[arch-commits] Commit in bind/trunk (PKGBUILD named.conf)

[Kevin Piche]

    Date: Saturday, September 27, 2008 @ 21:58:21
  Author: kevin
Revision: 13722

upgpkg: bind 9.5.0.P2-1
    Improved default security stance

Modified:
  bind/trunk/PKGBUILD
  bind/trunk/named.conf

------------+
 PKGBUILD   |   10 +++++-----
 named.conf |   16 +++++++++++-----
 2 files changed, 16 insertions(+), 10 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2008-09-28 01:46:44 UTC (rev 13721)
+++ PKGBUILD	2008-09-28 01:58:21 UTC (rev 13722)
@@ -2,9 +2,9 @@
 # Maintainer: judd <jvinet at zeroflux.org>
 # Contributor: Mario Vazquez <mario_vazq at hotmail.com>
 pkgname=bind
-pkgver=9.5.0
-_pkgver=9.5.0-P1
-pkgrel=4
+pkgver=9.5.0.P2
+_pkgver=9.5.0-P2
+pkgrel=1
 pkgdesc="Berkeley Internet Name Domain - named server"
 arch=(i686 x86_64)
 url="http://www.isc.org/index.pl?/sw/bind/"
@@ -17,8 +17,8 @@
 source=(ftp://ftp.isc.org/isc/bind9/${_pkgver}/${pkgname}-${_pkgver}.tar.gz
 	bind.so_bsdcompat.diff notools.patch named.conf localhost.zone 127.0.0.zone
 	named root.hint named.logrotate named.conf.d)
-md5sums=('a4f9dd6d205d24ec89fa4e44d8188197' '447d58721cfee0e1e377b46f7d50b327'
-         '2ab9db5112cabae23770cdd2f00c6923' 'f26d015142fa0a8226b42bbf9d490aa4'
+md5sums=('16c893f73a394c8cc36d7900cb9bb801' '447d58721cfee0e1e377b46f7d50b327'
+         '2ab9db5112cabae23770cdd2f00c6923' 'f58fa49a92df16534d31fcb6b0d1be1e'
          'ab5beef0b41eb6376c7f1f4ee233172b' 'bdbdfe4990b0903984306dd14f98b951'
          '750f283c7774ffe75cd215bce46b03cd' '8c212c0260d708f15f75d3adc71f0149'
          '91b3463a181561deb845acc122713a2a' '475fde63600d7d95980de991f02d6b6d')

Modified: named.conf
===================================================================
--- named.conf	2008-09-28 01:46:44 UTC (rev 13721)
+++ named.conf	2008-09-28 01:58:21 UTC (rev 13722)
@@ -7,24 +7,30 @@
 	pid-file "/var/run/named/named.pid";
 	auth-nxdomain yes;
 	datasize default;
-	allow-recursion { 127.0.0.1; };
 // Uncomment these to enable IPv6 connections support
-// IPv4 will still work
+// IPv4 will still work:
+//	listen-on-v6 { any; };
+// Add this for no IPv4:
 //	listen-on { none; };
-//	listen-on-v6 { any; };
+
+	// Default security settings.
+	allow-recursion { 127.0.0.1; };
+	allow-transfer { none; };
+	allow-update { none; };
+    version none;
+    hostname none;
+    server-id none;
 };
 
 zone "localhost" IN {
 	type master;
 	file "localhost.zone";
-	allow-update { none; };
 	allow-transfer { any; };
 };
 
 zone "0.0.127.in-addr.arpa" IN {
 	type master;
 	file "127.0.0.zone";
-	allow-update { none; };
 	allow-transfer { any; };
 };