hvconfig_pre()
{
- groupadd -f named
- hv_useradd -c BindOwner -g named -s /bin/false named
+ groupadd --system -f named
+ hv_useradd --system -c BindOwner -g named -s /bin/false named
install -d -m770 -o named -g named /srv/named
}
{
# Enable the execute bit to prevent a warning when using ldd to check
# library dependencies.
- chmod 755 /usr/lib/lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.?
-
- # Generation of a key for use in the named.conf and rdnc.conf files using
- # the rndc-confgen command. If the option "-r /dev/random" is not specified,
- # the source of randomness is the keyboard and the command will wait
- # forever for keyboard input before continuing.
- BINDKEY=$(rndc-confgen -b 512 -r /dev/random | grep -m 1 "secret" | cut -d '"' -f 2)
+ chmod -v 0755 /usr/lib/lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.?
cd /srv/named
- mkdir -p dev etc/namedb/{pz,slave} var/run usr/lib
+ mkdir -p dev etc/namedb/{pz,slave} usr/lib/engines var/run/named
rm -f /srv/named/dev/null
mknod /srv/named/dev/null c 1 3
rm -f /srv/named/dev/random
mknod /srv/named/dev/random c 1 8
chmod 666 /srv/named/dev/{null,random}
- cp /etc/localtime /srv/named/etc
+ cp /etc/localtime etc
+ touch managed-keys.bind
+
+ # Needed to solve bug:
+ # initializing DST: openssl failure
+ cp -a /usr/lib/engines/libgost.so usr/lib/engines
+
+ # Generation of a key for use in the named.conf and rdnc.conf files using
+ # the rndc-confgen command.
+ # If the option "-r /dev/random" is specified, the source of randomness is
+ # the keyboard/mouse and the command will wait forever for input before
+ # continuing.
+ # A counterpart to /dev/random is /dev/urandom ("unlocked"/non-blocking
+ # random) which reuses the internal pool to produce more pseudo-random
+ # bits. This means that the call will not block, but the output may contain
+ # less entropy than the corresponding read from /dev/random.
+ rndc-confgen -b 512 -r /dev/urandom > /etc/rndc.conf
# Creating the named.conf file from which named will read the location of
# zone files, root name servers and secure DNS keys.
- cat > /srv/named/etc/named.conf << "EOF"
+ sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf
+ cat >> /srv/named/etc/named.conf << "EOF"
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
};
-controls {
- inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
-};
-key "rndc_key" {
- algorithm hmac-md5;
- secret "_BIND_KEY_";
-};
+
zone "." {
type hint;
file "root.hints";
};
+
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
};
EOF
- sed -i -e "s!_BIND_KEY_!${BINDKEY}!g" /srv/named/etc/named.conf
-
- cat > /etc/rndc.conf << "EOF"
-key rndc_key {
-algorithm "hmac-md5";
- secret
- "_BIND_KEY_";
- };
-options {
- default-server localhost;
- default-key rndc_key;
-};
-EOF
- sed -i -e "s!_BIND_KEY_!${BINDKEY}!g" /etc/rndc.conf
cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
$TTL 3D
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
EOF
- # Needed to solve bug:
- # initializing DST: openssl failure
- cp -a /usr/lib/engines /srv/named/usr/lib
-
chown -R named.named /srv/named
# Bootscript
# script-name start stop
bootscript_add_rc3 named 25 65
+
+ sed -i -e "s/^\(DNS_SERVER_ENA=\).*/\1\"yes\"/" \
+ /etc/sysconfig/network/network-parameters
}