diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index f1c37999727d..71b88a1b9362 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -247,6 +247,7 @@ inetd_flags="-wW -C 60" # Optional flags to inetd # named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # Path to named, if you want a different one. +named_conf="/etc/namedb/named.conf" # Path to the configuration file #named_flags="-c /etc/namedb/named.conf" # Uncomment for named not in /usr/sbin named_pidfile="/var/run/named/pid" # Must set this in named.conf as well named_uid="bind" # User to run named as @@ -254,6 +255,10 @@ named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) named_chroot_autoupdate="YES" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable="YES" # Symlink the chrooted pid file +named_wait="NO" # Wait for working name service before exiting +named_wait_host="localhost" # Hostname to check if named_wait is enabled +named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf +named_auto_forward_only="NO" # Do "forward only" instead of "forward first" # # kerberos. Do not run the admin daemons on slave servers diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index dd2d115db0be..c9b09cba7ce6 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -31,12 +31,6 @@ options { disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; -// In addition to the "forwarders" clause, you can force your name -// server to never initiate queries of its own, but always ask its -// forwarders only, by enabling the following line: -// -// forward only; - // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. @@ -45,6 +39,20 @@ options { 127.0.0.1; }; */ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "/etc/namedb/auto_forward.conf"; + /* Modern versions of BIND use a random UDP port for each outgoing query by default in order to dramatically reduce the possibility diff --git a/etc/rc.d/named b/etc/rc.d/named index e90fd13de8dd..65a13a54eb91 100755 --- a/etc/rc.d/named +++ b/etc/rc.d/named @@ -16,7 +16,7 @@ command="/usr/sbin/named" extra_commands="reload" start_precmd="named_precmd" -start_postcmd="make_symlinks" +start_postcmd="named_poststart" reload_cmd="named_reload" stop_cmd="named_stop" stop_postcmd="named_poststop" @@ -97,6 +97,17 @@ make_symlinks() ln -fs "${named_chrootdir}${pidfile}" ${pidfile} } +named_poststart () { + make_symlinks + + if checkyesno named_wait; then + until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do + echo " Waiting for nameserver to resolve $named_wait_host" + sleep 1 + done + fi +} + named_reload() { ${command%/named}/rndc reload @@ -135,8 +146,19 @@ named_poststop() fi } +create_file () { + if [ -e "$1" ]; then + unlink $1 + fi + > $1 + chown root:wheel $1 + chmod 644 $1 +} + named_precmd() { + local line nsip firstns + # Is the user using a sandbox? # if [ -n "$named_chrootdir" ]; then @@ -161,6 +183,80 @@ named_precmd() else $confgen_command fi + + # Create a forwarder configuration based on /etc/resolv.conf + if checkyesno named_auto_forward; then + if [ ! -s /etc/resolv.conf ]; then + warn "named_auto_forward enabled, but no /etc/resolv.conf" + + # Empty the file in case it is included in named.conf + [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] && + create_file ${named_chrootdir}/etc/namedb/auto_forward.conf + + ${command%/named}/named-checkconf $named_conf || + err 3 'named-checkconf for $named_conf failed' + return + fi + + create_file /var/run/naf-resolv.conf + create_file /var/run/auto_forward.conf + + echo ' forwarders {' > /var/run/auto_forward.conf + + while read line; do + case "$line" in + 'nameserver '*|'nameserver '*) + nsip=${line##nameserver[ ]} + + if [ -z "$firstns" ]; then + if [ ! "$nsip" = '127.0.0.1' ]; then + echo 'nameserver 127.0.0.1' + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + + firstns=1 + else + [ "$nsip" = '127.0.0.1' ] && continue + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + ;; + esac + + echo $line + done < /etc/resolv.conf > /var/run/naf-resolv.conf + + echo ' };' >> /var/run/auto_forward.conf + echo '' >> /var/run/auto_forward.conf + if checkyesno named_auto_forward_only; then + echo " forward only;" >> /var/run/auto_forward.conf + else + echo " forward first;" >> /var/run/auto_forward.conf + fi + + if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then + unlink /var/run/naf-resolv.conf + else + [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf + mv /var/run/naf-resolv.conf /etc/resolv.conf + fi + + if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \ + /var/run/auto_forward.conf; then + unlink /var/run/auto_forward.conf + else + [ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] && + unlink ${named_chrootdir}/etc/namedb/auto_forward.conf + mv /var/run/auto_forward.conf \ + ${named_chrootdir}/etc/namedb/auto_forward.conf + fi + else + # Empty the file in case it is included in named.conf + [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] && + create_file ${named_chrootdir}/etc/namedb/auto_forward.conf + fi + + ${command%/named}/named-checkconf $named_conf || + err 3 'named-checkconf for $named_conf failed' } load_rc_config $name diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 83460713a230..3075a4e70838 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -1631,6 +1631,12 @@ Path to .Xr named 8 (default .Pa /usr/sbin/named ) . +.It Va named_conf +.Pq Vt str +Path to +.Xr named 8 +configuration file, (default +.Pa /etc/namedb/named.conf ) . .It Va named_flags .Pq Vt str If @@ -1678,6 +1684,26 @@ daemon's PID file into the .Xr chroot 8 environment. +.It Va named_wait +.Pq Vt bool +Set to have +.Pa /etc/rc.d/named +loop until working name service is established. +.It Va named_wait_host +.Pq Vt str +Name of host to lookup for the named_wait option. +(Default localhost) +.It Va named_auto_forward +.Pq Vt bool +Set to enable automatic creation of a forwarder +configuration file derived from +.Pa /etc/resolv.conf . +.It Va named_auto_forward_only +.Pq Vt bool +Set to change the default forwarder configuration from +.Dq forward first +to +.Dq forward only . .It Va kerberos5_server_enable .Pq Vt bool Set to