1 |
idl0r 14/01/31 21:24:49 |
2 |
|
3 |
Added: named.init-r13 named.conf-r7 |
4 |
Log: |
5 |
Fix bug 482590 |
6 |
|
7 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key B427ABC8) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-dns/bind/files/named.init-r13 |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.init-r13?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.init-r13?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: named.init-r13 |
16 |
=================================================================== |
17 |
#!/sbin/runscript |
18 |
# Copyright 1999-2014 Gentoo Foundation |
19 |
# Distributed under the terms of the GNU General Public License v2 |
20 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r13,v 1.1 2014/01/31 21:24:49 idl0r Exp $ |
21 |
|
22 |
extra_commands="checkconfig checkzones" |
23 |
extra_started_commands="reload" |
24 |
|
25 |
depend() { |
26 |
need net |
27 |
use logger |
28 |
provide dns |
29 |
} |
30 |
|
31 |
NAMED_CONF=${CHROOT}/etc/bind/named.conf |
32 |
|
33 |
OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0} |
34 |
MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60} |
35 |
|
36 |
_mount() { |
37 |
local from |
38 |
local to |
39 |
local opts |
40 |
local ret=0 |
41 |
|
42 |
if [ "${#}" -lt 3 ]; then |
43 |
eerror "_mount(): to few arguments" |
44 |
return 1 |
45 |
fi |
46 |
|
47 |
from=$1 |
48 |
to=$2 |
49 |
shift 2 |
50 |
|
51 |
opts="${*}" |
52 |
shift $# |
53 |
|
54 |
if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then |
55 |
einfo "mounting ${from} to ${to}" |
56 |
mount ${from} ${to} ${opts} |
57 |
ret=$? |
58 |
|
59 |
eend $ret |
60 |
return $ret |
61 |
fi |
62 |
|
63 |
return 0 |
64 |
} |
65 |
|
66 |
_umount() { |
67 |
local dir=$1 |
68 |
local ret=0 |
69 |
|
70 |
if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then |
71 |
ebegin "umounting ${dir}" |
72 |
umount ${dir} |
73 |
ret=$? |
74 |
|
75 |
eend $ret |
76 |
return $ret |
77 |
fi |
78 |
|
79 |
return 0 |
80 |
} |
81 |
|
82 |
_get_pidfile() { |
83 |
# as suggested in bug #107724, bug 335398#c17 |
84 |
[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\ |
85 |
/usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2) |
86 |
[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid |
87 |
} |
88 |
|
89 |
check_chroot() { |
90 |
if [ -n "${CHROOT}" ]; then |
91 |
[ ! -d "${CHROOT}" ] && return 1 |
92 |
[ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1 |
93 |
[ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1 |
94 |
[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1 |
95 |
[ ! -d "${CHROOT}/var/log/named" ] && return 1 |
96 |
[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1 |
97 |
[ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1 |
98 |
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1 |
99 |
if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then |
100 |
if [ -d "/usr/lib64" ]; then |
101 |
[ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1 |
102 |
elif [ -d "/usr/lib" ]; then |
103 |
[ ! -d "${CHROOT}/usr/lib/engines" ] && return 1 |
104 |
fi |
105 |
fi |
106 |
fi |
107 |
|
108 |
return 0 |
109 |
} |
110 |
|
111 |
checkconfig() { |
112 |
ebegin "Checking named configuration" |
113 |
|
114 |
if [ ! -f "${NAMED_CONF}" ] ; then |
115 |
eerror "No ${NAMED_CONF} file exists!" |
116 |
return 1 |
117 |
fi |
118 |
|
119 |
/usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || { |
120 |
eerror "named-checkconf failed! Please fix your config first." |
121 |
return 1 |
122 |
} |
123 |
|
124 |
eend 0 |
125 |
return 0 |
126 |
} |
127 |
|
128 |
checkzones() { |
129 |
ebegin "Checking named configuration and zones" |
130 |
/usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} |
131 |
eend $? |
132 |
} |
133 |
|
134 |
start() { |
135 |
local piddir |
136 |
|
137 |
ebegin "Starting ${CHROOT:+chrooted }named" |
138 |
|
139 |
if [ -n "${CHROOT}" ]; then |
140 |
if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then |
141 |
check_chroot || { |
142 |
eend 1 |
143 |
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" |
144 |
return 1 |
145 |
} |
146 |
fi |
147 |
|
148 |
if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then |
149 |
if [ ! -e /usr/lib/engines/libgost.so ]; then |
150 |
eend 1 |
151 |
eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support" |
152 |
return 1 |
153 |
fi |
154 |
cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || { |
155 |
eend 1 |
156 |
eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'" |
157 |
return 1 |
158 |
} |
159 |
fi |
160 |
cp -Lp /etc/localtime "${CHROOT}/etc/localtime" |
161 |
|
162 |
if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then |
163 |
einfo "Mounting chroot dirs" |
164 |
_mount /etc/bind ${CHROOT}/etc/bind -o bind |
165 |
_mount /var/bind ${CHROOT}/var/bind -o bind |
166 |
_mount /var/log/named ${CHROOT}/var/log/named -o bind |
167 |
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
168 |
_mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind |
169 |
fi |
170 |
fi |
171 |
fi |
172 |
|
173 |
checkconfig || { eend 1; return 1; } |
174 |
|
175 |
# create piddir (usually /run/named) if necessary, bug 334535 |
176 |
_get_pidfile |
177 |
piddir="${PIDFILE%/*}" |
178 |
checkpath -q -d -o root:named -m 0770 "${piddir}" || { |
179 |
eend 1 |
180 |
return 1 |
181 |
} |
182 |
|
183 |
# In case someone have $CPU set in /etc/conf.d/named |
184 |
if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then |
185 |
CPU="-n ${CPU}" |
186 |
fi |
187 |
|
188 |
start-stop-daemon --start --pidfile ${PIDFILE} \ |
189 |
--nicelevel ${NAMED_NICELEVEL:-0} \ |
190 |
--exec /usr/sbin/named \ |
191 |
-- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT} |
192 |
eend $? |
193 |
} |
194 |
|
195 |
stop() { |
196 |
local reported=0 |
197 |
|
198 |
ebegin "Stopping ${CHROOT:+chrooted }named" |
199 |
|
200 |
# Workaround for now, until openrc's restart has been fixed. |
201 |
# openrc doesn't care about a restart() function in init scripts. |
202 |
if [ "${RC_CMD}" = "restart" ]; then |
203 |
if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then |
204 |
check_chroot || { |
205 |
eend 1 |
206 |
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" |
207 |
return 1 |
208 |
} |
209 |
fi |
210 |
|
211 |
checkconfig || { eend 1; return 1; } |
212 |
fi |
213 |
|
214 |
# -R 10, bug 335398 |
215 |
_get_pidfile |
216 |
start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \ |
217 |
--exec /usr/sbin/named |
218 |
|
219 |
if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then |
220 |
ebegin "Umounting chroot dirs" |
221 |
|
222 |
# just to be sure everything gets clean |
223 |
while fuser -s ${CHROOT} 2>/dev/null; do |
224 |
if [ "${reported}" -eq 0 ]; then |
225 |
einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)" |
226 |
elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then |
227 |
eerror "Waiting until all named processes are stopped failed!" |
228 |
eend 1 |
229 |
break |
230 |
fi |
231 |
sleep 1 |
232 |
reported=$((reported+1)) |
233 |
done |
234 |
|
235 |
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP |
236 |
_umount ${CHROOT}/etc/bind |
237 |
_umount ${CHROOT}/var/log/named |
238 |
_umount ${CHROOT}/var/bind |
239 |
fi |
240 |
|
241 |
eend $? |
242 |
} |
243 |
|
244 |
reload() { |
245 |
local ret |
246 |
|
247 |
ebegin "Reloading named.conf and zone files" |
248 |
|
249 |
checkconfig || { eend 1; return 1; } |
250 |
|
251 |
_get_pidfile |
252 |
if [ -n "${PIDFILE}" ]; then |
253 |
start-stop-daemon --pidfile $PIDFILE --signal HUP |
254 |
ret=$? |
255 |
else |
256 |
ewarn "Unable to determine the pidfile... this is" |
257 |
ewarn "a fallback mode. Please check your installation!" |
258 |
|
259 |
$RC_SERVICE restart |
260 |
ret=$? |
261 |
fi |
262 |
|
263 |
eend $ret |
264 |
} |
265 |
|
266 |
|
267 |
|
268 |
1.1 net-dns/bind/files/named.conf-r7 |
269 |
|
270 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.conf-r7?rev=1.1&view=markup |
271 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.conf-r7?rev=1.1&content-type=text/plain |
272 |
|
273 |
Index: named.conf-r7 |
274 |
=================================================================== |
275 |
/* |
276 |
* Refer to the named.conf(5) and named(8) man pages, and the documentation |
277 |
* in /usr/share/doc/bind-9 for more details. |
278 |
* Online versions of the documentation can be found here: |
279 |
* http://www.isc.org/software/bind/documentation |
280 |
* |
281 |
* If you are going to set up an authoritative server, make sure you |
282 |
* understand the hairy details of how DNS works. Even with simple mistakes, |
283 |
* you can break connectivity for affected parties, or cause huge amounts of |
284 |
* useless Internet traffic. |
285 |
*/ |
286 |
|
287 |
acl "xfer" { |
288 |
/* Deny transfers by default except for the listed hosts. |
289 |
* If we have other name servers, place them here. |
290 |
*/ |
291 |
none; |
292 |
}; |
293 |
|
294 |
/* |
295 |
* You might put in here some ips which are allowed to use the cache or |
296 |
* recursive queries |
297 |
*/ |
298 |
acl "trusted" { |
299 |
127.0.0.0/8; |
300 |
::1/128; |
301 |
}; |
302 |
|
303 |
options { |
304 |
directory "/var/bind"; |
305 |
pid-file "/run/named/named.pid"; |
306 |
|
307 |
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ |
308 |
//bindkeys-file "/etc/bind/bind.keys"; |
309 |
|
310 |
listen-on-v6 { ::1; }; |
311 |
listen-on { 127.0.0.1; }; |
312 |
|
313 |
allow-query { |
314 |
/* |
315 |
* Accept queries from our "trusted" ACL. We will |
316 |
* allow anyone to query our master zones below. |
317 |
* This prevents us from becoming a free DNS server |
318 |
* to the masses. |
319 |
*/ |
320 |
trusted; |
321 |
}; |
322 |
|
323 |
allow-query-cache { |
324 |
/* Use the cache for the "trusted" ACL. */ |
325 |
trusted; |
326 |
}; |
327 |
|
328 |
allow-recursion { |
329 |
/* Only trusted addresses are allowed to use recursion. */ |
330 |
trusted; |
331 |
}; |
332 |
|
333 |
allow-transfer { |
334 |
/* Zone tranfers are denied by default. */ |
335 |
none; |
336 |
}; |
337 |
|
338 |
allow-update { |
339 |
/* Don't allow updates, e.g. via nsupdate. */ |
340 |
none; |
341 |
}; |
342 |
|
343 |
/* |
344 |
* If you've got a DNS server around at your upstream provider, enter its |
345 |
* IP address here, and enable the line below. This will make you benefit |
346 |
* from its cache, thus reduce overall DNS traffic in the Internet. |
347 |
* |
348 |
* Uncomment the following lines to turn on DNS forwarding, and change |
349 |
* and/or update the forwarding ip address(es): |
350 |
*/ |
351 |
/* |
352 |
forward first; |
353 |
forwarders { |
354 |
// 123.123.123.123; // Your ISP NS |
355 |
// 124.124.124.124; // Your ISP NS |
356 |
// 4.2.2.1; // Level3 Public DNS |
357 |
// 4.2.2.2; // Level3 Public DNS |
358 |
8.8.8.8; // Google Open DNS |
359 |
8.8.4.4; // Google Open DNS |
360 |
}; |
361 |
|
362 |
*/ |
363 |
|
364 |
//dnssec-enable yes; |
365 |
//dnssec-validation yes; |
366 |
|
367 |
/* |
368 |
* As of bind 9.8.0: |
369 |
* "If the root key provided has expired, |
370 |
* named will log the expiration and validation will not work." |
371 |
*/ |
372 |
//dnssec-validation auto; |
373 |
|
374 |
/* if you have problems and are behind a firewall: */ |
375 |
//query-source address * port 53; |
376 |
}; |
377 |
|
378 |
/* |
379 |
logging { |
380 |
channel default_log { |
381 |
file "/var/log/named/named.log" versions 5 size 50M; |
382 |
print-time yes; |
383 |
print-severity yes; |
384 |
print-category yes; |
385 |
}; |
386 |
|
387 |
category default { default_log; }; |
388 |
category general { default_log; }; |
389 |
}; |
390 |
*/ |
391 |
|
392 |
include "/etc/bind/rndc.key"; |
393 |
controls { |
394 |
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; |
395 |
}; |
396 |
|
397 |
zone "." in { |
398 |
type hint; |
399 |
file "/var/bind/named.cache"; |
400 |
}; |
401 |
|
402 |
zone "localhost" IN { |
403 |
type master; |
404 |
file "pri/localhost.zone"; |
405 |
notify no; |
406 |
}; |
407 |
|
408 |
zone "127.in-addr.arpa" IN { |
409 |
type master; |
410 |
file "pri/127.zone"; |
411 |
notify no; |
412 |
}; |
413 |
|
414 |
/* |
415 |
* Briefly, a zone which has been declared delegation-only will be effectively |
416 |
* limited to containing NS RRs for subdomains, but no actual data beyond its |
417 |
* own apex (for example, its SOA RR and apex NS RRset). This can be used to |
418 |
* filter out "wildcard" or "synthesized" data from NAT boxes or from |
419 |
* authoritative name servers whose undelegated (in-zone) data is of no |
420 |
* interest. |
421 |
* See http://www.isc.org/software/bind/delegation-only for more info |
422 |
*/ |
423 |
|
424 |
//zone "COM" { type delegation-only; }; |
425 |
//zone "NET" { type delegation-only; }; |
426 |
|
427 |
//zone "YOUR-DOMAIN.TLD" { |
428 |
// type master; |
429 |
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; |
430 |
// allow-query { any; }; |
431 |
// allow-transfer { xfer; }; |
432 |
//}; |
433 |
|
434 |
//zone "YOUR-SLAVE.TLD" { |
435 |
// type slave; |
436 |
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; |
437 |
// masters { <MASTER>; }; |
438 |
|
439 |
/* Anybody is allowed to query but transfer should be controlled by the master. */ |
440 |
// allow-query { any; }; |
441 |
// allow-transfer { none; }; |
442 |
|
443 |
/* The master should be the only one who notifies the slaves, shouldn't it? */ |
444 |
// allow-notify { <MASTER>; }; |
445 |
// notify no; |
446 |
//}; |