7 # REQUIRE: SERVERS cleanvar
15 extra_commands="reload"
17 start_precmd="named_prestart"
18 start_postcmd="named_poststart"
19 reload_cmd="named_reload"
21 stop_postcmd="named_poststop"
23 # If running in a chroot cage, ensure that the appropriate files
24 # exist inside the cage, as well as helper symlinks into the cage
27 # As this is called after the is_running and required_dir checks
28 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
29 # exists and named isn't running at this point (unless forcestart
36 # Create (or update) the chroot directory structure
38 if [ -r /etc/mtree/BIND.chroot.dist ]; then
39 mtree -deU -f /etc/mtree/BIND.chroot.dist \
42 warn "/etc/mtree/BIND.chroot.dist missing,"
43 warn "chroot directory structure not updated"
46 # Create /etc/namedb symlink
48 if [ ! -L /etc/namedb ]; then
49 if [ -d /etc/namedb ]; then
50 warn "named chroot: /etc/namedb is a directory!"
51 elif [ -e /etc/namedb ]; then
52 warn "named chroot: /etc/namedb exists!"
54 ln -s ${named_chrootdir}/etc/namedb /etc/namedb
57 # Make sure it points to the right place.
58 ln -shf ${named_chrootdir}/etc/namedb /etc/namedb
61 # Mount a devfs in the chroot directory if needed
63 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
64 umount ${named_chrootdir}/dev 2>/dev/null
65 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
66 devfs -m ${named_chrootdir}/dev rule apply path null unhide
67 devfs -m ${named_chrootdir}/dev rule apply path random unhide
69 if [ -c ${named_chrootdir}/dev/null -a \
70 -c ${named_chrootdir}/dev/random ]; then
71 info "named chroot: using pre-mounted devfs."
73 err 1 "named chroot: devfs cannot be mounted from" \
74 "within a jail. Thus a chrooted named cannot" \
75 "be run from within a jail." \
76 "To run named without chrooting it, set" \
77 "named_chrootdir=\"\" in /etc/rc.conf."
81 # Copy and/or update key files to the chroot /etc
83 for file in localtime protocols services; do
84 if [ -r /etc/$file ]; then
85 cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
86 cp -p /etc/$file "${named_chrootdir}/etc/$file"
91 # Make symlinks to the correct pid file
95 checkyesno named_symlink_enable &&
96 ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
102 if checkyesno named_wait; then
103 until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
104 echo " Waiting for nameserver to resolve $named_wait_host"
112 ${command%/named}/rndc reload
117 # This duplicates an undesirably large amount of code from the stop
118 # routine in rc.subr in order to use rndc to shut down the process,
119 # and to give it a second chance in case rndc fails.
120 rc_pid=$(check_pidfile $pidfile $command)
121 if [ -z "$rc_pid" ]; then
122 [ -n "$rc_fast" ] && return 0
126 echo 'Stopping named.'
127 if ${command%/named}/rndc stop 2>/dev/null; then
128 wait_for_pids $rc_pid
130 echo -n 'rndc failed, trying kill: '
132 wait_for_pids $rc_pid
138 if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
139 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
140 umount ${named_chrootdir}/dev 2>/dev/null || true
142 warn "named chroot:" \
143 "cannot unmount devfs from inside jail!"
159 command_args="-u ${named_uid:=root}"
161 if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
162 case "$named_flags" in
163 -c*|*' -c'*) ;; # No need to add it
164 *) command_args="-c $named_conf $command_args" ;;
168 local line nsip firstns
170 # Is the user using a sandbox?
172 if [ -n "$named_chrootdir" ]; then
173 rc_flags="$rc_flags -t $named_chrootdir"
174 checkyesno named_chroot_autoupdate && chroot_autoupdate
176 named_symlink_enable=NO
179 # Create an rndc.key file for the user if none exists
181 confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
182 -c ${named_chrootdir}/etc/namedb/rndc.key"
183 if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
184 unset confgen_command
186 if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then
187 case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
189 *) $confgen_command ;;
195 # Create a forwarder configuration based on /etc/resolv.conf
196 if checkyesno named_auto_forward; then
197 if [ ! -s /etc/resolv.conf ]; then
198 warn "named_auto_forward enabled, but no /etc/resolv.conf"
200 # Empty the file in case it is included in named.conf
201 [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
202 create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
204 ${command%/named}/named-checkconf $named_conf ||
205 err 3 'named-checkconf for $named_conf failed'
209 create_file /var/run/naf-resolv.conf
210 create_file /var/run/auto_forward.conf
212 echo ' forwarders {' > /var/run/auto_forward.conf
216 'nameserver '*|'nameserver '*)
217 nsip=${line##nameserver[ ]}
219 if [ -z "$firstns" ]; then
220 if [ ! "$nsip" = '127.0.0.1' ]; then
221 echo 'nameserver 127.0.0.1'
222 echo " ${nsip};" >> /var/run/auto_forward.conf
227 [ "$nsip" = '127.0.0.1' ] && continue
228 echo " ${nsip};" >> /var/run/auto_forward.conf
234 done < /etc/resolv.conf > /var/run/naf-resolv.conf
236 echo ' };' >> /var/run/auto_forward.conf
237 echo '' >> /var/run/auto_forward.conf
238 if checkyesno named_auto_forward_only; then
239 echo " forward only;" >> /var/run/auto_forward.conf
241 echo " forward first;" >> /var/run/auto_forward.conf
244 if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
245 unlink /var/run/naf-resolv.conf
247 [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
248 mv /var/run/naf-resolv.conf /etc/resolv.conf
251 if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
252 /var/run/auto_forward.conf; then
253 unlink /var/run/auto_forward.conf
255 [ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
256 unlink ${named_chrootdir}/etc/namedb/auto_forward.conf
257 mv /var/run/auto_forward.conf \
258 ${named_chrootdir}/etc/namedb/auto_forward.conf
261 # Empty the file in case it is included in named.conf
262 [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
263 create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
266 ${command%/named}/named-checkconf $named_conf ||
267 err 3 'named-checkconf for $named_conf failed'
272 # Updating the following variables requires that rc.conf be loaded first
274 required_dirs="$named_chrootdir" # if it is set, it must exist
275 required_files="${named_conf:=/etc/namedb/named.conf}"
276 pidfile="${named_pidfile:-/var/run/named/pid}"