# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem              1.0

name                    dns-server
# use port:bind9's version as the version number
version                 9.16.13
revision                0
categories              net
platforms               any
supported_archs         noarch
maintainers             {ieee.org:s.t.smith @essandess} openmaintainer
license                 BSD
distfiles

description             Domain Name System server configuration

long_description        DNS server working configuration for named \
                        that provides a basic, working, easily \
                        modifiable LAN DNS server. The configuration \
                        includes example LAN, .private, and localhost \
                        zones, with example A, PTR, and CNAME (alias) \
                        records, MX, SPF, DKIM, and DMARC records for \
                        email servers, and URI, TXT, and SRV records \
                        for Kerberos servers. This configuration is \
                        based upon macOS Server.app's DNS server prior \
                        to its deprecation in Server.app version 5.7. \
                        See `man named`.

homepage                https://www.isc.org/

depends_run-append      port:bind9

use_configure           no

build {}

destroot {
    # Ensure needed directories
    xinstall -o named -g named -m 755 -d \
        ${destroot}${prefix}/etc \
        ${destroot}${prefix}/var/named \
        ${destroot}${prefix}/var/log/named

    # Install the conf file templates
    foreach f { \
        named.conf \
        rndc.conf \
        } {
        xinstall -o root -m 644 ${filespath}/${f} \
            ${destroot}${prefix}/etc/${f}.macports
    }

    # Install the db file templates
    foreach f { \
        db.@LAN_REVERSE_IP_SUBNET@.in-addr.arpa \
        db.@domain@.@tld@ \
        db.@domain@.private \
        localhost.zone \
        named.ca \
        named.local \
        } {
        xinstall -o named -g named -m 644 ${filespath}/${f} \
            ${destroot}${prefix}/var/named/${f}.macports
    }
}

destroot.keepdirs ${destroot}${prefix}/var/log/named

# Network configuration
# hard-coded examples
set named_host          host
set named_domain        domain
set named_tld           tld
set named_fullhost      ${named_host}.${named_domain}.${named_tld}
set named_domaintld     ${named_domain}.${named_tld}
set host_lan_ip_address 10.0.1.2
set lan_reverse_ip_subnet 1.0.10
set host_lan_reverse_ip_address 2.1.0.10
# aribitrary example for client IP address
set client_lan_ip_address 10.0.1.3
set client_lan_reverse_ip_address 3.1.0.10

post-activate {
    # use network settings for installed example configuration
    set named_fullhost [exec /bin/hostname -f]
    set named_host [lindex [split ${named_fullhost} .] 0]
    set named_domaintld [join [lrange [split ${named_fullhost} .] 1 end] .]
    set named_domain [lindex [split ${named_domaintld} .] 0]
    set named_tld [join [lrange [split ${named_domaintld} .] 1 end] .]
    set host_lan_ip_address [exec /bin/sh -c "/sbin/ifconfig `/usr/sbin/netstat -nr | /usr/bin/awk '{ if (\$1 ~/default/) { print \$NF} }' | /usr/bin/head -1` | /usr/bin/awk '{ if (\$1 ~/inet\$/) { print \$2} }'"]
    set lan_reverse_ip_subnet [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\3.\\2.\\1|'"]
    set host_lan_reverse_ip_address [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\4.\\3.\\2.\\1|'"]
    # aribitrary example for client IP address
    set client_lan_ip_address [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\1.\\2.\\3.201|'"]
    set client_lan_reverse_ip_address [exec /bin/sh -c "echo ${client_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\4.\\3.\\2.\\1|'"]

    # copy to actual config files if they don't already exist
    foreach f { \
        named.conf \
        rndc.conf \
        } {
        if { ![file exists ${prefix}/etc/${f}] } {
            # Configure the conf file
            xinstall -o root -g named -m 644 ${prefix}/etc/${f}.macports \
                ${prefix}/etc/${f}
            reinplace "s|@PREFIX@|${prefix}|g" \
                ${prefix}/etc/${f}
            reinplace -q "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|g" \
                ${prefix}/etc/${f}
            reinplace -q "s|@domain@|${named_domain}|g" \
                ${prefix}/etc/${f}
            reinplace -q "s|@tld@|${named_tld}|g" \
                ${prefix}/etc/${f}
            if {${f} eq {named.conf} \
                && "${named_domain}.${named_tld}" eq "${named_domain}.private"} {
                ui_warn "Duplicate zone '${named_domain}.${named_tld}' in \
${prefix}/etc/named.conf that will cause a bind9 error. Please remove this \
duplicate zone. See `port notes ${name}`."
            }
        }
    }
    # Configure the db file templates
    foreach f { \
        db.@LAN_REVERSE_IP_SUBNET@.in-addr.arpa \
        db.@domain@.@tld@ \
        db.@domain@.private \
        localhost.zone \
        named.ca \
        named.local \
        } {
        set f_renamed $f
        set f_renamed [ strsed $f_renamed "s|@domain@|${named_domain}|" ]
        set f_renamed [ strsed $f_renamed "s|@tld@|${named_tld}|" ]
        set f_renamed [ strsed $f_renamed "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|" ]
        if { ![file exists ${prefix}/var/named/${f_renamed}] } {
            xinstall -m 0644 -W ${prefix}/var/named \
                ${f}.macports ${f_renamed}
        }
    }
    foreach f "\
        db.${lan_reverse_ip_subnet}.in-addr.arpa \
        db.${named_domain}.${named_tld} \
        db.${named_domain}.private \
        localhost.zone \
        named.ca \
        named.local \
        " {
        reinplace -q "s|@PREFIX@|${prefix}|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@host@|${named_host}|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@domain@|${named_domain}|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@tld@|${named_tld}|g" \
            ${prefix}/var/named/${f}
        # case sensitive for Kerberos REALMs
        reinplace -q "s|@HOST@|[string toupper ${named_host}]|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@DOMAIN@|[string toupper ${named_domain}]|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@TLD@|[string toupper ${named_tld}]|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@HOST_LAN_IP_ADDRESS@|${host_lan_ip_address}|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@HOST_LAN_REVERSE_IP_ADDRESS@|${host_lan_reverse_ip_address}|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@CLIENT_LAN_IP_ADDRESS@|${client_lan_ip_address}|g" \
            ${prefix}/var/named/${f}
        reinplace -q "s|@CLIENT_LAN_REVERSE_IP_ADDRESS@|${client_lan_reverse_ip_address}|g" \
            ${prefix}/var/named/${f}
    }
    if { ![file exists ${prefix}/var/named/rndc.key] } {
        system "${prefix}/sbin/rndc-confgen -A hmac-sha512 -a -c ${prefix}/var/named/rndc.key -u named"
    }

    ui_msg "Configuring DNS Server with:

        Host                       ${named_host}
        Domain                     ${named_domain}
        TLD                        ${named_tld}
        Host IP Address            ${host_lan_ip_address}
        Reverse IP Subnet          ${lan_reverse_ip_subnet}

    This configuration can be changed in the directory:

        ${prefix}/var/named

    See `man named` for details.
"
}


notes "The DNS server's initial configuration uses installation-time network\
settings to provide a basic, working DNS server.

Users must reconfigure the installation for their own network\
specifics by editing the files:

	${prefix}/etc/named.conf
	${prefix}/etc/rndc.conf
	${prefix}/var/named/db.*

Refer to the *.macports template files and `man named` for details.

Post Installation:

 1. Edit files in the directory ${prefix}/var/named to specify correct DNS\
    and reverse DNS entries. Example: These two commands should point to\
    each other:

	host ${named_host} ${host_lan_ip_address}
	host ${host_lan_ip_address} ${host_lan_ip_address}

    A rndc.key file is automatically created with the command:

	rndc-confgen -A hmac-sha512 -a -c ${prefix}/var/named/rndc.key -u named

 2. It is necessary to launch named with:

	sudo port load bind9

 3. DNS cache on macOS is flushed with the commands:

	dscacheutil -flushcache ; sudo killall -HUP mDNSResponder ; \\
	    sudo port reload bind9

 4. The DNS server is configured by default to accept requests on port 53\
    over the LAN. Make sure that this port is not exposed to the open\
    internet."

livecheck.type         none
