aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/packages/dns.scm71
1 files changed, 71 insertions, 0 deletions
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 4fc1c25229..ad1a8638bc 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -289,6 +289,77 @@ asynchronous fashion.")
(license:non-copyleft "file://LICENSE") ; includes.h
license:openssl))))
+(define-public nsd
+ (package
+ (name "nsd")
+ (version "4.1.25")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0zyzjd3wmq258jiry62ci1z23qfd0rc5ggnpmybc60xvpddgynwg"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list "--enable-pie" ; fully benefit from ASLR
+ "--enable-ratelimit"
+ "--enable-recvmmsg"
+ "--enable-relro-now" ; protect GOT and .dtor areas
+ "--disable-radix-tree"
+ (string-append "--with-libevent="
+ (assoc-ref %build-inputs "libevent"))
+ (string-append "--with-ssl="
+ (assoc-ref %build-inputs "openssl"))
+ "--with-configdir=/etc"
+ "--with-nsd_conf_file=/etc/nsd/nsd.conf"
+ "--with-logfile=/var/log/nsd.log"
+ "--with-pidfile=/var/db/nsd/nsd.pid"
+ "--with-dbfile=/var/db/nsd/nsd.db"
+ "--with-zonesdir=/etc/nsd"
+ "--with-xfrdfile=/var/db/nsd/xfrd.state"
+ "--with-zonelistfile=/var/db/nsd/zone.list")
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'configure 'patch-installation-paths
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (doc (string-append out "/share/doc/" ,name "-" ,version)))
+ ;; The ‘make install’ target tries to create the parent
+ ;; directories of run-time things like ‘pidfile’ above, and
+ ;; useless empty directories like 'configdir'. Remove such
+ ;; '$(INSTALL)' lines and install the example configuration file
+ ;; in an appropriate location.
+ (substitute* "Makefile.in"
+ ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command)
+ (string-append "#" command))
+ (("\\$\\(nsdconfigfile\\)\\.sample" file-name)
+ (string-append doc "/examples/" file-name)))
+ #t))))
+ #:tests? #f)) ; no tests
+ (inputs
+ `(("libevent" ,libevent)
+ ("openssl" ,openssl)))
+ (home-page "https://www.nlnetlabs.nl/projects/nsd/about/")
+ (synopsis "Authoritative DNS name server")
+ (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative
+name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and
+RFC-compliant nameserver.
+
+NSD uses zone information compiled via @command{zonec} into a binary database
+file (@file{nsd.db}). This allows fast startup of the name service daemon and
+allows syntax-structural errors in zone files to be flagged at compile time,
+before being made available to NSD service itself. However, most traditional
+BIND-style zone files can be directly imported into NSD without modification.
+
+The collection of programs and processes that make up NSD are designed so that
+the daemon itself runs as a non-privileged user and can be easily configured to
+run in a @code{chroot} jail, thus making any security flaws in NSD less likely
+to result in system-wide compromise.")
+ (license (list license:bsd-3))))
+
(define-public unbound
(package
(name "unbound")