[arch-commits] Commit in bind/trunk (PKGBUILD named.conf)
Kevin Piche
kevin at archlinux.org
Sun Sep 28 01:58:21 UTC 2008
Date: Saturday, September 27, 2008 @ 21:58:21
Author: kevin
Revision: 13722
upgpkg: bind 9.5.0.P2-1
Improved default security stance
Modified:
bind/trunk/PKGBUILD
bind/trunk/named.conf
------------+
PKGBUILD | 10 +++++-----
named.conf | 16 +++++++++++-----
2 files changed, 16 insertions(+), 10 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2008-09-28 01:46:44 UTC (rev 13721)
+++ PKGBUILD 2008-09-28 01:58:21 UTC (rev 13722)
@@ -2,9 +2,9 @@
# Maintainer: judd <jvinet at zeroflux.org>
# Contributor: Mario Vazquez <mario_vazq at hotmail.com>
pkgname=bind
-pkgver=9.5.0
-_pkgver=9.5.0-P1
-pkgrel=4
+pkgver=9.5.0.P2
+_pkgver=9.5.0-P2
+pkgrel=1
pkgdesc="Berkeley Internet Name Domain - named server"
arch=(i686 x86_64)
url="http://www.isc.org/index.pl?/sw/bind/"
@@ -17,8 +17,8 @@
source=(ftp://ftp.isc.org/isc/bind9/${_pkgver}/${pkgname}-${_pkgver}.tar.gz
bind.so_bsdcompat.diff notools.patch named.conf localhost.zone 127.0.0.zone
named root.hint named.logrotate named.conf.d)
-md5sums=('a4f9dd6d205d24ec89fa4e44d8188197' '447d58721cfee0e1e377b46f7d50b327'
- '2ab9db5112cabae23770cdd2f00c6923' 'f26d015142fa0a8226b42bbf9d490aa4'
+md5sums=('16c893f73a394c8cc36d7900cb9bb801' '447d58721cfee0e1e377b46f7d50b327'
+ '2ab9db5112cabae23770cdd2f00c6923' 'f58fa49a92df16534d31fcb6b0d1be1e'
'ab5beef0b41eb6376c7f1f4ee233172b' 'bdbdfe4990b0903984306dd14f98b951'
'750f283c7774ffe75cd215bce46b03cd' '8c212c0260d708f15f75d3adc71f0149'
'91b3463a181561deb845acc122713a2a' '475fde63600d7d95980de991f02d6b6d')
Modified: named.conf
===================================================================
--- named.conf 2008-09-28 01:46:44 UTC (rev 13721)
+++ named.conf 2008-09-28 01:58:21 UTC (rev 13722)
@@ -7,24 +7,30 @@
pid-file "/var/run/named/named.pid";
auth-nxdomain yes;
datasize default;
- allow-recursion { 127.0.0.1; };
// Uncomment these to enable IPv6 connections support
-// IPv4 will still work
+// IPv4 will still work:
+// listen-on-v6 { any; };
+// Add this for no IPv4:
// listen-on { none; };
-// listen-on-v6 { any; };
+
+ // Default security settings.
+ allow-recursion { 127.0.0.1; };
+ allow-transfer { none; };
+ allow-update { none; };
+ version none;
+ hostname none;
+ server-id none;
};
zone "localhost" IN {
type master;
file "localhost.zone";
- allow-update { none; };
allow-transfer { any; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
- allow-update { none; };
allow-transfer { any; };
};
More information about the arch-commits
mailing list