7 # REQUIRE: SERVERS cleanvar
15 command="/usr/sbin/named"
16 extra_commands="reload"
18 start_precmd="named_precmd"
19 start_postcmd="make_symlinks"
20 reload_cmd="named_reload"
22 stop_postcmd="named_poststop"
24 # If running in a chroot cage, ensure that the appropriate files
25 # exist inside the cage, as well as helper symlinks into the cage
28 # As this is called after the is_running and required_dir checks
29 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
30 # exists and named isn't running at this point (unless forcestart
37 # Create (or update) the chroot directory structure
39 if [ -r /etc/mtree/BIND.chroot.dist ]; then
40 mtree -deU -f /etc/mtree/BIND.chroot.dist \
43 warn "/etc/mtree/BIND.chroot.dist missing,"
44 warn "chroot directory structure not updated"
47 # Create /etc/namedb symlink
49 if [ ! -L /etc/namedb ]; then
50 if [ -d /etc/namedb ]; then
51 warn "named chroot: /etc/namedb is a directory!"
52 elif [ -e /etc/namedb ]; then
53 warn "named chroot: /etc/namedb exists!"
55 ln -s ${named_chrootdir}/etc/namedb /etc/namedb
58 # Make sure it points to the right place.
59 ln -shf ${named_chrootdir}/etc/namedb /etc/namedb
62 # Mount a devfs in the chroot directory if needed
64 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
65 umount ${named_chrootdir}/dev 2>/dev/null
66 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
67 devfs -m ${named_chrootdir}/dev rule apply path null unhide
68 devfs -m ${named_chrootdir}/dev rule apply path random unhide
70 if [ -c ${named_chrootdir}/dev/null -a \
71 -c ${named_chrootdir}/dev/random ]; then
72 info "named chroot: using pre-mounted devfs."
74 err 1 "named chroot: devfs cannot be mounted from" \
75 "within a jail. Thus a chrooted named cannot" \
76 "be run from within a jail." \
77 "To run named without chrooting it, set" \
78 "named_chrootdir=\"\" in /etc/rc.conf."
82 # Copy and/or update key files to the chroot /etc
84 for file in localtime protocols services; do
85 if [ -r /etc/$file ]; then
86 cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
87 cp -p /etc/$file "${named_chrootdir}/etc/$file"
92 # Make symlinks to the correct pid file
96 checkyesno named_symlink_enable &&
97 ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
102 ${command%/named}/rndc reload
107 # This duplicates an undesirably large amount of code from the stop
108 # routine in rc.subr in order to use rndc to shut down the process,
109 # and to give it a second chance in case rndc fails.
110 rc_pid=$(check_pidfile $pidfile $command)
111 if [ -z "$rc_pid" ]; then
112 [ -n "$rc_fast" ] && return 0
116 echo 'Stopping named.'
117 if ${command%/named}/rndc stop 2>/dev/null; then
118 wait_for_pids $rc_pid
120 echo -n 'rndc failed, trying kill: '
122 wait_for_pids $rc_pid
128 if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
129 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
130 umount ${named_chrootdir}/dev 2>/dev/null || true
132 warn "named chroot:" \
133 "cannot unmount devfs from inside jail!"
140 # Is the user using a sandbox?
142 if [ -n "$named_chrootdir" ]; then
143 rc_flags="$rc_flags -t $named_chrootdir"
144 checkyesno named_chroot_autoupdate && chroot_autoupdate
146 named_symlink_enable=NO
149 # Create an rndc.key file for the user if none exists
151 if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
154 confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
155 -c ${named_chrootdir}/etc/namedb/rndc.key"
156 if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then
157 case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
159 *) $confgen_command ;;
167 # Updating the following variables requires that rc.conf be loaded first
169 required_dirs="$named_chrootdir" # if it is set, it must exist
170 pidfile="${named_pidfile:-/var/run/named/pid}"
171 command_args="-u ${named_uid:=root}"