Skip to content

GitLab

Last edited by Michał Kępień
Page history

BIND 9 Packaging

Background

BIND 9 has support for optional features that usually need external libraries. The most difficult one to set up and also the most requested one is dnstap, which has a number of external dependencies (i.a. protobuf, fstrm). Stock OS packages for those libraries are often outdated or missing and thus BIND 9 cannot be compiled with support for that feature.

BIND 9 comes in two flavours - the open source edition and the subscription edition.

Detailed Requirements

  1. BIND 9 Packages
    1. Packages should be prepared in a way that allows installation and upgrading
    2. In the case of RPM, we provide BIND packages as a Software Collection (SCL) as they are not really compatible with BIND 9 packages provided by RedHat (it's more vanilla, doesn't provide PKCS#11 integration)
  2. Formats
    1. At least deb and RPM
  3. Supported distros
    1. Ubuntu LTSs (16.04, 18.04)
    2. RHEL/CentOS - 6, 7
    3. Fedora (supported versions)
    4. Debian - 9 (stretch), 10 (buster)
  4. Package compliance
    1. Packages should be compliant with distros' policies
    2. BIND 9 processes should use native solutions for services, systemd on Linux, daemon on FreeBSD
  5. Distribution
    1. Distributing open source packages and premium/subscription packages should be supported
    2. Packages should be exposed as just a folder of files on FTP/HTTP server
    3. Open source packages should use the native locations for repositories:
      1. PPA for Ubuntu - ppa:isc/bind, ppa:isc/bind-esv, ppa:isc/bind-dev
      2. COPR for Fedora/CentOS/RHEL: https://copr.fedorainfracloud.org/coprs/isc/{bind,bind-esv,bind-dev}/
      3. The closest thing Debian has is debian.net domain, so we have https://bind.debian.net//
    4. Subscription edition is using private location
    5. Repositories and/or packages MUST be signed
    6. Per-customer access control should be applied to the subscription edition

Design

Packages

RPM

  • isc-bind - SCL metapackage
  • isc-bind-bind - named and everything else installed into <scl-prefix>/usr/sbin, plus the relevant daemon and system configuration files
  • isc-bind-bind-utils - utilities installed into <scl-prefix>/usr/bin
  • isc-bind-bind-libs - libraries installed into <scl-prefix>/usr/lib or <scl-prefix>/usr/lib64
  • isc-bind-bind-devel - everything installed into <scl-prefix>/usr/include, plus <scl-prefix>/usr/bin/bind9-config and <scl-prefix>/usr/bin/isc-config.sh
  • isc-bind-bind-debuginfo - debug objects for binaries contained in the other packages

Deb

  • bind9 - contains named and related utilities, man pages and configuration
  • bind9-utils - contains dnssec-, named-check and rndc* utilities
  • bind9-host - just /usr/bin/host
  • bind9-libs - contains internal shared libraries used by above
  • bind9-dnsutils - user DNS utilities (dig, delv, mdig, nslookup, nsupdate)
  • bind9-doc - ARM

Versioning

Ubuntu
  1. Epoch (e.g. 1:)
  2. Upstream version, e.g. 9.14.2
  3. Debian version, e.g. -2
  4. Ubuntu target version, e.g. +ubuntu18.10.1
  5. ISC package version: +isc+1

Example:

  • 1:9.14.2-1+ubuntu18.10.1+isc+1
Debian
  1. Epoch, e.g. 1:
  2. Upstream version, e.g. 9.14.2
  3. Debian version, e.g. -2
  4. Ubuntu target version,e.g. +ubuntu18.10.1
  5. ISC package version: +isc+1

Example:

  • 1:9.14.2-2+0~20190521182526.13+buster~1.gbp6e6de7
RPM

Repository Design

Repos hierarchy and naming convention is as follows:

  • bind-esv
  • bind
  • bind-dev

The release component of the package is handled natively by the repository design.

Subscription Packages in the repository

Subscription version is protected by a per-customer unique key that's part of full repository URL.

Signing

RPM

Done by COPR

Debian

Done natively by distribution tools.

Ubuntu

Done by Launchpad.

Subscription Edition

Done manually.

Synchronization with Distributions

Fedora

  • Fedora 28 - supported till 2019.06
  • Fedora 29 - supported till ~2019.12
  • Fedora 30 - released on 2019.04.30

Old release X is maintained until 1 month after the release of X+2.

RHEL/CentOS

  • RHEL 6 - End of Full Support: 2017.05.10, End of Maintenance Support: 2020.11.30
  • RHEL 7 - End of Full Support: 2020 Q4, End of Maintenance Support: 2024.06.30
  • RHEL 8 - released on 2019.05.07

CentOS

Releases 1 month after RHEL releases. Support is the same as in RHEL.

Debian

  • Debian 8 "jessie" - obsolete stable release, EOLed, LTS supported till 2020.06.06
  • Debian 9 "stretch" - current stable release, full supported till 2020, LTS till 2022
  • Debian 10 "buster" - release planned for Mid-2019

Ubuntu

  • Ubuntu 16.04 LTS - supported till 2021.04
  • Ubuntu 18.04 LTS - supported till 2023.04
  • Ubuntu 19.04 - supported till 2019.10

FreeBSD

  • FreeBSD 11 - 11.2 released on 2018.06, supported till 2021.09.30
  • FreeBSD 12 - 12.0 released on 2018.12, supported till ~2023
  • FreeBSD 13 - probable release on 2020

Each major version supported for about 5 years.