From 2b2976ebc78aa7c58ce799329525622543e3d85d Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Tue, 7 Jul 2015 09:49:18 +0200 Subject: [PATCH] Generate recursor.conf for Debian packages --- .../debian-recursor/config/recursor.conf | 302 ------------------ .../debian-recursor/pdns-recursor.install | 1 - build-scripts/debian-recursor/rules | 6 +- 3 files changed, 5 insertions(+), 304 deletions(-) delete mode 100644 build-scripts/debian-recursor/config/recursor.conf diff --git a/build-scripts/debian-recursor/config/recursor.conf b/build-scripts/debian-recursor/config/recursor.conf deleted file mode 100644 index ef1a957212..0000000000 --- a/build-scripts/debian-recursor/config/recursor.conf +++ /dev/null @@ -1,302 +0,0 @@ -# Autogenerated configuration file template -################################# -# aaaa-additional-processing turn on to do AAAA additional processing (slow) -# -# aaaa-additional-processing=off - -################################# -# allow-from If set, only allow these comma separated netmasks to recurse -# -# allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 - -################################# -# allow-from-file If set, load allowed netmasks from this file -# -# allow-from-file= - -################################# -# auth-can-lower-ttl If we follow RFC 2181 to the letter, an authoritative server can lower the TTL of NS records -# -# auth-can-lower-ttl=off - -################################# -# auth-zones Zones for which we have authoritative data, comma separated domain=file pairs -# -# auth-zones= - -################################# -# chroot switch to chroot jail -# -# chroot= - -################################# -# client-tcp-timeout Timeout in seconds when talking to TCP clients -# -# client-tcp-timeout=2 - -################################# -# config-dir Location of configuration directory (recursor.conf) -# -# config-dir=/etc/powerdns/ - -################################# -# daemon Operate as a daemon -# -# daemon=yes - -################################# -# delegation-only Which domains we only accept delegations from -# -# delegation-only= - -################################# -# disable-edns Disable EDNS -# -# disable-edns= - -################################# -# disable-edns-ping Disable EDNSPing -# -# disable-edns-ping=no - -################################# -# disable-packetcache Disable packetcache -# -# disable-packetcache=no - -################################# -# dont-query If set, do not query these netmasks for DNS data -# -# dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 - -################################# -# entropy-source If set, read entropy from this file -# -# entropy-source=/dev/urandom - -################################# -# etc-hosts-file Path to 'hosts' file -# -# etc-hosts-file=/etc/hosts - -################################# -# export-etc-hosts If we should serve up contents from /etc/hosts -# -# export-etc-hosts=off - -################################# -# forward-zones Zones for which we forward queries, comma separated domain=ip pairs -# -# forward-zones= - -################################# -# forward-zones-file File with (+)domain=ip pairs for forwarding -# -# forward-zones-file= - -################################# -# forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs -# -# forward-zones-recurse= - -################################# -# hint-file If set, load root hints from this file -# -# hint-file= - -################################# -# ignore-rd-bit Assume each packet requires recursion, for compatability -# -# ignore-rd-bit=off - -################################# -# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. -# -local-address=127.0.0.1 - -################################# -# local-port port to listen on -# -local-port=53 - -################################# -# log-common-errors If we should log rather common errors -# -# log-common-errors=yes - -################################# -# logging-facility Facility to log messages as. 0 corresponds to local0 -# -# logging-facility= - -################################# -# lua-dns-script Filename containing an optional 'lua' script that will be used to modify dns answers -# -# lua-dns-script= - -################################# -# max-cache-entries If set, maximum number of entries in the main cache -# -# max-cache-entries=1000000 - -################################# -# max-cache-ttl maximum number of seconds to keep a cached entry in memory -# -# max-cache-ttl=86400 - -################################# -# max-mthreads Maximum number of simultaneous Mtasker threads -# -# max-mthreads=2048 - -################################# -# max-negative-ttl maximum number of seconds to keep a negative cached entry in memory -# -# max-negative-ttl=3600 - -################################# -# max-packetcache-entries maximum number of entries to keep in the packetcache -# -# max-packetcache-entries=500000 - -################################# -# max-tcp-clients Maximum number of simultaneous TCP clients -# -# max-tcp-clients=128 - -################################# -# max-tcp-per-client If set, maximum number of TCP sessions per client (IP address) -# -# max-tcp-per-client=0 - -################################# -# network-timeout Wait this nummer of milliseconds for network i/o -# -# network-timeout=1500 - -################################# -# no-shuffle Don't change -# -# no-shuffle=off - -################################# -# packetcache-servfail-ttl maximum number of seconds to keep a cached servfail entry in packetcache -# -# packetcache-servfail-ttl=60 - -################################# -# packetcache-ttl maximum number of seconds to keep a cached entry in packetcache -# -# packetcache-ttl=3600 - -################################# -# pdns-distributes-queries If PowerDNS itself should distribute queries over threads (EXPERIMENTAL) -# -# pdns-distributes-queries=no - -################################# -# processes Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE) -# -# processes=1 - -################################# -# query-local-address Source IP address for sending queries -# -# query-local-address=0.0.0.0 - -################################# -# query-local-address6 Source IPv6 address for sending queries -# -# query-local-address6= - -################################# -# quiet Suppress logging of questions and answers -# -quiet=yes - -################################# -# remotes-ringbuffer-entries maximum number of packets to store statistics for -# -# remotes-ringbuffer-entries=0 - -################################# -# serve-rfc1918 If we should be authoritative for RFC 1918 private IP space -# -# serve-rfc1918= - -################################# -# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname -# -# server-id= - -################################# -# setgid If set, change group id to this gid for more security -# -setgid=pdns - -################################# -# setuid If set, change user id to this uid for more security -# -setuid=pdns - -################################# -# single-socket If set, only use a single socket for outgoing queries -# -# single-socket=off - -################################# -# soa-minimum-ttl Don't change -# -# soa-minimum-ttl=0 - -################################# -# soa-serial-offset Don't change -# -# soa-serial-offset=0 - -################################# -# socket-dir Where the controlsocket will live -# -# socket-dir=/var/run/ - -################################# -# socket-group Group of socket -# -# socket-group= - -################################# -# socket-mode Permissions for socket -# -# socket-mode= - -################################# -# socket-owner Owner of socket -# -# socket-owner= - -################################# -# spoof-nearmiss-max If non-zero, assume spoofing after this many near misses -# -# spoof-nearmiss-max=20 - -################################# -# stack-size stack size per mthread -# -# stack-size=200000 - -################################# -# threads Launch this number of threads -# -# threads=2 - -################################# -# trace if we should output heaps of logging -# -# trace=off - -################################# -# version-string string reported on version.pdns or version.bind -# -# version-string=PowerDNS Recursor 3.3 $Id: pdns_recursor.cc 1712 2010-09-11 13:40:03Z ahu $ - - diff --git a/build-scripts/debian-recursor/pdns-recursor.install b/build-scripts/debian-recursor/pdns-recursor.install index 52c9542bab..d954867134 100644 --- a/build-scripts/debian-recursor/pdns-recursor.install +++ b/build-scripts/debian-recursor/pdns-recursor.install @@ -1,3 +1,2 @@ debian/tmp/usr/sbin/pdns_recursor usr/sbin/ debian/tmp/usr/bin/rec_control usr/bin/ -debian/config/recursor.conf etc/powerdns/ diff --git a/build-scripts/debian-recursor/rules b/build-scripts/debian-recursor/rules index 45e18265c0..60ade2299f 100755 --- a/build-scripts/debian-recursor/rules +++ b/build-scripts/debian-recursor/rules @@ -21,11 +21,15 @@ CXXFLAGS += -DPACKAGEVERSION='"$(version)"' dh $@ --with systemd --parallel override_dh_auto_install: + ./pdns_recursor --config | sed \ + -e 's!# setgid=.*!setgid=pdns!' \ + -e 's!# setuid=.*!setuid=pdns!' \ + > debian/pdns-recursor/etc/powerdns/recursor.conf dh_auto_install -- STRIP_BINARIES=0 + rm -f debian/pdns-recursor/etc/powerdns/recursor.conf-dist override_dh_strip: dh_strip --dbg-package=pdns-recursor-dbg override_dh_installinit: dh_installinit --error-handler=initscript_error -- defaults 19 85 - -- 2.47.2