|
|
## Background
|
|
|
BIND 9 has support for optional features that usually need external libraries. The most difficult to set up and also most requested is dnstap that has number of external dependencies (protobuf, fstrm, ...). Those libraries are often outdated or missing and BIND 9 cannot be compiled with the optional feature.
|
|
|
|
|
|
BIND 9 comes in two flavours - the open source edition and subscription edition.
|
|
|
|
|
|
## Detailed Requirements
|
|
|
|
|
|
1. BIND 9 Packages
|
|
|
1. Kea modules and extra features should be packaged separately into dynamically loaded libraries, see more in #435.
|
|
|
1. packages should be prepared in a way that allow installation and upgrading
|
|
|
1. Coordinate packaging with distro maintainers(?)
|
|
|
1. keep solution close to distros solutions so maintainers could gain from packaging changes on Kea side and quickly update their side when something changes in Kea e.g. new daemon has been added, etc.
|
|
|
1. In case of RPM, we provide BIND packages as Software Collection (SCL) as they are not really compatible with BIND 9 packages provided by RedHat (it's more vanilla, doesn't provide PKCS#11 integration)
|
|
|
1. Formats
|
|
|
1. minimum: deb and rpm
|
|
|
1. Supported distros
|
|
|
1. Ubuntu LTSs (16.04, 18.04)
|
|
|
1. RHEL/CentOS - 6, 7
|
|
|
1. Fedora (supported versions)
|
|
|
1. Debian - 9 (stretch), 10 (buster)
|
|
|
1. Packages compliance
|
|
|
1. Packages should be compliant with distros policies
|
|
|
1. BIND 9 processes should use native solutions for services, systemd on Linuxes, daemon on FreeBSD
|
|
|
1. Distribution
|
|
|
1. Distributing open source packages and premium/subscription packages should be supported
|
|
|
1. Packages should be exposed as just a folder of files on FTP/HTTP server
|
|
|
1. Open source packages should use the native locations for repositories:
|
|
|
1. PPA for Ubuntu - ppa:isc/bind, ppa:isc/bind-esv, ppa:isc/bind-dev
|
|
|
1. COPR for Fedora/CentOS/RHEL: https://copr.fedorainfracloud.org/coprs/isc/{bind,bind-esv,bind-dev}/
|
|
|
1. The closest thing Debian has is debian.net domain, so we have https://bind.debian.net/<flavor>/
|
|
|
1. Subscription edition is using private location
|
|
|
1. Repositories and/or packages MUST signed
|
|
|
1. Per-customer access control should be applied to the subscription edition
|
|
|
|
|
|
## Design
|
|
|
|
|
|
### Packages
|
|
|
|
|
|
#### RPM
|
|
|
|
|
|
* isc-bind - metapackage
|
|
|
* isc-bind-bind
|
|
|
* isc-bind-bind-utils
|
|
|
* ...
|
|
|
|
|
|
#### Deb
|
|
|
|
|
|
* bind9 - contains named and related utilities, man pages and configuration
|
|
|
* bind9-utils - contains dnssec-*, named-check* and rndc* utilities
|
|
|
* bind9-host - just `/usr/bin/host`
|
|
|
* bind9-libs - contains internal shared libraries used by above
|
|
|
* bind9-dnsutils - user DNS utilities (dig, delv, mdig, nslookup, nsupdate)
|
|
|
* bind9-doc - ARM
|
|
|
|
|
|
#### Versioning
|
|
|
|
|
|
##### Ubuntu
|
|
|
|
|
|
0. Epoch (e.g. `1:`)
|
|
|
1. Upstream version, e.g. `9.14.2`
|
|
|
2. Debian version, e.g. `-2`
|
|
|
3. Ubuntu target version, e.g. `+ubuntu18.10.1`
|
|
|
4. ISC package version: `+isc+1`
|
|
|
|
|
|
Example:
|
|
|
* 1:9.14.2-1+ubuntu18.10.1+isc+1
|
|
|
|
|
|
##### Debian
|
|
|
|
|
|
0. Epoch, e.g. `1:`
|
|
|
1. Upstream version, e.g. 9.14.2
|
|
|
2. Debian version, e.g. -2
|
|
|
3. Ubuntu target version,e.g. +ubuntu18.10.1
|
|
|
4. ISC package version: +isc+1
|
|
|
|
|
|
Example:
|
|
|
* 1:9.14.2-2+0~20190521182526.13+buster~1.gbp6e6de7
|
|
|
|
|
|
##### RPM
|
|
|
|
|
|
### Repository Design
|
|
|
|
|
|
Repos hierarchy and naming convention is as follows.
|
|
|
|
|
|
* bind9?-esv
|
|
|
* bind9?
|
|
|
* bind9?-dev
|
|
|
|
|
|
The release component of the package is handled natively by the repository design.
|
|
|
|
|
|
#### Subscription Packages in the repository
|
|
|
|
|
|
Subscription version is protected by a per-customer unique key that's part of full repository URL.
|
|
|
|
|
|
### Signing
|
|
|
|
|
|
#### RPM
|
|
|
Done by COPR
|
|
|
|
|
|
#### Debian
|
|
|
Done natively by distribution tools.
|
|
|
|
|
|
#### Ubuntu
|
|
|
Done by Launchpad.
|
|
|
|
|
|
#### Subscription edition.
|
|
|
Done natively by distribution tools
|
|
|
|
|
|
## Synchronization with Distributions
|
|
|
|
|
|
### Fedora
|
|
|
|
|
|
* Fedora 28 - supported till 2019.06
|
|
|
* Fedora 29 - supported till ~2019.12
|
|
|
* **Fedora 30 - planned release on 2019.05.07, will include Kea ???**
|
|
|
|
|
|
Old release X is maintained until 1 month after the release of X+2.
|
|
|
|
|
|
### RHEL/CentOS
|
|
|
|
|
|
* RHEL 6 - ...
|
|
|
* RHEL 7 - End of Full Support: 2019 Q4, End of Maintenance Support 2 - 2024.06.30
|
|
|
* **RHEL 8 - beta released on 2018.11.14, planned release on ~2019, will include Kea ???**
|
|
|
|
|
|
### CentOS
|
|
|
|
|
|
Releases 1 month after RHEL releases. Support is the same as in RHEL.
|
|
|
|
|
|
### Debian
|
|
|
|
|
|
* Debian 8 "jessie" - obsolete stable release, EOLed, LTS supported till 2020.06.06
|
|
|
* Debian 9 "stretch" - current stable release, full supported till 2020, LTS till 2022
|
|
|
* **Debian 10 "buster" - no release date has been set, will include Kea ???**
|
|
|
|
|
|
### Ubuntu
|
|
|
|
|
|
* Ubuntu 16.04 LTS - supported till 2021.04
|
|
|
* Ubuntu 18.04 LTS - supported till 2023.04
|
|
|
* Ubuntu 19.04 - supported till 2019.10
|
|
|
|
|
|
### FreeBSD
|
|
|
|
|
|
* FreeBSD 11 - 11.2 released on 2018.06, supported till 2021.09.30
|
|
|
* FreeBSD 12 - 12.0 released on 2018.12, supported till ~2023
|
|
|
* FreeBSD 13 - probable release on 2020
|
|
|
|
|
|
Each major version supported for about 5 years. |