nixpkgs/pkgs/servers/dns/nsd/default.nix

{ config, stdenv, fetchurl, libevent, openssl
, bind8Stats       ? false
, checking         ? false
, ipv6             ? true
, mmap             ? false
, minimalResponses ? true
, nsec3            ? true
, ratelimit        ? false
, recvmmsg         ? false
, rootServer       ? false
, rrtypes          ? false
, zoneStats        ? false
}:

stdenv.mkDerivation rec {
  name = "nsd-4.1.12";

  src = fetchurl {
    url = "http://www.nlnetlabs.nl/downloads/nsd/${name}.tar.gz";
    sha256 = "fd1979dff1fba55310fd4f439dc9f3f4701d435c0ec4fb9af533e12c7f27d5de";
  };

  buildInputs = [ libevent openssl ];

  configureFlags =
    let edf = c: o: if c then ["--enable-${o}"] else ["--disable-${o}"];
     in edf bind8Stats       "bind8-stats"
     ++ edf checking         "checking"
     ++ edf ipv6             "ipv6"
     ++ edf mmap             "mmap"
     ++ edf minimalResponses "minimal-responses"
     ++ edf nsec3            "nsec3"
     ++ edf ratelimit        "ratelimit"
     ++ edf recvmmsg         "recvmmsg"
     ++ edf rootServer       "root-server"
     ++ edf rrtypes          "draft-rrtypes"
     ++ edf zoneStats        "zone-stats"
     ++ [ "--with-ssl=${openssl.dev}" "--with-libevent=${libevent.dev}" ];

  meta = with stdenv.lib; {
    homepage = http://www.nlnetlabs.nl;
    description = "Authoritative only, high performance, simple and open source name server";
    license = licenses.bsd3;
    platforms = platforms.unix;
    maintainers = [ maintainers.hrdinka ];
  };
}
nsd: add package version 4.0.3 2014-06-12 10:14:44 +01:00			`{ config, stdenv, fetchurl, libevent, openssl`
pkgs/nsd: Allow to easily override the package. Allowing to use nixpkgs config to provide different defaults is not going to help us here, so we would like to use nsd.override {} in order to supply the correct options in the module. Eventually removing the nixpkgs config option would make sense here as well. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-07-23 16:09:28 +01:00			`, bind8Stats ? false`
			`, checking ? false`
			`, ipv6 ? true`
			`, mmap ? false`
			`, minimalResponses ? true`
			`, nsec3 ? true`
			`, ratelimit ? false`
			`, recvmmsg ? false`
			`, rootServer ? false`
nsd: Fix automatic config options 2015-03-19 11:10:55 +00:00			`, rrtypes ? false`
nsd: Update from 4.1.0 -> 4.1.1 2015-03-18 20:01:35 +00:00			`, zoneStats ? false`
nsd: add package version 4.0.3 2014-06-12 10:14:44 +01:00			`}:`

			`stdenv.mkDerivation rec {`
nsd: 4.1.9 -> 4.1.12 4.1.12 ====== Bugfixes -------- Fix malformed edns query assertion failure, reported by Michal Kepien (NASK). 4.1.11 ====== Features -------- * When tcp is more than half full, use short timeout for tcp session. * Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori. * Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865. Bugfixes -------- * Fix build without IPv6, patch from Zdenek Kaspar. * Fix #783: Trying to run a root server without having configured it silently gives wrong answers. * Fix #782: Serve DS record but parent zone has no NS record. * Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut. 4.1.10 ====== Features -------- * ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down. * NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size. * print notice that nsd is starting before taking off. Bugfixes -------- * Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl. * Fix #751: NSD fails to occlude names below a DNAME. * If set without nsd.db print "" as the default in the man pages. * Fix #755: NSD spins after a zone update and a lot of TCP queries. * Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser. * #772 Document that recvmmsg has IPv6 problems on some linux kernels. 4.1.9 ===== Bugfixes -------- * Change the nsd.db file version because of nanosecond precision fix. 2016-09-26 23:10:39 +01:00			`name = "nsd-4.1.12";`
nsd: add package version 4.0.3 2014-06-12 10:14:44 +01:00
			`src = fetchurl {`
			`url = "http://www.nlnetlabs.nl/downloads/nsd/${name}.tar.gz";`
nsd: 4.1.9 -> 4.1.12 4.1.12 ====== Bugfixes -------- Fix malformed edns query assertion failure, reported by Michal Kepien (NASK). 4.1.11 ====== Features -------- * When tcp is more than half full, use short timeout for tcp session. * Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori. * Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865. Bugfixes -------- * Fix build without IPv6, patch from Zdenek Kaspar. * Fix #783: Trying to run a root server without having configured it silently gives wrong answers. * Fix #782: Serve DS record but parent zone has no NS record. * Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut. 4.1.10 ====== Features -------- * ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down. * NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size. * print notice that nsd is starting before taking off. Bugfixes -------- * Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl. * Fix #751: NSD fails to occlude names below a DNAME. * If set without nsd.db print "" as the default in the man pages. * Fix #755: NSD spins after a zone update and a lot of TCP queries. * Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser. * #772 Document that recvmmsg has IPv6 problems on some linux kernels. 4.1.9 ===== Bugfixes -------- * Change the nsd.db file version because of nanosecond precision fix. 2016-09-26 23:10:39 +01:00			`sha256 = "fd1979dff1fba55310fd4f439dc9f3f4701d435c0ec4fb9af533e12c7f27d5de";`
nsd: add package version 4.0.3 2014-06-12 10:14:44 +01:00			`};`

			`buildInputs = [ libevent openssl ];`

			`configureFlags =`
pkgs/nsd: Allow to easily override the package. Allowing to use nixpkgs config to provide different defaults is not going to help us here, so we would like to use nsd.override {} in order to supply the correct options in the module. Eventually removing the nixpkgs config option would make sense here as well. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-07-23 16:09:28 +01:00			`let edf = c: o: if c then ["--enable-${o}"] else ["--disable-${o}"];`
			`in edf bind8Stats "bind8-stats"`
			`++ edf checking "checking"`
			`++ edf ipv6 "ipv6"`
			`++ edf mmap "mmap"`
			`++ edf minimalResponses "minimal-responses"`
			`++ edf nsec3 "nsec3"`
			`++ edf ratelimit "ratelimit"`
			`++ edf recvmmsg "recvmmsg"`
			`++ edf rootServer "root-server"`
nsd: Fix automatic config options 2015-03-19 11:10:55 +00:00			`++ edf rrtypes "draft-rrtypes"`
nsd: Update from 4.1.0 -> 4.1.1 2015-03-18 20:01:35 +00:00			`++ edf zoneStats "zone-stats"`
libevent: split into multiple outputs Hopefully all references are fixed. 2015-10-05 14:58:37 +01:00			`++ [ "--with-ssl=${openssl.dev}" "--with-libevent=${libevent.dev}" ];`
nsd: add package version 4.0.3 2014-06-12 10:14:44 +01:00
nsd: fix description, license and platforms 2014-09-28 14:30:39 +01:00			`meta = with stdenv.lib; {`
nsd: add package version 4.0.3 2014-06-12 10:14:44 +01:00			`homepage = http://www.nlnetlabs.nl;`
nsd: fix description, license and platforms 2014-09-28 14:30:39 +01:00			`description = "Authoritative only, high performance, simple and open source name server";`
			`license = licenses.bsd3;`
			`platforms = platforms.unix;`
			`maintainers = [ maintainers.hrdinka ];`
nsd: add package version 4.0.3 2014-06-12 10:14:44 +01:00			`};`
			`}`