[net-dns/bind] sync with tree, hopefully not breaking anything

This commit is contained in:
Robert Förster 2024-09-02 16:47:24 +02:00
parent 6d4b7f8bba
commit 9a851e23bd
7 changed files with 486 additions and 71 deletions

View File

@ -1,3 +1,2 @@
DIST bind-9.18.27.tar.xz 5524000 BLAKE2B 720b1677606c27768af7799f4a36cebcbebea2f4ddf42421bc9cba29d48b8f3bc9616c691c1b7e1897635984d01099ea40c1c7346908aa3652b1347794139e25 SHA512 d0c89821fef38e531d65b465adeb5946589775e6a4d5e2068e969f1106c961d3b202af19247b9e20f9fbde645be10d610478edf89ed0d83b39d38fb4353c693a DIST bind-9.18.29.tar.xz 5562720 BLAKE2B f3e7de6936362bcce4993e401ed8fdd9d597459e82ad908a918fff1da619f91ef4896595ea210b43f2b492d763d7be2b71105495858da55431b60874c7fd2312 SHA512 6c2676e2e2cb90f3bd73afb367813c54d1c961e12df1e12e41b9d0ee5a1d5cdf368d81410469753eaef37e43358b56796f078f3b2f20c3b247c4bef91d56c716
DIST bind-9.18.27.tar.xz.asc 833 BLAKE2B 8621991724e19b0b987cf82c8d6bbf31ef2440c9e133d06925c982f60d69587770dc4560c34050243da0bbe59d8180bdc910ca661cec9a0cd11d525ef4110fa2 SHA512 0da73d14dd8db8e55fcfe47e597fe242f7889b64e3cb383e24f90bed95b13cf38771cf7513bf621e308e5a6d10d83ae333ddd09f266fa7b1bd031192ec698404 DIST bind-9.18.29.tar.xz.asc 833 BLAKE2B afb127b5431f5e05eb1849335a692bf3a072bfc6182a8052316728a11f2f63f9f3c67a820a1d75f8d4cf3fe50e142f286f06f5392378bb64854402d3496061aa SHA512 6612c7151c4c1736e0237b8219cefbafbc1dcd4b04ad9b12b99cba703e6debde90d2f9838dd1465a47b9a002a598d9b8f3221dfe1a3bdc41436a92e6d06db472
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac

View File

@ -3,73 +3,61 @@
EAPI=8 EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/isc.asc VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/isc.asc
inherit python-any-r1 systemd tmpfiles verify-sig inherit multiprocessing systemd tmpfiles verify-sig
MY_PV="${PV/_p/-P}" MY_PV="${PV/_p/-P}"
MY_PV="${MY_PV/_rc/rc}" MY_PV="${MY_PV/_rc/rc}"
MY_P="${PN}-${MY_PV}"
RRL_PV="${MY_PV}"
DESCRIPTION="Berkeley Internet Name Domain - Name Server" DESCRIPTION="Berkeley Internet Name Domain - Name Server"
HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9" HOMEPAGE="https://www.isc.org/software/bind"
SRC_URI=" SRC_URI="
https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
doc? ( mirror://gentoo/dyndns-samples.tbz2 )
verify-sig? ( https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz.asc ) verify-sig? ( https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz.asc )
" "
S="${WORKDIR}/${MY_P}" S="${WORKDIR}/${PN}-${MY_PV}"
LICENSE="MPL-2.0" LICENSE="MPL-2.0"
SLOT="0" SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn geoip gssapi lmdb selinux static-libs test xml" IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn +jemalloc geoip gssapi lmdb selinux static-libs test xml"
RESTRICT="!test? ( test )"
# libuv lower bound should be the highest value seen at
# https://gitlab.isc.org/isc-projects/bind9/-/blob/bind-9.18/lib/isc/netmgr/netmgr.c?ref_type=heads#L203
# to avoid issues with matching stable/testing, etc
DEPEND=" DEPEND="
acct-group/named acct-group/named
acct-user/named acct-user/named
dev-libs/jemalloc
dev-libs/json-c:= dev-libs/json-c:=
>=dev-libs/libuv-1.42.0:= >=dev-libs/libuv-1.37.0:=
sys-libs/zlib sys-libs/zlib:=
dev-libs/openssl:=[-bindist(-)] dev-libs/openssl:=[-bindist(-)]
caps? ( >=sys-libs/libcap-2.1.0 ) caps? ( >=sys-libs/libcap-2.1.0 )
dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) dnstap? (
doh? ( net-libs/nghttp2 ) dev-libs/fstrm
dev-libs/protobuf-c
)
doh? ( net-libs/nghttp2:= )
geoip? ( dev-libs/libmaxminddb ) geoip? ( dev-libs/libmaxminddb )
gssapi? ( virtual/krb5 ) gssapi? ( virtual/krb5 )
idn? ( net-dns/libidn2 ) idn? ( net-dns/libidn2 )
jemalloc? ( dev-libs/jemalloc:= )
lmdb? ( dev-db/lmdb ) lmdb? ( dev-db/lmdb )
xml? ( dev-libs/libxml2 ) xml? ( dev-libs/libxml2 )
" "
RDEPEND="
# optionally for testing dnssec ${DEPEND}
# dev-python/dnspython[dnssec]
BDEPEND="
test? (
${PYTHON_DEPS}
dev-python/pytest
dev-python/requests
dev-python/requests-toolbelt
dev-python/dnspython
dev-perl/Net-DNS-SEC
dev-util/cmocka
)
"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-bind ) selinux? ( sec-policy/selinux-bind )
sys-process/psmisc sys-process/psmisc
!net-dns/bind-tools !<net-dns/bind-tools-9.18.0
"
# sphinx required for man-page and html creation
BDEPEND="
virtual/pkgconfig
doc? ( dev-python/sphinx )
test? (
dev-util/cmocka
dev-util/kyua
)
" "
RESTRICT="!test? ( test )"
src_configure() { src_configure() {
local myeconfargs=( local myeconfargs=(
@ -79,7 +67,6 @@ src_configure() {
--enable-full-report --enable-full-report
--without-readline --without-readline
--with-openssl="${ESYSROOT}"/usr --with-openssl="${ESYSROOT}"/usr
--with-jemalloc
--with-json-c --with-json-c
--with-zlib --with-zlib
$(use_enable caps linux-caps) $(use_enable caps linux-caps)
@ -93,25 +80,18 @@ src_configure() {
$(use_with geoip maxminddb) $(use_with geoip maxminddb)
$(use_with gssapi) $(use_with gssapi)
$(use_with idn libidn2) $(use_with idn libidn2)
$(use_with jemalloc)
$(use_with lmdb) $(use_with lmdb)
$(use_with xml libxml2) $(use_with xml libxml2)
"${@}"
) )
econf "${myeconfargs[@]}" econf "${myeconfargs[@]}"
} }
src_test() { src_test() {
# "${WORKDIR}/${P}"/bin/tests/system/README # system tests ('emake test') require network configuration for IPs etc
# as root: # so we run the unit tests instead.
# sh bin/tests/system/ifconfig.sh up TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit
# as portage:
# make check
# as root:
# sh bin/tests/system/ifconfig.sh down
# just run the tests that dont mock around with IP addresses
emake -C tests/ check
} }
src_install() { src_install() {
@ -134,7 +114,8 @@ src_install() {
fi fi
insinto /etc/bind insinto /etc/bind
newins "${FILESDIR}"/named.conf-r9 named.conf newins "${FILESDIR}"/named.conf-r8 named.conf
newins "${FILESDIR}"/named.conf.auth named.conf.auth
newins "${FILESDIR}"/redhat/named.rfc1912.zones named.rfc1912.zones.conf newins "${FILESDIR}"/redhat/named.rfc1912.zones named.rfc1912.zones.conf
insinto /var/bind/pri insinto /var/bind/pri
@ -145,16 +126,18 @@ src_install() {
newenvd "${FILESDIR}"/10bind.env 10bind newenvd "${FILESDIR}"/10bind.env 10bind
use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete if ! use static-libs ; then
find "${ED}"/usr/lib* -name '*.la' -delete || die
fi
dosym ../../var/bind/pri /etc/bind/pri dosym -r /var/bind/pri /etc/bind/pri
dosym ../../var/bind/sec /etc/bind/sec dosym -r /var/bind/sec /etc/bind/sec
dosym ../../var/bind/dyn /etc/bind/dyn dosym -r /var/bind/dyn /etc/bind/dyn
keepdir /var/bind/{pri,sec,dyn} /var/log/named keepdir /var/bind/{pri,sec,dyn} /var/log/named
fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
fowners root:named /var/bind/pri/named.{empty,localhost,loopback} /etc/bind/{bind.keys,named.conf,named.rfc1912.zones.conf} fowners root:named /var/bind/pri/named.{empty,localhost,loopback} /etc/bind/{bind.keys,named.conf.auth,named.rfc1912.zones.conf}
fperms 0640 /var/bind/pri/named.{empty,localhost,loopback} /etc/bind/{bind.keys,named.conf,named.rfc1912.zones.conf} fperms 0640 /var/bind/pri/named.{empty,localhost,loopback} /etc/bind/{bind.keys,named.conf.auth,named.rfc1912.zones.conf}
fperms 0750 /etc/bind /var/bind/pri fperms 0750 /etc/bind /var/bind/pri
fperms 0770 /var/log/named /var/bind/{,sec,dyn} fperms 0770 /var/log/named /var/bind/{,sec,dyn}
@ -173,4 +156,97 @@ pkg_postinst() {
chown root:named /etc/bind/rndc.key || die chown root:named /etc/bind/rndc.key || die
chmod 0640 /etc/bind/rndc.key || die chmod 0640 /etc/bind/rndc.key || die
fi fi
einfo
einfo "You can edit /etc/conf.d/named to customize named settings"
einfo
einfo "If you'd like to run bind in a chroot AND this is a new"
einfo "install OR your bind doesn't already run in a chroot:"
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
einfo
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
if [[ -n ${CHROOT} ]]; then
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
elog "To enable the old behaviour (without using mount) uncomment the"
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
elog "If you decide to use the new/default method, ensure to make backup"
elog "first and merge your existing configs/zones to /etc/bind and"
elog "/var/bind because bind will now mount the needed directories into"
elog "the chroot dir."
fi
# show only when upgrading to 9.18
if [[ -n "${REPLACING_VERSIONS}" ]] && ver_test "${REPLACING_VERSIONS}" -lt 9.18; then
elog "As this is a major bind version upgrade, please read:"
elog " https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918"
elog "for differences in functionality."
elog ""
ewarn "In particular, please note that bind-9.18 does not need a root hints file anymore"
ewarn "and we only ship with one as a stop-gap. If your current configuration specifies a"
ewarn "root hints file - usually called named.cache - bind will not start as it will not be able"
ewarn "to find the specified file. Best practice is to delete the offending lines that"
ewarn "reference named.cache file from your configuration."
fi
}
pkg_config() {
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
if [[ -z "${CHROOT}" ]]; then
eerror "This config script is designed to automate setting up"
eerror "a chrooted bind/named. To do so, please first uncomment"
eerror "and set the CHROOT variable in '/etc/conf.d/named'."
die "Unset CHROOT"
fi
if [[ -d "${CHROOT}" ]]; then
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
ewarn "To enable the old behaviour (without using mount) uncomment the"
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
ewarn
ewarn "${CHROOT} already exists... some things might become overridden"
ewarn "press CTRL+C if you don't want to continue"
sleep 10
fi
echo; einfo "Setting up the chroot directory..."
mkdir -m 0750 -p ${CHROOT} || die
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
mkdir -m 0750 -p ${CHROOT}/etc/bind || die
mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
chown root:named \
${CHROOT} \
${CHROOT}/var/{bind,log/named} \
${CHROOT}/run/named/ \
${CHROOT}/etc/bind \
|| die
mknod ${CHROOT}/dev/null c 1 3 || die
chmod 0666 ${CHROOT}/dev/null || die
mknod ${CHROOT}/dev/zero c 1 5 || die
chmod 0666 ${CHROOT}/dev/zero || die
if [[ "${CHROOT_NOMOUNT:-0}" -ne 0 ]]; then
cp -a /etc/bind ${CHROOT}/etc/ || die
cp -a /var/bind ${CHROOT}/var/ || die
fi
if [[ "${CHROOT_GEOIP:-0}" -eq 1 ]]; then
if use geoip; then
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
elif use geoip2; then
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
fi
fi
elog "You may need to add the following line to your syslog-ng.conf:"
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
} }

View File

@ -0,0 +1,166 @@
/*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-* for more details.
* Online versions of the documentation can be found here:
* https://kb.isc.org/article/AA-01031
*
* If you are going to set up an authoritative server, make sure you
* understand the hairy details of how DNS works. Even with simple mistakes,
* you can break connectivity for affected parties, or cause huge amounts of
* useless Internet traffic.
*/
acl "xfer" {
/* Deny transfers by default except for the listed hosts.
* If we have other name servers, place them here.
*/
none;
};
/*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/run/named/named.pid";
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
//bindkeys-file "/etc/bind/bind.keys";
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
allow-query {
/*
* Accept queries from our "trusted" ACL. We will
* allow anyone to query our master zones below.
* This prevents us from becoming a free DNS server
* to the masses.
*/
trusted;
};
allow-query-cache {
/* Use the cache for the "trusted" ACL. */
trusted;
};
allow-recursion {
/* Only trusted addresses are allowed to use recursion. */
trusted;
};
allow-transfer {
/* Zone tranfers are denied by default. */
none;
};
allow-update {
/* Don't allow updates, e.g. via nsupdate. */
none;
};
/*
* If you've got a DNS server around at your upstream provider, enter its
* IP address here, and enable the line below. This will make you benefit
* from its cache, thus reduce overall DNS traffic in the Internet.
*
* Uncomment the following lines to turn on DNS forwarding, and change
* and/or update the forwarding ip address(es):
*/
/*
forward first;
forwarders {
// 123.123.123.123; // Your ISP NS
// 124.124.124.124; // Your ISP NS
// 4.2.2.1; // Level3 Public DNS
// 4.2.2.2; // Level3 Public DNS
8.8.8.8; // Google Open DNS
8.8.4.4; // Google Open DNS
};
*/
dnssec-enable yes;
//dnssec-validation yes;
/*
* As of bind 9.8.0:
* "If the root key provided has expired,
* named will log the expiration and validation will not work."
*/
dnssec-validation auto;
/* if you have problems and are behind a firewall: */
//query-source address * port 53;
};
/*
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
};
*/
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
zone "." in {
type hint;
file "/var/bind/named.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};
/*
* Briefly, a zone which has been declared delegation-only will be effectively
* limited to containing NS RRs for subdomains, but no actual data beyond its
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
* filter out "wildcard" or "synthesized" data from NAT boxes or from
* authoritative name servers whose undelegated (in-zone) data is of no
* interest.
* See http://www.isc.org/software/bind/delegation-only for more info
*/
//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
//zone "YOUR-DOMAIN.TLD" {
// type master;
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
// allow-query { any; };
// allow-transfer { xfer; };
//};
//zone "YOUR-SLAVE.TLD" {
// type slave;
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
// masters { <MASTER>; };
/* Anybody is allowed to query but transfer should be controlled by the master. */
// allow-query { any; };
// allow-transfer { none; };
/* The master should be the only one who notifies the slaves, shouldn't it? */
// allow-notify { <MASTER>; };
// notify no;
//};

View File

@ -3,7 +3,7 @@
//}; //};
options { options {
directory "/var/bind"; directory "/var/cache/bind";
pid-file "/run/named/named.pid"; pid-file "/run/named/named.pid";
listen-on { 127.0.0.1; }; listen-on { 127.0.0.1; };

View File

@ -9,6 +9,28 @@ NAMED_CONF="/etc/bind/named.conf"
# Leave this unchanged if you want bind to automatically detect the number # Leave this unchanged if you want bind to automatically detect the number
#CPU="1" #CPU="1"
# If you wish to run bind in a chroot:
# 1) un-comment the CHROOT= assignment, below. You may use
# a different chroot directory but MAKE SURE it's empty.
# 2) run: emerge --config =<bind-version>
#
#CHROOT="/chroot/dns"
# Uncomment to enable binmount of /usr/share/GeoIP
#CHROOT_GEOIP="1"
# Uncomment the line below to avoid that the init script mounts the needed paths
# into the chroot directory.
# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
#CHROOT_NOMOUNT="1"
# Uncomment this option if you have setup your own chroot environment and you
# don't want/need the chroot consistency check
#CHROOT_NOCHECK=1
# Default pid file location
# use named.conf to specify pid-file location
# Scheduling priority: 19 is the lowest and -20 is the highest. # Scheduling priority: 19 is the lowest and -20 is the highest.
# Default: 0 # Default: 0
#NAMED_NICELEVEL="0" #NAMED_NICELEVEL="0"

View File

@ -11,13 +11,83 @@ depend() {
provide dns provide dns
} }
NAMED_CONF=${NAMED_CONF:-/etc/bind/named.conf} NAMED_CONF=${NAMED_CONF:-${CHROOT}/etc/bind/named.conf}
OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
_mount() {
local from
local to
local opts
local ret=0
if [ "${#}" -lt 3 ]; then
eerror "_mount(): to few arguments"
return 1
fi
from=$1
to=$2
shift 2
opts="${*}"
shift $#
if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
einfo "mounting ${from} to ${to}"
mount ${from} ${to} ${opts}
ret=$?
eend $ret
return $ret
fi
return 0
}
_umount() {
local dir=$1
local ret=0
if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
ebegin "umounting ${dir}"
umount ${dir}
ret=$?
eend $ret
return $ret
fi
return 0
}
_get_pidfile() { _get_pidfile() {
# as suggested in bug #107724, bug 335398#c17 # as suggested in bug #107724, bug 335398#c17
[ -n "${PIDFILE}" ] || PIDFILE=$(\ [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
/usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2) /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
[ -z "${PIDFILE}" ] && PIDFILE="/run/named/named.pid" [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
}
check_chroot() {
if [ -n "${CHROOT}" ]; then
[ ! -d "${CHROOT}" ] && return 1
[ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
[ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
[ ! -d "${CHROOT}/var/log/named" ] && return 1
[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
if [ -d "/usr/lib64" ]; then
[ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
elif [ -d "/usr/lib" ]; then
[ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
fi
fi
fi
return 0
} }
checkconfig() { checkconfig() {
@ -27,23 +97,65 @@ checkconfig() {
eerror "No ${NAMED_CONF} file exists!" eerror "No ${NAMED_CONF} file exists!"
return 1 return 1
fi fi
/usr/bin/named-checkconf ${NAMED_CONF} || {
/usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
eerror "named-checkconf failed! Please fix your config first." eerror "named-checkconf failed! Please fix your config first."
return 1 return 1
} }
eend 0 eend 0
return 0
} }
checkzones() { checkzones() {
ebegin "Checking named configuration and zones" ebegin "Checking named configuration and zones"
/usr/bin/named-checkconf -z ${NAMED_CONF} /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
eend $? eend $?
} }
start() { start() {
local piddir local piddir
ebegin "Starting named" ebegin "Starting ${CHROOT:+chrooted }named"
if [ -n "${CHROOT}" ]; then
if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
check_chroot || {
eend 1
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
return 1
}
fi
if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
if [ ! -e /usr/lib/engines/libgost.so ]; then
eend 1
eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
return 1
fi
cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
eend 1
eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
return 1
}
fi
cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
einfo "Mounting chroot dirs"
_mount /etc/bind ${CHROOT}/etc/bind -o bind
_mount /var/bind ${CHROOT}/var/bind -o bind
_mount /var/log/named ${CHROOT}/var/log/named -o bind
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
_mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
fi
fi
# On initial startup, if piddir inside the chroot /var/run/named
# Then the .../var/run part might not exist yet
checkpath -q -d -o root:root -m 0755 "${piddir}/.."
fi
checkconfig || { eend 1; return 1; } checkconfig || { eend 1; return 1; }
# create piddir (usually /run/named) if necessary, bug 334535 # create piddir (usually /run/named) if necessary, bug 334535
@ -63,16 +175,56 @@ start() {
start-stop-daemon --start --pidfile ${PIDFILE} \ start-stop-daemon --start --pidfile ${PIDFILE} \
--nicelevel ${NAMED_NICELEVEL:-0} \ --nicelevel ${NAMED_NICELEVEL:-0} \
--exec /usr/sbin/named \ --exec /usr/sbin/named \
-- -u named -c ${NAMED_CONF} ${CPU} ${OPTIONS} -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
eend $? eend $?
} }
stop() { stop() {
ebegin "Stopping named" local reported=0
ebegin "Stopping ${CHROOT:+chrooted }named"
# Workaround for now, until openrc's restart has been fixed.
# openrc doesn't care about a restart() function in init scripts.
if [ "${RC_CMD}" = "restart" ]; then
if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
check_chroot || {
eend 1
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
return 1
}
fi
checkconfig || { eend 1; return 1; }
fi
# -R 10, bug 335398 # -R 10, bug 335398
_get_pidfile _get_pidfile
start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \ start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
--exec /usr/sbin/named --exec /usr/sbin/named
if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
ebegin "Umounting chroot dirs"
# just to be sure everything gets clean
while fuser -s ${CHROOT} 2>/dev/null; do
if [ "${reported}" -eq 0 ]; then
einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
eerror "Waiting until all named processes are stopped failed!"
eend 1
break
fi
sleep 1
reported=$((reported+1))
done
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
_umount ${CHROOT}/etc/bind
_umount ${CHROOT}/var/log/named
_umount ${CHROOT}/var/bind
fi
eend $? eend $?
} }