1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.
As a result of introducing the named_uid knob, the default named_flags
are now empty.
Update defaults/rc.conf and rc.conf(5) to reflect these changes.
196b6a193e