Date: Tue, 29 Dec 2009 07:08:48 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/etc/mtree BIND.chroot.dist src/etc/namedb named.conf src/etc/rc.d named Message-ID: <200912290709.nBT79EwF029042@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dougb 2009-12-29 07:08:48 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_8)
etc/mtree BIND.chroot.dist
etc/namedb named.conf
etc/rc.d named
Log:
SVN rev 201172 on 2009-12-29 07:08:48Z by dougb
MFC r200448:
Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.
Rename named_precmd to named_prestart to make it more clear and match
convention.
Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.
Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.
For named_conf:
Add "-c $named_conf" to command_args if it's not set to the
default. If it is set to the default and we're using the base
BIND it's not necessary. If we're using BIND from the ports
the user is likely to have included it in _flags (due to long
necessity for doing so) so don't duplicate that if it's set.
Add $named_conf to required_files
MFC r200563:
The named process needs to have a "working directory" that it can
write to. This is specified in "options { directory }" in named.conf.
So, create /etc/namedb/working with appropriate permissions, and
update the entry in named.conf to match.
In addition to specifying the working directory, file and path names
in named.conf can be specified relative to the directory listed.
However, since that directory is now different from /etc/namedb
(where the configuration, zone, rndc.*, and other files are located)
further update named.conf to specify all file names with fully
qualified paths. Also update the comment about file and path names
so users know this should be done for all file/path names in the file.
This change will eliminate the 'working directory is not writable'
messages at boot time without sacrificing security. It will also
allow for features in newer versions of BIND (9.7+) to work as
designed.
Revision Changes Path
1.6.22.2 +2 -0 src/etc/mtree/BIND.chroot.dist
1.29.2.2 +95 -95 src/etc/namedb/named.conf
1.31.2.2 +16 -7 src/etc/rc.d/named
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912290709.nBT79EwF029042>