On 2017-05-05 Andreas Metzler <ametz...@bebt.de> wrote: > Hello, > deadwood was released as stable by upstream. However the Debian package > only provides a bare-bone binary without infrastructure > (init-script/systemd support files). While the package description > documents this no reason is given why.
Hello, I think I have found a reason for not using deadwood. In short I have the feeling that it is not optimized for the use-case where it might be useful. :-( I wanted to use deadwood on a vserver with limited resources, handling e-mail an WWW, and deadwood seemed to match the requirements: * small/tiny * recursive * caching However according to deadwood(1) it would perform poorly there since MX handling is - eh - suboptimal: | please keep in mind that Deadwood is optimized to be used for web | surfing, not as a DNS server for a mail hub. In particular, the IPs | for MX records are removed from Deadwood's replies and Deadwood needs | to perform additional DNS queries to get the IPs corresponding to MX | records OTOH for /web/ /surfing/ I would rather use dnsmasq. I do not see the requirement for recursive DNS there and the resources on desktop computers used for surfing are not strained, tinyness is not a requirement here. Anyway. Before discovering this I spent some time on packaging deadwood. Preliminary patch attached. (Before uploading I'd switch to a customized dwood3rc in debian/ instead of patching the upstream version.) cu Andreas -- And so my quest for a dnscache replacement continued.
From 42007e215f603b8c46639eb344679bb4a4937afc Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametz...@bebt.de>
Date: Sat, 6 May 2017 14:04:14 +0200
Subject: [PATCH] Let deadwood work out of the box,
Listen on 127.0.0.1.
Ship init-script and systemd service file.
Update deadwood package dependencies; depend on systemd-sysv | duende
instead of recommending it since the init-script requires duende.
Patch upstream dwood3rc to run as proxy:proxy with chroot_dir
/var/cache/maradns-deadwood and install the file in
/etc/maradns/deadwood/.
Also ship dwood3rc-all example.
---
debian/changelog | 14 ++++
debian/control | 12 ++-
debian/maradns-deadwood.dirs | 2 +
debian/maradns-deadwood.examples | 2 +-
debian/maradns-deadwood.init | 135 +++++++++++++++++++++++++++++++
debian/maradns-deadwood.install | 1 +
debian/maradns-deadwood.service | 19 +++++
debian/patches/25_dwood_debdefaults.diff | 28 +++++++
debian/patches/series | 1 +
debian/rules | 3 +
10 files changed, 209 insertions(+), 8 deletions(-)
create mode 100644 debian/maradns-deadwood.dirs
create mode 100755 debian/maradns-deadwood.init
create mode 100644 debian/maradns-deadwood.service
create mode 100644 debian/patches/25_dwood_debdefaults.diff
diff --git a/debian/changelog b/debian/changelog
index 1994ca0..8709014 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+maradns (2.0.13-1.3) UNRELEASED; urgency=medium
+
+ * Let deadwood work out of the box, listening on 127.0.0.1:
+ - Ship init-script and systemd service file.
+ - Update deadwood package dependencies; depend on systemd-sysv | duende
+ instead of recommending it since the init-script requires duende.
+ - Patch upstream dwood3rc to run as proxy:proxy with chroot_dir
+ /var/cache/maradns-deadwood and install the file in
+ /etc/maradns/deadwood/.
+ - Also ship dwood3rc-all example.
+ Closes: #861910
+
+ -- Andreas Metzler <ametz...@debian.org> Sat, 06 May 2017 13:50:16 +0200
+
maradns (2.0.13-1.2) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 564f064..aec93f3 100644
--- a/debian/control
+++ b/debian/control
@@ -53,19 +53,17 @@ Description: complementary server process to TCP functions for MaraDNS
Package: maradns-deadwood
Architecture: any
Depends:
+ systemd-sysv | duende (>= 2.0.09-1), lsb-base (>= 3.0-6)
${misc:Depends},
${shlibs:Depends}
Suggests:
maradns (>= 2.0.09-1)
-Recommends:
- duende (>= 2.0.09-1)
Enhances:
maradns (>= 2.0.04-1)
-Description: simple security-focused recursive Domain Name Service server
- This is an experimental build of the deadwood binary, that is MaraDNS'
- recursive domain name server. It will contain support for IPv6. However
- the necessary integration of init scripts and config files will not be
- done.
+Description: a tiny caching recursive Domain Name Service server
+ Deadwood is MaraDNS' recursive domain name server. It supports both DNS
+ recursion and DNS forwarding. Like the authoritative MaraDNS server it
+ does not support DNSSEC.
Package: duende
Section: admin
diff --git a/debian/maradns-deadwood.dirs b/debian/maradns-deadwood.dirs
new file mode 100644
index 0000000..c1cdd7b
--- /dev/null
+++ b/debian/maradns-deadwood.dirs
@@ -0,0 +1,2 @@
+/var/cache/maradns-deadwood
+/etc/maradns/deadwood
diff --git a/debian/maradns-deadwood.examples b/debian/maradns-deadwood.examples
index 4f83891..5a8f836 100644
--- a/debian/maradns-deadwood.examples
+++ b/debian/maradns-deadwood.examples
@@ -1,2 +1,2 @@
build/deadwood.startup
-deadwood*/doc/dwood3rc
+deadwood*/doc/dwood3rc*
diff --git a/debian/maradns-deadwood.init b/debian/maradns-deadwood.init
new file mode 100755
index 0000000..56ffc29
--- /dev/null
+++ b/debian/maradns-deadwood.init
@@ -0,0 +1,135 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: maradns-deadwood
+# Required-Start: $remote_fs $network $syslog
+# Required-Stop: $remote_fs $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start and stop maradns deadwood recursive resolver
+# Description: deadwood is a fully recursive DNS cache.
+### END INIT INFO
+
+# Author: Nicholas Bamber <nicho...@periapt.co.uk>, Andreas Metzler <ametz...@debian.org
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="deadwood caching DNS server"
+NAME=maradns-deadwood
+DAEMON=/usr/sbin/deadwood
+DUENDE=/usr/sbin/duende
+SCRIPTNAME=/etc/init.d/$NAME
+WORKING_DIR=/run/maradns-deadwood
+PIDFILE="$WORKING_DIR/deadwood.pid"
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+if ! [ -d /run/systemd/system ]; then
+ log_action_msg "Checking for duende"
+ if [ -x "$DUENDE" ]; then
+ log_action_end_msg 0
+ else
+ log_action_end_msg 1 "$SCRIPTNAME needs duende to work. Please install it"
+ exit 3
+ fi
+fi
+
+
+# Function that starts the daemon/service
+#
+do_start()
+{
+
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ # Now start the actual maradns process
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null || return 1
+ start-stop-daemon --start --quiet --background --pidfile $PIDFILE --startas $DUENDE -- --pid $PIDFILE --ident "${NAME}" -- $DAEMON -f $rcfile
+ sleep 3
+ if ! pidofproc -p $PIDFILE $DAEMON > /dev/null
+ then
+ rm -rf $PIDFILE
+ return 2
+ fi
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name duende
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC..."
+
+ # dir can go away on reboots
+ mkdir -p $WORKING_DIR
+ chmod 775 $WORKING_DIR
+ chown proxy:proxy $WORKING_DIR >/dev/null 2>&1 || true
+
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_progress_msg "${NAME}" ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1
+ exit 1
+ ;;
+ esac
+ [ "$VERBOSE" != no ] && log_end_msg 0
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_progress_msg "${NAME}" ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1
+ exit 1
+ ;;
+ esac
+ [ "$VERBOSE" != no ] && log_end_msg 0
+ ;;
+ status)
+ SERVERNAME=`echo $rcfile | sed 's/\//_/g;s/^_*//;' | awk -F. '{print $NF}'`
+ status_of_proc -p "$PIDFILE" $DAEMON "${NAME}" || exit $?
+ exit 0
+ ;;
+ restart|force-reload)
+ $0 stop
+ [ "$?" = "0" ] || exit "$?"
+ sleep 3
+ $0 start
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/maradns-deadwood.install b/debian/maradns-deadwood.install
index 2ff2eec..b6d6ece 100644
--- a/debian/maradns-deadwood.install
+++ b/debian/maradns-deadwood.install
@@ -1 +1,2 @@
deadwood*/src/deadwood usr/sbin/
+deadwood*/doc/dwood3rc etc/maradns/deadwood/
diff --git a/debian/maradns-deadwood.service b/debian/maradns-deadwood.service
new file mode 100644
index 0000000..4fa9c4b
--- /dev/null
+++ b/debian/maradns-deadwood.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=MaraDNS small open-source DNS recursive resolver
+Documentation=man:deadwood(1)
+Requires=network.target
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/deadwood
+Restart=always
+ProtectSystem=strict
+ReadWritePaths=/var/cache/maradns-deadwood
+ProtectKernelModules=true
+PrivateTmp=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_INET AF_INET6
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/patches/25_dwood_debdefaults.diff b/debian/patches/25_dwood_debdefaults.diff
new file mode 100644
index 0000000..7b6f3f4
--- /dev/null
+++ b/debian/patches/25_dwood_debdefaults.diff
@@ -0,0 +1,28 @@
+Description: Set user/group/dir for Debian deadwood package
+Author: Andreas Metzler <ametz...@debian.org>
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2017-05-06
+
+--- maradns-2.0.13.orig/deadwood-3.2.09/doc/dwood3rc
++++ maradns-2.0.13/deadwood-3.2.09/doc/dwood3rc
+@@ -6,7 +6,7 @@ bind_address="127.0.0.1" # IP we bind to
+ # The following line is disabled by being commented out
+ #bind_address="::1" # We have optional IPv6 support
+
+-chroot_dir = "/etc/deadwood" # Directory we run program from (not used in Win32)
++chroot_dir = "/var/cache/maradns-deadwood" # Directory we run program from (not used in Win32)
+
+ # The following upstream DNS servers are Google's newly-announced (as of
+ # December, 2009) public DNS servers. For more information, see
+@@ -44,8 +44,8 @@ recursive_acl = "127.0.0.1/16" # Who is
+ maxprocs = 2048 # Maximum number of pending requests
+ handle_overload = 1 # Send SERVER FAIL when overloaded
+
+-maradns_uid = 99 # UID Deadwood runs as
+-maradns_gid = 99 # GID Deadwood runs as
++maradns_uid = 13 # UID Deadwood runs as
++maradns_gid = 13 # GID Deadwood runs as
+
+ maximum_cache_elements = 60000
+
diff --git a/debian/patches/series b/debian/patches/series
index 7ec92df..88ebfa4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ maradns-harden.patch
hurd.patch
randprime_prng.patch
maradns_user_config.patch
+25_dwood_debdefaults.diff
diff --git a/debian/rules b/debian/rules
index 60a64d6..c483f5f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -62,3 +62,6 @@ override_dh_installdocs-indep:
cp deadwood-*/doc/internals/* $(CURDIR)/debian/$(DOC)/usr/share/doc/$(DOC)/deadwood
cp deadwood-*/doc/FAQ.txt $(CURDIR)/debian/$(DOC)/usr/share/doc/$(DOC)/deadwood
+override_dh_fixperms-arch:
+ dh_fixperms
+ chown proxy:proxy $(CURDIR)/debian/maradns-deadwood/var/cache/maradns-deadwood
--
2.11.0
signature.asc
Description: PGP signature
