diff options
-rw-r--r-- | gnu/packages/dns.scm | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index 4fc1c25229..ad1a8638bc 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -289,6 +289,77 @@ asynchronous fashion.") (license:non-copyleft "file://LICENSE") ; includes.h license:openssl)))) +(define-public nsd + (package + (name "nsd") + (version "4.1.25") + (source + (origin + (method url-fetch) + (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-" + version ".tar.gz")) + (sha256 + (base32 + "0zyzjd3wmq258jiry62ci1z23qfd0rc5ggnpmybc60xvpddgynwg")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "--enable-pie" ; fully benefit from ASLR + "--enable-ratelimit" + "--enable-recvmmsg" + "--enable-relro-now" ; protect GOT and .dtor areas + "--disable-radix-tree" + (string-append "--with-libevent=" + (assoc-ref %build-inputs "libevent")) + (string-append "--with-ssl=" + (assoc-ref %build-inputs "openssl")) + "--with-configdir=/etc" + "--with-nsd_conf_file=/etc/nsd/nsd.conf" + "--with-logfile=/var/log/nsd.log" + "--with-pidfile=/var/db/nsd/nsd.pid" + "--with-dbfile=/var/db/nsd/nsd.db" + "--with-zonesdir=/etc/nsd" + "--with-xfrdfile=/var/db/nsd/xfrd.state" + "--with-zonelistfile=/var/db/nsd/zone.list") + #:phases + (modify-phases %standard-phases + (add-before 'configure 'patch-installation-paths + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (doc (string-append out "/share/doc/" ,name "-" ,version))) + ;; The ‘make install’ target tries to create the parent + ;; directories of run-time things like ‘pidfile’ above, and + ;; useless empty directories like 'configdir'. Remove such + ;; '$(INSTALL)' lines and install the example configuration file + ;; in an appropriate location. + (substitute* "Makefile.in" + ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command) + (string-append "#" command)) + (("\\$\\(nsdconfigfile\\)\\.sample" file-name) + (string-append doc "/examples/" file-name))) + #t)))) + #:tests? #f)) ; no tests + (inputs + `(("libevent" ,libevent) + ("openssl" ,openssl))) + (home-page "https://www.nlnetlabs.nl/projects/nsd/about/") + (synopsis "Authoritative DNS name server") + (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative +name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and +RFC-compliant nameserver. + +NSD uses zone information compiled via @command{zonec} into a binary database +file (@file{nsd.db}). This allows fast startup of the name service daemon and +allows syntax-structural errors in zone files to be flagged at compile time, +before being made available to NSD service itself. However, most traditional +BIND-style zone files can be directly imported into NSD without modification. + +The collection of programs and processes that make up NSD are designed so that +the daemon itself runs as a non-privileged user and can be easily configured to +run in a @code{chroot} jail, thus making any security flaws in NSD less likely +to result in system-wide compromise.") + (license (list license:bsd-3)))) + (define-public unbound (package (name "unbound") |