X-Git-Url: http://gitweb.hugovil.com/?a=blobdiff_plain;f=stage3%2Fpkg%2Fbind;h=bed05092c9ab531e77851ee0723073afc398becd;hb=1b6490195147ee6d1098cf255240d60f60c40108;hp=39f549d6c4c5a90990e02695cc2e304779ce6e0f;hpb=9e3f8101a7e4d974db8e9afeb9c90c13a43ae8d7;p=hvlinux.git diff --git a/stage3/pkg/bind b/stage3/pkg/bind index 39f549d..bed0509 100644 --- a/stage3/pkg/bind +++ b/stage3/pkg/bind @@ -2,55 +2,58 @@ hvconfig_pre() { - groupadd -f named - hv_useradd -c BindOwner -g named -m -s /bin/false named -} - -hvconfig_post() -{ - # Use updated address for L.ROOT-SERVERS.NET. - sed -i "s@198.32.64.12@199.7.83.42@" ${LFS_TMP}/${PACKAGE}/lib/dns/rootns.c + groupadd --system -f named + hv_useradd --system -c BindOwner -g named -s /bin/false named + install -d -m770 -o named -g named /srv/named } hvbuild_post() { # Enable the execute bit to prevent a warning when using ldd to check # library dependencies. - chmod 755 /usr/lib/lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.? + chmod -v 0755 /usr/lib/lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.? + + cd /srv/named + mkdir -p dev etc/namedb/{pz,slave} usr/lib/engines var/run/named + rm -f /srv/named/dev/null + mknod /srv/named/dev/null c 1 3 + rm -f /srv/named/dev/random + mknod /srv/named/dev/random c 1 8 + chmod 666 /srv/named/dev/{null,random} + cp /etc/localtime etc + touch managed-keys.bind + + # Needed to solve bug: + # initializing DST: openssl failure + cp -a /usr/lib/engines/libgost.so usr/lib/engines # Generation of a key for use in the named.conf and rdnc.conf files using # the rndc-confgen command. - BINDKEY=$(rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2) - - cd /home/named - mkdir -p dev etc/namedb/{pz,slave} var/run - rm -f /home/named/dev/null - mknod /home/named/dev/null c 1 3 - rm -f /home/named/dev/random - mknod /home/named/dev/random c 1 8 - chmod 666 /home/named/dev/{null,random} - cp /etc/localtime /home/named/etc + # If the option "-r /dev/random" is specified, the source of randomness is + # the keyboard/mouse and the command will wait forever for input before + # continuing. + # A counterpart to /dev/random is /dev/urandom ("unlocked"/non-blocking + # random) which reuses the internal pool to produce more pseudo-random + # bits. This means that the call will not block, but the output may contain + # less entropy than the corresponding read from /dev/random. + rndc-confgen -b 512 -r /dev/urandom > /etc/rndc.conf # Creating the named.conf file from which named will read the location of # zone files, root name servers and secure DNS keys. - cat > /home/named/etc/named.conf << "EOF" + sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf + cat >> /srv/named/etc/named.conf << "EOF" options { directory "/etc/namedb"; pid-file "/var/run/named.pid"; statistics-file "/var/run/named.stats"; }; -controls { - inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; -}; -key "rndc_key" { - algorithm hmac-md5; - secret "_BIND_KEY_"; -}; + zone "." { type hint; file "root.hints"; }; + zone "0.0.127.in-addr.arpa" { type master; file "pz/127.0.0"; @@ -93,22 +96,8 @@ logging { }; }; EOF - sed -i -e "s!_BIND_KEY_!${BINDKEY}!g" /home/named/etc/named.conf - - cat > /etc/rndc.conf << "EOF" -key rndc_key { -algorithm "hmac-md5"; - secret - "_BIND_KEY_"; - }; -options { - default-server localhost; - default-key rndc_key; -}; -EOF - sed -i -e "s!_BIND_KEY_!${BINDKEY}!g" /etc/rndc.conf - cat > /home/named/etc/namedb/pz/127.0.0 << "EOF" + cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF" $TTL 3D @ IN SOA ns.local.domain. hostmaster.local.domain. ( 1 ; Serial @@ -120,7 +109,7 @@ $TTL 3D 1 PTR localhost. EOF - cat > /home/named/etc/namedb/root.hints << "EOF" + cat > /srv/named/etc/namedb/root.hints << "EOF" . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. @@ -149,11 +138,14 @@ L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33 EOF - chown -R named.named /home/named + chown -R named.named /srv/named # Bootscript install -v -m740 ${SCRDIR}/bootscripts/named /etc/rc.d/init.d # script-name start stop bootscript_add_rc3 named 25 65 + + sed -i -e "s/^\(DNS_SERVER_ENA=\).*/\1\"yes\"/" \ + /etc/sysconfig/network/network-parameters }