mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-12-26 11:52:25 +01:00
10f550c471
By default BIND will happily serve as both an authoritative nameserver and recursive resolver, but this is no longer a recommended or desirable configuration. The previous default configuration did not draw attention to this fact and the issues involved. Users are now made to rename one of two sample configuration files, named.conf.authoritative or named.conf.recursive. Comments inside either file advise DNS administrators of the most prevalent security issues. This ensures that users setting up an authoritative nameserver do not unwittingly also operate a resolver. In the previous default configuration, BIND would happily perform recursive resolution for localhost, which means that the local machine may receive non-authoritative data from what is supposed to be an authoritative nameserver. Both default configurations disable zone transfers by default, as BIND defaults to enabling them for any host (!).
85 lines
1.7 KiB
Plaintext
85 lines
1.7 KiB
Plaintext
#!/sbin/runscript
|
|
|
|
extra_commands="checkconfig checkzones"
|
|
extra_started_commands="reload"
|
|
: ${NAMED_CONF:=/etc/bind/named.conf}
|
|
|
|
depend() {
|
|
need net
|
|
after firewall
|
|
use logger
|
|
provide dns
|
|
}
|
|
|
|
_get_pidfile() {
|
|
[ -n "${PIDFILE}" ] || PIDFILE=$(\
|
|
/usr/sbin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2)
|
|
[ -z "${PIDFILE}" ] && PIDFILE=/var/run/named/named.pid
|
|
}
|
|
|
|
checkconfig() {
|
|
ebegin "Checking named configuration"
|
|
|
|
if [ ! -f "${NAMED_CONF}" ] ; then
|
|
eerror "No ${NAMED_CONF} file exists! See the examples in /etc/bind."
|
|
return 1
|
|
fi
|
|
|
|
/usr/sbin/named-checkconf ${NAMED_CONF} || {
|
|
eerror "named-checkconf failed! Please fix your config first."
|
|
return 1
|
|
}
|
|
eend 0
|
|
return 0
|
|
}
|
|
|
|
checkzones() {
|
|
ebegin "Checking named configuration and zones"
|
|
/usr/sbin/named-checkconf -z -j ${NAMED_CONF}
|
|
eend $?
|
|
}
|
|
|
|
start() {
|
|
local piddir
|
|
ebegin "Starting named"
|
|
_get_pidfile
|
|
piddir="${PIDFILE%/*}"
|
|
if [ ! -d "${piddir}" ]; then
|
|
checkpath -q -d -o root:named -m 0770 "${piddir}" || {
|
|
eend 1
|
|
return 1
|
|
}
|
|
fi
|
|
|
|
checkconfig || { eend 1; return 1; }
|
|
|
|
# create piddir (usually /var/run/named) if necessary, bug 334535
|
|
_get_pidfile
|
|
piddir="${PIDFILE%/*}"
|
|
if [ ! -d "${piddir}" ]; then
|
|
checkpath -q -d -o root:named -m 0770 "${piddir}" || {
|
|
eend 1
|
|
return 1
|
|
}
|
|
fi
|
|
|
|
# In case someone have $CPU set in /etc/conf.d/named
|
|
if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
|
|
CPU="-n ${CPU}"
|
|
fi
|
|
|
|
start-stop-daemon --start --pidfile ${PIDFILE} \
|
|
--nicelevel ${NICELEVEL:-0} \
|
|
--exec /usr/sbin/named \
|
|
-- -u named ${CPU} ${OPTS}
|
|
eend $?
|
|
}
|
|
|
|
stop() {
|
|
ebegin "Stopping named"
|
|
_get_pidfile
|
|
start-stop-daemon --stop --quiet --pidfile $PIDFILE
|
|
eend $?
|
|
}
|
|
|