7 # REQUIRE: SERVERS FILESYSTEMS
15 extra_commands="reload"
17 start_precmd="named_prestart"
18 start_postcmd="named_poststart"
19 reload_cmd="named_reload"
21 stop_postcmd="named_poststop"
23 # If running in a chroot cage, ensure that the appropriate files
24 # exist inside the cage, as well as helper symlinks into the cage
27 # As this is called after the is_running and required_dir checks
28 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
29 # exists and named isn't running at this point (unless forcestart
36 # Create (or update) the chroot directory structure
38 if [ -r /etc/mtree/BIND.chroot.dist ]; then
39 mtree -deU -f /etc/mtree/BIND.chroot.dist \
42 warn "/etc/mtree/BIND.chroot.dist missing,"
43 warn "chroot directory structure not updated"
46 # Create (or update) the configuration directory symlink
48 if [ ! -L "${named_conf%/*}" ]; then
49 if [ -d "${named_conf%/*}" ]; then
50 warn "named chroot: ${named_conf%/*} is a directory!"
51 elif [ -e "${named_conf%/*}" ]; then
52 warn "named chroot: ${named_conf%/*} exists!"
54 ln -s ${named_confdir} ${named_conf%/*}
57 # Make sure it points to the right place.
58 ln -shf ${named_confdir} ${named_conf%/*}
61 # Mount a devfs in the chroot directory if needed
63 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
64 umount ${named_chrootdir}/dev 2>/dev/null
65 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
66 devfs -m ${named_chrootdir}/dev rule apply path null unhide
67 devfs -m ${named_chrootdir}/dev rule apply path random unhide
69 if [ -c ${named_chrootdir}/dev/null -a \
70 -c ${named_chrootdir}/dev/random ]; then
71 info "named chroot: using pre-mounted devfs."
73 err 1 "named chroot: devfs cannot be mounted from" \
74 "within a jail. Thus a chrooted named cannot" \
75 "be run from within a jail." \
76 "To run named without chrooting it, set" \
77 "named_chrootdir=\"\" in /etc/rc.conf."
81 # Copy and/or update key files to the chroot /etc
83 for file in localtime protocols services; do
84 if [ -r /etc/$file ]; then
85 cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
86 cp -p /etc/$file "${named_chrootdir}/etc/$file"
91 # Make symlinks to the correct pid file
95 checkyesno named_symlink_enable &&
96 ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
102 if checkyesno named_wait; then
103 until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
104 echo " Waiting for nameserver to resolve $named_wait_host"
112 ${command%/named}/rndc reload
117 if get_pidfile_from_conf pid-file $named_conf; then
118 pidfile="$_pidfile_from_conf"
120 pidfile="/var/run/named/pid"
128 # This duplicates an undesirably large amount of code from the stop
129 # routine in rc.subr in order to use rndc to shut down the process,
130 # and to give it a second chance in case rndc fails.
131 rc_pid=$(check_pidfile $pidfile $command)
132 if [ -z "$rc_pid" ]; then
133 [ -n "$rc_fast" ] && return 0
137 echo 'Stopping named.'
138 if ${command%/named}/rndc stop 2>/dev/null; then
139 wait_for_pids $rc_pid
141 echo -n 'rndc failed, trying kill: '
143 wait_for_pids $rc_pid
149 if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
150 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
151 umount ${named_chrootdir}/dev 2>/dev/null || true
153 warn "named chroot:" \
154 "cannot unmount devfs from inside jail!"
172 if [ -n "$named_pidfile" ]; then
173 warn 'named_pidfile: now determined from the conf file'
176 command_args="-u ${named_uid:=root}"
178 if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
179 case "$named_flags" in
180 -c*|*' -c'*) ;; # No need to add it
181 *) command_args="-c $named_conf $command_args" ;;
185 local line nsip firstns
187 # Is the user using a sandbox?
189 if [ -n "$named_chrootdir" ]; then
190 rc_flags="$rc_flags -t $named_chrootdir"
191 checkyesno named_chroot_autoupdate && chroot_autoupdate
193 named_symlink_enable=NO
196 # Create an rndc.key file for the user if none exists
198 confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
199 -c ${named_confdir}/rndc.key"
200 if [ -s "${named_confdir}/rndc.conf" ]; then
201 unset confgen_command
203 if [ -s "${named_confdir}/rndc.key" ]; then
204 case `stat -f%Su ${named_confdir}/rndc.key` in
206 *) $confgen_command ;;
214 checkconf="${command%/named}/named-checkconf"
215 if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then
216 checkconf="$checkconf -t $named_chrootdir"
219 # Create a forwarder configuration based on /etc/resolv.conf
220 if checkyesno named_auto_forward; then
221 if [ ! -s /etc/resolv.conf ]; then
222 warn "named_auto_forward enabled, but no /etc/resolv.conf"
224 # Empty the file in case it is included in named.conf
225 [ -s "${named_confdir}/auto_forward.conf" ] &&
226 create_file ${named_confdir}/auto_forward.conf
228 $checkconf $named_conf ||
229 err 3 'named-checkconf for $named_conf failed'
233 create_file /var/run/naf-resolv.conf
234 create_file /var/run/auto_forward.conf
236 echo ' forwarders {' > /var/run/auto_forward.conf
240 'nameserver '*|'nameserver '*)
241 nsip=${line##nameserver[ ]}
243 if [ -z "$firstns" ]; then
244 if [ ! "$nsip" = '127.0.0.1' ]; then
245 echo 'nameserver 127.0.0.1'
246 echo " ${nsip};" >> /var/run/auto_forward.conf
251 [ "$nsip" = '127.0.0.1' ] && continue
252 echo " ${nsip};" >> /var/run/auto_forward.conf
258 done < /etc/resolv.conf > /var/run/naf-resolv.conf
260 echo ' };' >> /var/run/auto_forward.conf
261 echo '' >> /var/run/auto_forward.conf
262 if checkyesno named_auto_forward_only; then
263 echo " forward only;" >> /var/run/auto_forward.conf
265 echo " forward first;" >> /var/run/auto_forward.conf
268 if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
269 unlink /var/run/naf-resolv.conf
271 [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
272 mv /var/run/naf-resolv.conf /etc/resolv.conf
275 if cmp -s ${named_confdir}/auto_forward.conf \
276 /var/run/auto_forward.conf; then
277 unlink /var/run/auto_forward.conf
279 [ -e "${named_confdir}/auto_forward.conf" ] &&
280 unlink ${named_confdir}/auto_forward.conf
281 mv /var/run/auto_forward.conf \
282 ${named_confdir}/auto_forward.conf
285 # Empty the file in case it is included in named.conf
286 [ -s "${named_confdir}/auto_forward.conf" ] &&
287 create_file ${named_confdir}/auto_forward.conf
290 $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
295 # Updating the following variables requires that rc.conf be loaded first
297 required_dirs="$named_chrootdir" # if it is set, it must exist
299 named_confdir="${named_chrootdir}${named_conf%/*}"