by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the
chroot directory.
There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those
with existing configurations.
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.
Pointed out by: Sean McNeil <sean@mcneil.com>
1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.
2. named-xfer is not part of the BIND 9 world.
3. BIND 9 needs a /dev/random in the chroot directory if chrooted.
4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.
5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
thing, but we're ready to move on.
2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.
3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].
4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.
5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.
There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.
Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
in keeping the scripts under rc.d in sync with us. So, remove
NetBSD specific stuff (which made our scripts more complicated
than necessary).
The NetBSD ident string will be left intact, both for history and
also incase we wish to pull in future versions.
in keeping the scripts under rc.d in sync with us. So, begin removal
of NetBSD specific stuff (which made our scripts more complicated
than necessary), starting with the NetBSD KEYWORD.
named(8) daemon by providing a new rc.conf knob: named_pidfile
that defaults to the path specified in the system-installed named.conf(5).
Approved by: markm (mentor)
Reviewed by: dougb
Noticed by : Galen Sampson <galen_sampson@yahoo.com>
Dan Pelleg <daniel+bsd@pelleg.org>
PR: conf/46402
MFC: 2 weeks (with re@ approval)
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.
Approved by: silence from gordon
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
