Accepting request 1241343 from network

- Upgrade to release 9.20.5
- Remove desktop file and BuildRequires: update-desktop-files

OBS-URL: https://build.opensuse.org/request/show/1241343
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=216

_service

@@ -0,0 +1,15 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="scm">git</param>
+    <param name="url">https://gitlab.isc.org/isc-projects/dlz-modules.git</param>
+    <param name="revision">main</param>
+    <param name="versionformat">%h</param>
+    <param name="filename">dlz-modules</param>
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="tar" mode="buildtime"/>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+</services>

bind-9.20.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fe6ddff74921410d33b62b5723ac23912e8d50138ef66d7a30dc2c421129aeb0
-size 5789604

bind-9.20.1.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAma987IACgkQGC4jV5Ri
-76r2Rg/9FnbrOwZrN4HWUeQ7ewyPq+ZaaHFZXXucXSwIXAkAAouW7lzhkMnUSSXV
-SjUTOyLJAsFtVPrizR1yR9OrrnBIUniQfE/oB9WEiKTsVfA2FuoHyKWRiOrUQ2XP
-8BjJD/hSbdQ7ByHENMcrjVpwK3r/QO+rroUgCIcV375hVfmcsYJI0pbxu2wEj5En
-0nqTjObLv3AdnGj65+/I4xwkC/GhIGFhhW2SHQGpTldeajag/ODouu4KuZA5BrLi
-whYkyTgC+rIQicF6EIyg8nGFDR28jUSPSGpSfYn/nMvtfU9Wl3Z4ug9TiMh5kdV3
-3b8MFJqvm0FYcCXgON1twLlO05XKlYLLU9+Y6CpWHTELTZRV01NPiUOEtLytMJTx
-DDY7C8bgR7iTv2gwgdxQlOI4Kkee9uB4nqZ468hy9flC29SYW8YKX46i8W+vV6wj
-BcoJBhKnJ/tSgF39gY2rCRU2jpRjw8oDMYpzBK6e0Ks4dtZYXvLto+aHQj8IS1Q4
-3Z2NhGowtqqeKfL6HGzmQHO8QLUgwgXUVELjO9ySiwxY7fMqbAK6CuP28dNlR0dU
-HhU0cnd383YoeEX0ph5zGRyCOifPPOzBXT8y70OkcqEPbyD4y16pvg41db73NX3V
-IOqEK7Bm5iPl4ygcFnGTfbG/VxVKnYiQBaBBuo33AeWLwtl6ugs=
-=wNju
------END PGP SIGNATURE-----

bind-9.20.5.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:19274fd739c023772b4212a0b6c201cf4364855fa7e6a7d3db49693f55db1ab8
+size 5634832

bind-9.20.5.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAmePY/EACgkQGC4jV5Ri
+76ooCg/+OByGJ88fMah4PitzldOXKmOaxeCb3G2S3vuWr50jDe57nsjhEceKbZG+
+1o3op3DmC+PvZNJo1ax/cvPBZeVo1WLFigX8Lt+wLZlttq9mSvx37V9AZCW1K3xc
+H67lOXm09Ar2a4PuTR9ReVSx8alcJ+TvBKqZyEHsEaNX+RSYPQEJwdiQifW2uaqI
+3Mq8pYZprY/Us3gbITfHK+/+pcUdD1XgnVraVrLSPSjRVK16JEWhRXl5RWZ0nacM
+JzHNA4IJ0IKLLLIKTxS1e+4cB7jThglufAKHaj0hzaa/34Mwa+T+tRLR4Y8efisc
+re75OHt1Jt2uh34nD8x5454R41fAiufPcEwGWwBAiJiWg59rRlFh40EQ0WLvAGk3
+uKHS+cE7Sd6h6wklPdlmfl9wDiPx/ufk2MljqA3fnVhAftvKrUXrqEnxw4+SxRXe
+UJGPY4G1FxQ2CrHqIaDliwIwUOUWalroGmSvSOCWszjwMv/WyXJVKvpJjzlPp1a4
+yDqPJqTfighdpAcm62f2mgPltVSp9qEN5vGeNrec6WJHcw6vQIUfwzfGi9gMrzBr
+kqs22sHo7d4dXv3rs6iCmWhQhM0lcJkkLcWypaS7cmkJWNCBLvU994eV1bNe+4Xn
+YYB6Ov0j9Cdus12jjqHn+5vmxQ5N1GIlpuCxbEOaSEvJD+QHleQ=
+=lBqR
+-----END PGP SIGNATURE-----

bind.changes

@@ -1,3 +1,363 @@
+-------------------------------------------------------------------
+Thu Jan 30 11:44:58 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Upgrade to release 9.20.5
+  Security Fixes:
+  * DNS-over-HTTPS flooding fixes.
+    Fix DNS-over-HTTPS implementation issues that arise under heavy
+    query load. Optimize resource usage for named instances that
+    accept queries over DNS-over-HTTPS.
+    Previously, named processed all incoming HTTP/2 data at once,
+    which could overwhelm the server, especially when dealing with
+    clients that sent requests but did not wait for responses. That
+    has been fixed. Now, named handles HTTP/2 data in smaller
+    chunks and throttles reading until the remote side reads the
+    response data. It also throttles clients that send too many
+    requests at once.
+    In addition, named now evaluates excessive streams opened by
+    clients that include no DNS data, which is considered
+    “flooding.” It logs these clients and drops connections from
+    them.
+    In some cases, named could leave DNS-over-HTTPS connections in
+    the CLOSE_WAIT state indefinitely. That has also been fixed.
+    (CVE-2024-12705)
+    [bsc#1236597]
+  * Limit additional section processing for large RDATA sets.
+    When answering queries, don’t add data to the additional
+    section if the answer has more than 13 names in the RDATA. This
+    limits the number of lookups into the database(s) during a
+    single client query, reducing the query-processing load.
+    (CVE-2024-11187)
+    [bsc#1236596]
+
+  New Features:
+  * Add Extended DNS Error Code 22 - No Reachable Authority.
+    When the resolver is trying to query an authoritative server
+    and eventually times out, a SERVFAIL answer is given to the
+    client. Add the Extended DNS Error Code 22 - No Reachable
+    Authority to the response.
+  * Add a new option to configure the maximum number of outgoing
+    queries per client request.
+    The configuration option max-query-count sets how many outgoing
+    queries per client request are allowed. The existing
+    max-recursion-queries value is the number of permissible
+    queries for a single name and is reset on every CNAME
+    redirection. This new option is a global limit on the client
+    request. The default is 200.
+    The default for max-recursion-queries is changed from 32 to 50.
+    This allows named to send a few more queries while looking up a
+    single name.
+  * Use the Server Name Indication (SNI) extension for all outgoing
+    TLS connections.
+    This improves compatibility with other DNS server software.
+
+  Feature Changes:
+  * Performance optimization for NSEC3 lookups introduced in BIND
+    9.20.2 was reverted to avoid risks associated with a complex
+    code change.
+  * The configuration clauses parental-agents and primaries are
+    renamed to remote-servers.
+    The top blocks primaries and parental-agents are no longer
+    preferred and should be renamed to remote-servers. The zone
+    statements parental-agents and primaries are still used, and
+    may refer to any remote-servers top block.
+  * Add none parameter to query-source and query-source-v6 to
+    disable IPv4 or IPv6 upstream queries but allow listening to
+    queries from clients on IPv4 or IPv6.
+
+  Bug Fixes:
+  * Fix nsupdate hang when processing a large update.
+    To mitigate DNS flood attacks over a single TCP connection,
+    throttle the connection when the other side does not read the
+    data. Throttling should only occur on server-side sockets, but
+    erroneously also happened for nsupdate, which acts as a client.
+    When nsupdate started throttling the connection, it never
+    attempted to read again. This has been fixed.
+  * Fix possible assertion failure when reloading server while
+    processing update policy rules.
+  * Preserve cache across reconfig when using attach-cache.
+    When the attach-cache option is used in the options block with
+    an arbitrary name, it causes all views to use the same cache.
+    Previously, this configuration caused the cache to be deleted
+    and a new cache to be created every time the server was
+    reconfigured. This has been fixed.
+  * Resolve the spurious drops in performance due to glue cache.
+    For performance reasons, the returned glue records are cached
+    on the first use. The current implementation could randomly
+    cause a performance drop and increased memory use. This has
+    been fixed.
+  * Fix dnssec-signzone signing non-DNSKEY RRsets with revoked
+    keys.
+    dnssec-signzone was using revoked keys for signing RRsets other
+    than DNSKEY. This has been corrected.
+  * Fix improper handling of unknown directives in resolv.conf.
+    The line after an unknown directive in resolv.conf could
+    accidentally be skipped, potentially affecting dig, host,
+    nslookup, nsupdate, or delv. This has been fixed.
+  * Fix response policy zones and catalog zones with an $INCLUDE
+    statement defined.
+    Response policy zones (RPZ) and catalog zones were not working
+    correctly if they had an $INCLUDE statement defined. This has
+    been fixed
+
+- Remove desktop file and BuildRequires: update-desktop-files
+
+-------------------------------------------------------------------
+Tue Jan 21 00:37:45 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Explicitly BuildRequire sphinx_rtd_theme. 
+
+-------------------------------------------------------------------
+Thu Dec 12 12:38:04 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Add new dlz-modules source
+- Update to release 9.20.4
+  New Features:
+  * Update built-in bind.keys file with the new 2025 IANA root key.
+  * Add an initial-ds entry to bind.keys for the new root key, ID
+    38696, which is scheduled for publication in January 2025.
+
+  Removed Features:
+  * Move contributed DLZ modules into a separate repository. DLZ
+    modules should not be used except in testing.
+  * The DLZ modules were not maintained, the DLZ interface itself
+    is going to be scheduled for removal, and the DLZ interface is
+    blocking. Any module that blocks the query to the database
+    blocks the whole server.
+  * The DLZ modules now live in
+    https://gitlab.isc.org/isc-projects/dlz-modules repository.
+
+  Feature Changes:
+  * dnssec-ksr now supports KSK rollovers.
+  * The tool now allows for KSK generation, as well as planned KSK
+    rollovers. When signing a bundle from a Key Signing Request
+    (KSR), only the key that is active in that time frame is used
+    for signing. Also, the CDS and CDNSKEY records are now added
+    and removed at the correct time.
+  * Print RFC 7314: EXPIRE option in transfer summary.
+  * Emit more helpful log messages for exceeding
+    max-records-per-type.
+  * The new log message is emitted when adding or updating an RRset
+    fails due to exceeding the max-records-per-type limit. The log
+    includes the owner name and type, corresponding zone name, and
+    the limit value. It will be emitted on loading a zone file,
+    inbound zone transfer (both AXFR and IXFR), handling a DDNS
+    update, or updating a cache DB. It’s especially helpful in the
+    case of zone transfer, since the secondary side doesn’t have
+    direct access to the offending zone data.
+  * It could also be used for max-types-per-name, but this change
+    doesn’t implement it yet as it’s much less likely to happen in
+    practice.
+  * Harden key management when key files have become unavailable.
+  * Prior to doing key management, BIND 9 will check if the key
+    files on disk match the expected keys. If key files for
+    previously observed keys have become unavailable, this will
+    prevent the internal key manager from running.
+
+  Bug Fixes:
+  * Use TLS for notifies if configured to do so.
+  * Notifies configured to use TLS will now be sent over TLS,
+    instead of plain text UDP or TCP. Also, failing to load the TLS
+    configuration for notify now results in an error.
+  * {&dns} is as valid as {?dns} in a SVCB’s dohpath.
+  * dig failed to parse a valid SVCB record with a dohpath URI
+    template containing a {&dns}, like
+    dohpath=/some/path?key=value{&dns}”.
+  * Fix NSEC3 closest encloser lookup for names with empty
+    non-terminals.
+  * A previous performance optimization for finding the NSEC3
+    closest encloser when generating authoritative responses could
+    cause servers to return incorrect NSEC3 records in some cases.
+    This has been fixed.
+  * recursive-clients statement with value 0 triggered an assertion
+    failure.
+  * BIND 9.20.0 broke recursive-clients 0;. This has now been
+    fixed.
+  * Parsing of hostnames in rndc.conf was broken.
+  * When DSCP support was removed, parsing of hostnames in
+    rndc.conf was accidentally broken, resulting in an assertion
+    failure. This has been fixed.
+  * dig options of the form [+-]option=<value> failed to display
+    the value on the printed command line. This has been fixed.
+  * Provide more visibility into TLS configuration errors by
+    logging SSL_CTX_use_certificate_chain_file() and
+    SSL_CTX_use_PrivateKey_file() errors individually.
+  * Fix a race condition when canceling ADB find which could cause
+    an assertion failure.
+  * SERVFAIL cache memory cleaning is now more aggressive; it no
+    longer consumes a lot of memory if the server encounters many
+    SERVFAILs at once.
+  * Fix trying the next primary XoT server when the previous one
+    was marked as unreachable.
+  * In some cases named failed to try the next primary server in
+    the primaries list when the previous one was marked as
+    unreachable. This has been fixed.
+
+-------------------------------------------------------------------
+Thu Dec 12 09:54:08 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update root hints file to 2024-11-20 version (boo#1234406)
+
+-------------------------------------------------------------------
+Mon Oct 21 08:42:47 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 9.20.3
+  New Features:
+  * Log query response status to the query log.
+  * Log a query response summary using the new responses category.
+    Logging can be controlled via the responselog option and via
+    rndc responselog.
+  * Added WALLET type.
+  * Add the new record type WALLET (262). This provides a mapping
+    from a domain name to a cryptographic currency wallet. Multiple
+    mappings can exist if multiple records exist.
+
+  Feature Changes:
+  * Set logging category for notify/xfer-in-related messages.
+  * Some notify and xfer-in-related log messages were logged at the
+    “general” category level instead of their own category. This
+    has been fixed.
+  * Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS.
+  * This change allows fallback from an IXFR failure to AXFR when
+    the reason is DNS_R_TOOMANYRECORDS.
+
+  Bug Fixes:
+  * Fix a statistics channel counter bug when “forward only” zones
+    are used.
+  * When resolving a zone with a “forward only” policy, and finding
+    out that all the forwarders were marked as “bad”, the
+    “ServerQuota” counter of the statistics channel was incorrectly
+    increased. This has been fixed.
+  * Fix a bug in the static-stub implementation.
+  * Static-stub addresses and addresses from other sources were
+    being mixed together, resulting in static-stub queries going to
+    addresses not specified in the configuration, or alternatively,
+    static-stub addresses being used instead of the correct server
+    addresses.
+  * Don’t allow statistics-channels if libxml2 and libjson-c are
+    not configured.
+  * When BIND 9 is not configured with the libxml2 and libjson-c
+    libraries, the use of the statistics-channels option is a fatal
+    error.
+  * Separate DNSSEC validation from long-running tasks.
+  * Split CPU-intensive and long-running tasks into separate
+    threadpools in a way that the long-running tasks - like RPZ,
+    catalog zone processing, or zone file operations - don’t block
+    CPU-intensive operations like DNSSEC validations.
+  * Fix an assertion failure when processing access control lists.
+  * The named process could terminate unexpectedly when processing
+    ACLs. This has been fixed.
+  * Fix a bug in Offline KSK using a ZSK with an unlimited
+    lifetime.
+  * If the ZSK had an unlimited lifetime, the timing metadata
+    Inactive and Delete could not be found and were treated as an
+    error, preventing the zone from being signed. This has been
+    fixed.
+  * Limit the outgoing UDP send queue size.
+  * If the operating system UDP queue got full and the outgoing UDP
+    sending started to be delayed, BIND 9 could exhibit memory
+    spikes as it tried to enqueue all the outgoing UDP messages. It
+    now tries to deliver the outgoing UDP messages synchronously;
+    if that fails, it drops the outgoing DNS message that would get
+    queued up and then timeout on the client side.
+  * Do not set SO_INCOMING_CPU.
+  * Remove the SO_INCOMING_CPU setting as kernel scheduling
+    performs better without constraints.
+  * Fix the rndc dumpdb command’s error reporting.
+  * The rndc dumpdb command was not reporting errors that occurred
+    when named started up the database dump process. This has been
+    fixed.
+  * Fix long-running incoming transfers.
+  * Incoming transfers that took longer than 30 seconds would stop
+    reading from the TCP stream and the incoming transfer would be
+    indefinitely stuck, causing BIND 9 to hang during shutdown.
+  * This has been fixed, and the max-transfer-time-in and
+    max-transfer-idle-in timeouts are now honored.
+  * Fix an assertion failure when receiving DNS responses over TCP.
+  * When matching the received Query ID in the TCP connection, an
+    invalid Query ID could cause an assertion failure. This has
+    been fixed.
+
+-------------------------------------------------------------------
+Thu Sep 19 08:57:57 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 9.20.2
+  New Features:
+  * Support for Offline KSK implemented.
+  * Add a new configuration option offline-ksk to enable Offline
+    KSK key management. Signed Key Response (SKR) files created
+    with dnssec-ksr (or other programs) can now be imported into
+    named with the new rndc skr -import command. Rather than
+    creating new DNSKEY, CDS, and CDNSKEY records and generating
+    signatures covering these types, these records are loaded from
+    the currently active bundle from the imported SKR.
+  * The implementation is loosely based on
+    draft-icann-dnssec-keymgmt-01.txt.
+  * Print the full path of the working directory in startup log
+    messages.
+  * named now prints its initial working directory during startup,
+    and the changed working directory when loading or reloading its
+    configuration file, if it has a valid directory option defined.
+  * Support a restricted key tag range when generating new keys.
+  * When multiple signers are being used to sign a zone, it is
+    useful to be able to specify a restricted range of key tags to
+    be used by an operator to sign the zone. The range can be
+    specified with tag-range in dnssec-policy’s keys (for named and
+    dnssec-ksr) and with the new options dnssec-keyfromlabel -M and
+    dnssec-keygen -M.
+
+  Feature Changes:
+  * Exempt prefetches from the fetches-per-zone and
+    fetches-per-server quotas.
+  * Fetches generated automatically as a result of prefetch are now
+    exempt from the fetches-per-zone and fetches-per-server quotas.
+    This should help in maintaining the cache from which query
+    responses can be given.
+  * Follow the number of CPUs set by taskset/cpuset.
+  * Administrators may wish to constrain the set of cores that
+    named runs on via the taskset, cpuset, or numactl programs (or
+    equivalents on other OSes).
+  * If the admin has used taskset, named now automatically uses the
+    given number of CPUs rather than the system-wide count.
+
+  Bug Fixes:
+  * Delay the release of root privileges until after configuring
+    controls.
+  * Delay relinquishing root privileges until the control channel
+    has been configured, for the benefit of systems that require
+    root to use privileged port numbers. This mostly affects
+    systems without fine- grained privilege systems (i.e., other
+    than Linux).
+  * Fix a rare assertion failure when shutting down incoming
+    transfer.
+  * A very rare assertion failure could be triggered when the
+    incoming transfer was either forcefully shut down, or it
+    finished during the printing of the details about the
+    statistics channel. This has been fixed.
+  * Fix algorithm rollover bug when there are two keys with the
+    same keytag.
+  * If there was an algorithm rollover and two keys of different
+    algorithms shared the same keytags, there was the possibility
+    that the check of whether the key matched a specific state
+    could be performed against the wrong key. This has been fixed
+    by not only checking for the matching key tag but also the key
+    algorithm.
+  * Fix an assertion failure in validate_dnskey_dsset_done().
+  * Under rare circumstances, named could terminate unexpectedly
+    when validating a DNSKEY resource record if the validation had
+    been canceled in the meantime. This has been fixed.
+
+  Known Issues:
+  * Long-running tasks in offloaded threads (e.g. the loading of
+    RPZ zones or processing zone transfers) may block the
+    resolution of queries during these operations and cause the
+    queries to time out. To work around the issue, the
+    UV_THREADPOOL_SIZE environment variable can be set to a larger
+    value before starting named. The recommended value is the
+    number of RPZ zones (or number of transfers) plus the number of
+    threads BIND should use, which is typically the number of CPUs.
+
+
 -------------------------------------------------------------------
 Fri Aug 23 09:26:22 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
 

bind.spec

@@ -1,7 +1,8 @@
 #
 # spec file for package bind
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -51,12 +52,14 @@
 %define with_sfw2 0
 %endif
 
+%define dlz_modules_hash 5923650
+
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.20.1
+Version:        9.20.5
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
@@ -67,7 +70,8 @@ Source1:        https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.t
 Source2:        vendor-files.tar.bz2
 # from http://www.isc.org/about/openpgp/ ... changes yearly apparently.
 Source3:        %{name}.keyring
-Source9:        ftp://ftp.internic.net/domain/named.root
+Source4:        dlz-modules-%{dlz_modules_hash}.tar.gz
+Source9:        https://www.internic.net/domain/named.root
 Source40:       dnszone-schema.txt
 Source60:       dlz-schema.txt
 # configuration file for systemd-tmpfiles
@@ -85,7 +89,7 @@ BuildRequires:  protobuf-c
 BuildRequires:  python3
 BuildRequires:  python3-Sphinx
 BuildRequires:  python3-ply
-BuildRequires:  update-desktop-files
+BuildRequires:  python3-sphinx_rtd_theme
 BuildRequires:  pkgconfig(jemalloc)
 BuildRequires:  pkgconfig(json)
 BuildRequires:  pkgconfig(krb5)
@@ -231,6 +235,7 @@ possible string of labels in the query name that matches the wildcard.
 
 %prep
 %autosetup -p1 -a2
+%setup -T -D -a4
 
 # use the year from source gzip header instead of current one to make reproducible rpms
 year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
@@ -307,8 +312,8 @@ done
 %sysusers_generate_pre %{SOURCE72} named named.conf
 %endif
 # special build for the plugins
-for d in contrib/dlz/modules/*; do
-	[ -e $d/Makefile ] && make -C $d
+for d in dlz-modules-%{dlz_modules_hash}/modules/*; do
+       [ -e $d/Makefile ] && make -C $d
 done
 
 %install
@@ -339,25 +344,28 @@ rm -rf %{buildroot}%{_includedir}
 
 # Install the plugins
 mkdir -p %{buildroot}/%{_libdir}/bind-plugins
+pushd dlz-modules-%{dlz_modules_hash}/modules
 %if %{with_modules_perl}
-    install -m 0644 contrib/dlz/modules/perl/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 perl/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_mysql}
-    install -m 0644 contrib/dlz/modules/mysql/*.so %{buildroot}/%{_libdir}/bind-plugins
-    install -m 0644 contrib/dlz/modules/mysqldyn/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 mysql/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 mysqldyn/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_ldap}
-    install -m 0644 contrib/dlz/modules/ldap/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 ldap/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_bdbhpt}
-    install -m 0644 contrib/dlz/modules/bdbhpt/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 bdbhpt/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_sqlite3}
-    install -m 0644 contrib/dlz/modules/sqlite3/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 sqlite3/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_generic}
-    install -m 0644 contrib/dlz/modules/{filesystem,wildcard}/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 {filesystem,wildcard}/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
+popd
+
 # remove useless .la files
 rm -f %{buildroot}/%{_libdir}/lib*.{la,a} %{buildroot}/%{_libdir}/bind/*.la
 mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir}
@@ -386,7 +394,6 @@ mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
 install -m 0644 %{_sourcedir}/named.root %{buildroot}%{_localstatedir}/lib/named/root.hint
 mv vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_localstatedir}/lib/named
 install -m 0755 vendor-files/tools/bind.genDDNSkey %{buildroot}/%{_bindir}/genDDNSkey
-cp -a vendor-files/docu/BIND.desktop %{buildroot}/%{_datadir}/susehelp/meta/Administration/System
 cp -p %{_sourcedir}/dnszone-schema.txt %{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema
 cp -p "%{SOURCE60}" "%{buildroot}/%{_sysconfdir}/openldap/schema/dlz.schema"
 install -m 0754 vendor-files/tools/ldapdump %{buildroot}/%{_datadir}/bind

dlz-modules-5923650.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4c5e9ce87c314852fc1844bd930ac3ba2d5ed80e3a52cfcc0b58443d0ac98d5a
+size 478731

dlz-modules.obsinfo

@@ -0,0 +1,4 @@
+name: dlz-modules
+version: 5923650
+mtime: 1731483151
+commit: 5923650dbb69eac5006938218d0bc11ad9b41696

named.root

@@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:     July 28, 2021
-;       related version of root zone:     2021072802
+;       last update:     December 18, 2024
+;       related version of root zone:     2024121801
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;
@@ -21,8 +21,8 @@ A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
 ; FORMERLY NS1.ISI.EDU 
 ;
 .                        3600000      NS    B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET.      3600000      A     199.9.14.201
-B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
+B.ROOT-SERVERS.NET.      3600000      A     170.247.170.2
+B.ROOT-SERVERS.NET.      3600000      AAAA  2801:1b8:10::b
 ; 
 ; FORMERLY C.PSI.NET 
 ;