1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
3 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
5 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
6 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
7 ;;; Copyright © 2016 Nils Gillmann <ng0@n0.is>
8 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
9 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
10 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
11 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
13 ;;; This file is part of GNU Guix.
15 ;;; GNU Guix is free software; you can redistribute it and/or modify it
16 ;;; under the terms of the GNU General Public License as published by
17 ;;; the Free Software Foundation; either version 3 of the License, or (at
18 ;;; your option) any later version.
20 ;;; GNU Guix is distributed in the hope that it will be useful, but
21 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
22 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 ;;; GNU General Public License for more details.
25 ;;; You should have received a copy of the GNU General Public License
26 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
28 (define-module (gnu packages dns)
29 #:use-module (gnu packages admin)
30 #:use-module (gnu packages autotools)
31 #:use-module (gnu packages base)
32 #:use-module (gnu packages databases)
33 #:use-module (gnu packages crypto)
34 #:use-module (gnu packages datastructures)
35 #:use-module (gnu packages flex)
36 #:use-module (gnu packages glib)
37 #:use-module (gnu packages groff)
38 #:use-module (gnu packages groff)
39 #:use-module (gnu packages libedit)
40 #:use-module (gnu packages libevent)
41 #:use-module (gnu packages libidn)
42 #:use-module (gnu packages linux)
43 #:use-module (gnu packages ncurses)
44 #:use-module (gnu packages nettle)
45 #:use-module (gnu packages perl)
46 #:use-module (gnu packages pkg-config)
47 #:use-module (gnu packages protobuf)
48 #:use-module (gnu packages python)
49 #:use-module (gnu packages swig)
50 #:use-module (gnu packages tls)
51 #:use-module (gnu packages web)
52 #:use-module (gnu packages xml)
53 #:use-module (gnu packages)
54 #:use-module ((guix licenses) #:prefix license:)
55 #:use-module (guix packages)
56 #:use-module (guix download)
57 #:use-module (guix utils)
58 #:use-module (guix build-system gnu))
60 (define-public dnsmasq
67 "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-"
71 "07w6cw706yyahwvbvslhkrbjf2ynv567cgy9pal8bz8lrbsp9bbq"))))
72 (build-system gnu-build-system)
74 `(("pkg-config" ,pkg-config)))
79 (modify-phases %standard-phases (delete 'configure))
80 #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
82 "COPTS=\"-DHAVE_DBUS\"")
83 #:tests? #f)) ; no ‘check’ target
84 (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
85 (synopsis "Small caching DNS proxy and DHCP/TFTP server")
87 "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed
88 to provide DNS and, optionally, DHCP to a small network. It can serve the
89 names of local machines which are not in the global DNS. The DHCP server
90 integrates with the DNS server and allows machines with DHCP-allocated
91 addresses to appear in the DNS with names configured either on each host or in
92 a central configuration file. Dnsmasq supports static and dynamic DHCP leases
93 and BOOTP/TFTP for network booting of diskless machines.")
94 ;; Source files only say GPL2 and GPL3 are allowed.
95 (license (list license:gpl2 license:gpl3))))
97 ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a
98 ;; different name here.
99 (define-public isc-bind
102 (version "9.12.1-P2")
106 "ftp://ftp.isc.org/isc/bind9/" version "/" name "-"
108 (patches (search-patches "bind-CVE-2018-5738.patch"))
111 "0a9dvyg1dk7vpqn9gz7p5jas3bz7z22bjd66b98g1qk16i2w7rqd"))))
112 (build-system gnu-build-system)
113 (outputs `("out" "utils"))
115 ;; it would be nice to add GeoIP and gssapi once there is package
119 ("p11-kit" ,p11-kit)))
120 (native-inputs `(("perl" ,perl)
121 ("net-tools" ,net-tools)))
124 (list (string-append "--with-openssl="
125 (assoc-ref %build-inputs "openssl"))
126 (string-append "--with-pkcs11="
127 (assoc-ref %build-inputs "p11-kit")))
129 (modify-phases %standard-phases
130 (add-after 'strip 'move-to-utils
134 (let ((target (string-append (assoc-ref %outputs "utils") file))
135 (src (string-append (assoc-ref %outputs "out") file)))
136 (mkdir-p (dirname target))
139 '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate"
140 "/share/man/man1/dig.1"
141 "/share/man/man1/host.1"
142 "/share/man/man1/nslookup.1"
143 "/share/man/man1/nsupdate.1"))))
144 ;; When and if guix provides user namespaces for the build process,
145 ;; then the following can be uncommented and the subsequent "force-test"
146 ;; will not be necessary.
148 ;; (add-before 'check 'set-up-loopback
150 ;; (system "bin/tests/system/ifconfig.sh up")))
153 (invoke "make" "force-test")
155 (synopsis "An implementation of the Domain Name System")
156 (description "BIND is an implementation of the @dfn{Domain Name System}
157 (DNS) protocols for the Internet. It is a reference implementation of those
158 protocols, but it is also production-grade software, suitable for use in
159 high-volume and high-reliability applications. The name BIND stands for
160 \"Berkeley Internet Name Domain\", because the software originated in the early
161 1980s at the University of California at Berkeley.")
162 (home-page "https://www.isc.org/downloads/bind")
163 (license (list license:mpl2.0))))
165 (define-public dnscrypt-proxy
167 (name "dnscrypt-proxy")
172 "https://download.dnscrypt.org/dnscrypt-proxy/"
173 "dnscrypt-proxy-" version ".tar.bz2"))
176 "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8"))
177 (modules '((guix build utils)))
179 ;; Delete bundled libltdl. XXX: This package also bundles
180 ;; a modified libevent that cannot currently be removed.
182 (delete-file-recursively "libltdl")
184 (build-system gnu-build-system)
187 (modify-phases %standard-phases
188 (add-after 'unpack 'autoreconf
190 ;; Re-generate build files due to unbundling ltdl.
191 ;; TODO: Prevent generating new libltdl and building it.
192 ;; The system version is still favored and referenced.
193 (invoke "autoreconf" "-vif"))))))
195 `(("pkg-config" ,pkg-config)
196 ("automake" ,automake)
197 ("autoconf" ,autoconf)
198 ("libtool" ,libtool)))
200 `(("libltdl" ,libltdl)
201 ("libsodium" ,libsodium)))
202 (home-page "https://www.dnscrypt.org/")
203 (synopsis "Securely send DNS requests to a remote server")
205 "@command{dnscrypt-proxy} is a tool for securing communications
206 between a client and a DNS resolver. It verifies that responses you get
207 from a DNS provider was actually sent by that provider, and haven't been
208 tampered with. For optimal performance it is recommended to use this as
209 a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it
210 can also be used as a normal DNS \"server\". A list of public dnscrypt
211 servers is included, and an up-to-date version is available at
212 @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.")
213 (license (list license:isc
214 ;; Libevent and src/ext/queue.h is 3-clause BSD.
217 (define-public dnscrypt-wrapper
219 (name "dnscrypt-wrapper")
224 "https://github.com/cofyc/dnscrypt-wrapper/releases"
225 "/download/v" version "/" name "-v" version ".tar.bz2"))
228 "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g"))))
229 (build-system gnu-build-system)
231 `(#:make-flags '("CC=gcc")
232 ;; TODO: Tests require ruby-cucumber and ruby-aruba.
235 (modify-phases %standard-phases
236 (add-after 'unpack 'create-configure
238 (zero? (system* "make" "configure")))))))
240 `(("autoconf" ,autoconf)))
242 `(("libevent" ,libevent)
243 ("libsodium" ,libsodium)))
244 (home-page "https://github.com/Cofyc/dnscrypt-wrapper")
245 (synopsis "Server-side dnscrypt proxy")
247 "@command{dnscrypt-wrapper} is a tool to expose a name server over
248 the @code{dnscrypt} protocol. It can be used as an endpoint for the
249 @command{dnscrypt-proxy} client to securely tunnel DNS requests between
251 (license (list license:isc
252 ;; Bundled argparse is MIT. TODO: package and unbundle.
254 ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either).
258 (define-public libasr
261 (version "201602131606")
265 (uri (string-append "https://www.opensmtpd.org/archives/"
266 name "-" version ".tar.gz"))
269 "18kdmbjsxrfai16d66qslp48b1zf7gr8him2jj5dcqgbsl44ls75"))))
270 (build-system gnu-build-system)
272 `(("autoconf" ,autoconf)
273 ("automake" ,automake)
274 ("pkg-config" ,pkg-config)
276 (home-page "https://www.opensmtpd.org")
277 (synopsis "Asynchronous resolver library by the OpenBSD project")
279 "libasr is a free, simple and portable asynchronous resolver library.
280 It allows to run DNS queries and perform hostname resolutions in a fully
281 asynchronous fashion.")
282 (license (list license:isc
283 license:bsd-2 ; last part of getrrsetbyname_async.c
285 (license:non-copyleft "file://LICENSE") ; includes.h
288 (define-public unbound
295 (uri (string-append "https://www.unbound.net/downloads/unbound-"
299 "0jfxhh4gc5amhndikskz1s7da27ycn442j3l20bm992n7zijid73"))))
300 (build-system gnu-build-system)
301 (outputs '("out" "python"))
307 ("libevent" ,libevent)
308 ("protobuf" ,protobuf)
310 ("python-wrapper" ,python-wrapper)
311 ("openssl" ,openssl)))
314 (list "--disable-static" ;save space and non-determinism in libunbound.a
316 "--with-ssl=" (assoc-ref %build-inputs "openssl"))
318 "--with-libevent=" (assoc-ref %build-inputs "libevent"))
320 "--with-libexpat=" (assoc-ref %build-inputs "expat"))
321 "--with-pythonmodule" "--with-pyunbound")
323 (modify-phases %standard-phases
324 (add-after 'configure 'fix-python-site-package-path
325 ;; Move python modules into their own output.
326 (lambda* (#:key outputs #:allow-other-keys)
327 (let ((pyout (assoc-ref outputs "python"))
328 (ver ,(version-major+minor (package-version python))))
329 (substitute* "Makefile"
330 (("^PYTHON_SITE_PKG=.*$")
333 pyout "/lib/python-" ver "/site-packages\n"))))
335 (add-before 'check 'fix-missing-nss-for-tests
336 ;; Unfortunately, the package's unittests involve some checks
337 ;; looking up protocols and services which are not provided
338 ;; by the minimalistic build environment, in particular,
339 ;; /etc/protocols and /etc/services are missing.
340 ;; Also, after plain substitution of protocol and service names
341 ;; in the test data, the tests still fail because the
342 ;; corresponding Resource Records have been signed by
344 ;; The following LD_PRELOAD library overwrites the glibc
345 ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and
346 ;; ‘getservbyport’ providing the few records required for the
347 ;; unit tests to pass.
348 (lambda* (#:key inputs outputs #:allow-other-keys)
349 (let* ((source (assoc-ref %build-inputs "source"))
350 (gcc (assoc-ref %build-inputs "gcc")))
351 (call-with-output-file "/tmp/nss_preload.c"
353 (display "#include <stdlib.h>
359 struct protoent *getprotobyname(const char *name) {
360 struct protoent *p = malloc(sizeof(struct protoent));
361 p->p_aliases = malloc(sizeof(char*));
362 if (strcasecmp(name, \"tcp\") == 0) {
365 p->p_aliases[0] = \"TCP\";
366 } else if (strcasecmp(name, \"udp\") == 0) {
369 p->p_aliases[0] = \"UDP\";
375 struct protoent *getprotobynumber(int proto) {
376 struct protoent *p = malloc(sizeof(struct protoent));
377 p->p_aliases = malloc(sizeof(char*));
382 p->p_aliases[0] = \"TCP\";
387 p->p_aliases[0] = \"UDP\";
396 struct servent *getservbyname(const char *name, const char *proto) {
397 struct servent *s = malloc(sizeof(struct servent));
398 char* buf = malloc((strlen(proto)+1)*sizeof(char));
400 s->s_aliases = malloc(sizeof(char*));
401 s->s_aliases[0] = NULL;
402 if (strcasecmp(name, \"domain\") == 0) {
403 s->s_name = \"domain\";
404 s->s_port = htons(53);
411 struct servent *getservbyport(int port, const char *proto) {
413 struct servent *s = malloc(sizeof(struct servent));
415 s->s_aliases = malloc(sizeof(char*));
416 s->s_aliases[0] = NULL;
419 s->s_name = \"domain\";
421 s->s_proto = \"udp\";
429 (system* (string-append gcc "/bin/gcc")
430 "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
431 "/tmp/nss_preload.c")
432 ;; The preload library only affects the unittests.
433 (substitute* "Makefile"
435 "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))
437 (home-page "https://www.unbound.net")
438 (synopsis "Validating, recursive, and caching DNS resolver")
440 "Unbound is a recursive-only caching DNS server which can perform DNSSEC
441 validation of results. It implements only a minimal amount of authoritative
442 service to prevent leakage to the root nameservers: forward lookups for
443 localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones
444 served by AS112. Stub and forward zones are supported.")
445 (license license:bsd-4)))
447 (define-public yadifa
452 (let ((build "7713"))
456 (string-append "http://cdn.yadifa.eu/sites/default/files/releases/"
457 name "-" version "-" build ".tar.gz"))
459 (base32 "15xhzg4crjcxascwpz6y8qpqcgypzv2p9bspdskp4nx1x1y4316c")))))
460 (build-system gnu-build-system)
464 `(("openssl" ,openssl)))
467 (modify-phases %standard-phases
468 (add-before 'configure 'omit-example-configurations
470 (substitute* "Makefile.in"
474 (list "--sysconfdir=/etc"
475 "--localstatedir=/var"
476 "--disable-build-timestamp" ; build reproducibly
481 "--enable-ctrl" ; enable remote control
485 (home-page "http://www.yadifa.eu/")
486 (synopsis "Authoritative DNS name server")
487 (description "YADIFA is an authoritative name server for the @dfn{Domain
488 Name System} (DNS). It aims for both higher performance and a smaller memory
489 footprint than other implementations, while remaining fully RFC-compliant.
490 YADIFA supports dynamic record updates and the @dfn{Domain Name System Security
491 Extensions} (DNSSEC).")
492 (license license:bsd-3)))
500 (uri (string-append "https://secure.nic.cz/files/knot-dns/"
501 name "-" version ".tar.xz"))
504 "0hr2m664ckjicv3pq2lk16m61pscknywxv2ydnrzfqf10m5h0ahw"))
505 (modules '((guix build utils)))
508 ;; Delete bundled libraries.
509 (with-directory-excursion "src/contrib"
510 (delete-file-recursively "lmdb"))
512 (build-system gnu-build-system)
514 `(("pkg-config" ,pkg-config)))
519 ("libcap-ng" ,libcap-ng)
526 ("protobuf-c" ,protobuf-c)
528 ;; For ‘pykeymgr’, needed to migrate keys from versions <= 2.4.
530 ("python-lmdb" ,python2-lmdb)))
533 (modify-phases %standard-phases
534 (add-before 'configure 'disable-directory-pre-creation
536 ;; Don't install empty directories like ‘/etc’ outside the store.
537 (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true"))
540 (lambda* (#:key outputs #:allow-other-keys)
541 (let* ((out (assoc-ref outputs "out"))
542 (doc (string-append out "/share/doc/knot"))
543 (etc (string-append doc "/examples/etc")))
546 (string-append "config_dir=" etc)
548 (add-after 'install 'wrap-python-scripts
549 (lambda* (#:key outputs #:allow-other-keys)
550 (let* ((out (assoc-ref outputs "out"))
551 (path (getenv "PYTHONPATH")))
552 (wrap-program (string-append out "/sbin/pykeymgr")
553 `("PYTHONPATH" ":" prefix (,path))))
556 (list "--sysconfdir=/etc"
557 "--localstatedir=/var"
558 "--with-module-rosedb=yes" ; serve static records from a database
559 "--with-module-dnstap=yes" ; allow detailed query logging
560 (string-append "--with-bash-completions="
561 (assoc-ref %outputs "out")
562 "/etc/bash_completion.d"))))
563 (home-page "https://www.knot-dns.cz/")
564 (synopsis "Authoritative DNS name server")
565 (description "Knot DNS is an authoritative name server for the @dfn{Domain
566 Name System} (DNS), designed to meet the needs of root and @dfn{top-level
567 domain} (TLD) name servers. It is implemented as a threaded daemon and uses a
568 number of programming techniques to improve speed. For example, the responder
569 is completely lock-free, resulting in a very high response rate. Other features
570 include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
571 synthesis, and on-the-fly re-configuration.")
574 ;; src/contrib/{hat-trie,murmurhash3,openbsd},
575 ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
577 license:lgpl2.0+ ; parts of scr/contrib/ucw
578 license:public-domain ; src/contrib/fnv and possibly murmurhash3
579 license:gpl3+)))) ; everything else