How to install djbdns in Debian Squeeze as deb package

Djbdns deb package is missing from latest Debian release (squeeze). There is a discussion regarding rapid dns cache poisoning attack which prevented djbdns package to be included in Debian squeeze release. There are two packages for djbdns in debian - djbdns which is original package of djbdns + 3 minor patches fixing some problems and dbndns which is debian fork of djbdns + ipv6 support patch. If you need ipv6 support in your dns install dbndns, if you don't need it i suggest you to install djbdns package.

Here is how can you install it on Debian squeeze as a deb package.

Add this line to /etc/apt/sources.list

deb-src http://ftp.bg.debian.org/debian/ sid main non-free contrib

You can choose another debian mirror if you like.

# apt-get update
# apt-get source djbdns

This will download source of the package and unpack it in your current directory. We need build-essential meta package installed so we can build some custom packages.

# apt-get install build-essential

Now all we need is to enter the directory of the unpacked djbdns package and run:

# dpkg-buildpackage -uc -rfakeroot

If there is no error the result of the above command will produce djbdns_1.05-8_i386.deb package which contains tinydns, dnscache, axfrdns ... etc. and dnscache-run_1.05-8_all.deb which contains run scripts for daemontools. All you need is to install them as follow:

# dpkg -i djbdns_1.05-8_i386.deb dnscache-run_1.05-8_all.deb 

Just to be sure that nothing goes wrong after upgrade we need to 'hold' these packages

# echo djbdns hold | dpkg --set-selections
# echo dnscache-run hold | dpkg --set-selections

Make sure to check this readme  /usr/share/doc/djbdns/README.Debian

Note: /service directory is moved under /etc/service to match debian configuration standarts.

That is all, now you have working djbdns (or dbndns) as a Debian package in squeeze

Debian - автоматичен update и dpkg опцията hold.

Случвало ли ви се е да направите upgrade при който някои от пакетите да ви развалят конфигурацията. Ето какво често се случва.

Стандартна инсталация на Debian при която някои от пакетите са преправени от мен. Dovecot-imapd пакета нямаше поддръжка за vpopmail затова ми се наложи да го rebuild с тази опция. Всичко работи до момента в който направите upgrade. Upgrade процесът премахва ръчно преправените пакети на dovecot и слага оригиналните. В този случай задължително е да ползвате опцията на dpkg - HOLD. Това прави така наречените HOLD пакети да не бъдат обновявани при цялостен upgrade на системата.

Следните 2 пакета не искам да бъдат обновявани при upgrade  на системата:

root@server:~# dpkg -l | grep dove
ii  dovecot-common                    1:1.2.15-7     secure mail server that supports mbox and maildir mailboxes
ii  dovecot-imapd                      1:1.2.15-7       secure IMAP server that supports mbox and maildir mailboxes

За целта е нужно да се направи следното:

root@server:~# echo dovecot-common hold | dpkg --set-selections
root@server:~# echo dovecot-imapd hold | dpkg --set-selections

Ето и разликата:

root@server:~# dpkg -l | grep dove
hi  dovecot-common                    1:1.2.15-7     secure mail server that supports mbox and maildir mailboxes
hi  dovecot-imapd                      1:1.2.15-7       secure IMAP server that supports mbox and maildir mailboxes

Забележете буквата 'h' в началото на пакетите. Подобна информация можем да получим и чрез:

root@server:~# dpkg --get-selections | grep hold
dovecot-common                                hold
dovecot-imapd                                   hold

Остава само да сложите в crontab-а един ред за автоматичен update (apt-get update && apt-get -y dist-upgrade) и машината спокойно може да я забравите някъде зазидана след поредния ремонт...