d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5bc56187b3
freebsd-skq/etc/rc.d/named

280 lines
7.0 KiB
Plaintext
Raw Normal View History

Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
#!/bin/sh
#
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
# $FreeBSD$
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
#
# PROVIDE: named
After some discussion we believe that having SERVERS to REQUIRE: ldconfig would provide necessary protection for named as well, so remove the dependency here. Approved by: flz
2006-04-20 12:30:12 +00:00
# REQUIRE: SERVERS cleanvar
Use "KEYWORD: shutdown" so shutdown commands will actually be executed. Approved by: dougb@
2004-12-20 18:34:10 +00:00
# KEYWORD: shutdown
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
. /etc/rc.subr
name="named"
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
rcvar=named_enable
extra_commands="reload"
Since the change to rc.subr in r198162 it's not necessary to specify command in the rc.d script if we have a corresponding ${name}_program entry, which we do for named. Rename named_precmd to named_prestart to make it more clear and match convention. Move the command_args definition related to -u up into _prestart(). It (and the associated $named_uid value) are only used there, and unlike required_* and pidfile don't need to be used until this stage. Fix a silly bug that would only have affected people who were using the new named_wait or named_auto_forward features, AND had set up an rndc.conf file instead of using the automatically generated rndc.key. For named_conf: Add "-c $named_conf" to command_args if it's not set to the default. If it is set to the default and we're using the base BIND it's not necessary. If we're using BIND from the ports the user is likely to have included it in _flags (due to long necessity for doing so) so don't duplicate that if it's set. Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
start_precmd="named_prestart"
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
start_postcmd="named_poststart"
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
reload_cmd="named_reload"
stop_cmd="named_stop"
When stopping a chrooted named, unmount the devfs filesystem from the chroot area. This stops "umount -a" failing when dropping to single user. Reviewed by: dougb@
2004-12-20 10:48:48 +00:00
stop_postcmd="named_poststop"
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
# If running in a chroot cage, ensure that the appropriate files
# exist inside the cage, as well as helper symlinks into the cage
# from outside.
#
# As this is called after the is_running and required_dir checks
# are made in run_rc_command(), we can safely assume ${named_chrootdir}
# exists and named isn't running at this point (unless forcestart
# is used).
#
chroot_autoupdate()
{
When using SRV records the protocols and services files need to be in the chroot /etc directory. PR: conf/121101 Submitted by: Stefan `Sec` Zehl <sec@42.org>
2008-08-01 06:11:33 +00:00
local file
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
# Create (or update) the chroot directory structure
Fix style bugs: * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line. Approved by: silence from gordon
2002-10-12 10:31:31 +00:00
#
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
if [ -r /etc/mtree/BIND.chroot.dist ]; then
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
mtree -deU -f /etc/mtree/BIND.chroot.dist \
-p ${named_chrootdir}
else
warn "/etc/mtree/BIND.chroot.dist missing,"
warn "chroot directory structure not updated"
fi
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
# Create (or update) the configuration directory symlink
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
#
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
if [ ! -L "${named_conf%/*}" ]; then
if [ -d "${named_conf%/*}" ]; then
warn "named chroot: ${named_conf%/*} is a directory!"
elif [ -e "${named_conf%/*}" ]; then
warn "named chroot: ${named_conf%/*} exists!"
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
else
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
ln -s ${named_confdir} ${named_conf%/*}
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
fi
If /etc/named is a symlink, try to make sure it points the right place.
2004-12-18 15:19:36 +00:00
else
# Make sure it points to the right place.
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
ln -shf ${named_confdir} ${named_conf%/*}
Fix style bugs: * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line. Approved by: silence from gordon
2002-10-12 10:31:31 +00:00
fi
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
# Mount a devfs in the chroot directory if needed
#
Named normally cannot be started chrooted inside a jail. Thus treat the jail case specifically. In case we find a proper pre-seeded devfs in the chroot path (mounted from the base system) permit starting chrooted else give proper warn/error messages. PR: conf/103489 Reviewed by: dougb MFC after: 5 days
2009-02-07 16:37:02 +00:00
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
umount ${named_chrootdir}/dev 2>/dev/null
devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
devfs -m ${named_chrootdir}/dev rule apply path null unhide
devfs -m ${named_chrootdir}/dev rule apply path random unhide
else
if [ -c ${named_chrootdir}/dev/null -a \
-c ${named_chrootdir}/dev/random ]; then
info "named chroot: using pre-mounted devfs."
else
err 1 "named chroot: devfs cannot be mounted from" \
"within a jail. Thus a chrooted named cannot" \
"be run from within a jail." \
"To run named without chrooting it, set" \
"named_chrootdir=\"\" in /etc/rc.conf."
fi
fi
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
Trim trailing whitespace from the end of a line
2009-05-16 20:26:01 +00:00
# Copy and/or update key files to the chroot /etc
Fix style bugs: * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line. Approved by: silence from gordon
2002-10-12 10:31:31 +00:00
#
When using SRV records the protocols and services files need to be in the chroot /etc directory. PR: conf/121101 Submitted by: Stefan `Sec` Zehl <sec@42.org>
2008-08-01 06:11:33 +00:00
for file in localtime protocols services; do
if [ -r /etc/$file ]; then
cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
cp -p /etc/$file "${named_chrootdir}/etc/$file"
fi
done
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
}
Update to reflect BIND 9 in the base: 1. Making the pid symlink now has to happen after named starts, otherwise it can generate a fatal error. 2. named-xfer is not part of the BIND 9 world. 3. BIND 9 needs a /dev/random in the chroot directory if chrooted. 4. Only the pid file is symlinked now, the ndc socket is BIND 8 only. 5. Create an rndc.key file for the user if one does not exist. This (generally) allows a BIND 8 config file to be used in a BIND 9 world with little or no modification.
2004-09-24 04:53:18 +00:00
# Make symlinks to the correct pid file
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
#
make_symlinks()
{
Update to reflect BIND 9 in the base: 1. Making the pid symlink now has to happen after named starts, otherwise it can generate a fatal error. 2. named-xfer is not part of the BIND 9 world. 3. BIND 9 needs a /dev/random in the chroot directory if chrooted. 4. Only the pid file is symlinked now, the ndc socket is BIND 8 only. 5. Create an rndc.key file for the user if one does not exist. This (generally) allows a BIND 8 config file to be used in a BIND 9 world with little or no modification.
2004-09-24 04:53:18 +00:00
checkyesno named_symlink_enable &&
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
}
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
named_poststart () {
make_symlinks
if checkyesno named_wait; then
until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
echo " Waiting for nameserver to resolve $named_wait_host"
sleep 1
done
fi
}
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
named_reload()
{
1. Determine the location of the rndc* binaries relative to $command so that when using named from the ports (or elsewhere) the proper rndc* commands will be run. 2. Rework the stop routine using ideas from brooks and delphij. Specifically I am duplicating a lot of code from rc.subr's stop routine so that this one will behave more like the one in rc.subr, but use rndc to kill the daemon (or regular kill if that fails). This also avoids the problems related to using killall if rndc fails, which is bad if you're running more than one named on the same box. 3. Take a concept from gshapiro and allow the rndc.key file to be owned by root OR the named_uid user. Although I used different solutions, this commit handles issues raised in: PR: conf/73929 PR: conf/103976 PR: conf/109409
2007-10-22 09:38:44 +00:00
${command%/named}/rndc reload
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
}
named_stop()
{
1. Determine the location of the rndc* binaries relative to $command so that when using named from the ports (or elsewhere) the proper rndc* commands will be run. 2. Rework the stop routine using ideas from brooks and delphij. Specifically I am duplicating a lot of code from rc.subr's stop routine so that this one will behave more like the one in rc.subr, but use rndc to kill the daemon (or regular kill if that fails). This also avoids the problems related to using killall if rndc fails, which is bad if you're running more than one named on the same box. 3. Take a concept from gshapiro and allow the rndc.key file to be owned by root OR the named_uid user. Although I used different solutions, this commit handles issues raised in: PR: conf/73929 PR: conf/103976 PR: conf/109409
2007-10-22 09:38:44 +00:00
# This duplicates an undesirably large amount of code from the stop
# routine in rc.subr in order to use rndc to shut down the process,
# and to give it a second chance in case rndc fails.
rc_pid=$(check_pidfile $pidfile $command)
if [ -z "$rc_pid" ]; then
[ -n "$rc_fast" ] && return 0
_run_rc_notrunning
return 1
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
fi
1. Determine the location of the rndc* binaries relative to $command so that when using named from the ports (or elsewhere) the proper rndc* commands will be run. 2. Rework the stop routine using ideas from brooks and delphij. Specifically I am duplicating a lot of code from rc.subr's stop routine so that this one will behave more like the one in rc.subr, but use rndc to kill the daemon (or regular kill if that fails). This also avoids the problems related to using killall if rndc fails, which is bad if you're running more than one named on the same box. 3. Take a concept from gshapiro and allow the rndc.key file to be owned by root OR the named_uid user. Although I used different solutions, this commit handles issues raised in: PR: conf/73929 PR: conf/103976 PR: conf/109409
2007-10-22 09:38:44 +00:00
echo 'Stopping named.'
if ${command%/named}/rndc stop 2>/dev/null; then
wait_for_pids $rc_pid
else
echo -n 'rndc failed, trying kill: '
kill -TERM $rc_pid
wait_for_pids $rc_pid
fi
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
}
When stopping a chrooted named, unmount the devfs filesystem from the chroot area. This stops "umount -a" failing when dropping to single user. Reviewed by: dougb@
2004-12-20 10:48:48 +00:00
named_poststop()
{
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
Named normally cannot be started chrooted inside a jail. Thus treat the jail case specifically. In case we find a proper pre-seeded devfs in the chroot path (mounted from the base system) permit starting chrooted else give proper warn/error messages. PR: conf/103489 Reviewed by: dougb MFC after: 5 days
2009-02-07 16:37:02 +00:00
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
umount ${named_chrootdir}/dev 2>/dev/null || true
else
warn "named chroot:" \
"cannot unmount devfs from inside jail!"
fi
When stopping a chrooted named, unmount the devfs filesystem from the chroot area. This stops "umount -a" failing when dropping to single user. Reviewed by: dougb@
2004-12-20 10:48:48 +00:00
fi
}
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
create_file () {
if [ -e "$1" ]; then
unlink $1
fi
> $1
chown root:wheel $1
chmod 644 $1
}
Since the change to rc.subr in r198162 it's not necessary to specify command in the rc.d script if we have a corresponding ${name}_program entry, which we do for named. Rename named_precmd to named_prestart to make it more clear and match convention. Move the command_args definition related to -u up into _prestart(). It (and the associated $named_uid value) are only used there, and unlike required_* and pidfile don't need to be used until this stage. Fix a silly bug that would only have affected people who were using the new named_wait or named_auto_forward features, AND had set up an rndc.conf file instead of using the automatically generated rndc.key. For named_conf: Add "-c $named_conf" to command_args if it's not set to the default. If it is set to the default and we're using the base BIND it's not necessary. If we're using BIND from the ports the user is likely to have included it in _flags (due to long necessity for doing so) so don't duplicate that if it's set. Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
named_prestart()
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
{
Since the change to rc.subr in r198162 it's not necessary to specify command in the rc.d script if we have a corresponding ${name}_program entry, which we do for named. Rename named_precmd to named_prestart to make it more clear and match convention. Move the command_args definition related to -u up into _prestart(). It (and the associated $named_uid value) are only used there, and unlike required_* and pidfile don't need to be used until this stage. Fix a silly bug that would only have affected people who were using the new named_wait or named_auto_forward features, AND had set up an rndc.conf file instead of using the automatically generated rndc.key. For named_conf: Add "-c $named_conf" to command_args if it's not set to the default. If it is set to the default and we're using the base BIND it's not necessary. If we're using BIND from the ports the user is likely to have included it in _flags (due to long necessity for doing so) so don't duplicate that if it's set. Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
command_args="-u ${named_uid:=root}"
if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
case "$named_flags" in
-c*|*' -c'*) ;; # No need to add it
*) command_args="-c $named_conf $command_args" ;;
esac
fi
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
local line nsip firstns
Luke Mewburn has indicated that they (NetBSD) are not interested in keeping the scripts under rc.d in sync with us. So, remove NetBSD specific stuff (which made our scripts more complicated than necessary). The NetBSD ident string will be left intact, both for history and also incase we wish to pull in future versions.
2004-01-17 10:59:43 +00:00
# Is the user using a sandbox?
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
#
1. Remove the named_rcng variable. Mike's caution in this area was a good thing, but we're ready to move on. 2. Remove the -g default argument in named_flags. It doesn't actually do what most users think it does, and what most users want it to do is already accomplished with a proper default group for the bind user, which we have. Also, the -g knob does something entirely different in BIND 9, which leads to a lot of needless confusion/aggravation. 3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both are adequately handled in rc.conf[.local]. 4. DO properly override $rc_flags if user has named_chrootdir set. This may need to be revisited, but should be ok for now. 5. Protect all chrootdir-related bits under that variable, instead of named_rcng. There is more work to be done here, especially in the area of BIND 9 compatibility, but this is a start at least. Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
2004-03-14 19:10:06 +00:00
if [ -n "$named_chrootdir" ]; then
rc_flags="$rc_flags -t $named_chrootdir"
checkyesno named_chroot_autoupdate && chroot_autoupdate
Fix two glitches that appear in the non-chroot case. First, if not chrooted the pid symlink code should not fire. Also, remove the quotes around the chroot variable in the rndc-confgen invocation so that if not chrooted the command will still succeed. Pointed out by: Sean McNeil <sean@mcneil.com>
2004-09-24 23:49:38 +00:00
else
named_symlink_enable=NO
Update to reflect BIND 9 in the base: 1. Making the pid symlink now has to happen after named starts, otherwise it can generate a fatal error. 2. named-xfer is not part of the BIND 9 world. 3. BIND 9 needs a /dev/random in the chroot directory if chrooted. 4. Only the pid file is symlinked now, the ndc socket is BIND 8 only. 5. Create an rndc.key file for the user if one does not exist. This (generally) allows a BIND 8 config file to be used in a BIND 9 world with little or no modification.
2004-09-24 04:53:18 +00:00
fi
# Create an rndc.key file for the user if none exists
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
2004-09-28 09:46:00 +00:00
#
1. Determine the location of the rndc* binaries relative to $command so that when using named from the ports (or elsewhere) the proper rndc* commands will be run. 2. Rework the stop routine using ideas from brooks and delphij. Specifically I am duplicating a lot of code from rc.subr's stop routine so that this one will behave more like the one in rc.subr, but use rndc to kill the daemon (or regular kill if that fails). This also avoids the problems related to using killall if rndc fails, which is bad if you're running more than one named on the same box. 3. Take a concept from gshapiro and allow the rndc.key file to be owned by root OR the named_uid user. Although I used different solutions, this commit handles issues raised in: PR: conf/73929 PR: conf/103976 PR: conf/109409
2007-10-22 09:38:44 +00:00
confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
-c ${named_confdir}/rndc.key"
if [ -s "${named_confdir}/rndc.conf" ]; then
Since the change to rc.subr in r198162 it's not necessary to specify command in the rc.d script if we have a corresponding ${name}_program entry, which we do for named. Rename named_precmd to named_prestart to make it more clear and match convention. Move the command_args definition related to -u up into _prestart(). It (and the associated $named_uid value) are only used there, and unlike required_* and pidfile don't need to be used until this stage. Fix a silly bug that would only have affected people who were using the new named_wait or named_auto_forward features, AND had set up an rndc.conf file instead of using the automatically generated rndc.key. For named_conf: Add "-c $named_conf" to command_args if it's not set to the default. If it is set to the default and we're using the base BIND it's not necessary. If we're using BIND from the ports the user is likely to have included it in _flags (due to long necessity for doing so) so don't duplicate that if it's set. Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
unset confgen_command
fi
s/named_confidr/named_confdir/ in the rndc.key check. The line in the command to create it was right, but the check was wrong, so it was getting created every time. Mea culpa. Submitted by: oliver
2010-01-01 22:10:07 +00:00
if [ -s "${named_confdir}/rndc.key" ]; then
case `stat -f%Su ${named_confdir}/rndc.key` in
1. Determine the location of the rndc* binaries relative to $command so that when using named from the ports (or elsewhere) the proper rndc* commands will be run. 2. Rework the stop routine using ideas from brooks and delphij. Specifically I am duplicating a lot of code from rc.subr's stop routine so that this one will behave more like the one in rc.subr, but use rndc to kill the daemon (or regular kill if that fails). This also avoids the problems related to using killall if rndc fails, which is bad if you're running more than one named on the same box. 3. Take a concept from gshapiro and allow the rndc.key file to be owned by root OR the named_uid user. Although I used different solutions, this commit handles issues raised in: PR: conf/73929 PR: conf/103976 PR: conf/109409
2007-10-22 09:38:44 +00:00
root|$named_uid) ;;
*) $confgen_command ;;
esac
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
else
$confgen_command
Luke Mewburn has indicated that they (NetBSD) are not interested in keeping the scripts under rc.d in sync with us. So, remove NetBSD specific stuff (which made our scripts more complicated than necessary). The NetBSD ident string will be left intact, both for history and also incase we wish to pull in future versions.
2004-01-17 10:59:43 +00:00
fi
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
# Create a forwarder configuration based on /etc/resolv.conf
if checkyesno named_auto_forward; then
if [ ! -s /etc/resolv.conf ]; then
warn "named_auto_forward enabled, but no /etc/resolv.conf"
# Empty the file in case it is included in named.conf
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
[ -s "${named_confdir}/auto_forward.conf" ] &&
create_file ${named_confdir}/auto_forward.conf
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
${command%/named}/named-checkconf $named_conf ||
err 3 'named-checkconf for $named_conf failed'
return
fi
create_file /var/run/naf-resolv.conf
create_file /var/run/auto_forward.conf
echo ' forwarders {' > /var/run/auto_forward.conf
while read line; do
case "$line" in
'nameserver '*|'nameserver '*)
nsip=${line##nameserver[ ]}
if [ -z "$firstns" ]; then
if [ ! "$nsip" = '127.0.0.1' ]; then
echo 'nameserver 127.0.0.1'
echo " ${nsip};" >> /var/run/auto_forward.conf
fi
firstns=1
else
[ "$nsip" = '127.0.0.1' ] && continue
echo " ${nsip};" >> /var/run/auto_forward.conf
fi
;;
esac
echo $line
done < /etc/resolv.conf > /var/run/naf-resolv.conf
echo ' };' >> /var/run/auto_forward.conf
echo '' >> /var/run/auto_forward.conf
if checkyesno named_auto_forward_only; then
echo " forward only;" >> /var/run/auto_forward.conf
else
echo " forward first;" >> /var/run/auto_forward.conf
fi
if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
unlink /var/run/naf-resolv.conf
else
[ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
mv /var/run/naf-resolv.conf /etc/resolv.conf
fi
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
if cmp -s ${named_confdir}/auto_forward.conf \
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
/var/run/auto_forward.conf; then
unlink /var/run/auto_forward.conf
else
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
[ -e "${named_confdir}/auto_forward.conf" ] &&
unlink ${named_confdir}/auto_forward.conf
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
mv /var/run/auto_forward.conf \
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
${named_confdir}/auto_forward.conf
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
fi
else
# Empty the file in case it is included in named.conf
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
[ -s "${named_confdir}/auto_forward.conf" ] &&
create_file ${named_confdir}/auto_forward.conf
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
2009-05-16 20:55:28 +00:00
fi
${command%/named}/named-checkconf $named_conf ||
err 3 'named-checkconf for $named_conf failed'
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
}
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
load_rc_config $name
Since the change to rc.subr in r198162 it's not necessary to specify command in the rc.d script if we have a corresponding ${name}_program entry, which we do for named. Rename named_precmd to named_prestart to make it more clear and match convention. Move the command_args definition related to -u up into _prestart(). It (and the associated $named_uid value) are only used there, and unlike required_* and pidfile don't need to be used until this stage. Fix a silly bug that would only have affected people who were using the new named_wait or named_auto_forward features, AND had set up an rndc.conf file instead of using the automatically generated rndc.key. For named_conf: Add "-c $named_conf" to command_args if it's not set to the default. If it is set to the default and we're using the base BIND it's not necessary. If we're using BIND from the ports the user is likely to have included it in _flags (due to long necessity for doing so) so don't duplicate that if it's set. Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
# Updating the following variables requires that rc.conf be loaded first
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
#
required_dirs="$named_chrootdir" # if it is set, it must exist
Since the change to rc.subr in r198162 it's not necessary to specify command in the rc.d script if we have a corresponding ${name}_program entry, which we do for named. Rename named_precmd to named_prestart to make it more clear and match convention. Move the command_args definition related to -u up into _prestart(). It (and the associated $named_uid value) are only used there, and unlike required_* and pidfile don't need to be used until this stage. Fix a silly bug that would only have affected people who were using the new named_wait or named_auto_forward features, AND had set up an rndc.conf file instead of using the automatically generated rndc.key. For named_conf: Add "-c $named_conf" to command_args if it's not set to the default. If it is set to the default and we're using the base BIND it's not necessary. If we're using BIND from the ports the user is likely to have included it in _flags (due to long necessity for doing so) so don't duplicate that if it's set. Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
required_files="${named_conf:=/etc/namedb/named.conf}"
Overhaul the named boot script: 1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises. As a result of introducing the named_uid knob, the default named_flags are now empty. Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
pidfile="${named_pidfile:-/var/run/named/pid}"
The script hard-coded the assumption that the "configuration directory" would be "/etc/namedb" in a number of places. Since the user may make a different choice, introduce a new internal variable, named_confdir that is generated relative to the location of $named_conf. While this will work for some things (especially a highly customized build from ISC source) there are still a number of places where /etc/namedb is assumed that it is not easily virtualized (E.g., mtree). If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
named_confdir="${named_chrootdir}${named_conf%/*}"
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
run_rc_command "$1"
Reference in New Issue Copy Permalink