Background
BIND 9 has support for optional features that usually need external libraries. The most difficult one to set up and also the most requested one is dnstap, which has a number of external dependencies (i.a. protobuf, fstrm). Stock OS packages for those libraries are often outdated or missing and thus BIND 9 cannot be compiled with support for that feature.
BIND 9 comes in two flavours - the open source edition and the subscription edition.
Detailed Requirements
- BIND 9 Packages
- Packages should be prepared in a way that allows installation and upgrading
- In the case of RPM, we provide BIND packages as a Software Collection (SCL) as they are not really compatible with BIND 9 packages provided by RedHat (it's more vanilla, doesn't provide PKCS#11 integration)
- Formats
- At least deb and RPM
- Supported distros
- Ubuntu LTSs (16.04, 18.04)
- RHEL/CentOS - 6, 7
- Fedora (supported versions)
- Debian - 9 (stretch), 10 (buster)
- Package compliance
- Packages should be compliant with distros' policies
- BIND 9 processes should use native solutions for services, systemd on Linux, daemon on FreeBSD
- Distribution
- Distributing open source packages and premium/subscription packages should be supported
- Packages should be exposed as just a folder of files on FTP/HTTP server
- Open source packages should use the native locations for repositories:
- PPA for Ubuntu - ppa:isc/bind, ppa:isc/bind-esv, ppa:isc/bind-dev
- COPR for Fedora/CentOS/RHEL: https://copr.fedorainfracloud.org/coprs/isc/{bind,bind-esv,bind-dev}/
- The closest thing Debian has is debian.net domain, so we have https://bind.debian.net//
- Subscription edition is using private location
- Repositories and/or packages MUST be signed
- Per-customer access control should be applied to the subscription edition
Design
Packages
RPM
- isc-bind - SCL metapackage
- isc-bind-bind -
named
and everything else installed into<scl-prefix>/usr/sbin
, plus the relevant daemon and system configuration files - isc-bind-bind-utils - utilities installed into
<scl-prefix>/usr/bin
- isc-bind-bind-libs - libraries installed into
<scl-prefix>/usr/lib
or<scl-prefix>/usr/lib64
- isc-bind-bind-devel - everything installed into
<scl-prefix>/usr/include
, plus<scl-prefix>/usr/bin/bind9-config
and<scl-prefix>/usr/bin/isc-config.sh
- isc-bind-bind-debuginfo - debug objects for binaries contained in the other packages
Deb
- bind9 - contains named and related utilities, man pages and configuration
- bind9-utils - contains dnssec-, named-check and rndc* utilities
- bind9-host - just
/usr/bin/host
- bind9-libs - contains internal shared libraries used by above
- bind9-dnsutils - user DNS utilities (dig, delv, mdig, nslookup, nsupdate)
- bind9-doc - ARM
Versioning
Ubuntu
- Epoch (e.g.
1:
) - Upstream version, e.g.
9.14.2
- Debian version, e.g.
-2
- Ubuntu target version, e.g.
+ubuntu18.10.1
- ISC package version:
+isc+1
Example:
- 1:9.14.2-1+ubuntu18.10.1+isc+1
Debian
- Epoch, e.g.
1:
- Upstream version, e.g. 9.14.2
- Debian version, e.g. -2
- Ubuntu target version,e.g. +ubuntu18.10.1
- ISC package version: +isc+1
Example:
- 1:9.14.2-2+0~20190521182526.13+buster~1.gbp6e6de7
RPM
Repository Design
Repos hierarchy and naming convention is as follows:
- bind-esv
- bind
- bind-dev
The release component of the package is handled natively by the repository design.
Subscription Packages in the repository
Subscription version is protected by a per-customer unique key that's part of full repository URL.
Signing
RPM
Done by COPR
Debian
Done natively by distribution tools.
Ubuntu
Done by Launchpad.
Subscription Edition
Done manually.
Synchronization with Distributions
Fedora
- Fedora 28 - supported till 2019.06
- Fedora 29 - supported till ~2019.12
- Fedora 30 - released on 2019.04.30
Old release X is maintained until 1 month after the release of X+2.
RHEL/CentOS
- RHEL 6 - End of Full Support: 2017.05.10, End of Maintenance Support: 2020.11.30
- RHEL 7 - End of Full Support: 2020 Q4, End of Maintenance Support: 2024.06.30
- RHEL 8 - released on 2019.05.07
CentOS
Releases 1 month after RHEL releases. Support is the same as in RHEL.
Debian
- Debian 8 "jessie" - obsolete stable release, EOLed, LTS supported till 2020.06.06
- Debian 9 "stretch" - current stable release, full supported till 2020, LTS till 2022
- Debian 10 "buster" - release planned for Mid-2019
Ubuntu
- Ubuntu 16.04 LTS - supported till 2021.04
- Ubuntu 18.04 LTS - supported till 2023.04
- Ubuntu 19.04 - supported till 2019.10
FreeBSD
- FreeBSD 11 - 11.2 released on 2018.06, supported till 2021.09.30
- FreeBSD 12 - 12.0 released on 2018.12, supported till ~2023
- FreeBSD 13 - probable release on 2020
Each major version supported for about 5 years.