nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/bind/__init__.py
Sunil Mohan Adapa 158366feea
bind: Drop enabling DNSSEC (deprecated) as it is always enabled 
- As of bind 9.16, the option to enable DNSSEC 'dnssec-enable' is obsolete and
has no effect[1]. The option 'dnssec-validation' controls DNSSEC validation and
is set to 'auto' by default. 'auto' means that DNSSEC validation is enabled and
default trust anchor is used for DNS root zone. DNSSEC signatures are also
passed onto a client whenever available. Current stable, Debian Buster, has
version 9.16[3].

- As of bind 9.18, the option to enable DNSSEC 'dnssec-enable' is not recognized
and causes the daemon to fail to start[2]. Debian next, Debian Bookworm, has
version 9.18[3]. Therefore, in testing and unstable, bind fails to start of
installation from FreedomBox.

- There is no use-case for changing the current default behavior.

Links:

1)
https://bind9.readthedocs.io/en/v9_16_32/reference.html#dnssec-validation-option

2) https://bind9.readthedocs.io/en/v9_18_6/reference.html

3) https://tracker.debian.org/pkg/bind9

Tests:

- Run functional and unit tests.

- Option to enable/disable DNSSEC is removed.

- When bind is installed on testing without the patch, it fails to start. When
the patch is applied, bind will be upgraded, the dnssec-enable option is removed
from the configuration file /etc/bind/named.conf.options and bind is running.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2022-10-08 18:54:08 -04:00

76 lines
2.6 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""FreedomBox app to configure BIND server."""
from django.utils.translation import gettext_lazy as _
from plinth import app as app_module
from plinth import cfg, menu
from plinth.daemon import Daemon
from plinth.modules.backups.components import BackupRestore
from plinth.modules.firewall.components import Firewall
from plinth.package import Packages, install
from plinth.utils import format_lazy
from . import manifest, privileged
_description = [
_('BIND enables you to publish your Domain Name System (DNS) information '
'on the Internet, and to resolve DNS queries for your user devices on '
'your network.'),
format_lazy(
_('Currently, on {box_name}, BIND is only used to resolve DNS queries '
'for other machines on local network. It is also incompatible with '
'sharing Internet connection from {box_name}.'),
box_name=_(cfg.box_name)),
]
class BindApp(app_module.App):
"""FreedomBox app for Bind."""
app_id = 'bind'
_version = 3
def __init__(self):
"""Create components for the app."""
super().__init__()
info = app_module.Info(app_id=self.app_id, version=self._version,
name=_('BIND'), icon='fa-globe-w',
short_description=_('Domain Name Server'),
description=_description, manual_page='Bind')
self.add(info)
menu_item = menu.Menu('menu-bind', info.name, info.short_description,
info.icon, 'bind:index',
parent_url_name='system')
self.add(menu_item)
packages = Packages('packages-bind', ['bind9'])
self.add(packages)
firewall = Firewall('firewall-bind', info.name, ports=['dns'],
is_external=False)
self.add(firewall)
daemon = Daemon(
'daemon-bind', 'named', listen_ports=[(53, 'tcp6'), (53, 'udp6'),
(53, 'tcp4'), (53, 'udp4')])
self.add(daemon)
backup_restore = BackupRestore('backup-restore-bind',
**manifest.backup)
self.add(backup_restore)
def setup(self, old_version):
"""Install and configure the app."""
super().setup(old_version)
privileged.setup(old_version)
self.enable()
def force_upgrade(self, _packages):
"""Force upgrade the managed packages to resolve conffile prompt."""
install(['bind9'], force_configuration='old')
return True
Reference in New Issue View Git Blame Copy Permalink