# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 PortSystem 1.0 name dns-server # use port:bind9's version as the version number version 9.16.13 revision 0 categories net platforms any supported_archs noarch maintainers {ieee.org:s.t.smith @essandess} openmaintainer license BSD distfiles description Domain Name System server configuration long_description DNS server working configuration for named \ that provides a basic, working, easily \ modifiable LAN DNS server. The configuration \ includes example LAN, .private, and localhost \ zones, with example A, PTR, and CNAME (alias) \ records, MX, SPF, DKIM, and DMARC records for \ email servers, and URI, TXT, and SRV records \ for Kerberos servers. This configuration is \ based upon macOS Server.app's DNS server prior \ to its deprecation in Server.app version 5.7. \ See `man named`. homepage https://www.isc.org/ depends_run-append port:bind9 use_configure no build {} destroot { # Ensure needed directories xinstall -o named -g named -m 755 -d \ ${destroot}${prefix}/etc \ ${destroot}${prefix}/var/named \ ${destroot}${prefix}/var/log/named # Install the conf file templates foreach f { \ named.conf \ rndc.conf \ } { xinstall -o root -m 644 ${filespath}/${f} \ ${destroot}${prefix}/etc/${f}.macports } # Install the db file templates foreach f { \ db.@LAN_REVERSE_IP_SUBNET@.in-addr.arpa \ db.@domain@.@tld@ \ db.@domain@.private \ localhost.zone \ named.ca \ named.local \ } { xinstall -o named -g named -m 644 ${filespath}/${f} \ ${destroot}${prefix}/var/named/${f}.macports } } destroot.keepdirs ${destroot}${prefix}/var/log/named # Network configuration # hard-coded examples set named_host host set named_domain domain set named_tld tld set named_fullhost ${named_host}.${named_domain}.${named_tld} set named_domaintld ${named_domain}.${named_tld} set host_lan_ip_address 10.0.1.2 set lan_reverse_ip_subnet 1.0.10 set host_lan_reverse_ip_address 2.1.0.10 # aribitrary example for client IP address set client_lan_ip_address 10.0.1.3 set client_lan_reverse_ip_address 3.1.0.10 post-activate { # use network settings for installed example configuration set named_fullhost [exec /bin/hostname -f] set named_host [lindex [split ${named_fullhost} .] 0] set named_domaintld [join [lrange [split ${named_fullhost} .] 1 end] .] set named_domain [lindex [split ${named_domaintld} .] 0] set named_tld [join [lrange [split ${named_domaintld} .] 1 end] .] set host_lan_ip_address [exec /bin/sh -c "/sbin/ifconfig `/usr/sbin/netstat -nr | /usr/bin/awk '{ if (\$1 ~/default/) { print \$NF} }' | /usr/bin/head -1` | /usr/bin/awk '{ if (\$1 ~/inet\$/) { print \$2} }'"] set lan_reverse_ip_subnet [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\3.\\2.\\1|'"] set host_lan_reverse_ip_address [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\4.\\3.\\2.\\1|'"] # aribitrary example for client IP address set client_lan_ip_address [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\1.\\2.\\3.201|'"] set client_lan_reverse_ip_address [exec /bin/sh -c "echo ${client_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\4.\\3.\\2.\\1|'"] # copy to actual config files if they don't already exist foreach f { \ named.conf \ rndc.conf \ } { if { ![file exists ${prefix}/etc/${f}] } { # Configure the conf file xinstall -o root -g named -m 644 ${prefix}/etc/${f}.macports \ ${prefix}/etc/${f} reinplace "s|@PREFIX@|${prefix}|g" \ ${prefix}/etc/${f} reinplace -q "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|g" \ ${prefix}/etc/${f} reinplace -q "s|@domain@|${named_domain}|g" \ ${prefix}/etc/${f} reinplace -q "s|@tld@|${named_tld}|g" \ ${prefix}/etc/${f} if {${f} eq {named.conf} \ && "${named_domain}.${named_tld}" eq "${named_domain}.private"} { ui_warn "Duplicate zone '${named_domain}.${named_tld}' in \ ${prefix}/etc/named.conf that will cause a bind9 error. Please remove this \ duplicate zone. See `port notes ${name}`." } } } # Configure the db file templates foreach f { \ db.@LAN_REVERSE_IP_SUBNET@.in-addr.arpa \ db.@domain@.@tld@ \ db.@domain@.private \ localhost.zone \ named.ca \ named.local \ } { set f_renamed $f set f_renamed [ strsed $f_renamed "s|@domain@|${named_domain}|" ] set f_renamed [ strsed $f_renamed "s|@tld@|${named_tld}|" ] set f_renamed [ strsed $f_renamed "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|" ] if { ![file exists ${prefix}/var/named/${f_renamed}] } { xinstall -m 0644 -W ${prefix}/var/named \ ${f}.macports ${f_renamed} } } foreach f "\ db.${lan_reverse_ip_subnet}.in-addr.arpa \ db.${named_domain}.${named_tld} \ db.${named_domain}.private \ localhost.zone \ named.ca \ named.local \ " { reinplace -q "s|@PREFIX@|${prefix}|g" \ ${prefix}/var/named/${f} reinplace -q "s|@host@|${named_host}|g" \ ${prefix}/var/named/${f} reinplace -q "s|@domain@|${named_domain}|g" \ ${prefix}/var/named/${f} reinplace -q "s|@tld@|${named_tld}|g" \ ${prefix}/var/named/${f} # case sensitive for Kerberos REALMs reinplace -q "s|@HOST@|[string toupper ${named_host}]|g" \ ${prefix}/var/named/${f} reinplace -q "s|@DOMAIN@|[string toupper ${named_domain}]|g" \ ${prefix}/var/named/${f} reinplace -q "s|@TLD@|[string toupper ${named_tld}]|g" \ ${prefix}/var/named/${f} reinplace -q "s|@HOST_LAN_IP_ADDRESS@|${host_lan_ip_address}|g" \ ${prefix}/var/named/${f} reinplace -q "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|g" \ ${prefix}/var/named/${f} reinplace -q "s|@HOST_LAN_REVERSE_IP_ADDRESS@|${host_lan_reverse_ip_address}|g" \ ${prefix}/var/named/${f} reinplace -q "s|@CLIENT_LAN_IP_ADDRESS@|${client_lan_ip_address}|g" \ ${prefix}/var/named/${f} reinplace -q "s|@CLIENT_LAN_REVERSE_IP_ADDRESS@|${client_lan_reverse_ip_address}|g" \ ${prefix}/var/named/${f} } if { ![file exists ${prefix}/var/named/rndc.key] } { system "${prefix}/sbin/rndc-confgen -A hmac-sha512 -a -c ${prefix}/var/named/rndc.key -u named" } ui_msg "Configuring DNS Server with: Host ${named_host} Domain ${named_domain} TLD ${named_tld} Host IP Address ${host_lan_ip_address} Reverse IP Subnet ${lan_reverse_ip_subnet} This configuration can be changed in the directory: ${prefix}/var/named See `man named` for details. " } notes "The DNS server's initial configuration uses installation-time network\ settings to provide a basic, working DNS server. Users must reconfigure the installation for their own network\ specifics by editing the files: ${prefix}/etc/named.conf ${prefix}/etc/rndc.conf ${prefix}/var/named/db.* Refer to the *.macports template files and `man named` for details. Post Installation: 1. Edit files in the directory ${prefix}/var/named to specify correct DNS\ and reverse DNS entries. Example: These two commands should point to\ each other: host ${named_host} ${host_lan_ip_address} host ${host_lan_ip_address} ${host_lan_ip_address} A rndc.key file is automatically created with the command: rndc-confgen -A hmac-sha512 -a -c ${prefix}/var/named/rndc.key -u named 2. It is necessary to launch named with: sudo port load bind9 3. DNS cache on macOS is flushed with the commands: dscacheutil -flushcache ; sudo killall -HUP mDNSResponder ; \\ sudo port reload bind9 4. The DNS server is configured by default to accept requests on port 53\ over the LAN. Make sure that this port is not exposed to the open\ internet." livecheck.type none