Commit Graph

4081 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
b63c18f291 Remove hcsecd line which was inadvertantly included in the previous commit. 2004-10-12 18:45:15 +00:00
Dag-Erling Smørgrav
1ffa2a0a7c Remove a pointless syslogd_flags example.
MFC after:	2 weeks
2004-10-12 18:36:32 +00:00
David E. O'Brien
5d79fb92c2 'portupgrade' places obsoleted shared libraries in /usr/local/lib/compat/pkg,
so add this the list of directories ldconfig'ed.
2004-10-11 22:37:34 +00:00
Mike Makonnen
d7052481cd Remove an unused variable.
Submitted by: Pawel Worach <pawel.worach@telia.com>
2004-10-08 14:23:49 +00:00
Doug Barton
b04e39c493 1. Incorporate most of Ruslan's improvements to where and how the
/etc/namedb symlink is created.

2. Incorporate Brian's suggestion to make the link relative. This
is necessary to handle situations (such as mergemaster) where the
user is building a tree in a seperate environment. This will also
fix the problem with the way DESTDIR is set in 'make release'.

3. Add a new knob, NO_BIND_MTREE, as suggested by the folks who
already have stuff in /var/named that they don't want me to mess with.

4. Update make.conf(5) with the new stuff, and correct a few paths
that have changed since I last updated it.
2004-10-08 00:14:28 +00:00
Mike Makonnen
337338ee00 Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
2004-10-07 13:55:26 +00:00
Pawel Jakub Dawidek
57dd0a90b6 - Be more userfriendly and allow to specify gbde device name in those forms:
device
	device.bde
	/dev/device
	/dev/device.bde
- Fix stop routine:
	+ There don't have to be file system mounted on gbde device,
	  so ignore errors from umount(8).
	+ Only detach existing gbde devices.
2004-10-07 10:02:46 +00:00
Pawel Jakub Dawidek
58a038b845 Only try to attach if parent device actually exists.
I used ugly "/dev/${parent}" instead of "${parentdev}", because "/dev/"
prefix for devices listed in gbde_devices variable is optional.

Reported by:	Sean McNeil <sean@mcneil.com>
2004-10-07 06:00:06 +00:00
Pawel Jakub Dawidek
1446307aaa Lock file for gbde devices is optional. 2004-10-06 14:42:35 +00:00
Ruslan Ermilov
46c63c1d76 Fixed symlinking of /etc/namedb.
Reported by:	Jeremy Chadwick
2004-10-05 13:03:08 +00:00
Ken Smith
dfea356f2a With the fixes to getty handling of non-existent devices a default
install now complains about ttyu0/ttyu1 not existing at boot time.
Since users wanting the uart based devices as terminals will need
to do something special to get them anyway set it up so a default
config doesn't complain.

MFC after:	3 days
2004-10-04 03:39:52 +00:00
Doug Barton
bb3b2b373a Install namedb stuff to ${DESTDIR}/var/named/etc/namedb instead
of relying on the symlink in ${DESTDIR}/etc/namedb.

This is functionally equivalent, but doesn't rely on the symlink to work.

Requested by:	ru
2004-09-30 10:24:24 +00:00
Doug Barton
83b3de9f56 1. Update the documentation references, and the warning about setting up
authoritative servers.

2. Add an IPv4 listen-on option for 127.0.0.1, which is appropriate
for the default use as a local resolver.

3. Add a commented out listen-on-v6 option.
2004-09-30 09:57:36 +00:00
Doug Barton
4550c56f2a Hide all the devices in the chroot dev except for random and null. 2004-09-30 09:15:21 +00:00
Tom Rhodes
cd22091d46 Correct a trivial typo. 2004-09-29 07:07:43 +00:00
Ruslan Ermilov
587ca40507 Fixed symlinking /var/named/etc/namedb to /etc/namedb.
A second "make distrib-dirs" createed a symlink in /var/namedb/etc/namedb.
A third "make distrib-dirs" failed.
2004-09-29 06:54:18 +00:00
Doug Barton
e963331b47 Add a statistics-file directive 2004-09-29 03:49:35 +00:00
Doug Barton
331b052b9a stats goes under /var, not /var/run 2004-09-29 03:43:10 +00:00
Doug Barton
2a9b28d02b gshapiro assures me that uid bind is not necessary for /etc/namedb,
so we'll use the more secure default till I have a chance to prove
myself wrong. :)

Add a /var/stats directory to be enabled in named.conf.

Submitted by:	gshapiro
2004-09-29 03:35:49 +00:00
Doug Barton
870902266f Whitespace only, tabs -> spaces, per README 2004-09-29 03:33:45 +00:00
Tom Rhodes
b507bda539 Give users the ability to load a mac_bsdextended(4) ruleset on boot (defaults
to NO of course).  Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.

Discussed with:	rwatson (awhile ago)
2004-09-29 00:12:28 +00:00
Doug Barton
81f7fbc732 Fix some of the more egregious problems with this file:
1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.

2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.

3. The topology configuration is not for the faint of heart, so
remove the commented example.

4. Tighten up some language a bit.

5. s/secondary/slave/

6. No need for the example about a bind-owned directory for slave zones.

7. Change domain.com to example.com in the example, per RFC 2606.

8. Update the path for slave zones in the example.
	- Thanks to Scot Hetzel <swhetzel@gmail.com>

There is more work to do here, but this is an improvement.
2004-09-28 21:22:09 +00:00
Doug Barton
8f1bb3891d Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.

Rather than using pax to copy device entries, mount devfs in the
chroot directory.

There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.

UPDATING has instructions on how to do the conversion for those
with existing configurations.
2004-09-28 09:46:00 +00:00
Doug Barton
2a61444749 1. Add much finer granularity to the NO_BIND knobs with the addition of:
NO_BIND_DNSSEC, NO_BIND_ETC, NO_BIND_NAMED, and NO_BIND_UTILS.

2. Make creation of directories in /usr/include that are only needed
in the WITH_BIND_LIBS case conditional.

Reviewed by:	ru, des
2004-09-27 08:23:43 +00:00
Doug Barton
8b7a7341b3 Remove the directories that are now only installed when the user
defines WITH_BIND_LIBS.
2004-09-27 08:18:43 +00:00
Doug Barton
795f8333f2 Hook the BIND.* files up to the build. 2004-09-27 08:17:51 +00:00
Doug Barton
536fbda965 Seperate out the optional parts of the include tree that are
only built and installed when the user defines WITH_BIND_LIBS.
2004-09-27 08:16:29 +00:00
Doug Barton
9ab99fee24 Add a file spec to create a chroot directory structure for
a BIND name server.

This file is not being used yet, but will be soon.
2004-09-27 08:15:34 +00:00
Doug Barton
11a3397fec This file is about to get some optional bits, so line up the parts of
the FILES variable one line at a time.

This should be a whitespace change only.

Reviewed by:	ru
2004-09-27 07:00:44 +00:00
Doug Barton
85aca891e7 It's not necessary to create an rndc.key file if the user already
has an rndc.conf file.

Submitted by:	Sergey Mokryshev <mokr@mokr.net>
2004-09-26 07:01:56 +00:00
Dag-Erling Smørgrav
f92fc22aee Create /etc/namedb/bind with owner / group bind and mode 0750. 2004-09-25 15:55:17 +00:00
Doug Barton
3a67cb3bb1 Install the documentation for bind9, and remove the /usr/share/doc/bind
directory from mtree while we're at it.

Help, advice, and code from:	ru, des
2004-09-25 00:42:38 +00:00
Doug Barton
ae00aa68e8 Fix two glitches that appear in the non-chroot case. First, if not
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.

Pointed out by:	Sean McNeil <sean@mcneil.com>
2004-09-24 23:49:38 +00:00
Doug Barton
511c05b377 For the default FreeBSD install, the file path actually is
/var/run/named/pid. This is done so that named can start
with -u bind and still dump a pid file in that directory,
which is chowned to user bind.
2004-09-24 22:47:10 +00:00
Dag-Erling Smørgrav
8540155e95 It's named.pid, not named/pid.
Pointy hat to:	dougb@
2004-09-24 19:46:18 +00:00
Dag-Erling Smørgrav
8dee269791 Reconnect namedb. While it may not be optimal, our old named.conf from
BIND 8 is quite usable for BIND 9.
2004-09-24 16:13:55 +00:00
Olivier Houchard
af50fa7e46 Add ttyu0 as a serial console, as we're using the uart(4) driver on arm. 2004-09-24 12:51:15 +00:00
Giorgos Keramidas
2e1114f054 Fix a comment typo: s/neccessary/necessary/ 2004-09-24 11:04:27 +00:00
Doug Barton
fb9540a0dc Update to reflect BIND 9 in the base:
1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.

2. named-xfer is not part of the BIND 9 world.

3. BIND 9 needs a /dev/random in the chroot directory if chrooted.

4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.

5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
2004-09-24 04:53:18 +00:00
Doug Barton
7295f657e2 Add a note to indicate that the path set in named_pidfile must
also be set in named.conf. Our default named.conf has this already.

Update the note for named_symlink_enable to indicate that ndc is gone.
2004-09-24 04:45:16 +00:00
Dag-Erling Smørgrav
526d1a0fa4 Re-add namedb. I misunderstood what Doug said about using ISC's
layout: he meant for binaries, not configuration files.
2004-09-23 19:33:54 +00:00
Joseph Koshy
59583bf53c Add a knob 'daily_status_security_diff_flags' controlling the
format of the 'diff' output generated during periodic(8) scripts.

Submitted by:	keramida (script changes)
Reviewed by:	keramida (man page changes)
2004-09-23 02:00:52 +00:00
Dag-Erling Smørgrav
cd3ee173f9 Switch from BIND 8 to BIND 9.
Submitted by:	(in part) dougb@, trhodes@
Reviewed by:	dougb@, trhodes@, re@
MFC after:	5 days
2004-09-21 19:01:48 +00:00
Dag-Erling Smørgrav
5a70daa23f If $dumpdev is set to AUTO, use the first suitable swap partition listed
in /etc/fstab, or print an error message if no suitable device was found.

MFC after:	4 weeks
2004-09-20 17:48:45 +00:00
Pawel Jakub Dawidek
9468063a70 Teach swap1 script how to remove added swap devices on system shutdown.
Without this change, if one had a swap-on-mirror configuration, gmirror
will rebuild mirror component(s) on boot, because they are dirty (they
were open on shutdown).
2004-09-17 17:58:19 +00:00
Gleb Smirnoff
27ca43f3cb Change tabs to whitespaces.
Noticed by:	ru
Pointy hat to:	glebius
2004-09-16 21:33:56 +00:00
Gleb Smirnoff
fdbe44b0cd Install netflow includes.
Approved by:	julian (mentor)
2004-09-16 20:42:03 +00:00
Giorgos Keramidas
a73af104ef We don't have any providers of `beforenetlkm' in FreeBSD. Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
2004-09-16 17:04:20 +00:00
Giorgos Keramidas
a71fcfed55 Fix requirement of network' to NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
2004-09-16 17:03:12 +00:00
Sean Chittenden
6e03664cc4 Bring back etc/rc.d/ntpdate as requested by scads of people. This isn't a
complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still
present, though the default is now NO (was YES).  Since we're no longer
syncing time at startup by default when ntpd is enabled (as was the case
24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower
than ntpdate(1).

Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT
after 5.3 is cut.  At the very least, this should be set to YES when a
user requests to have ntpd enabled via sysinstall(1).

Requested by:	many
2004-09-15 01:08:33 +00:00