domain_id") - REFERENCES "domains" ("id") - ON UPDATE CASCADE - ON DELETE CASCADE +CREATE TABLE supermasters ( + ip VARCHAR(64) NOT NULL, + nameserver VARCHAR(255) NOT NULL COLLATE NOCASE, + account VARCHAR(40) DEFAULT NULL ); -CREATE INDEX "idx_records_name_type" ON "records" ("name","type"); -CREATE INDEX "idx_records_type" ON "records" ("type"); +CREATE UNIQUE INDEX ip_nameserver_pk ON supermasters(ip, nameserver); + + +CREATE TABLE comments ( + id INTEGER PRIMARY KEY, + domain_id INTEGER NOT NULL, + name VARCHAR(255) NOT NULL, + type VARCHAR(10) NOT NULL, + modified_at INT NOT NULL, + account VARCHAR(40) DEFAULT NULL, + comment VARCHAR(65535) NOT NULL +); +CREATE INDEX comments_domain_id_index ON comments (domain_id); +CREATE INDEX comments_nametype_index ON comments (name, type); +CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); -CREATE TABLE "supermasters" ( - "ip" VARCHAR(40) NOT NULL, - "nameserver" VARCHAR(255) NOT NULL, - "account" VARCHAR(40) NOT NULL DEFAULT '' +CREATE TABLE domainmetadata ( + id INTEGER PRIMARY KEY, + domain_id INT NOT NULL, + kind VARCHAR(16) COLLATE NOCASE, + content TEXT ); -CREATE INDEX "idx_smip_smns" ON "supermasters" ("ip","nameserver"); +CREATE INDEX domainmetaidindex ON domainmetadata(domain_id); +CREATE TABLE cryptokeys ( + id INTEGER PRIMARY KEY, + domain_id INT NOT NULL, + flags INT NOT NULL, + active BOOL, + content TEXT +); + +CREATE INDEX domainidindex ON cryptokeys(domain_id); + + +CREATE TABLE tsigkeys ( + id INTEGER PRIMARY KEY, + name VARCHAR(255) COLLATE NOCASE, + algorithm VARCHAR(50) COLLATE NOCASE, + secret VARCHAR(255) +); -GRANT SELECT ON "supermasters" TO "powerdns"; -GRANT ALL ON "domains" TO "powerdns"; -GRANT ALL ON "records" TO "powerdns"; +CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); diff --git patches/patch-configure_in patches/patch-configure_in deleted file mode 100644 index 1fd0640..0000000 --- patches/patch-configure_in +++ /dev/null @@ -1,16 +0,0 @@ -$OpenBSD: patch-configure_in,v 1.2 2011/10/24 19:47:55 sthen Exp $ ---- configure.in.orig Sun Jan 25 12:25:37 2009 -+++ configure.in Fri Oct 21 08:16:12 2011 -@@ -87,12 +87,6 @@ linux*) - THREADFLAGS="-pthread" - CXXFLAGS="-D_GNU_SOURCE $CXXFLAGS" - ;; --openbsd*) -- AC_DEFINE(HAVE_IPV6,1,[If the host operating system understands IPv6]) -- DYNLINKFLAGS="-rdynamic" -- LDFLAGS="-lc_r $LDFLAGS" -- CXXFLAGS="-pthread $CXXFLAGS" -- ;; - *) - AC_DEFINE(HAVE_IPV6,1,[If the host operating system understands IPv6]) - DYNLINKFLAGS="-rdynamic" diff --git patches/patch-modules_gpgsqlbackend_Makefile_in patches/patch-modules_gpgsqlbackend_Makefile_in deleted file mode 100644 index c549b4a..0000000 --- patches/patch-modules_gpgsqlbackend_Makefile_in +++ /dev/null @@ -1,15 +0,0 @@ -$OpenBSD: patch-modules_gpgsqlbackend_Makefile_in,v 1.3 2012/01/11 01:41:47 sthen Exp $ - -libcrypt doesn't exist on OpenBSD. - ---- modules/gpgsqlbackend/Makefile.in.orig Thu Jan 5 09:27:41 2012 -+++ modules/gpgsqlbackend/Makefile.in Tue Jan 10 14:31:26 2012 -@@ -249,7 +249,7 @@ libgpgsqlbackend_la_SOURCES = gpgsqlbackend.cc gpgsqlb - libgpgsqlbackend_la_LDFLAGS = -module -avoid-version @PGSQL_lib@ -Wl,-Bstatic -lpq \ - -Wl,-Bdynamic - --libgpgsqlbackend_la_LIBADD = -lssl -lcrypt -lcrypto -+libgpgsqlbackend_la_LIBADD = -lssl -lcrypto - all: all-am - - .SUFFIXES: diff --git patches/patch-modules_gpgsqlbackend_OBJECTLIBS patches/patch-modules_gpgsqlbackend_OBJECTLIBS deleted file mode 100644 index 6d865d8..0000000 --- patches/patch-modules_gpgsqlbackend_OBJECTLIBS +++ /dev/null @@ -1,11 +0,0 @@ -$OpenBSD: patch-modules_gpgsqlbackend_OBJECTLIBS,v 1.3 2009/06/23 22:59:57 sthen Exp $ - -libcrypt doesn't exist on OpenBSD. - ---- modules/gpgsqlbackend/OBJECTLIBS.orig Wed Nov 19 08:31:09 2008 -+++ modules/gpgsqlbackend/OBJECTLIBS Mon Jun 22 23:52:28 2009 -@@ -1,3 +1,3 @@ ---lpq -lssl -lcrypto -lcrypt -+-lpq -lssl -lcrypto - - diff --git patches/patch-pdns_Makefile_in patches/patch-pdns_Makefile_in index 5b0aabd..da44abb 100644 --- patches/patch-pdns_Makefile_in +++ patches/patch-pdns_Makefile_in @@ -1,16 +1,21 @@ -$OpenBSD: patch-pdns_Makefile_in,v 1.4 2012/01/11 01:41:47 sthen Exp $ - -Remove target that we take care of in post-install. - ---- pdns/Makefile.in.orig Thu Jan 5 09:27:41 2012 -+++ pdns/Makefile.in Tue Jan 10 14:31:26 2012 -@@ -1286,8 +1286,7 @@ install-dvi: install-dvi-recursive - - install-dvi-am: - --install-exec-am: install-binPROGRAMS install-sbinPROGRAMS \ -- install-sysconfDATA -+install-exec-am: install-binPROGRAMS install-sbinPROGRAMS - - install-html: install-html-recursive - +$OpenBSD$ +--- pdns/Makefile.in.orig Thu Apr 3 00:21:37 2014 ++++ pdns/Makefile.in Thu Apr 3 00:21:47 2014 +@@ -66,7 +66,7 @@ EXTRA_PROGRAMS = pdns_recursor$(EXEEXT) sdig$(EXEEXT) + nproxy$(EXEEXT) notify$(EXEEXT) pdnssec$(EXEEXT) \ + dnsbulktest$(EXEEXT) nsec3dig$(EXEEXT) + @BOTAN110_TRUE@am__append_4 = botan110signers.cc botansigners.cc +-@BOTAN110_TRUE@am__append_5 = $(BOTAN110_LIBS) -lgmp -lrt ++@BOTAN110_TRUE@am__append_5 = $(BOTAN110_LIBS) -lgmp + @BOTAN18_TRUE@am__append_6 = botan18signers.cc botansigners.cc + @BOTAN18_TRUE@am__append_7 = $(BOTAN18_LIBS) -lgmp + @CRYPTOPP_TRUE@am__append_8 = cryptoppsigners.cc +@@ -74,7 +74,7 @@ EXTRA_PROGRAMS = pdns_recursor$(EXEEXT) sdig$(EXEEXT) + @SQLITE3_TRUE@am__append_10 = ssqlite3.cc ssqlite3.hh + @ORACLE_TRUE@am__append_11 = $(ORACLE_LIBS) + @BOTAN110_TRUE@am__append_12 = botan110signers.cc botansigners.cc +-@BOTAN110_TRUE@am__append_13 = $(BOTAN110_LIBS) -lgmp -lrt ++@BOTAN110_TRUE@am__append_13 = $(BOTAN110_LIBS) -lgmp + @BOTAN18_TRUE@am__append_14 = botan18signers.cc botansigners.cc + @BOTAN18_TRUE@am__append_15 = $(BOTAN18_LIBS) -lgmp + @CRYPTOPP_TRUE@am__append_16 = cryptoppsigners.cc diff --git patches/patch-pdns_dns_hh patches/patch-pdns_dns_hh deleted file mode 100644 index 71ecbe0..0000000 --- patches/patch-pdns_dns_hh +++ /dev/null @@ -1,12 +0,0 @@ -$OpenBSD: patch-pdns_dns_hh,v 1.4 2011/10/24 19:47:55 sthen Exp $ ---- pdns/dns.hh.orig Sat Nov 15 15:05:43 2008 -+++ pdns/dns.hh Fri Oct 21 08:37:48 2011 -@@ -173,7 +173,7 @@ enum { - #ifdef WIN32 - #define BYTE_ORDER 1 - #define LITTLE_ENDIAN 1 --#elif __FreeBSD__ || __APPLE__ -+#elif __FreeBSD__ || __APPLE__ || __OpenBSD__ - #include <machine/endian.h> - #elif __linux__ - # include <endian.h> diff --git patches/patch-pdns_nameserver_cc patches/patch-pdns_nameserver_cc new file mode 100644 index 0000000..c5422a1 --- /dev/null +++ patches/patch-pdns_nameserver_cc @@ -0,0 +1,31 @@ +$OpenBSD$ +https://github.com/PowerDNS/pdns/pull/1405 +--- pdns/nameserver.cc.orig Sun May 11 15:26:54 2014 ++++ pdns/nameserver.cc Sun May 11 15:26:22 2014 +@@ -248,7 +248,7 @@ void UDPNameserver::send(DNSPacket *p) + const string& buffer=p->getString(); + + struct msghdr msgh; +- struct cmsghdr *cmsg; ++ struct cmsghdr *cmsg = NULL; + struct iovec iov; + char cbuf[256]; + +@@ -292,6 +292,7 @@ void UDPNameserver::send(DNSPacket *p) + pkt = (struct in_pktinfo *) CMSG_DATA(cmsg); + memset(pkt, 0, sizeof(*pkt)); + pkt->ipi_spec_dst = p->d_anyLocal->sin4.sin_addr; ++ msgh.msg_controllen = cmsg->cmsg_len; + #endif + #ifdef IP_SENDSRCADDR + struct in_addr *in; +@@ -306,8 +307,8 @@ void UDPNameserver::send(DNSPacket *p) + + in = (struct in_addr *) CMSG_DATA(cmsg); + *in = p->d_anyLocal->sin4.sin_addr; +-#endif + msgh.msg_controllen = cmsg->cmsg_len; ++#endif + } + } + DLOG(L<<Logger::Notice<<"Sending a packet to "<< p->getRemote() <<" ("<< buffer.length()<<" octets)"<<endl); diff --git pkg/DESCR-main pkg/DESCR-main index 927ff4a..67a97a6 100644 --- pkg/DESCR-main +++ pkg/DESCR-main @@ -5,4 +5,4 @@ use of clever programming techniques, PowerDNS offers very high domain resolution performance. Prime examples of backends include relational databases, -but also (geographical) loadbalancing and failover algorithms. +but also (geographical) loadbalancing and failover algorithms. diff --git pkg/PLIST-main pkg/PLIST-main index eed2808..9161f2a 100644 --- pkg/PLIST-main +++ pkg/PLIST-main @@ -7,6 +7,8 @@ @newuser _powerdns:609:_powerdns:daemon:Proxy DNS Server:/nonexistent:/sbin/nologin @extraunexec rm -rf /var/pdnsd/* @bin bin/pdns_control +@bin bin/pdnssec +@bin bin/zone2json @bin bin/zone2ldap @bin bin/zone2sql lib/powerdns/ @@ -18,6 +20,8 @@ lib/powerdns/libgeobackend.so lib/powerdns/libgsqlite3backend.so @man man/man8/pdns_control.8 @man man/man8/pdns_server.8 +@man man/man8/pdnssec.8 +@man man/man8/zone2ldap.8 @man man/man8/zone2sql.8 @bin sbin/pdns_server share/examples/powerdns/ -- I'm not entirely sure you are real.
