]> Frank Brehm's Git Trees - config/bruni/etc.git/commitdiff
Current state after emerging bind
authorFrank Brehm <frank@brehm-online.com>
Tue, 5 Feb 2013 11:09:11 +0000 (12:09 +0100)
committerFrank Brehm <frank@brehm-online.com>
Tue, 5 Feb 2013 11:09:11 +0000 (12:09 +0100)
13 files changed:
GeoIP.conf [new file with mode: 0644]
bind/bind.keys [new file with mode: 0644]
bind/dyn [new symlink]
bind/named.conf [new file with mode: 0644]
bind/pri [new symlink]
bind/rndc.key [new file with mode: 0644]
bind/sec [new symlink]
conf.d/named [new file with mode: 0644]
csh.env
env.d/10bind [new file with mode: 0644]
init.d/named [new file with mode: 0755]
portage/package.use
profile.env

diff --git a/GeoIP.conf b/GeoIP.conf
new file mode 100644 (file)
index 0000000..33f5526
--- /dev/null
@@ -0,0 +1,19 @@
+# If you purchase a subscription to the GeoIP database,
+# then you will obtain a license key which you can
+# use to automatically obtain updates.
+# for more details, please go to
+# http://www.maxmind.com/app/products
+
+# see https://www.maxmind.com/app/license_key_login to obtain License Key,
+# UserId, and available ProductIds
+
+# Enter your license key here
+LicenseKey YOUR_LICENSE_KEY_HERE
+
+# Enter your User ID here
+UserId YOUR_USER_ID_HERE
+
+# Enter the Product ID(s) of the database(s) you would like to update
+# By default 106 (MaxMind GeoIP Country) is listed below
+ProductIds 106
+
diff --git a/bind/bind.keys b/bind/bind.keys
new file mode 100644 (file)
index 0000000..068a8ce
--- /dev/null
@@ -0,0 +1,46 @@
+/* $Id: bind.keys,v 1.7 2011/01/03 23:45:07 each Exp $ */
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+       # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+       dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+               brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+               1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+               ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+               Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+               QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+               TDN0YUuWrBNh";
+
+       # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+       # for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+       . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+               FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+               bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+               X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+               W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+               Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+               QxA+Uk1ihz0=";
+};
diff --git a/bind/dyn b/bind/dyn
new file mode 120000 (symlink)
index 0000000..67a7f03
--- /dev/null
+++ b/bind/dyn
@@ -0,0 +1 @@
+/var/bind/dyn
\ No newline at end of file
diff --git a/bind/named.conf b/bind/named.conf
new file mode 100644 (file)
index 0000000..aab639f
--- /dev/null
@@ -0,0 +1,172 @@
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+       /* Deny transfers by default except for the listed hosts.
+        * If we have other name servers, place them here.
+        */
+       none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+       127.0.0.0/8;
+       ::1/128;
+};
+
+options {
+       directory "/var/bind";
+       pid-file "/var/run/named/named.pid";
+
+       /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+       //bindkeys-file "/etc/bind/bind.keys";
+
+       listen-on-v6 { ::1; };
+       listen-on { 127.0.0.1; };
+
+       allow-query {
+               /*
+                * Accept queries from our "trusted" ACL.  We will
+                * allow anyone to query our master zones below.
+                * This prevents us from becoming a free DNS server
+                * to the masses.
+                */
+               trusted;
+       };
+
+       allow-query-cache {
+               /* Use the cache for the "trusted" ACL. */
+               trusted;
+       };
+
+       allow-recursion {
+               /* Only trusted addresses are allowed to use recursion. */
+               trusted;
+       };
+
+       allow-transfer {
+               /* Zone tranfers are denied by default. */
+               none;
+       };
+
+       allow-update {
+               /* Don't allow updates, e.g. via nsupdate. */
+               none;
+       };
+
+       /*
+       * If you've got a DNS server around at your upstream provider, enter its
+       * IP address here, and enable the line below. This will make you benefit
+       * from its cache, thus reduce overall DNS traffic in the Internet.
+       *
+       * Uncomment the following lines to turn on DNS forwarding, and change
+       *  and/or update the forwarding ip address(es):
+       */
+/*
+       forward first;
+       forwarders {
+       //      123.123.123.123;        // Your ISP NS
+       //      124.124.124.124;        // Your ISP NS
+       //      4.2.2.1;                // Level3 Public DNS
+       //      4.2.2.2;                // Level3 Public DNS
+               8.8.8.8;                // Google Open DNS
+               8.8.4.4;                // Google Open DNS
+       };
+
+*/
+
+       //dnssec-enable yes;
+       //dnssec-validation yes;
+
+       /*
+        * As of bind 9.8.0:
+        * "If the root key provided has expired,
+        * named will log the expiration and validation will not work."
+        */
+       //dnssec-validation auto;
+
+       /* if you have problems and are behind a firewall: */
+       //query-source address * port 53;
+};
+
+/*
+logging {
+       channel default_log {
+               file "/var/log/named/named.log" versions 5 size 50M;
+               print-time yes;
+               print-severity yes;
+               print-category yes;
+       };
+
+       category default { default_log; };
+       category general { default_log; };
+};
+*/
+
+include "/etc/bind/rndc.key";
+controls {
+       inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+};
+
+zone "." in {
+       type hint;
+       file "/var/bind/root.cache";
+};
+
+zone "localhost" IN {
+       type master;
+       file "pri/localhost.zone";
+       notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+       type master;
+       file "pri/127.zone";
+       notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+//     type master;
+//     file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+//     allow-query { any; };
+//     allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+//     type slave;
+//     file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+//     masters { <MASTER>; };
+
+       /* Anybody is allowed to query but transfer should be controlled by the master. */
+//     allow-query { any; };
+//     allow-transfer { none; };
+
+       /* The master should be the only one who notifies the slaves, shouldn't it? */
+//     allow-notify { <MASTER>; };
+//     notify no;
+//};
diff --git a/bind/pri b/bind/pri
new file mode 120000 (symlink)
index 0000000..aab69e6
--- /dev/null
+++ b/bind/pri
@@ -0,0 +1 @@
+/var/bind/pri
\ No newline at end of file
diff --git a/bind/rndc.key b/bind/rndc.key
new file mode 100644 (file)
index 0000000..9b57b56
--- /dev/null
@@ -0,0 +1,4 @@
+key "rndc-key" {
+       algorithm hmac-md5;
+       secret "6eD4UlYgUg8ILQ3mr/9P8Q==";
+};
diff --git a/bind/sec b/bind/sec
new file mode 120000 (symlink)
index 0000000..810ce2a
--- /dev/null
+++ b/bind/sec
@@ -0,0 +1 @@
+/var/bind/sec
\ No newline at end of file
diff --git a/conf.d/named b/conf.d/named
new file mode 100644 (file)
index 0000000..0450d5b
--- /dev/null
@@ -0,0 +1,48 @@
+# Set various named options here.
+#
+#OPTIONS=""
+
+# Set this to the number of processors you want bind to use.
+# Leave this unchanged if you want bind to automatically detect the number
+#CPU="1"
+
+# If you wish to run bind in a chroot:
+# 1) un-comment the CHROOT= assignment, below. You may use
+#    a different chroot directory but MAKE SURE it's empty.
+# 2) run: emerge --config =<bind-version>
+#
+#CHROOT="/chroot/dns"
+
+# Uncomment to enable binmount of /usr/share/GeoIP
+#CHROOT_GEOIP="1"
+
+# Uncomment the line below to avoid that the init script mounts the needed paths
+# into the chroot directory.
+# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
+#CHROOT_NOMOUNT="1"
+
+# Uncomment this option if you have setup your own chroot environment and you
+# don't want/need the chroot consistency check
+#CHROOT_NOCHECK=1
+
+# Default pid file location
+PIDFILE="${CHROOT}/var/run/named/named.pid"
+
+# Scheduling priority: 19 is the lowest and -20 is the highest.
+# Default: 0
+#NAMED_NICELEVEL="0"
+
+# Uncomment rc_named_use/rc_named_after for the database you need.
+# Its necessary to ensure the database backend will be started before named.
+
+# MySQL
+#rc_named_use="mysql"
+#rc_named_after="mysql"
+
+# PostgreSQL
+#rc_named_use="pg_autovacuum postgresql"
+#rc_named_after="pg_autovacuum postgresql"
+
+# LDAP
+#rc_named_use="ldap"
+#rc_named_after="ldap"
diff --git a/csh.env b/csh.env
index 75cabeab030ca49c425e4bc88c226bb205d8e7f3..9c06f9e43f581bd79fc60c2860bcfc9989e21999 100644 (file)
--- a/csh.env
+++ b/csh.env
@@ -3,7 +3,7 @@
 # GO INTO /etc/csh.cshrc NOT /etc/csh.env
 
 setenv ANT_HOME '/usr/share/ant'
-setenv CONFIG_PROTECT '/usr/share/gnupg/qualified.txt /var/lib/hsqldb /usr/share/config /usr/share/openvpn/easy-rsa'
+setenv CONFIG_PROTECT '/var/bind /usr/share/gnupg/qualified.txt /var/lib/hsqldb /usr/share/config /usr/share/openvpn/easy-rsa'
 setenv CONFIG_PROTECT_MASK '/etc/gentoo-release /etc/sandbox.d /etc/php/cli-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/fonts/fonts.conf ${EPREFIX}/etc/gconf /etc/terminfo /etc/dconf /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild'
 setenv EDITOR '/usr/bin/vim'
 setenv FLTK_DOCDIR '/usr/share/doc/fltk-1.3.0-r1/html'
diff --git a/env.d/10bind b/env.d/10bind
new file mode 100644 (file)
index 0000000..13c7910
--- /dev/null
@@ -0,0 +1 @@
+CONFIG_PROTECT="/var/bind"
diff --git a/init.d/named b/init.d/named
new file mode 100755 (executable)
index 0000000..ee209d6
--- /dev/null
@@ -0,0 +1,248 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r12,v 1.1 2012/08/24 19:01:09 idl0r Exp $
+
+extra_commands="checkconfig checkzones"
+extra_started_commands="reload"
+
+depend() {
+       need net
+       use logger
+       provide dns
+}
+
+NAMED_CONF=${CHROOT}/etc/bind/named.conf
+
+OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
+MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
+
+_mount() {
+       local from
+       local to
+       local opts
+       local ret=0
+
+       if [ "${#}" -lt 3 ]; then
+               eerror "_mount(): to few arguments"
+               return 1
+       fi
+
+       from=$1
+       to=$2
+       shift 2
+
+       opts="${*}"
+       shift $#
+
+       if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
+               einfo "mounting ${from} to ${to}"
+               mount ${from} ${to} ${opts}
+               ret=$?
+
+               eend $ret
+               return $ret
+       fi
+
+       return 0
+}
+
+_umount() {
+       local dir=$1
+       local ret=0
+
+       if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
+               ebegin "umounting ${dir}"
+               umount ${dir}
+               ret=$?
+
+               eend $ret
+               return $ret
+       fi
+
+       return 0
+}
+
+_get_pidfile() {
+       # as suggested in bug #107724, bug 335398#c17
+       [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
+                       /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+       [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/var/run/named/named.pid
+}
+
+check_chroot() {
+       if [ -n "${CHROOT}" ]; then
+               [ ! -d "${CHROOT}" ] && return 1
+               [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
+               [ ! -d "${CHROOT}/var/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
+               [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
+               [ ! -d "${CHROOT}/var/log/named" ] && return 1
+               [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
+               [ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
+               [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
+               if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+                       if [ -d "/usr/lib64" ]; then
+                               [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
+                       elif [ -d "/usr/lib" ]; then
+                               [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
+                       fi
+               fi
+       fi
+
+       return 0
+}
+
+checkconfig() {
+       ebegin "Checking named configuration"
+
+       if [ ! -f "${NAMED_CONF}" ] ; then
+               eerror "No ${NAMED_CONF} file exists!"
+               return 1
+       fi
+
+       /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
+               eerror "named-checkconf failed! Please fix your config first."
+               return 1
+       }
+
+       eend 0
+       return 0
+}
+
+checkzones() {
+       ebegin "Checking named configuration and zones"
+       /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
+       eend $?
+}
+
+start() {
+       local piddir
+
+       ebegin "Starting ${CHROOT:+chrooted }named"
+
+       if [ -n "${CHROOT}" ]; then
+               if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+                       check_chroot || {
+                               eend 1
+                               eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+                               return 1
+                       }
+               fi
+
+               if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+                       if [ ! -e /usr/lib/engines/libgost.so ]; then
+                               eend 1
+                               eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
+                               return 1
+                       fi
+                       cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
+                               eend 1
+                               eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
+                               return 1
+                       }
+               fi
+               cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
+
+               if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+                       einfo "Mounting chroot dirs"
+                       _mount /etc/bind ${CHROOT}/etc/bind -o bind
+                       _mount /var/bind ${CHROOT}/var/bind -o bind
+                       _mount /var/log/named ${CHROOT}/var/log/named -o bind
+                       if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+                               _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
+                       fi
+               fi
+       fi
+
+       checkconfig || { eend 1; return 1; }
+
+       # create piddir (usually /var/run/named) if necessary, bug 334535
+       _get_pidfile
+       piddir="${PIDFILE%/*}"
+       checkpath -q -d -o root:named -m 0770 "${piddir}" || {
+               eend 1
+               return 1
+       }
+
+       # In case someone have $CPU set in /etc/conf.d/named
+       if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
+               CPU="-n ${CPU}"
+       fi
+
+       start-stop-daemon --start --pidfile ${PIDFILE} \
+               --nicelevel ${NAMED_NICELEVEL:-0} \
+               --exec /usr/sbin/named \
+               -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
+       eend $?
+}
+
+stop() {
+       local reported=0
+
+       ebegin "Stopping ${CHROOT:+chrooted }named"
+
+       # Workaround for now, until openrc's restart has been fixed.
+       # openrc doesn't care about a restart() function in init scripts.
+       if [ "${RC_CMD}" = "restart" ]; then
+               if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+                       check_chroot || {
+                               eend 1
+                               eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+                               return 1
+                       }
+               fi
+
+               checkconfig || { eend 1; return 1; }
+       fi
+
+       # -R 10, bug 335398
+       _get_pidfile
+       start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+               --exec /usr/sbin/named
+
+       if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+               ebegin "Umounting chroot dirs"
+
+               # just to be sure everything gets clean
+               while fuser -s ${CHROOT} 2>/dev/null; do
+                       if [ "${reported}" -eq 0 ]; then
+                               einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
+                       elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
+                               eerror "Waiting until all named processes are stopped failed!"
+                               eend 1
+                               break
+                       fi
+                       sleep 1
+                       reported=$((reported+1))
+               done
+
+               [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
+               _umount ${CHROOT}/etc/bind
+               _umount ${CHROOT}/var/log/named
+               _umount ${CHROOT}/var/bind
+       fi
+
+       eend $?
+}
+
+reload() {
+       local ret
+
+       ebegin "Reloading named.conf and zone files"
+
+       checkconfig || { eend 1; return 1; }
+
+       _get_pidfile
+       if [ -n "${PIDFILE}" ]; then
+               start-stop-daemon --pidfile $PIDFILE --signal HUP
+               ret=$?
+       else
+               ewarn "Unable to determine the pidfile... this is"
+               ewarn "a fallback mode. Please check your installation!"
+
+               $RC_SERVICE restart
+               ret=$?
+       fi
+
+       eend $ret
+}
index bf5288c7076a1c308ec71063eaf8847618ad0d2c..8cf3135252cbeed6697267849a74e0afbb6e04f2 100644 (file)
@@ -200,12 +200,12 @@ net-analyzer/net-snmp                     diskio elf extensible mfd-rewrites sendmail smux
 net-analyzer/nmap                      ncat ndiff nmap-update nping
 net-analyzer/wireshark                 adns doc-pdf gcrypt profile smi
 
+net-dialup/freeradius                  edirectory frascend frxp
+
 net-dns/avahi                          autoipd howl-compat mdnsresponder-compat
-net-dns/bind                           dlz geoip gssapi -odbc pkcs11 resolvconf urandom
+net-dns/bind                           dlz geoip gssapi -mysql -odbc pkcs11 resolvconf urandom
 net-dns/bind-tools                     gssapi pkcs11 urandom
 
-net-dialup/freeradius                  edirectory frascend frxp
-
 # Enable support for 3rd patch-o-matic extensions
 net-firewall/iptables                  extensions
 
index 02fa38f0921068f7318de4b602c670ed4efd9948..c9767de03170c4dddb61d1ef10928e6e11c8e844 100644 (file)
@@ -3,7 +3,7 @@
 # GO INTO /etc/profile NOT /etc/profile.env
 
 export ANT_HOME='/usr/share/ant'
-export CONFIG_PROTECT='/usr/share/gnupg/qualified.txt /var/lib/hsqldb /usr/share/config /usr/share/openvpn/easy-rsa'
+export CONFIG_PROTECT='/var/bind /usr/share/gnupg/qualified.txt /var/lib/hsqldb /usr/share/config /usr/share/openvpn/easy-rsa'
 export CONFIG_PROTECT_MASK='/etc/gentoo-release /etc/sandbox.d /etc/php/cli-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/fonts/fonts.conf ${EPREFIX}/etc/gconf /etc/terminfo /etc/dconf /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild'
 export EDITOR='/usr/bin/vim'
 export FLTK_DOCDIR='/usr/share/doc/fltk-1.3.0-r1/html'