7 # REQUIRE: SERVERS cleanvar
15 command="/usr/sbin/named"
16 extra_commands="reload"
18 start_precmd="named_precmd"
19 start_postcmd="named_poststart"
20 reload_cmd="named_reload"
22 stop_postcmd="named_poststop"
24 # If running in a chroot cage, ensure that the appropriate files
25 # exist inside the cage, as well as helper symlinks into the cage
28 # As this is called after the is_running and required_dir checks
29 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
30 # exists and named isn't running at this point (unless forcestart
37 # Create (or update) the chroot directory structure
39 if [ -r /etc/mtree/BIND.chroot.dist ]; then
40 mtree -deU -f /etc/mtree/BIND.chroot.dist \
43 warn "/etc/mtree/BIND.chroot.dist missing,"
44 warn "chroot directory structure not updated"
47 # Create /etc/namedb symlink
49 if [ ! -L /etc/namedb ]; then
50 if [ -d /etc/namedb ]; then
51 warn "named chroot: /etc/namedb is a directory!"
52 elif [ -e /etc/namedb ]; then
53 warn "named chroot: /etc/namedb exists!"
55 ln -s ${named_chrootdir}/etc/namedb /etc/namedb
58 # Make sure it points to the right place.
59 ln -shf ${named_chrootdir}/etc/namedb /etc/namedb
62 # Mount a devfs in the chroot directory if needed
64 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
65 umount ${named_chrootdir}/dev 2>/dev/null
66 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
67 devfs -m ${named_chrootdir}/dev rule apply path null unhide
68 devfs -m ${named_chrootdir}/dev rule apply path random unhide
70 if [ -c ${named_chrootdir}/dev/null -a \
71 -c ${named_chrootdir}/dev/random ]; then
72 info "named chroot: using pre-mounted devfs."
74 err 1 "named chroot: devfs cannot be mounted from" \
75 "within a jail. Thus a chrooted named cannot" \
76 "be run from within a jail." \
77 "To run named without chrooting it, set" \
78 "named_chrootdir=\"\" in /etc/rc.conf."
82 # Copy and/or update key files to the chroot /etc
84 for file in localtime protocols services; do
85 if [ -r /etc/$file ]; then
86 cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
87 cp -p /etc/$file "${named_chrootdir}/etc/$file"
92 # Make symlinks to the correct pid file
96 checkyesno named_symlink_enable &&
97 ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
103 if checkyesno named_wait; then
104 until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
105 echo " Waiting for nameserver to resolve $named_wait_host"
113 ${command%/named}/rndc reload
118 # This duplicates an undesirably large amount of code from the stop
119 # routine in rc.subr in order to use rndc to shut down the process,
120 # and to give it a second chance in case rndc fails.
121 rc_pid=$(check_pidfile $pidfile $command)
122 if [ -z "$rc_pid" ]; then
123 [ -n "$rc_fast" ] && return 0
127 echo 'Stopping named.'
128 if ${command%/named}/rndc stop 2>/dev/null; then
129 wait_for_pids $rc_pid
131 echo -n 'rndc failed, trying kill: '
133 wait_for_pids $rc_pid
139 if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
140 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
141 umount ${named_chrootdir}/dev 2>/dev/null || true
143 warn "named chroot:" \
144 "cannot unmount devfs from inside jail!"
160 local line nsip firstns
162 # Is the user using a sandbox?
164 if [ -n "$named_chrootdir" ]; then
165 rc_flags="$rc_flags -t $named_chrootdir"
166 checkyesno named_chroot_autoupdate && chroot_autoupdate
168 named_symlink_enable=NO
171 # Create an rndc.key file for the user if none exists
173 if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
176 confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
177 -c ${named_chrootdir}/etc/namedb/rndc.key"
178 if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then
179 case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
181 *) $confgen_command ;;
187 # Create a forwarder configuration based on /etc/resolv.conf
188 if checkyesno named_auto_forward; then
189 if [ ! -s /etc/resolv.conf ]; then
190 warn "named_auto_forward enabled, but no /etc/resolv.conf"
192 # Empty the file in case it is included in named.conf
193 [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
194 create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
196 ${command%/named}/named-checkconf $named_conf ||
197 err 3 'named-checkconf for $named_conf failed'
201 create_file /var/run/naf-resolv.conf
202 create_file /var/run/auto_forward.conf
204 echo ' forwarders {' > /var/run/auto_forward.conf
208 'nameserver '*|'nameserver '*)
209 nsip=${line##nameserver[ ]}
211 if [ -z "$firstns" ]; then
212 if [ ! "$nsip" = '127.0.0.1' ]; then
213 echo 'nameserver 127.0.0.1'
214 echo " ${nsip};" >> /var/run/auto_forward.conf
219 [ "$nsip" = '127.0.0.1' ] && continue
220 echo " ${nsip};" >> /var/run/auto_forward.conf
226 done < /etc/resolv.conf > /var/run/naf-resolv.conf
228 echo ' };' >> /var/run/auto_forward.conf
229 echo '' >> /var/run/auto_forward.conf
230 if checkyesno named_auto_forward_only; then
231 echo " forward only;" >> /var/run/auto_forward.conf
233 echo " forward first;" >> /var/run/auto_forward.conf
236 if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
237 unlink /var/run/naf-resolv.conf
239 [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
240 mv /var/run/naf-resolv.conf /etc/resolv.conf
243 if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
244 /var/run/auto_forward.conf; then
245 unlink /var/run/auto_forward.conf
247 [ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
248 unlink ${named_chrootdir}/etc/namedb/auto_forward.conf
249 mv /var/run/auto_forward.conf \
250 ${named_chrootdir}/etc/namedb/auto_forward.conf
253 # Empty the file in case it is included in named.conf
254 [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
255 create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
258 ${command%/named}/named-checkconf $named_conf ||
259 err 3 'named-checkconf for $named_conf failed'
263 # Updating the following variables requires that rc.conf be loaded first
265 required_dirs="$named_chrootdir" # if it is set, it must exist
266 pidfile="${named_pidfile:-/var/run/named/pid}"
267 command_args="-u ${named_uid:=root}"