Date: Mon, 4 Nov 2013 02:06:54 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: =?iso-8859-1?Q?=D6zkan?= KIRIK <ozkan.kirik@gmail.com> Cc: FreeBSD Release Engineering Team <re@freebsd.org>, freebsd-current@freebsd.org, freebsd-stable <freebsd-stable@freebsd.org>, des@FreeBSD.org Subject: Re: FreeBSD 10 Beta2 /etc/rc.d/named script and /etc/defaults/rc.conf Message-ID: <20131103220654.GU52889@FreeBSD.org> In-Reply-To: <CAAcX-AFJ__4CDz7%2BabFoRf%2BecrfOZRFXaos1sYnb85=k_BweEw@mail.gmail.com> References: <CAAcX-AFJ__4CDz7%2BabFoRf%2BecrfOZRFXaos1sYnb85=k_BweEw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--tpZe61tYkA9f+p/0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit On Sun, Nov 03, 2013 at 10:05:02PM +0200, Özkan KIRIK wrote: Ö> Altough bind removed from FreeBSD 10 distribution, "/etc/rc.d/named" script Ö> still exists. Ö> and this script depends on "/etc/mtree/BIND.chroot.dist" file but there is Ö> no such file in source tree. Ö> I think this file was forgotten to be removed. Ö> Ö> And also, named_* definitions still exists in /etc/defaults/rc.conf file. Please review attached file that removes named from /etc. -- Totus tuus, Glebius. --tpZe61tYkA9f+p/0 Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="named-etc.diff" Index: etc/defaults/periodic.conf =================================================================== --- etc/defaults/periodic.conf (revision 257584) +++ etc/defaults/periodic.conf (working copy) @@ -137,10 +137,6 @@ daily_status_mail_rejects_enable="YES" # Check m daily_status_mail_rejects_logs=3 # How many logs to check daily_status_mail_rejects_shorten="NO" # Shorten output -# 470.status-named -daily_status_named_enable="YES" -daily_status_named_usedns="YES" # DNS lookups are ok - # 480.status-ntpd daily_status_ntpd_enable="NO" # Check NTP status Index: etc/defaults/rc.conf =================================================================== --- etc/defaults/rc.conf (revision 257584) +++ etc/defaults/rc.conf (working copy) @@ -256,6 +256,7 @@ hostapd_enable="NO" # Run hostap daemon. syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. syslogd_flags="-s" # Flags to syslogd (if enabled). +altlog_proglist="" # List of chrooted applicatioins in /var inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. inetd_flags="-wW -C 60" # Optional flags to inetd @@ -267,23 +268,6 @@ hastd_program="/sbin/hastd" # path to hastd, if yo hastd_flags="" # Optional flags to hastd. ctld_enable="NO" # CAM Target Layer / iSCSI target daemon. local_unbound_enable="NO" # local caching resolver -# -# named. It may be possible to run named in a sandbox, man security for -# details. -# -named_enable="NO" # Run named, the DNS server (or NO). -named_program="/usr/sbin/named" # Path to named, if you want a different one. -named_conf="/etc/namedb/named.conf" # Path to the configuration file -#named_flags="" # Use this for flags OTHER than -u and -c -named_uid="bind" # User to run named as -named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) -named_chroot_autoupdate="YES" # Automatically install/update chrooted - # components of named. See /etc/rc.d/named. -named_symlink_enable="YES" # Symlink the chrooted pid file -named_wait="NO" # Wait for working name service before exiting -named_wait_host="localhost" # Hostname to check if named_wait is enabled -named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf -named_auto_forward_only="NO" # Do "forward only" instead of "forward first" # # kerberos. Do not run the admin daemons on slave servers Index: etc/freebsd-update.conf =================================================================== --- etc/freebsd-update.conf (revision 257584) +++ etc/freebsd-update.conf (working copy) @@ -35,7 +35,7 @@ UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.pr # When upgrading to a new FreeBSD release, files which match MergeChanges # will have any local changes merged into the version from the new release. -MergeChanges /etc/ /var/named/etc/ /boot/device.hints +MergeChanges /etc/ /boot/device.hints ### Default configuration options: Index: etc/namedb/Makefile =================================================================== --- etc/namedb/Makefile (revision 257584) +++ etc/namedb/Makefile (working copy) @@ -1,11 +0,0 @@ -# $FreeBSD$ - -SUBDIR= master - -FILES= named.conf named.root - -NO_OBJ= -FILESDIR= /etc/namedb -FILESMODE= 644 - -.include <bsd.prog.mk> Index: etc/namedb/master/Makefile =================================================================== --- etc/namedb/master/Makefile (revision 257584) +++ etc/namedb/master/Makefile (working copy) @@ -1,9 +0,0 @@ -# $FreeBSD$ - -FILES= empty.db localhost-forward.db localhost-reverse.db - -NO_OBJ= -FILESDIR= /etc/namedb/master -FILESMODE= 644 - -.include <bsd.prog.mk> Index: etc/namedb/master/empty.db =================================================================== --- etc/namedb/master/empty.db (revision 257584) +++ etc/namedb/master/empty.db (working copy) @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA @ nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - -@ NS @ - -; Silence a BIND warning -@ A 127.0.0.1 Index: etc/namedb/master/localhost-forward.db =================================================================== --- etc/namedb/master/localhost-forward.db (revision 257584) +++ etc/namedb/master/localhost-forward.db (working copy) @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - - A 127.0.0.1 - AAAA ::1 Index: etc/namedb/master/localhost-reverse.db =================================================================== --- etc/namedb/master/localhost-reverse.db (revision 257584) +++ etc/namedb/master/localhost-reverse.db (working copy) @@ -1,13 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - -1.0.0 PTR localhost. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. - Index: etc/namedb/named.conf =================================================================== --- etc/namedb/named.conf (revision 257584) +++ etc/namedb/named.conf (working copy) @@ -1,360 +0,0 @@ -// $FreeBSD$ -// -// Refer to the named.conf(5) and named(8) man pages, and the documentation -// in /usr/share/doc/bind9 for more details. -// -// If you are going to set up an authoritative server, make sure you -// understand the hairy details of how DNS works. Even with -// simple mistakes, you can break connectivity for affected parties, -// or cause huge amounts of useless Internet traffic. - -options { - // All file and path names are relative to the chroot directory, - // if any, and should be fully qualified. - directory "/etc/namedb/working"; - pid-file "/var/run/named/pid"; - dump-file "/var/dump/named_dump.db"; - statistics-file "/var/stats/named.stats"; - -// If named is being used only as a local resolver, this is a safe default. -// For named to be accessible to the network, comment this option, specify -// the proper IP address, or delete this option. - listen-on { 127.0.0.1; }; - -// If you have IPv6 enabled on this system, uncomment this option for -// use as a local resolver. To give access to the network, specify -// an IPv6 address, or the keyword "any". -// listen-on-v6 { ::1; }; - -// These zones are already covered by the empty zones listed below. -// If you remove the related empty zones below, comment these lines out. - disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; - disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - -// If you've got a DNS server around at your upstream provider, enter -// its IP address here, and enable the line below. This will make you -// benefit from its cache, thus reduce overall DNS traffic in the Internet. -/* - forwarders { - 127.0.0.1; - }; -*/ - -// If the 'forwarders' clause is not empty the default is to 'forward first' -// which will fall back to sending a query from your local server if the name -// servers in 'forwarders' do not have the answer. Alternatively you can -// force your name server to never initiate queries of its own by enabling the -// following line: -// forward only; - -// If you wish to have forwarding configured automatically based on -// the entries in /etc/resolv.conf, uncomment the following line and -// set named_auto_forward=yes in /etc/rc.conf. You can also enable -// named_auto_forward_only (the effect of which is described above). -// include "/etc/namedb/auto_forward.conf"; - - /* - Modern versions of BIND use a random UDP port for each outgoing - query by default in order to dramatically reduce the possibility - of cache poisoning. All users are strongly encouraged to utilize - this feature, and to configure their firewalls to accommodate it. - - AS A LAST RESORT in order to get around a restrictive firewall - policy you can try enabling the option below. Use of this option - will significantly reduce your ability to withstand cache poisoning - attacks, and should be avoided if at all possible. - - Replace NNNNN in the example with a number between 49160 and 65530. - */ - // query-source address * port NNNNN; -}; - -// If you enable a local name server, don't forget to enter 127.0.0.1 -// first in your /etc/resolv.conf so this server will be queried. -// Also, make sure to enable it in /etc/rc.conf. - -// The traditional root hints mechanism. Use this, OR the slave zones below. -zone "." { type hint; file "/etc/namedb/named.root"; }; - -/* Slaving the following zones from the root name servers has some - significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots - 3. Greater resilience to any potential root server failure/DDoS - - On the other hand, this method requires more monitoring than the - hints file to be sure that an unexpected failure mode has not - incapacitated your server. Name servers that are serving a lot - of clients will benefit more from this approach than individual - hosts. Use with caution. - - To use this mechanism, uncomment the entries below, and comment - the hint zone above. - - As documented at http://dns.icann.org/services/axfr/ these zones: - "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET - are available for AXFR from these servers on IPv4 and IPv6: - xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org -*/ -/* -zone "." { - type slave; - file "/etc/namedb/slave/root.slave"; - masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - }; - notify no; -}; -zone "arpa" { - type slave; - file "/etc/namedb/slave/arpa.slave"; - masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - }; - notify no; -}; -*/ - -/* Serving the following zones locally will prevent any queries - for these zones leaving your network and going to the root - name servers. This has two significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots -*/ -// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) -zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; }; -zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; -zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// RFC 1912-style zone for IPv6 localhost address (RFC 6303) -zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; - -// "This" Network (RFCs 1912, 5735 and 6303) -zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Private Use Networks (RFCs 1918, 5735 and 6303) -zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Shared Address Space (RFC 6598) -zone "64.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "65.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "66.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "67.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "68.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "69.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "70.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "71.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "72.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "73.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "74.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "75.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "76.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "77.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "78.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "79.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "80.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "81.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "82.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "83.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "84.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "85.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "86.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "87.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "88.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "89.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "90.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "91.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "92.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "93.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "94.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "95.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "96.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "97.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "98.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "99.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "100.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "101.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "102.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "103.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "104.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "105.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "106.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "107.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "108.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "109.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "110.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "111.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "112.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "113.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "114.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "115.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "116.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "117.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "118.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "119.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "120.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "121.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "122.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "123.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "124.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "125.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "126.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "127.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Link-local/APIPA (RFCs 3927, 5735 and 6303) -zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IETF protocol assignments (RFCs 5735 and 5736) -zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) -zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Example Range for Documentation (RFCs 3849 and 6303) -zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example" { type master; file "/etc/namedb/master/empty.db"; }; -zone "invalid" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example.com" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example.net" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example.org" { type master; file "/etc/namedb/master/empty.db"; }; - -// Router Benchmark Testing (RFCs 2544 and 5735) -zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IANA Reserved - Old Class E Space (RFC 5735) -zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Unassigned Addresses (RFC 4291) -zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 ULA (RFCs 4193 and 6303) -zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Link Local (RFCs 4291 and 6303) -zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) -zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IP6.INT is Deprecated (RFC 4159) -zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; }; - -// NB: Do not use the IP addresses below, they are faked, and only -// serve demonstration/documentation purposes! -// -// Example slave zone config entries. It can be convenient to become -// a slave at least for the zone your own domain is in. Ask -// your network administrator for the IP address of the responsible -// master name server. -// -// Do not forget to include the reverse lookup zone! -// This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. -// -// Before starting to set up a master zone, make sure you fully -// understand how DNS and BIND work. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is usually simpler. -// -// NB: Don't blindly enable the examples below. :-) Use actual names -// and addresses instead. - -/* An example dynamic zone -key "exampleorgkey" { - algorithm hmac-md5; - secret "sf87HJqjkqh8ac87a02lla=="; -}; -zone "example.org" { - type master; - allow-update { - key "exampleorgkey"; - }; - file "/etc/namedb/dynamic/example.org"; -}; -*/ - -/* Example of a slave reverse zone -zone "1.168.192.in-addr.arpa" { - type slave; - file "/etc/namedb/slave/1.168.192.in-addr.arpa"; - masters { - 192.168.1.1; - }; -}; -*/ Index: etc/namedb/named.root =================================================================== --- etc/namedb/named.root (revision 257584) +++ etc/namedb/named.root (working copy) @@ -1,92 +0,0 @@ -; -; $FreeBSD$ -; - -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: Jan 3, 2013 -; related version of root zone: 2013010300 -; -; formerly NS.INTERNIC.NET -; -. 3600000 IN NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 -; End of File Index: etc/periodic/daily/470.status-named =================================================================== --- etc/periodic/daily/470.status-named (revision 257584) +++ etc/periodic/daily/470.status-named (working copy) @@ -1,62 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -catmsgs() { - find /var/log -name 'messages.*' -mtime -2 | - sort -t. -r -n -k 2,2 | - while read f - do - case $f in - *.gz) zcat -f $f;; - *.bz2) bzcat -f $f;; - esac - done - [ -f /var/log/messages ] && cat /var/log/messages -} - -case "$daily_status_named_enable" in - [Yy][Ee][Ss]) - echo - echo 'Checking for denied zone transfers (AXFR and IXFR):' - - start=`date -v-1d '+%b %e'` - rc=$(catmsgs | - fgrep -E "^$start.*named\[[[:digit:]]+\]: transfer of .*failed .*: REFUSED" | - sed -e "s/.*transfer of \'\(.*\)\/IN\' from \(.*\)#[0-9]*: .*/\1 from \2/" | - sort -f | uniq -ic | ( - usedns=0 - case "$daily_status_named_usedns" in - '') ;; - [yY][eE][sS]) usedns=1 ;; - esac - - while read line ;do - ipaddr=`echo "$line" | sed -e 's/^.*from //'` - if [ $usedns -eq 1 ]; then - name=`host "${ipaddr}" 2>/dev/null | \ - sed 's/.*domain name pointer \(.*\)\./\1/'` - fi - if [ -n "${name}" ]; then - echo "${line} (${name})" - else - echo "${line}" - fi - done ) | \ - tee /dev/stderr | wc -l) - [ $rc -gt 0 ] && rc=1 - ;; - - *) rc=0;; -esac - -exit $rc Index: etc/rc.d/Makefile =================================================================== --- etc/rc.d/Makefile (revision 257584) +++ etc/rc.d/Makefile (working copy) @@ -90,7 +90,6 @@ FILES= DAEMON \ mroute6d \ mrouted \ msgs \ - named \ natd \ netif \ netoptions \ Index: etc/rc.d/named =================================================================== --- etc/rc.d/named (revision 257584) +++ etc/rc.d/named (working copy) @@ -1,301 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: named -# REQUIRE: SERVERS FILESYSTEMS -# KEYWORD: shutdown - -. /etc/rc.subr - -name="named" -rcvar=named_enable - -extra_commands="reload" - -start_precmd="named_prestart" -start_postcmd="named_poststart" -reload_cmd="named_reload" -stop_cmd="named_stop" -stop_postcmd="named_poststop" - -# If running in a chroot cage, ensure that the appropriate files -# exist inside the cage, as well as helper symlinks into the cage -# from outside. -# -# As this is called after the is_running and required_dir checks -# are made in run_rc_command(), we can safely assume ${named_chrootdir} -# exists and named isn't running at this point (unless forcestart -# is used). -# -chroot_autoupdate() -{ - local file - - # Create (or update) the chroot directory structure - # - if [ -r /etc/mtree/BIND.chroot.dist ]; then - mtree -deU -f /etc/mtree/BIND.chroot.dist \ - -p ${named_chrootdir} - else - warn "/etc/mtree/BIND.chroot.dist missing," - warn "chroot directory structure not updated" - fi - - # Create (or update) the configuration directory symlink - # - if [ ! -L "${named_conf%/*}" ]; then - if [ -d "${named_conf%/*}" ]; then - warn "named chroot: ${named_conf%/*} is a directory!" - elif [ -e "${named_conf%/*}" ]; then - warn "named chroot: ${named_conf%/*} exists!" - else - ln -s ${named_confdir} ${named_conf%/*} - fi - else - # Make sure it points to the right place. - ln -shf ${named_confdir} ${named_conf%/*} - fi - - # Mount a devfs in the chroot directory if needed - # - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null - devfs_domount ${named_chrootdir}/dev devfsrules_hide_all - devfs -m ${named_chrootdir}/dev rule apply path null unhide - devfs -m ${named_chrootdir}/dev rule apply path random unhide - else - if [ -c ${named_chrootdir}/dev/null -a \ - -c ${named_chrootdir}/dev/random ]; then - info "named chroot: using pre-mounted devfs." - else - err 1 "named chroot: devfs cannot be mounted from" \ - "within a jail. Thus a chrooted named cannot" \ - "be run from within a jail." \ - "To run named without chrooting it, set" \ - "named_chrootdir=\"\" in /etc/rc.conf." - fi - fi - - # Copy and/or update key files to the chroot /etc - # - for file in localtime protocols services; do - if [ -r /etc/$file ]; then - cmp -s /etc/$file "${named_chrootdir}/etc/$file" || - cp -p /etc/$file "${named_chrootdir}/etc/$file" - fi - done -} - -# Make symlinks to the correct pid file -# -make_symlinks() -{ - checkyesno named_symlink_enable && - ln -fs "${named_chrootdir}${pidfile}" ${pidfile} -} - -named_poststart() { - make_symlinks - - if checkyesno named_wait; then - until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do - echo " Waiting for nameserver to resolve $named_wait_host" - sleep 1 - done - fi -} - -named_reload() -{ - ${command%/named}/rndc reload -} - -find_pidfile() -{ - if get_pidfile_from_conf pid-file $named_conf; then - pidfile="$_pidfile_from_conf" - else - pidfile="/var/run/named/pid" - fi -} - -named_stop() -{ - find_pidfile - - # This duplicates an undesirably large amount of code from the stop - # routine in rc.subr in order to use rndc to shut down the process, - # and to give it a second chance in case rndc fails. - rc_pid=$(check_pidfile $pidfile $command) - if [ -z "$rc_pid" ]; then - [ -n "$rc_fast" ] && return 0 - _run_rc_notrunning - return 1 - fi - echo 'Stopping named.' - if ${command%/named}/rndc stop 2>/dev/null; then - wait_for_pids $rc_pid - else - echo -n 'rndc failed, trying kill: ' - kill -TERM $rc_pid - wait_for_pids $rc_pid - fi -} - -named_poststop() -{ - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" - fi - fi -} - -create_file() { - if [ -e "$1" ]; then - unlink $1 - fi - > $1 - chown root:wheel $1 - chmod 644 $1 -} - -named_prestart() -{ - find_pidfile - - if [ -n "$named_pidfile" ]; then - warn 'named_pidfile: now determined from the conf file' - fi - - command_args="-u ${named_uid:=root}" - - if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then - case "$named_flags" in - -c*|*' -c'*) ;; # No need to add it - *) command_args="-c $named_conf $command_args" ;; - esac - fi - - local line nsip firstns - - # Is the user using a sandbox? - # - if [ -n "$named_chrootdir" ]; then - rc_flags="$rc_flags -t $named_chrootdir" - checkyesno named_chroot_autoupdate && chroot_autoupdate - else - named_symlink_enable=NO - fi - - # Create an rndc.key file for the user if none exists - # - confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \ - -c ${named_confdir}/rndc.key" - if [ -s "${named_confdir}/rndc.conf" ]; then - unset confgen_command - fi - if [ -s "${named_confdir}/rndc.key" ]; then - case `stat -f%Su ${named_confdir}/rndc.key` in - root|$named_uid) ;; - *) $confgen_command ;; - esac - else - $confgen_command - fi - - local checkconf - - checkconf="${command%/named}/named-checkconf" - if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then - checkconf="$checkconf -t $named_chrootdir" - fi - - # Create a forwarder configuration based on /etc/resolv.conf - if checkyesno named_auto_forward; then - if [ ! -s /etc/resolv.conf ]; then - warn "named_auto_forward enabled, but no /etc/resolv.conf" - - # Empty the file in case it is included in named.conf - [ -s "${named_confdir}/auto_forward.conf" ] && - create_file ${named_confdir}/auto_forward.conf - - $checkconf $named_conf || - err 3 'named-checkconf for $named_conf failed' - return - fi - - create_file /var/run/naf-resolv.conf - create_file /var/run/auto_forward.conf - - echo ' forwarders {' > /var/run/auto_forward.conf - - while read line; do - case "$line" in - 'nameserver '*|'nameserver '*) - nsip=${line##nameserver[ ]} - - if [ -z "$firstns" ]; then - if [ ! "$nsip" = '127.0.0.1' ]; then - echo 'nameserver 127.0.0.1' - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - - firstns=1 - else - [ "$nsip" = '127.0.0.1' ] && continue - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - ;; - esac - - echo $line - done < /etc/resolv.conf > /var/run/naf-resolv.conf - - echo ' };' >> /var/run/auto_forward.conf - echo '' >> /var/run/auto_forward.conf - if checkyesno named_auto_forward_only; then - echo " forward only;" >> /var/run/auto_forward.conf - else - echo " forward first;" >> /var/run/auto_forward.conf - fi - - if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then - unlink /var/run/naf-resolv.conf - else - [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf - mv /var/run/naf-resolv.conf /etc/resolv.conf - fi - - if cmp -s ${named_confdir}/auto_forward.conf \ - /var/run/auto_forward.conf; then - unlink /var/run/auto_forward.conf - else - [ -e "${named_confdir}/auto_forward.conf" ] && - unlink ${named_confdir}/auto_forward.conf - mv /var/run/auto_forward.conf \ - ${named_confdir}/auto_forward.conf - fi - else - # Empty the file in case it is included in named.conf - [ -s "${named_confdir}/auto_forward.conf" ] && - create_file ${named_confdir}/auto_forward.conf - fi - - $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed' -} - -load_rc_config $name - -# Updating the following variables requires that rc.conf be loaded first -# -required_dirs="$named_chrootdir" # if it is set, it must exist - -named_confdir="${named_chrootdir}${named_conf%/*}" - -run_rc_command "$1" Index: etc/rc.d/ntpdate =================================================================== --- etc/rc.d/ntpdate (revision 257584) +++ etc/rc.d/ntpdate (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: ntpdate -# REQUIRE: NETWORKING syslogd named +# REQUIRE: NETWORKING syslogd # KEYWORD: nojail . /etc/rc.subr Index: etc/rc.d/rpcbind =================================================================== --- etc/rc.d/rpcbind (revision 257584) +++ etc/rc.d/rpcbind (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: rpcbind -# REQUIRE: NETWORKING ntpdate syslogd named +# REQUIRE: NETWORKING ntpdate syslogd # KEYWORD: shutdown . /etc/rc.subr Index: etc/rc.d/syslogd =================================================================== --- etc/rc.d/syslogd (revision 257584) +++ etc/rc.d/syslogd (working copy) @@ -21,7 +21,6 @@ extra_commands="reload" sockfile="/var/run/syslogd.sockets" evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" -altlog_proglist="named" syslogd_precmd() { --tpZe61tYkA9f+p/0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131103220654.GU52889>