Author: dougb
Date: Sat May 16 20:55:28 2009
New Revision: 192215
URL: http://svn.freebsd.org/changeset/base/192215
Log:
1. New feature; option to have the script loop until a specified hostname
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.
Modified:
head/etc/defaults/rc.conf
head/etc/namedb/named.conf
head/etc/rc.d/named
head/share/man/man5/rc.conf.5
Modified: head/etc/defaults/rc.conf
==============================================================================
--- head/etc/defaults/rc.conf Sat May 16 20:51:28 2009 (r192214)
+++ head/etc/defaults/rc.conf Sat May 16 20:55:28 2009 (r192215)
@@ -247,6 +247,7 @@ inetd_flags="-wW -C 60" # Optional flag
#
named_enable="NO" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # Path to named, if you want a different one.
+named_conf="/etc/namedb/named.conf" # Path to the configuration file
#named_flags="-c /etc/namedb/named.conf" # Uncomment for named not in /usr/sbin
named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
named_uid="bind" # User to run named as
@@ -254,6 +255,10 @@ named_chrootdir="/var/named" # Chroot di
named_chroot_autoupdate="YES" # Automatically install/update chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable="YES" # Symlink the chrooted pid file
+named_wait="NO" # Wait for working name service before exiting
+named_wait_host="localhost" # Hostname to check if named_wait is enabled
+named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf
+named_auto_forward_only="NO" # Do "forward only" instead of "forward first"
#
# kerberos. Do not run the admin daemons on slave servers
Modified: head/etc/namedb/named.conf
==============================================================================
--- head/etc/namedb/named.conf Sat May 16 20:51:28 2009 (r192214)
+++ head/etc/namedb/named.conf Sat May 16 20:55:28 2009 (r192215)
@@ -31,12 +31,6 @@ options {
disable-empty-zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
-// In addition to the "forwarders" clause, you can force your name
-// server to never initiate queries of its own, but always ask its
-// forwarders only, by enabling the following line:
-//
-// forward only;
-
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
@@ -45,6 +39,20 @@ options {
127.0.0.1;
};
*/
+
+// If the 'forwarders' clause is not empty the default is to 'forward first'
+// which will fall back to sending a query from your local server if the name
+// servers in 'forwarders' do not have the answer. Alternatively you can
+// force your name server to never initiate queries of its own by enabling the
+// following line:
+// forward only;
+
+// If you wish to have forwarding configured automatically based on
+// the entries in /etc/resolv.conf, uncomment the following line and
+// set named_auto_forward=yes in /etc/rc.conf. You can also enable
+// named_auto_forward_only (the effect of which is described above).
+// include "/etc/namedb/auto_forward.conf";
+
/*
Modern versions of BIND use a random UDP port for each outgoing
query by default in order to dramatically reduce the possibility
Modified: head/etc/rc.d/named
==============================================================================
--- head/etc/rc.d/named Sat May 16 20:51:28 2009 (r192214)
+++ head/etc/rc.d/named Sat May 16 20:55:28 2009 (r192215)
@@ -16,7 +16,7 @@ command="/usr/sbin/named"
extra_commands="reload"
start_precmd="named_precmd"
-start_postcmd="make_symlinks"
+start_postcmd="named_poststart"
reload_cmd="named_reload"
stop_cmd="named_stop"
stop_postcmd="named_poststop"
@@ -97,6 +97,17 @@ make_symlinks()
ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
}
+named_poststart () {
+ make_symlinks
+
+ if checkyesno named_wait; then
+ until ${command%/sbin/named}/bin/host $named_wait_host
>/dev/null 2>&1; do
+ echo " Waiting for nameserver to resolve
$named_wait_host"
+ sleep 1
+ done
+ fi
+}
+
named_reload()
{
${command%/named}/rndc reload
@@ -135,8 +146,19 @@ named_poststop()
fi
}
+create_file () {
+ if [ -e "$1" ]; then
+ unlink $1
+ fi
+ > $1
+ chown root:wheel $1
+ chmod 644 $1
+}
+
named_precmd()
{
+ local line nsip firstns
+
# Is the user using a sandbox?
#
if [ -n "$named_chrootdir" ]; then
@@ -161,6 +183,80 @@ named_precmd()
else
$confgen_command
fi
+
+ # Create a forwarder configuration based on /etc/resolv.conf
+ if checkyesno named_auto_forward; then
+ if [ ! -s /etc/resolv.conf ]; then
+ warn "named_auto_forward enabled, but no
/etc/resolv.conf"
+
+ # Empty the file in case it is included in named.conf
+ [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf"
] &&
+ create_file
${named_chrootdir}/etc/namedb/auto_forward.conf
+
+ ${command%/named}/named-checkconf $named_conf ||
+ err 3 'named-checkconf for $named_conf failed'
+ return
+ fi
+
+ create_file /var/run/naf-resolv.conf
+ create_file /var/run/auto_forward.conf
+
+ echo ' forwarders {' > /var/run/auto_forward.conf
+
+ while read line; do
+ case "$line" in
+ 'nameserver '*|'nameserver '*)
+ nsip=${line##nameserver[ ]}
+
+ if [ -z "$firstns" ]; then
+ if [ ! "$nsip" = '127.0.0.1' ]; then
+ echo 'nameserver 127.0.0.1'
+ echo " ${nsip};" >>
/var/run/auto_forward.conf
+ fi
+
+ firstns=1
+ else
+ [ "$nsip" = '127.0.0.1' ] && continue
+ echo " ${nsip};" >>
/var/run/auto_forward.conf
+ fi
+ ;;
+ esac
+
+ echo $line
+ done < /etc/resolv.conf > /var/run/naf-resolv.conf
+
+ echo ' };' >> /var/run/auto_forward.conf
+ echo '' >> /var/run/auto_forward.conf
+ if checkyesno named_auto_forward_only; then
+ echo " forward only;" >> /var/run/auto_forward.conf
+ else
+ echo " forward first;" >> /var/run/auto_forward.conf
+ fi
+
+ if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
+ unlink /var/run/naf-resolv.conf
+ else
+ [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
+ mv /var/run/naf-resolv.conf /etc/resolv.conf
+ fi
+
+ if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
+ /var/run/auto_forward.conf; then
+ unlink /var/run/auto_forward.conf
+ else
+ [ -e "${named_chrootdir}/etc/namedb/auto_forward.conf"
] &&
+ unlink
${named_chrootdir}/etc/namedb/auto_forward.conf
+ mv /var/run/auto_forward.conf \
+ ${named_chrootdir}/etc/namedb/auto_forward.conf
+ fi
+ else
+ # Empty the file in case it is included in named.conf
+ [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
+ create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
+ fi
+
+ ${command%/named}/named-checkconf $named_conf ||
+ err 3 'named-checkconf for $named_conf failed'
}
load_rc_config $name
Modified: head/share/man/man5/rc.conf.5
==============================================================================
--- head/share/man/man5/rc.conf.5 Sat May 16 20:51:28 2009
(r192214)
+++ head/share/man/man5/rc.conf.5 Sat May 16 20:55:28 2009
(r192215)
@@ -1631,6 +1631,12 @@ Path to
.Xr named 8
(default
.Pa /usr/sbin/named ) .
+.It Va named_conf
+.Pq Vt str
+Path to
+.Xr named 8
+configuration file, (default
+.Pa /etc/namedb/named.conf ) .
.It Va named_flags
.Pq Vt str
If
@@ -1678,6 +1684,26 @@ daemon's PID file
into the
.Xr chroot 8
environment.
+.It Va named_wait
+.Pq Vt bool
+Set to have
+.Pa /etc/rc.d/named
+loop until working name service is established.
+.It Va named_wait_host
+.Pq Vt str
+Name of host to lookup for the named_wait option.
+(Default localhost)
+.It Va named_auto_forward
+.Pq Vt bool
+Set to enable automatic creation of a forwarder
+configuration file derived from
+.Pa /etc/resolv.conf .
+.It Va named_auto_forward_only
+.Pq Vt bool
+Set to change the default forwarder configuration from
+.Dq forward first
+to
+.Dq forward only .
.It Va kerberos5_server_enable
.Pq Vt bool
Set to
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
