From owner-svn-src-all@FreeBSD.ORG Mon Aug 3 20:09:54 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAACE1065673; Mon, 3 Aug 2009 20:09:54 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B633B8FC12; Mon, 3 Aug 2009 20:09:54 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n73K9spj095659; Mon, 3 Aug 2009 20:09:54 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n73K9srk095654; Mon, 3 Aug 2009 20:09:54 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <200908032009.n73K9srk095654@svn.freebsd.org> From: Doug Barton Date: Mon, 3 Aug 2009 20:09:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r196053 - in stable/7: etc/defaults etc/namedb etc/rc.d share/man/man5 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2009 20:09:55 -0000 Author: dougb Date: Mon Aug 3 20:09:54 2009 New Revision: 196053 URL: http://svn.freebsd.org/changeset/base/196053 Log: MFC r192210, a whitespace only change in rc.d/named, and MFC r192215: named_wait feature, auto-forward feature, add named-checkconf to startup Modified: stable/7/etc/defaults/rc.conf stable/7/etc/namedb/named.conf stable/7/etc/rc.d/named stable/7/share/man/man5/rc.conf.5 (contents, props changed) Modified: stable/7/etc/defaults/rc.conf ============================================================================== --- stable/7/etc/defaults/rc.conf Mon Aug 3 18:44:42 2009 (r196052) +++ stable/7/etc/defaults/rc.conf Mon Aug 3 20:09:54 2009 (r196053) @@ -241,6 +241,7 @@ inetd_flags="-wW -C 60" # Optional flag # named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # Path to named, if you want a different one. +named_conf="/etc/namedb/named.conf" # Path to the configuration file #named_flags="-c /etc/namedb/named.conf" # Uncomment for named not in /usr/sbin named_pidfile="/var/run/named/pid" # Must set this in named.conf as well named_uid="bind" # User to run named as @@ -248,6 +249,10 @@ named_chrootdir="/var/named" # Chroot di named_chroot_autoupdate="YES" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable="YES" # Symlink the chrooted pid file +named_wait="NO" # Wait for working name service before exiting +named_wait_host="localhost" # Hostname to check if named_wait is enabled +named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf +named_auto_forward_only="NO" # Do "forward only" instead of "forward first" # # kerberos. Do not run the admin daemons on slave servers Modified: stable/7/etc/namedb/named.conf ============================================================================== --- stable/7/etc/namedb/named.conf Mon Aug 3 18:44:42 2009 (r196052) +++ stable/7/etc/namedb/named.conf Mon Aug 3 20:09:54 2009 (r196053) @@ -31,12 +31,6 @@ options { disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; -// In addition to the "forwarders" clause, you can force your name -// server to never initiate queries of its own, but always ask its -// forwarders only, by enabling the following line: -// -// forward only; - // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. @@ -45,6 +39,20 @@ options { 127.0.0.1; }; */ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "/etc/namedb/auto_forward.conf"; + /* Modern versions of BIND use a random UDP port for each outgoing query by default in order to dramatically reduce the possibility Modified: stable/7/etc/rc.d/named ============================================================================== --- stable/7/etc/rc.d/named Mon Aug 3 18:44:42 2009 (r196052) +++ stable/7/etc/rc.d/named Mon Aug 3 20:09:54 2009 (r196053) @@ -16,7 +16,7 @@ command="/usr/sbin/named" extra_commands="reload" start_precmd="named_precmd" -start_postcmd="make_symlinks" +start_postcmd="named_poststart" reload_cmd="named_reload" stop_cmd="named_stop" stop_postcmd="named_poststop" @@ -79,7 +79,7 @@ chroot_autoupdate() fi fi - # Copy and/or update key files to the chroot /etc + # Copy and/or update key files to the chroot /etc # for file in localtime protocols services; do if [ -r /etc/$file ]; then @@ -97,6 +97,17 @@ make_symlinks() ln -fs "${named_chrootdir}${pidfile}" ${pidfile} } +named_poststart () { + make_symlinks + + if checkyesno named_wait; then + until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do + echo " Waiting for nameserver to resolve $named_wait_host" + sleep 1 + done + fi +} + named_reload() { ${command%/named}/rndc reload @@ -135,8 +146,19 @@ named_poststop() fi } +create_file () { + if [ -e "$1" ]; then + unlink $1 + fi + > $1 + chown root:wheel $1 + chmod 644 $1 +} + named_precmd() { + local line nsip firstns + # Is the user using a sandbox? # if [ -n "$named_chrootdir" ]; then @@ -161,6 +183,80 @@ named_precmd() else $confgen_command fi + + # Create a forwarder configuration based on /etc/resolv.conf + if checkyesno named_auto_forward; then + if [ ! -s /etc/resolv.conf ]; then + warn "named_auto_forward enabled, but no /etc/resolv.conf" + + # Empty the file in case it is included in named.conf + [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] && + create_file ${named_chrootdir}/etc/namedb/auto_forward.conf + + ${command%/named}/named-checkconf $named_conf || + err 3 'named-checkconf for $named_conf failed' + return + fi + + create_file /var/run/naf-resolv.conf + create_file /var/run/auto_forward.conf + + echo ' forwarders {' > /var/run/auto_forward.conf + + while read line; do + case "$line" in + 'nameserver '*|'nameserver '*) + nsip=${line##nameserver[ ]} + + if [ -z "$firstns" ]; then + if [ ! "$nsip" = '127.0.0.1' ]; then + echo 'nameserver 127.0.0.1' + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + + firstns=1 + else + [ "$nsip" = '127.0.0.1' ] && continue + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + ;; + esac + + echo $line + done < /etc/resolv.conf > /var/run/naf-resolv.conf + + echo ' };' >> /var/run/auto_forward.conf + echo '' >> /var/run/auto_forward.conf + if checkyesno named_auto_forward_only; then + echo " forward only;" >> /var/run/auto_forward.conf + else + echo " forward first;" >> /var/run/auto_forward.conf + fi + + if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then + unlink /var/run/naf-resolv.conf + else + [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf + mv /var/run/naf-resolv.conf /etc/resolv.conf + fi + + if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \ + /var/run/auto_forward.conf; then + unlink /var/run/auto_forward.conf + else + [ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] && + unlink ${named_chrootdir}/etc/namedb/auto_forward.conf + mv /var/run/auto_forward.conf \ + ${named_chrootdir}/etc/namedb/auto_forward.conf + fi + else + # Empty the file in case it is included in named.conf + [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] && + create_file ${named_chrootdir}/etc/namedb/auto_forward.conf + fi + + ${command%/named}/named-checkconf $named_conf || + err 3 'named-checkconf for $named_conf failed' } load_rc_config $name Modified: stable/7/share/man/man5/rc.conf.5 ============================================================================== --- stable/7/share/man/man5/rc.conf.5 Mon Aug 3 18:44:42 2009 (r196052) +++ stable/7/share/man/man5/rc.conf.5 Mon Aug 3 20:09:54 2009 (r196053) @@ -1594,6 +1594,12 @@ Path to .Xr named 8 (default .Pa /usr/sbin/named ) . +.It Va named_conf +.Pq Vt str +Path to +.Xr named 8 +configuration file, (default +.Pa /etc/namedb/named.conf ) . .It Va named_flags .Pq Vt str If @@ -1641,6 +1647,26 @@ daemon's PID file into the .Xr chroot 8 environment. +.It Va named_wait +.Pq Vt bool +Set to have +.Pa /etc/rc.d/named +loop until working name service is established. +.It Va named_wait_host +.Pq Vt str +Name of host to lookup for the named_wait option. +(Default localhost) +.It Va named_auto_forward +.Pq Vt bool +Set to enable automatic creation of a forwarder +configuration file derived from +.Pa /etc/resolv.conf . +.It Va named_auto_forward_only +.Pq Vt bool +Set to change the default forwarder configuration from +.Dq forward first +to +.Dq forward only . .It Va kerberos5_server_enable .Pq Vt bool Set to