Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Christian Ruppert (idl0r)" <idl0r@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-dns/bind/files: named.init-r13 named.conf-r7
Date: Fri, 31 Jan 2014 21:24:54
Message-Id: 20140131212449.D0F772004E@flycatcher.gentoo.org
1 idl0r 14/01/31 21:24:49
2
3 Added: named.init-r13 named.conf-r7
4 Log:
5 Fix bug 482590
6
7 (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key B427ABC8)
8
9 Revision Changes Path
10 1.1 net-dns/bind/files/named.init-r13
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.init-r13?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.init-r13?rev=1.1&content-type=text/plain
14
15 Index: named.init-r13
16 ===================================================================
17 #!/sbin/runscript
18 # Copyright 1999-2014 Gentoo Foundation
19 # Distributed under the terms of the GNU General Public License v2
20 # $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r13,v 1.1 2014/01/31 21:24:49 idl0r Exp $
21
22 extra_commands="checkconfig checkzones"
23 extra_started_commands="reload"
24
25 depend() {
26 need net
27 use logger
28 provide dns
29 }
30
31 NAMED_CONF=${CHROOT}/etc/bind/named.conf
32
33 OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
34 MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
35
36 _mount() {
37 local from
38 local to
39 local opts
40 local ret=0
41
42 if [ "${#}" -lt 3 ]; then
43 eerror "_mount(): to few arguments"
44 return 1
45 fi
46
47 from=$1
48 to=$2
49 shift 2
50
51 opts="${*}"
52 shift $#
53
54 if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
55 einfo "mounting ${from} to ${to}"
56 mount ${from} ${to} ${opts}
57 ret=$?
58
59 eend $ret
60 return $ret
61 fi
62
63 return 0
64 }
65
66 _umount() {
67 local dir=$1
68 local ret=0
69
70 if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
71 ebegin "umounting ${dir}"
72 umount ${dir}
73 ret=$?
74
75 eend $ret
76 return $ret
77 fi
78
79 return 0
80 }
81
82 _get_pidfile() {
83 # as suggested in bug #107724, bug 335398#c17
84 [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
85 /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
86 [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
87 }
88
89 check_chroot() {
90 if [ -n "${CHROOT}" ]; then
91 [ ! -d "${CHROOT}" ] && return 1
92 [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
93 [ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
94 [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
95 [ ! -d "${CHROOT}/var/log/named" ] && return 1
96 [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
97 [ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
98 [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
99 if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
100 if [ -d "/usr/lib64" ]; then
101 [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
102 elif [ -d "/usr/lib" ]; then
103 [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
104 fi
105 fi
106 fi
107
108 return 0
109 }
110
111 checkconfig() {
112 ebegin "Checking named configuration"
113
114 if [ ! -f "${NAMED_CONF}" ] ; then
115 eerror "No ${NAMED_CONF} file exists!"
116 return 1
117 fi
118
119 /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
120 eerror "named-checkconf failed! Please fix your config first."
121 return 1
122 }
123
124 eend 0
125 return 0
126 }
127
128 checkzones() {
129 ebegin "Checking named configuration and zones"
130 /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
131 eend $?
132 }
133
134 start() {
135 local piddir
136
137 ebegin "Starting ${CHROOT:+chrooted }named"
138
139 if [ -n "${CHROOT}" ]; then
140 if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
141 check_chroot || {
142 eend 1
143 eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
144 return 1
145 }
146 fi
147
148 if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
149 if [ ! -e /usr/lib/engines/libgost.so ]; then
150 eend 1
151 eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
152 return 1
153 fi
154 cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
155 eend 1
156 eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
157 return 1
158 }
159 fi
160 cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
161
162 if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
163 einfo "Mounting chroot dirs"
164 _mount /etc/bind ${CHROOT}/etc/bind -o bind
165 _mount /var/bind ${CHROOT}/var/bind -o bind
166 _mount /var/log/named ${CHROOT}/var/log/named -o bind
167 if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
168 _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
169 fi
170 fi
171 fi
172
173 checkconfig || { eend 1; return 1; }
174
175 # create piddir (usually /run/named) if necessary, bug 334535
176 _get_pidfile
177 piddir="${PIDFILE%/*}"
178 checkpath -q -d -o root:named -m 0770 "${piddir}" || {
179 eend 1
180 return 1
181 }
182
183 # In case someone have $CPU set in /etc/conf.d/named
184 if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
185 CPU="-n ${CPU}"
186 fi
187
188 start-stop-daemon --start --pidfile ${PIDFILE} \
189 --nicelevel ${NAMED_NICELEVEL:-0} \
190 --exec /usr/sbin/named \
191 -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
192 eend $?
193 }
194
195 stop() {
196 local reported=0
197
198 ebegin "Stopping ${CHROOT:+chrooted }named"
199
200 # Workaround for now, until openrc's restart has been fixed.
201 # openrc doesn't care about a restart() function in init scripts.
202 if [ "${RC_CMD}" = "restart" ]; then
203 if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
204 check_chroot || {
205 eend 1
206 eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
207 return 1
208 }
209 fi
210
211 checkconfig || { eend 1; return 1; }
212 fi
213
214 # -R 10, bug 335398
215 _get_pidfile
216 start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
217 --exec /usr/sbin/named
218
219 if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
220 ebegin "Umounting chroot dirs"
221
222 # just to be sure everything gets clean
223 while fuser -s ${CHROOT} 2>/dev/null; do
224 if [ "${reported}" -eq 0 ]; then
225 einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
226 elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
227 eerror "Waiting until all named processes are stopped failed!"
228 eend 1
229 break
230 fi
231 sleep 1
232 reported=$((reported+1))
233 done
234
235 [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
236 _umount ${CHROOT}/etc/bind
237 _umount ${CHROOT}/var/log/named
238 _umount ${CHROOT}/var/bind
239 fi
240
241 eend $?
242 }
243
244 reload() {
245 local ret
246
247 ebegin "Reloading named.conf and zone files"
248
249 checkconfig || { eend 1; return 1; }
250
251 _get_pidfile
252 if [ -n "${PIDFILE}" ]; then
253 start-stop-daemon --pidfile $PIDFILE --signal HUP
254 ret=$?
255 else
256 ewarn "Unable to determine the pidfile... this is"
257 ewarn "a fallback mode. Please check your installation!"
258
259 $RC_SERVICE restart
260 ret=$?
261 fi
262
263 eend $ret
264 }
265
266
267
268 1.1 net-dns/bind/files/named.conf-r7
269
270 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.conf-r7?rev=1.1&view=markup
271 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.conf-r7?rev=1.1&content-type=text/plain
272
273 Index: named.conf-r7
274 ===================================================================
275 /*
276 * Refer to the named.conf(5) and named(8) man pages, and the documentation
277 * in /usr/share/doc/bind-9 for more details.
278 * Online versions of the documentation can be found here:
279 * http://www.isc.org/software/bind/documentation
280 *
281 * If you are going to set up an authoritative server, make sure you
282 * understand the hairy details of how DNS works. Even with simple mistakes,
283 * you can break connectivity for affected parties, or cause huge amounts of
284 * useless Internet traffic.
285 */
286
287 acl "xfer" {
288 /* Deny transfers by default except for the listed hosts.
289 * If we have other name servers, place them here.
290 */
291 none;
292 };
293
294 /*
295 * You might put in here some ips which are allowed to use the cache or
296 * recursive queries
297 */
298 acl "trusted" {
299 127.0.0.0/8;
300 ::1/128;
301 };
302
303 options {
304 directory "/var/bind";
305 pid-file "/run/named/named.pid";
306
307 /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
308 //bindkeys-file "/etc/bind/bind.keys";
309
310 listen-on-v6 { ::1; };
311 listen-on { 127.0.0.1; };
312
313 allow-query {
314 /*
315 * Accept queries from our "trusted" ACL. We will
316 * allow anyone to query our master zones below.
317 * This prevents us from becoming a free DNS server
318 * to the masses.
319 */
320 trusted;
321 };
322
323 allow-query-cache {
324 /* Use the cache for the "trusted" ACL. */
325 trusted;
326 };
327
328 allow-recursion {
329 /* Only trusted addresses are allowed to use recursion. */
330 trusted;
331 };
332
333 allow-transfer {
334 /* Zone tranfers are denied by default. */
335 none;
336 };
337
338 allow-update {
339 /* Don't allow updates, e.g. via nsupdate. */
340 none;
341 };
342
343 /*
344 * If you've got a DNS server around at your upstream provider, enter its
345 * IP address here, and enable the line below. This will make you benefit
346 * from its cache, thus reduce overall DNS traffic in the Internet.
347 *
348 * Uncomment the following lines to turn on DNS forwarding, and change
349 * and/or update the forwarding ip address(es):
350 */
351 /*
352 forward first;
353 forwarders {
354 // 123.123.123.123; // Your ISP NS
355 // 124.124.124.124; // Your ISP NS
356 // 4.2.2.1; // Level3 Public DNS
357 // 4.2.2.2; // Level3 Public DNS
358 8.8.8.8; // Google Open DNS
359 8.8.4.4; // Google Open DNS
360 };
361
362 */
363
364 //dnssec-enable yes;
365 //dnssec-validation yes;
366
367 /*
368 * As of bind 9.8.0:
369 * "If the root key provided has expired,
370 * named will log the expiration and validation will not work."
371 */
372 //dnssec-validation auto;
373
374 /* if you have problems and are behind a firewall: */
375 //query-source address * port 53;
376 };
377
378 /*
379 logging {
380 channel default_log {
381 file "/var/log/named/named.log" versions 5 size 50M;
382 print-time yes;
383 print-severity yes;
384 print-category yes;
385 };
386
387 category default { default_log; };
388 category general { default_log; };
389 };
390 */
391
392 include "/etc/bind/rndc.key";
393 controls {
394 inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
395 };
396
397 zone "." in {
398 type hint;
399 file "/var/bind/named.cache";
400 };
401
402 zone "localhost" IN {
403 type master;
404 file "pri/localhost.zone";
405 notify no;
406 };
407
408 zone "127.in-addr.arpa" IN {
409 type master;
410 file "pri/127.zone";
411 notify no;
412 };
413
414 /*
415 * Briefly, a zone which has been declared delegation-only will be effectively
416 * limited to containing NS RRs for subdomains, but no actual data beyond its
417 * own apex (for example, its SOA RR and apex NS RRset). This can be used to
418 * filter out "wildcard" or "synthesized" data from NAT boxes or from
419 * authoritative name servers whose undelegated (in-zone) data is of no
420 * interest.
421 * See http://www.isc.org/software/bind/delegation-only for more info
422 */
423
424 //zone "COM" { type delegation-only; };
425 //zone "NET" { type delegation-only; };
426
427 //zone "YOUR-DOMAIN.TLD" {
428 // type master;
429 // file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
430 // allow-query { any; };
431 // allow-transfer { xfer; };
432 //};
433
434 //zone "YOUR-SLAVE.TLD" {
435 // type slave;
436 // file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
437 // masters { <MASTER>; };
438
439 /* Anybody is allowed to query but transfer should be controlled by the master. */
440 // allow-query { any; };
441 // allow-transfer { none; };
442
443 /* The master should be the only one who notifies the slaves, shouldn't it? */
444 // allow-notify { <MASTER>; };
445 // notify no;
446 //};
Report Message
Find on MARC Find on Google Groups